module Sorcery::Controller::InstanceMethods

Public Instance Methods

auto_login(user, _should_remember = false) click to toggle source

login a user instance

@param [<User-Model>] user the user instance. @return - do not depend on the return value.

# File lib/sorcery/controller.rb, line 116
def auto_login(user, _should_remember = false)
  session[:user_id] = user.id.to_s
  @current_user = user
end
current_user() click to toggle source

attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not

# File lib/sorcery/controller.rb, line 87
def current_user
  unless defined?(@current_user)
    @current_user = login_from_session || login_from_other_sources || nil
  end
  @current_user
end
current_user=(user) click to toggle source
# File lib/sorcery/controller.rb, line 94
def current_user=(user)
  @current_user = user
end
handle_unverified_request() click to toggle source

Overwrite Rails' handle unverified request

Calls superclass method
# File lib/sorcery/controller.rb, line 122
def handle_unverified_request
  cookies[:remember_me_token] = nil
  @current_user = nil
  super # call the default behaviour which resets the session
end
logged_in?() click to toggle source
# File lib/sorcery/controller.rb, line 81
def logged_in?
  !!current_user
end
login(*credentials) { |user, failure_reason| ... } click to toggle source

Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.

# File lib/sorcery/controller.rb, line 37
def login(*credentials)
  @current_user = nil

  user_class.authenticate(*credentials) do |user, failure_reason|
    if failure_reason
      after_failed_login!(credentials)

      yield(user, failure_reason) if block_given?

      # FIXME: Does using `break` or `return nil` change functionality?
      # rubocop:disable Lint/NonLocalExitFromIterator
      return
      # rubocop:enable Lint/NonLocalExitFromIterator
    end

    old_session = session.dup.to_hash
    reset_sorcery_session
    old_session.each_pair do |k, v|
      session[k.to_sym] = v
    end
    form_authenticity_token

    auto_login(user, credentials[2])
    after_login!(user, credentials)

    block_given? ? yield(current_user, nil) : current_user
  end
end
logout() click to toggle source

Resets the session and runs hooks before and after.

# File lib/sorcery/controller.rb, line 71
def logout
  return unless logged_in?

  user = current_user
  before_logout!
  @current_user = nil
  reset_sorcery_session
  after_logout!(user)
end
not_authenticated() click to toggle source

The default action for denying non-authenticated users. You can override this method in your controllers, or provide a different method in the configuration.

# File lib/sorcery/controller.rb, line 108
def not_authenticated
  redirect_to root_path
end
redirect_back_or_to(url, flash_hash = {}) click to toggle source

used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.

# File lib/sorcery/controller.rb, line 100
def redirect_back_or_to(url, flash_hash = {})
  redirect_to(session[:return_to_url] || url, flash: flash_hash)
  session[:return_to_url] = nil
end
require_login() click to toggle source

To be used as before_action. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.

# File lib/sorcery/controller.rb, line 25
def require_login
  return if logged_in?

  if Config.save_return_to_url && request.get? && !request.xhr? && !request.format.json?
    session[:return_to_url] = request.url
  end

  send(Config.not_authenticated_action)
end
reset_sorcery_session() click to toggle source
# File lib/sorcery/controller.rb, line 66
def reset_sorcery_session
  reset_session # protect from session fixation attacks
end

Protected Instance Methods

after_failed_login!(credentials) click to toggle source
# File lib/sorcery/controller.rb, line 149
def after_failed_login!(credentials)
  Config.after_failed_login.each { |c| send(c, credentials) }
end
after_login!(user, credentials = []) click to toggle source
# File lib/sorcery/controller.rb, line 145
def after_login!(user, credentials = [])
  Config.after_login.each { |c| send(c, user, credentials) }
end
after_logout!(user) click to toggle source
# File lib/sorcery/controller.rb, line 157
def after_logout!(user)
  Config.after_logout.each { |c| send(c, user) }
end
after_remember_me!(user) click to toggle source
# File lib/sorcery/controller.rb, line 161
def after_remember_me!(user)
  Config.after_remember_me.each { |c| send(c, user) }
end
before_logout!() click to toggle source
# File lib/sorcery/controller.rb, line 153
def before_logout!
  Config.before_logout.each { |c| send(c) }
end
login_from_other_sources() click to toggle source

Tries all available sources (methods) until one doesn't return false.

# File lib/sorcery/controller.rb, line 131
def login_from_other_sources
  result = nil
  Config.login_sources.find do |source|
    result = send(source)
  end
  result || false
end
login_from_session() click to toggle source
# File lib/sorcery/controller.rb, line 139
def login_from_session
  @current_user = if session[:user_id]
                    user_class.sorcery_adapter.find_by_id(session[:user_id])
                  end
end
user_class() click to toggle source
# File lib/sorcery/controller.rb, line 165
def user_class
  @user_class ||= Config.user_class.to_s.constantize
rescue NameError
  raise ArgumentError, 'You have incorrectly defined user_class or have forgotten to define it in intitializer file (config.user_class = \'User\').'
end