Module: Spree::Core::ControllerHelpers::Auth
- Extended by:
- ActiveSupport::Concern
- Includes:
- TokenGenerator
- Included in:
- BaseController
- Defined in:
- lib/spree/core/controller_helpers/auth.rb
Instance Method Summary collapse
-
#current_ability ⇒ Object
Needs to be overridden so that we use Spree’s Ability rather than anyone else’s.
- #current_oauth_token ⇒ Object
- #redirect_back_or_default(default) ⇒ Object
-
#redirect_unauthorized_access ⇒ Object
Redirect as appropriate when an access request fails.
- #set_token ⇒ Object
- #store_location ⇒ Object
-
#try_spree_current_user ⇒ Object
proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user.
Methods included from TokenGenerator
Instance Method Details
#current_ability ⇒ Object
Needs to be overridden so that we use Spree’s Ability rather than anyone else’s.
20 21 22 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 20 def current_ability @current_ability ||= Spree::Dependencies.ability_class.constantize.new(try_spree_current_user) end |
#current_oauth_token ⇒ Object
38 39 40 41 42 43 44 45 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 38 def current_oauth_token get_last_access_token = ->(user) { Spree::OauthAccessToken.active_for(user).where(expires_in: nil).last } create_access_token = ->(user) { Spree::OauthAccessToken.create!(resource_owner: user) } user = try_spree_current_user return unless user @current_oauth_token ||= get_last_access_token.call(user) || create_access_token.call(user) end |
#redirect_back_or_default(default) ⇒ Object
24 25 26 27 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 24 def redirect_back_or_default(default) redirect_to(session['spree_user_return_to'] || request.env['HTTP_REFERER'] || default) session['spree_user_return_to'] = nil end |
#redirect_unauthorized_access ⇒ Object
Redirect as appropriate when an access request fails. The default action is to redirect to the login screen. Override this method in your controllers if you want to have special behavior in case the user is not authorized to access the requested action. For example, a popup window might simply close itself.
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 77 def ActiveSupport::Deprecation.warn(<<-DEPRECATION, caller) Core::ControllerHelpers#redirect_unauthorized_access is deprecated and will be removed in Spree 5.0. This method is implemented differently for Storefront and Admin DEPRECATION if try_spree_current_user flash[:error] = Spree.t(:authorization_failure) redirect_to spree.forbidden_path else store_location if Spree.respond_to?(:admin_path) && request.fullpath.match(Spree.admin_path) && defined?(spree.admin_login_path) redirect_to spree.admin_login_path elsif respond_to?(:spree_login_path) redirect_to spree_login_path elsif spree.respond_to?(:root_path) redirect_to spree.root_path else redirect_to main_app.respond_to?(:root_path) ? main_app.root_path : '/' end end end |
#set_token ⇒ Object
29 30 31 32 33 34 35 36 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 29 def set_token .permanent.signed[:token] ||= .signed[:guest_token] .permanent.signed[:token] ||= { value: generate_token, httponly: true } .permanent.signed[:guest_token] ||= .permanent.signed[:token] end |
#store_location ⇒ Object
47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 47 def store_location # disallow return to login, logout, signup pages authentication_routes = [:spree_signup_path, :spree_login_path, :spree_logout_path] disallowed_urls = [] authentication_routes.each do |route| disallowed_urls << send(route) if respond_to?(route) end disallowed_urls.map! { |url| url[/\/\w+$/] } unless disallowed_urls.include?(request.fullpath) session['spree_user_return_to'] = request.fullpath.gsub('//', '/') end end |
#try_spree_current_user ⇒ Object
proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user
63 64 65 66 67 68 69 70 71 72 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 63 def try_spree_current_user # This one will be defined by apps looking to hook into Spree # As per authentication_helpers.rb if respond_to?(:spree_current_user) spree_current_user # This one will be defined by Devise elsif respond_to?(:current_spree_user) current_spree_user end end |