Module: Auth::Behavior::Core::ControllerExtensions

Defined in:

lib/auth/behavior/core/controller_extensions.rb

Defined Under Namespace

Modules: ClassMethods, CurrentUser

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #login!(user, options = {}) ⇒ Object

  Forcibly logs in the current client as the specified user.

• #logout!(options = {}) ⇒ Object

  Forcibly logs out the current client.

• #redirect_back_or_default(path, notice = nil) ⇒ Object
• #require_login ⇒ Object
• #require_logout ⇒ Object
• #store_location(url = request.respond_to?(:fullpath) ? request.fullpath : request.request_uri) ⇒ Object

Class Method Details

.included(base) ⇒ Object

# File 'lib/auth/behavior/core/controller_extensions.rb', line 2

def self.included(base)
  base.class_eval do
    include Auth::Behavior::Core::ControllerExtensions::CurrentUser
    extend Auth::Behavior::Core::ControllerExtensions::ClassMethods
    helper_method :new_session_path, :current_user
    hide_action :current_user, :find_current_session, :require_login, :require_logout, :login!, :logout!,
                :redirect_back_or_default, :new_session_path, :store_location

    # we'll still check, but only if single_access_token is omitted
    # TODO see if this is safe, and if there's a smarter approach
    skip_before_filter :verify_authenticity_token
  end
end

Instance Method Details

#login!(user, options = {}) ⇒ Object

Forcibly logs in the current client as the specified user.

The options hash is unused, and is reserved for other behaviors to make use of. For instance, the “remember me” behavior checks for a :remember option and, if true, sets a remembrance token cookie.

# File 'lib/auth/behavior/core/controller_extensions.rb', line 41

def login!(user, options = {})
  session[:session_token] = user.persistence_token
  session[:active_at] = Time.now
  @current_user = user
end

#logout!(options = {}) ⇒ Object

Forcibly logs out the current client.

The options hash is unused, and is reserved for other behaviors to make use of.

# File 'lib/auth/behavior/core/controller_extensions.rb', line 51

def logout!(options = {})
  session[:session_token] = session[:active_at] = nil
end

#redirect_back_or_default(path, notice = nil) ⇒ Object

# File 'lib/auth/behavior/core/controller_extensions.rb', line 55

def redirect_back_or_default(path, notice = nil)
  flash[:notice] = notice if notice
  redirect_to session.delete(:destination) || path
end

#require_login ⇒ Object

# File 'lib/auth/behavior/core/controller_extensions.rb', line 16

def require_login                                    
  unless current_user
    store_location
    flash[:notice] = @session_timeout_message || Auth.login_required_message
    login_path = Auth.default_login_path ? send(Auth.default_login_path) : Auth.default_destination
    redirect_to login_path
  else
    verify_authenticity_token unless current_user && params[:single_access_token]
  end
end

#require_logout ⇒ Object

# File 'lib/auth/behavior/core/controller_extensions.rb', line 31

def require_logout
  verify_authenticity_token
  redirect_back_or_default Auth.default_destination, Auth.logout_required_message if current_user
end

#store_location(url = request.respond_to?(:fullpath) ? request.fullpath : request.request_uri) ⇒ Object

# File 'lib/auth/behavior/core/controller_extensions.rb', line 27

def store_location(url = request.respond_to?(:fullpath) ? request.fullpath : request.request_uri)
  session[:destination] = url
end