Module: Sorcery::Controller::InstanceMethods
- Defined in:
- lib/sorcery/controller.rb
Instance Method Summary collapse
-
#auto_login(user, _should_remember = false) ⇒ Object
login a user instance.
-
#current_user ⇒ Object
attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not.
- #current_user=(user) ⇒ Object
-
#handle_unverified_request ⇒ Object
Overwrite Rails’ handle unverified request.
- #logged_in? ⇒ Boolean
-
#login(*credentials) ⇒ Object
Takes credentials and returns a user on successful authentication.
-
#logout ⇒ Object
Resets the session and runs hooks before and after.
-
#not_authenticated ⇒ Object
The default action for denying non-authenticated users.
-
#redirect_back_or_to(url, flash_hash = {}) ⇒ Object
used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.
-
#require_login ⇒ Object
To be used as before_action.
- #reset_sorcery_session ⇒ Object
Instance Method Details
#auto_login(user, _should_remember = false) ⇒ Object
login a user instance
116 117 118 119 |
# File 'lib/sorcery/controller.rb', line 116 def auto_login(user, _should_remember = false) session[:user_id] = user.id.to_s @current_user = user end |
#current_user ⇒ Object
attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not
87 88 89 90 91 92 |
# File 'lib/sorcery/controller.rb', line 87 def current_user unless defined?(@current_user) @current_user = login_from_session || login_from_other_sources || nil end @current_user end |
#current_user=(user) ⇒ Object
94 95 96 |
# File 'lib/sorcery/controller.rb', line 94 def current_user=(user) @current_user = user end |
#handle_unverified_request ⇒ Object
Overwrite Rails’ handle unverified request
122 123 124 125 126 |
# File 'lib/sorcery/controller.rb', line 122 def handle_unverified_request [:remember_me_token] = nil @current_user = nil super # call the default behaviour which resets the session end |
#logged_in? ⇒ Boolean
81 82 83 |
# File 'lib/sorcery/controller.rb', line 81 def logged_in? !!current_user end |
#login(*credentials) ⇒ Object
Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/sorcery/controller.rb', line 37 def login(*credentials) @current_user = nil user_class.authenticate(*credentials) do |user, failure_reason| if failure_reason after_failed_login!(credentials) yield(user, failure_reason) if block_given? # FIXME: Does using `break` or `return nil` change functionality? # rubocop:disable Lint/NonLocalExitFromIterator return # rubocop:enable Lint/NonLocalExitFromIterator end old_session = session.dup.to_hash reset_sorcery_session old_session.each_pair do |k, v| session[k.to_sym] = v end form_authenticity_token auto_login(user, credentials[2]) after_login!(user, credentials) block_given? ? yield(current_user, nil) : current_user end end |
#logout ⇒ Object
Resets the session and runs hooks before and after.
71 72 73 74 75 76 77 78 79 |
# File 'lib/sorcery/controller.rb', line 71 def logout return unless logged_in? user = current_user before_logout! @current_user = nil reset_sorcery_session after_logout!(user) end |
#not_authenticated ⇒ Object
The default action for denying non-authenticated users. You can override this method in your controllers, or provide a different method in the configuration.
108 109 110 |
# File 'lib/sorcery/controller.rb', line 108 def not_authenticated redirect_to root_path end |
#redirect_back_or_to(url, flash_hash = {}) ⇒ Object
used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.
100 101 102 103 |
# File 'lib/sorcery/controller.rb', line 100 def redirect_back_or_to(url, flash_hash = {}) redirect_to(session[:return_to_url] || url, flash: flash_hash) session[:return_to_url] = nil end |
#require_login ⇒ Object
To be used as before_action. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.
25 26 27 28 29 30 31 32 33 |
# File 'lib/sorcery/controller.rb', line 25 def require_login return if logged_in? if Config.save_return_to_url && request.get? && !request.xhr? && !request.format.json? session[:return_to_url] = request.url end send(Config.not_authenticated_action) end |
#reset_sorcery_session ⇒ Object
66 67 68 |
# File 'lib/sorcery/controller.rb', line 66 def reset_sorcery_session reset_session # protect from session fixation attacks end |