Module: Sorcery::Controller::InstanceMethods

Defined in:
lib/sorcery/controller.rb

Instance Method Summary collapse

Instance Method Details

#auto_login(user, should_remember = false) ⇒ Object

login a user instance

Parameters:

  • user (<User-Model>)

    the user instance.

Returns:

    • do not depend on the return value.



106
107
108
109
 
# File 'lib/sorcery/controller.rb', line 106

def (user, should_remember = false)
  session[:user_id] = user.id
  @current_user = user
end

#current_userObject

attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, false if not (using old restful-authentication trick, nil != false).



76
77
78
79
80
81
82
 
# File 'lib/sorcery/controller.rb', line 76

def current_user
  if @current_user == false
    false
  else
    @current_user ||=  || 
  end
end

#current_user=(user) ⇒ Object 



84
85
86
 
# File 'lib/sorcery/controller.rb', line 84

def current_user=(user)
  @current_user = user
end

#handle_unverified_requestObject

Overwrite Rails’ handle unverified request



112
113
114
115
116
 
# File 'lib/sorcery/controller.rb', line 112

def handle_unverified_request
  cookies[:remember_me_token] = nil
  @current_user = nil
  super # call the default behaviour which resets the session
end

#logged_in?Boolean

Returns:

  • (Boolean) 


70
71
72
 
# File 'lib/sorcery/controller.rb', line 70

def logged_in?
  !!current_user
end

#login(*credentials) ⇒ Object

Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/sorcery/controller.rb', line 31

def (*credentials)
  @current_user = nil
  user = user_class.authenticate(*credentials)
  if user
    old_session = session.dup.to_hash
    reset_sorcery_session
    old_session.each_pair do |k,v|
      session[k.to_sym] = v
    end
    form_authenticity_token

    (user)
    after_login!(user, credentials)
    current_user
  else
    after_failed_login!(credentials)
    nil
  end
end

#logoutObject

Resets the session and runs hooks before and after.



60
61
62
63
64
65
66
67
68
 
# File 'lib/sorcery/controller.rb', line 60

def logout
  if logged_in?
    @current_user = current_user if @current_user.nil?
    before_logout!(@current_user)
    reset_sorcery_session
    after_logout!
    @current_user = nil
  end
end

#not_authenticatedObject

The default action for denying non-authenticated users. You can override this method in your controllers, or provide a different method in the configuration.



98
99
100
 
# File 'lib/sorcery/controller.rb', line 98

def not_authenticated
  redirect_to root_path
end

#redirect_back_or_to(url, flash_hash = {}) ⇒ Object

used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.



90
91
92
93
 
# File 'lib/sorcery/controller.rb', line 90

def redirect_back_or_to(url, flash_hash = {})
  redirect_to(session[:return_to_url] || url, :flash => flash_hash)
  session[:return_to_url] = nil
end

#require_loginObject

To be used as before_filter. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.



22
23
24
25
26
27
 
# File 'lib/sorcery/controller.rb', line 22

def 
  if !logged_in?
    session[:return_to_url] = request.url if Config.save_return_to_url && request.get?
    self.send(Config.not_authenticated_action)
  end
end

#reset_sorcery_sessionObject

put this into the catch block to rescue undefined method ‘destroy_session’ hotfix for github.com/NoamB/sorcery/issues/464 can be removed when Rails 4.1 is out



54
55
56
57
 
# File 'lib/sorcery/controller.rb', line 54

def reset_sorcery_session
  reset_session # protect from session fixation attacks
rescue NoMethodError
end