Module: Devise::Controllers::SignInOut

Included in:

Helpers, Hooks::Proxy

Defined in:

lib/devise/controllers/sign_in_out.rb

Overview

Provide sign in and sign out functionality. Included by default in all controllers.

Instance Method Summary

• #sign_in(resource_or_scope, *args) ⇒ Object

  Sign in a user that already was authenticated.

• #sign_out(resource_or_scope = nil) ⇒ Object

  Sign out a given user or scope.

• #sign_out_all_scopes(lock = true) ⇒ Object

  Sign out all active users or scopes.

• #signed_in?(scope = nil) ⇒ Boolean

  Return true if the given scope is signed in session.

Instance Method Details

#sign_in(resource_or_scope, *args) ⇒ Object

Sign in a user that already was authenticated. This helper is useful for logging users in after sign up.

All options given to sign_in is passed forward to the set_user method in warden. The only exception is the :bypass option, which bypass warden callbacks and stores the user straight in session. This option is useful in cases the user is already signed in, but we want to refresh the credentials in session.

Examples:

sign_in :user, @user                      # sign_in(scope, resource)
sign_in @user                             # sign_in(resource)
sign_in @user, event: :authentication  # sign_in(resource, options)
sign_in @user, store: false            # sign_in(resource, options)
sign_in @user, bypass: true            # sign_in(resource, options)

# File 'lib/devise/controllers/sign_in_out.rb', line 30

def sign_in(resource_or_scope, *args)
  options  = args.extract_options!
  scope    = Devise::Mapping.find_scope!(resource_or_scope)
  resource = args.last || resource_or_scope

  expire_data_after_sign_in!

  if options[:bypass]
    warden.session_serializer.store(resource, scope)
  elsif warden.user(scope) == resource && !options.delete(:force)
    # Do nothing. User already signed in and we are not forcing it.
    true
  else
    warden.set_user(resource, options.merge!(scope: scope))
  end
end

#sign_out(resource_or_scope = nil) ⇒ Object

Sign out a given user or scope. This helper is useful for signing out a user after deleting accounts. Returns true if there was a logout and false if there is no user logged in on the referred scope

Examples:

sign_out :user     # sign_out(scope)
sign_out @user     # sign_out(resource)

# File 'lib/devise/controllers/sign_in_out.rb', line 56

def sign_out(resource_or_scope=nil)
  return sign_out_all_scopes unless resource_or_scope
  scope = Devise::Mapping.find_scope!(resource_or_scope)
  user = warden.user(scope: scope, run_callbacks: false) # If there is no user

  warden.raw_session.inspect # Without this inspect here. The session does not clear.
  warden.logout(scope)
  warden.clear_strategies_cache!(scope: scope)
  instance_variable_set(:"@current_#{scope}", nil)

  !!user
end

#sign_out_all_scopes(lock = true) ⇒ Object

Sign out all active users or scopes. This helper is useful for signing out all roles in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout and false if there was no user logged in on all scopes.

# File 'lib/devise/controllers/sign_in_out.rb', line 72

def sign_out_all_scopes(lock=true)
  users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }

  warden.logout
  expire_data_after_sign_out!
  warden.clear_strategies_cache!
  warden.lock! if lock

  users.any?
end

#signed_in?(scope = nil) ⇒ Boolean

Return true if the given scope is signed in session. If no scope given, return true if any scope is signed in. Does not run authentication hooks.

Returns:

• (Boolean)

# File 'lib/devise/controllers/sign_in_out.rb', line 8

def signed_in?(scope=nil)
  [scope || Devise.mappings.keys].flatten.any? do |_scope|
    warden.authenticate?(scope: _scope)
  end
end