Module: Sinatra::Security::Helpers

Defined in:

lib/sinatra/security/helpers.rb

Instance Method Summary

• #__USER__ ⇒ Object
• #authenticate(opts) ⇒ String^?

  Internally used by the POST /login route handler.

• #current_user(finder = lambda { |id| __USER__[id] }) ⇒ User

  Returns the currently logged in user, identified through session.

• #ensure_current_user(user) ⇒ Object

  Used for simple atomic authorization rules on a per action / route basis.

• #logged_in? ⇒ true, false
• #logout! ⇒ Object

  The method says it all.

• #redirect_to_return_url(session_key = :return_to, default = '/') ⇒ Object

  Dynamic redirection based on the return path that was set.

• #require_login(login_url = settings.login_url) ⇒ Object

  The main gateway.

• #should_return_to?(path, ignored = settings.ignored_by_return_to) ⇒ Boolean

Instance Method Details

#__USER__ ⇒ Object

# File 'lib/sinatra/security/helpers.rb', line 126

def __USER__
  settings.login_user_class
end

#authenticate(opts) ⇒ String^?

Internally used by the POST /login route handler.

Parameters:

• opts (Hash) —

  The hash containing :username and :password.

Options Hash (opts):

• :username (#to_s) —

  The username of a User.

• :password (String) —

  The password of a User.

Returns:

• (String) —

  the ‘id` of the user if found.

• (nil) —

  if no user matches the :username / :password combination.

# File 'lib/sinatra/security/helpers.rb', line 119

def authenticate(opts)
  if user = __USER__.authenticate(opts[:username], opts[:password])
    session[:user] = user.id
  end
end

#current_user(finder = lambda { |id| __USER__[id] }) ⇒ User

Returns the currently logged in user, identified through session. The default finder uses User, based on Ohm’s finder method.

Examples:

# ActiveRecord style finders
current_user(lambda { |id| User.find(id) })

# Also, if you change the settings to use a different user class,
# then that will be respected
# this assumes SuperUser is already defined
set :login_user_class, SuperUser 

# if you want to lazily evaluate the class you can wrap it in a proc
set :login_user_class, lambda { SuperUser }

# assuming session[:user] == 1
current_user == SuperUser[1]
# => true

Parameters:

• finder (Proc) (defaults to: lambda { |id| __USER__[id] }) —

  (defaults to User) allows you to pass in a different finder method.

Returns:

• (User) —

  or alternatively, an instance of settings.login_user_class

See Also:

• http://ohm.keyvalue.org

# File 'lib/sinatra/security/helpers.rb', line 77

def current_user(finder = lambda { |id| __USER__[id] })
  @current_user ||= finder.call(session[:user]) if session[:user]
end

#ensure_current_user(user) ⇒ Object

Used for simple atomic authorization rules on a per action / route basis.

Examples:

get '/posts/:id/edit' do |id|
  post = Post[id]
  ensure_current_user post.author # halts to a 404 if not satisfied.

  # the rest of this gets executed when 
  # the author is indeed the current user.
end

Parameters:

• a (User) —

  user object.

# File 'lib/sinatra/security/helpers.rb', line 101

def ensure_current_user(user)
  halt 404 unless user == current_user
end

#logged_in? ⇒ true, false

Returns:

• (true) —

  if the user is logged in

• (false) —

  if the user is not logged in

# File 'lib/sinatra/security/helpers.rb', line 83

def logged_in?
  !! current_user
end

#logout! ⇒ Object

The method says it all. Mostly for keeping responsibility where it belongs, instead of letting the application code deal with the session keys themselves.

# File 'lib/sinatra/security/helpers.rb', line 108

def logout!
  session.delete(:user) 
end

#redirect_to_return_url(session_key = :return_to, default = '/') ⇒ Object

Dynamic redirection based on the return path that was set.

Examples:

# By default assumes you use :return_to and '/'.
# You can use this in your code as well. i.e.
get '/fb/login' do
  session[:fb_return_to] = params[:from]
  # redirect to fb OAuth URI here.
end

get '/fb/success' do
  # successfully processed, save whatever here
  redirect_to_return_url :fb_return_to, "/home"
end

Parameters:

• session_key (Symbol) (defaults to: :return_to) —

  the key in the session, defaults to :return_to.

• default (String) (defaults to: '/') —

  url when no stored value is found in session. defaults to ‘/’.

# File 'lib/sinatra/security/helpers.rb', line 47

def redirect_to_return_url(session_key = :return_to, default = '/')
  redirect session.delete(:return_to) || default
end

#require_login(login_url = settings.login_url) ⇒ Object

The main gateway. This method will redirect if no user is currently authenticated.

Examples:

get '/secured' do
  require_login

  # do super private thing here
end

Parameters:

• login_url (String) (defaults to: settings.login_url) —

  (defaults to /login) the url of the login form. take not that even if you specify a different login form, the POST action for that form should still be ‘/login’.

# File 'lib/sinatra/security/helpers.rb', line 18

def require_login(login_url = settings.login_url)
  return if logged_in?

  if should_return_to?(request.fullpath)
    session[:return_to] = request.fullpath
  end
  redirect login_url
end

#should_return_to?(path, ignored = settings.ignored_by_return_to) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/sinatra/security/helpers.rb', line 131

def should_return_to?(path, ignored = settings.ignored_by_return_to)
  !(path =~ ignored)
end