Module: Sorcery::Controller::InstanceMethods
- Defined in:
- lib/sorcery/controller.rb
Instance Method Summary collapse
-
#auto_login(user, should_remember = false) ⇒ Object
login a user instance.
-
#current_user ⇒ Object
attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, false if not (using old restful-authentication trick, nil != false).
- #current_user=(user) ⇒ Object
-
#handle_unverified_request ⇒ Object
Overwrite Rails’ handle unverified request.
- #logged_in? ⇒ Boolean
-
#login(*credentials) ⇒ Object
Takes credentials and returns a user on successful authentication.
-
#logout ⇒ Object
Resets the session and runs hooks before and after.
-
#not_authenticated ⇒ Object
The default action for denying non-authenticated users.
-
#redirect_back_or_to(url, flash_hash = {}) ⇒ Object
used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.
-
#require_login ⇒ Object
To be used as before_filter.
-
#reset_sorcery_session ⇒ Object
put this into the catch block to rescue undefined method ‘destroy_session’ hotfix for github.com/NoamB/sorcery/issues/464 can be removed when Rails 4.1 is out.
Instance Method Details
#auto_login(user, should_remember = false) ⇒ Object
login a user instance
106 107 108 109 |
# File 'lib/sorcery/controller.rb', line 106 def auto_login(user, should_remember = false) session[:user_id] = user.id @current_user = user end |
#current_user ⇒ Object
attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, false if not (using old restful-authentication trick, nil != false).
76 77 78 79 80 81 82 |
# File 'lib/sorcery/controller.rb', line 76 def current_user if @current_user == false false else @current_user ||= login_from_session || login_from_other_sources end end |
#current_user=(user) ⇒ Object
84 85 86 |
# File 'lib/sorcery/controller.rb', line 84 def current_user=(user) @current_user = user end |
#handle_unverified_request ⇒ Object
Overwrite Rails’ handle unverified request
112 113 114 115 116 |
# File 'lib/sorcery/controller.rb', line 112 def handle_unverified_request [:remember_me_token] = nil @current_user = nil super # call the default behaviour which resets the session end |
#logged_in? ⇒ Boolean
70 71 72 |
# File 'lib/sorcery/controller.rb', line 70 def logged_in? !!current_user end |
#login(*credentials) ⇒ Object
Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/sorcery/controller.rb', line 31 def login(*credentials) @current_user = nil user = user_class.authenticate(*credentials) if user old_session = session.dup.to_hash reset_sorcery_session old_session.each_pair do |k,v| session[k.to_sym] = v end form_authenticity_token auto_login(user) after_login!(user, credentials) current_user else after_failed_login!(credentials) nil end end |
#logout ⇒ Object
Resets the session and runs hooks before and after.
60 61 62 63 64 65 66 67 68 |
# File 'lib/sorcery/controller.rb', line 60 def logout if logged_in? @current_user = current_user if @current_user.nil? before_logout!(@current_user) reset_sorcery_session after_logout! @current_user = nil end end |
#not_authenticated ⇒ Object
The default action for denying non-authenticated users. You can override this method in your controllers, or provide a different method in the configuration.
98 99 100 |
# File 'lib/sorcery/controller.rb', line 98 def not_authenticated redirect_to root_path end |
#redirect_back_or_to(url, flash_hash = {}) ⇒ Object
used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.
90 91 92 93 |
# File 'lib/sorcery/controller.rb', line 90 def redirect_back_or_to(url, flash_hash = {}) redirect_to(session[:return_to_url] || url, :flash => flash_hash) session[:return_to_url] = nil end |
#require_login ⇒ Object
To be used as before_filter. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.
22 23 24 25 26 27 |
# File 'lib/sorcery/controller.rb', line 22 def require_login if !logged_in? session[:return_to_url] = request.url if Config.save_return_to_url && request.get? self.send(Config.not_authenticated_action) end end |
#reset_sorcery_session ⇒ Object
put this into the catch block to rescue undefined method ‘destroy_session’ hotfix for github.com/NoamB/sorcery/issues/464 can be removed when Rails 4.1 is out
54 55 56 57 |
# File 'lib/sorcery/controller.rb', line 54 def reset_sorcery_session reset_session # protect from session fixation attacks rescue NoMethodError end |