Module: Authenticate::Controller

Extended by:
ActiveSupport::Concern
Includes:
Debug
Defined in:
lib/authenticate/controller.rb

Overview

The authenticate controller methods.

Typically, you include this concern into your ApplicationController. A basic implementation might look like this:

class ApplicationController < ActionController::Base
   include Authenticate::Controller
   before_action :require_authentication
   protect_from_forgery with: :exception
 end

Methods, generally called from authenticate's app controllers:

  • authenticate(params) - validate a user's identity

  • login(user, &block) - complete login after validating a user's identity, creating an Authenticate session

  • logout - log a user out, invalidating their Authenticate session.

Action/Filter:

  • require_authentication - restrict access to authenticated users, often from ApplicationController

Helpers, used anywhere:

  • current_user - get the current user from the current Authenticate session.

  • authenticated? - has the user been logged in?

Instance Method Summary collapse

Methods included from Debug

#debug

Instance Method Details

#authenticate(params) ⇒ Object

Validate a user's identity with (typically) email/ID & password, and return the User if valid, or nil. After calling this, call login(user) to complete the process.


36
37
38
39
# File 'lib/authenticate/controller.rb', line 36

def authenticate(params)
  credentials = Authenticate.configuration.user_model_class.credentials(params)
  Authenticate.configuration.user_model_class.authenticate(credentials)
end

#authenticate_controller?Boolean

Return true if it's an Authenticate controller. Useful if you want to apply a before filter to all controllers, except the ones in Authenticate, e.g.

before_action :my_filter, unless: :authenticate_controller?

Returns:

  • (Boolean)

109
110
111
# File 'lib/authenticate/controller.rb', line 109

def authenticate_controller?
  is_a?(Authenticate::AuthenticateController)
end

#authenticated?Boolean

Has the user been logged in? Exposed as a helper, can be called from views.

<% if authenticated? %>
  <%= link_to logout_path, "Sign out" %>
<% else %>
  <%= link_to login_path, "Sign in" %>
<% end %>

Returns:

  • (Boolean)

91
92
93
# File 'lib/authenticate/controller.rb', line 91

def authenticated?
  authenticate_session.authenticated?
end

#current_userObject

Get the current user from the current Authenticate session. Exposed as a helper , can be called from controllers, views, and other helpers.

<p>Your email address: <%= current_user.email %></p>

100
101
102
# File 'lib/authenticate/controller.rb', line 100

def current_user
  authenticate_session.current_user
end

#login(user, &block) ⇒ Object

Complete the user's sign in process: after calling authenticate, or after user creates account. Runs all valid callbacks and sends the user a session token.


43
44
45
# File 'lib/authenticate/controller.rb', line 43

def (user, &block)
  authenticate_session. user, &block
end

#logoutObject

Log the user out. Typically used in session controller.

class SessionsController < ActionController::Base

include Authenticate::Controller

def destroy
  logout
  redirect_to '/', notice: 'You logged out successfully'
end

56
57
58
# File 'lib/authenticate/controller.rb', line 56

def logout
  authenticate_session.deauthenticate
end

#require_authenticationObject

Use this filter as a before_action to restrict controller actions to authenticated users. Consider using in application_controller to restrict access to all controllers.

Example:

class ApplicationController < ActionController::Base
  before_action :require_authentication

  def index
    # ...
  end
end

73
74
75
76
77
78
79
80
81
# File 'lib/authenticate/controller.rb', line 73

def require_authentication
  debug 'Controller::require_authentication'
  unauthorized unless authenticated?
  message = catch(:failure) do
    current_user = authenticate_session.current_user
    Authenticate.lifecycle.run_callbacks(:after_set_user, current_user, authenticate_session, event: :set_user)
  end
  unauthorized(message) if message
end