Module: ReviseAuth::Authentication
- Extended by:
- ActiveSupport::Concern
- Included in:
- RouteConstraint
- Defined in:
- lib/revise_auth/authentication.rb
Instance Method Summary collapse
-
#authenticate_user ⇒ Object
Authenticates the current user - from session cookie - (future) from Authorization header.
-
#authenticate_user!(with: :login, return_to: true) ⇒ Object
Authenticates a user or redirects to the login page.
-
#authenticated_user_from_session ⇒ Object
Returns a user from session cookie.
-
#current_user ⇒ Object
Authenticates the user if not already authenticated Returns a User or nil.
-
#login(user) ⇒ Object
Logs in the user - Reset the session to prevent session fixation See: guides.rubyonrails.org/security.html#session-fixation-countermeasures - Set Current.user for the current request - Save a session cookie so the next request is authenticated.
- #logout ⇒ Object
- #require_unauthenticated ⇒ Object
- #resolve_after_login_path ⇒ Object
- #resolve_after_register_path ⇒ Object
- #return_to_location ⇒ Object
-
#revise_auth_controller? ⇒ Boolean
Return true if it’s a revise_auth_controller.
- #stash_return_to_location(path) ⇒ Object
-
#user_signed_in? ⇒ Boolean
Returns a boolean whether the user is signed in or not.
Instance Method Details
#authenticate_user ⇒ Object
Authenticates the current user
-
from session cookie
-
(future) from Authorization header
44 45 46 |
# File 'lib/revise_auth/authentication.rb', line 44 def authenticate_user Current.user = authenticated_user_from_session end |
#authenticate_user!(with: :login, return_to: true) ⇒ Object
Authenticates a user or redirects to the login page
30 31 32 33 34 35 |
# File 'lib/revise_auth/authentication.rb', line 30 def authenticate_user!(with: :login, return_to: true) return if user_signed_in? stash_return_to_location(request.fullpath) if return_to && request.get? path = (with == :sign_up) ? sign_up_path : login_path redirect_to path, alert: t("revise_auth.sign_up_or_login") end |
#authenticated_user_from_session ⇒ Object
Returns a user from session cookie
49 50 51 52 53 |
# File 'lib/revise_auth/authentication.rb', line 49 def authenticated_user_from_session user_id = session[:user_id] return unless user_id User.find_by(id: user_id) end |
#current_user ⇒ Object
Authenticates the user if not already authenticated Returns a User or nil
25 26 27 |
# File 'lib/revise_auth/authentication.rb', line 25 def current_user Current.user ||= authenticate_user end |
#login(user) ⇒ Object
Logs in the user
-
Reset the session to prevent session fixation See: guides.rubyonrails.org/security.html#session-fixation-countermeasures
-
Set Current.user for the current request
-
Save a session cookie so the next request is authenticated
60 61 62 63 64 65 66 |
# File 'lib/revise_auth/authentication.rb', line 60 def login(user) user_return_to = session[:user_return_to] reset_session Current.user = user session[:user_id] = user.id session[:user_return_to] = user_return_to end |
#logout ⇒ Object
68 69 70 71 |
# File 'lib/revise_auth/authentication.rb', line 68 def logout reset_session Current.user = nil end |
#require_unauthenticated ⇒ Object
37 38 39 |
# File 'lib/revise_auth/authentication.rb', line 37 def require_unauthenticated redirect_to resolve_after_login_path, alert: t("revise_auth.shared.already_authenticated") if user_signed_in? end |
#resolve_after_login_path ⇒ Object
85 86 87 |
# File 'lib/revise_auth/authentication.rb', line 85 def resolve_after_login_path try(:after_login_path) || return_to_location || root_path end |
#resolve_after_register_path ⇒ Object
81 82 83 |
# File 'lib/revise_auth/authentication.rb', line 81 def resolve_after_register_path try(:after_register_path) || return_to_location || root_path end |
#return_to_location ⇒ Object
77 78 79 |
# File 'lib/revise_auth/authentication.rb', line 77 def return_to_location session.delete(:user_return_to) end |
#revise_auth_controller? ⇒ Boolean
Return true if it’s a revise_auth_controller. false to all controllers unless the controllers defined inside revise_auth. Useful if you want to apply a before filter to all controllers, except the ones in revise_auth:
before_action :authenticate_user!, unless: :revise_auth_controller?
94 95 96 |
# File 'lib/revise_auth/authentication.rb', line 94 def revise_auth_controller? is_a?(::ReviseAuthController) end |
#stash_return_to_location(path) ⇒ Object
73 74 75 |
# File 'lib/revise_auth/authentication.rb', line 73 def stash_return_to_location(path) session[:user_return_to] = path end |
#user_signed_in? ⇒ Boolean
Returns a boolean whether the user is signed in or not
19 20 21 |
# File 'lib/revise_auth/authentication.rb', line 19 def user_signed_in? !!current_user end |