Module: Sorcery::Controller::InstanceMethods

Defined in:
lib/sorcery/controller.rb

Instance Method Summary collapse

Instance Method Details

#auto_login(user, _should_remember = false) ⇒ Object

login a user instance

Parameters:

  • user (<User-Model>)

    the user instance.

Returns:

    • do not depend on the return value.



116
117
118
119
# File 'lib/sorcery/controller.rb', line 116

def (user, _should_remember = false)
  session[:user_id] = user.id.to_s
  @current_user = user
end

#current_userObject

attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not



87
88
89
90
91
92
# File 'lib/sorcery/controller.rb', line 87

def current_user
  unless defined?(@current_user)
    @current_user =  ||  || nil
  end
  @current_user
end

#current_user=(user) ⇒ Object



94
95
96
# File 'lib/sorcery/controller.rb', line 94

def current_user=(user)
  @current_user = user
end

#handle_unverified_requestObject

Overwrite Rails’ handle unverified request



122
123
124
125
126
# File 'lib/sorcery/controller.rb', line 122

def handle_unverified_request
  cookies[:remember_me_token] = nil
  @current_user = nil
  super # call the default behaviour which resets the session
end

#logged_in?Boolean

Returns:

  • (Boolean)


81
82
83
# File 'lib/sorcery/controller.rb', line 81

def logged_in?
  !!current_user
end

#login(*credentials) ⇒ Object

Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/sorcery/controller.rb', line 37

def (*credentials)
  @current_user = nil

  user_class.authenticate(*credentials) do |user, failure_reason|
    if failure_reason
      after_failed_login!(credentials)

      yield(user, failure_reason) if block_given?

      # FIXME: Does using `break` or `return nil` change functionality?
      # rubocop:disable Lint/NonLocalExitFromIterator
      return
      # rubocop:enable Lint/NonLocalExitFromIterator
    end

    old_session = session.dup.to_hash
    reset_sorcery_session
    old_session.each_pair do |k, v|
      session[k.to_sym] = v
    end
    form_authenticity_token

    (user, credentials[2])
    after_login!(user, credentials)

    block_given? ? yield(current_user, nil) : current_user
  end
end

#logoutObject

Resets the session and runs hooks before and after.



71
72
73
74
75
76
77
78
79
# File 'lib/sorcery/controller.rb', line 71

def logout
  return unless logged_in?

  user = current_user
  before_logout!
  @current_user = nil
  reset_sorcery_session
  after_logout!(user)
end

#not_authenticatedObject

The default action for denying non-authenticated users. You can override this method in your controllers, or provide a different method in the configuration.



108
109
110
# File 'lib/sorcery/controller.rb', line 108

def not_authenticated
  redirect_to root_path
end

#redirect_back_or_to(url, flash_hash = {}) ⇒ Object

used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.



100
101
102
103
# File 'lib/sorcery/controller.rb', line 100

def redirect_back_or_to(url, flash_hash = {})
  redirect_to(session[:return_to_url] || url, flash: flash_hash)
  session[:return_to_url] = nil
end

#require_loginObject

To be used as before_action. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.



25
26
27
28
29
30
31
32
33
# File 'lib/sorcery/controller.rb', line 25

def 
  return if logged_in?

  if Config.save_return_to_url && request.get? && !request.xhr? && !request.format.json?
    session[:return_to_url] = request.url
  end

  send(Config.not_authenticated_action)
end

#reset_sorcery_sessionObject



66
67
68
# File 'lib/sorcery/controller.rb', line 66

def reset_sorcery_session
  reset_session # protect from session fixation attacks
end