module Authenticate::Controller

The authenticate controller methods.

Typically, you include this concern into your ApplicationController. A basic implementation might look like this:

class ApplicationController < ActionController::Base
   include Authenticate::Controller
   before_action :require_login
   protect_from_forgery with: :exception
 end

Methods, generally called from authenticate's app controllers:

Action/Filter:

Helpers, used anywhere:

Public Instance Methods

authenticate(params) click to toggle source

Validate a user's identity with (typically) email/ID & password, and return the User if valid, or nil. After calling this, call login(user) to complete the process.

# File lib/authenticate/controller.rb, line 37
def authenticate(params)
  credentials = Authenticate.configuration.user_model_class.credentials(params)
  Authenticate.configuration.user_model_class.authenticate(credentials)
end
authenticate_controller?() click to toggle source

Return true if it's an Authenticate controller. Useful if you want to apply a before filter to all controllers, except the ones in Authenticate, e.g.

before_action :my_filter, unless: :authenticate_controller?
# File lib/authenticate/controller.rb, line 128
def authenticate_controller?
  is_a?(Authenticate::AuthenticateController)
end
authenticated?() click to toggle source

The old API. DEPRECATED, use logged_in? instead.

todo: remove in a future version.

# File lib/authenticate/controller.rb, line 144
def authenticated?
  warn "#{Kernel.caller.first}: [DEPRECATION] " +
         "'authenticated?' is deprecated and will be removed in a future release. Use 'logged_in?' instead."
  logged_in?
end
current_user() click to toggle source

Get the current user from the current Authenticate session. Exposed as a helper , can be called from controllers, views, and other helpers.

<p>Your email address: <%= current_user.email %></p>
# File lib/authenticate/controller.rb, line 119
def current_user
  authenticate_session.current_user
end
logged_in?() click to toggle source

Has the user been logged in? Exposed as a helper, can be called from views.

<% if logged_in? %>
  <%= link_to sign_out_path, "Sign out" %>
<% else %>
  <%= link_to sign_in_path, "Sign in" %>
<% end %>
# File lib/authenticate/controller.rb, line 99
def logged_in?
  debug "!!!!!!!!!!!!!!!!!! controller#logged_in?"
  authenticate_session.logged_in?
end
logged_out?() click to toggle source

Has the user not logged in? Exposed as a helper, can be called from views.

<% if logged_out? %>
  <%= link_to sign_in_path, "Sign in" %>
<% end %>
# File lib/authenticate/controller.rb, line 110
def logged_out?
  !logged_in?
end
login(user, &block) click to toggle source

Complete the user's sign in process: after calling authenticate, or after user creates account. Runs all valid callbacks and sends the user a session token.

# File lib/authenticate/controller.rb, line 44
def login(user, &block)
  authenticate_session.login user, &block

  if logged_in? && Authenticate.configuration.rotate_csrf_on_sign_in?
    session.delete(:_csrf_token)
    form_authenticity_token
  end
end
logout() click to toggle source

Log the user out. Typically used in session controller.

class SessionsController < ActionController::Base

include Authenticate::Controller

def destroy
  logout
  redirect_to '/', notice: 'You logged out successfully'
end
# File lib/authenticate/controller.rb, line 62
def logout
  authenticate_session.logout
end
require_authentication() click to toggle source

The old API. DEPRECATED, use require_login instead.

todo: remove in a future version.

# File lib/authenticate/controller.rb, line 135
def require_authentication
  warn "#{Kernel.caller.first}: [DEPRECATION] " +
    "'require_authentication' is deprecated and will be removed in a future release. use 'require_login' instead"
  require_login
end
require_login() click to toggle source

Use this filter as a before_action to control access to controller actions, limiting to logged in users.

Placing in application_controller will control access to all controllers.

Example:

class ApplicationController < ActionController::Base
  before_action :require_login

  def index
    # ...
  end
end
# File lib/authenticate/controller.rb, line 81
def require_login
  debug "!!!!!!!!!!!!!!!!!! controller#require_login " # logged_in? #{logged_in?}"
  unauthorized unless logged_in?
  message = catch(:failure) do
    current_user = authenticate_session.current_user
    Authenticate.lifecycle.run_callbacks(:after_set_user, current_user, authenticate_session, event: :set_user)
  end
  unauthorized(message) if message
end

Protected Instance Methods

redirect_back_or(default) click to toggle source
# File lib/authenticate/controller.rb, line 175
def redirect_back_or(default)
  redirect_to(stored_location || default)
  clear_stored_location
end
redirect_unauthorized(flash_message) click to toggle source
# File lib/authenticate/controller.rb, line 161
def redirect_unauthorized(flash_message)
  store_location!

  if flash_message
    flash[:notice] = flash_message # TODO: use locales
  end

  if logged_in?
    redirect_to url_after_denied_access_when_signed_in
  else
    redirect_to url_after_denied_access_when_signed_out
  end
end
unauthorized(msg = t('flashes.failure_when_not_signed_in')) click to toggle source

User is not authorized, bounce 'em to sign in

# File lib/authenticate/controller.rb, line 153
def unauthorized(msg = t('flashes.failure_when_not_signed_in'))
  authenticate_session.logout
  respond_to do |format|
    format.any(:js, :json, :xml) { head :unauthorized }
    format.any { redirect_unauthorized(msg) }
  end
end
url_after_denied_access_when_signed_in() click to toggle source

Used as the redirect location when {#unauthorized} is called and there is a currently signed in user.

@return [String]

# File lib/authenticate/controller.rb, line 184
def url_after_denied_access_when_signed_in
  Authenticate.configuration.redirect_url
end
url_after_denied_access_when_signed_out() click to toggle source

Used as the redirect location when {#unauthorized} is called and there is no currently signed in user.

@return [String]

# File lib/authenticate/controller.rb, line 192
def url_after_denied_access_when_signed_out
  sign_in_url
end

Private Instance Methods

authenticate_session() click to toggle source
# File lib/authenticate/controller.rb, line 213
def authenticate_session
  @authenticate_session ||= Authenticate::Session.new(request)
end
clear_stored_location() click to toggle source
# File lib/authenticate/controller.rb, line 209
def clear_stored_location
  session[:authenticate_return_to] = nil
end
store_location!() click to toggle source

Write location to return to in user's session (normally a cookie).

# File lib/authenticate/controller.rb, line 199
def store_location!
  if request.get?
    session[:authenticate_return_to] = request.original_fullpath
  end
end
stored_location() click to toggle source
# File lib/authenticate/controller.rb, line 205
def stored_location
  session[:authenticate_return_to]
end