module Sorcery::Controller::InstanceMethods
Public Instance Methods
login a user instance
@param [<User-Model>] user the user instance. @return - do not depend on the return value.
# File lib/sorcery/controller.rb, line 116 def auto_login(user, _should_remember = false) session[:user_id] = user.id.to_s @current_user = user end
attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not
# File lib/sorcery/controller.rb, line 87 def current_user unless defined?(@current_user) @current_user = login_from_session || login_from_other_sources || nil end @current_user end
# File lib/sorcery/controller.rb, line 94 def current_user=(user) @current_user = user end
Overwrite Rails' handle unverified request
# File lib/sorcery/controller.rb, line 122 def handle_unverified_request cookies[:remember_me_token] = nil @current_user = nil super # call the default behaviour which resets the session end
# File lib/sorcery/controller.rb, line 81 def logged_in? !!current_user end
Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.
# File lib/sorcery/controller.rb, line 37 def login(*credentials) @current_user = nil user_class.authenticate(*credentials) do |user, failure_reason| if failure_reason after_failed_login!(credentials) yield(user, failure_reason) if block_given? # FIXME: Does using `break` or `return nil` change functionality? # rubocop:disable Lint/NonLocalExitFromIterator return # rubocop:enable Lint/NonLocalExitFromIterator end old_session = session.dup.to_hash reset_sorcery_session old_session.each_pair do |k, v| session[k.to_sym] = v end form_authenticity_token auto_login(user, credentials[2]) after_login!(user, credentials) block_given? ? yield(current_user, nil) : current_user end end
Resets the session and runs hooks before and after.
# File lib/sorcery/controller.rb, line 71 def logout return unless logged_in? user = current_user before_logout! @current_user = nil reset_sorcery_session after_logout!(user) end
The default action for denying non-authenticated users. You can override this method in your controllers, or provide a different method in the configuration.
# File lib/sorcery/controller.rb, line 108 def not_authenticated redirect_to root_path end
used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.
# File lib/sorcery/controller.rb, line 100 def redirect_back_or_to(url, flash_hash = {}) redirect_to(session[:return_to_url] || url, flash: flash_hash) session[:return_to_url] = nil end
To be used as before_action. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.
# File lib/sorcery/controller.rb, line 25 def require_login return if logged_in? if Config.save_return_to_url && request.get? && !request.xhr? && !request.format.json? session[:return_to_url] = request.url end send(Config.not_authenticated_action) end
# File lib/sorcery/controller.rb, line 66 def reset_sorcery_session reset_session # protect from session fixation attacks end
Protected Instance Methods
# File lib/sorcery/controller.rb, line 149 def after_failed_login!(credentials) Config.after_failed_login.each { |c| send(c, credentials) } end
# File lib/sorcery/controller.rb, line 145 def after_login!(user, credentials = []) Config.after_login.each { |c| send(c, user, credentials) } end
# File lib/sorcery/controller.rb, line 157 def after_logout!(user) Config.after_logout.each { |c| send(c, user) } end
# File lib/sorcery/controller.rb, line 161 def after_remember_me!(user) Config.after_remember_me.each { |c| send(c, user) } end
# File lib/sorcery/controller.rb, line 153 def before_logout! Config.before_logout.each { |c| send(c) } end
Tries all available sources (methods) until one doesn't return false.
# File lib/sorcery/controller.rb, line 131 def login_from_other_sources result = nil Config.login_sources.find do |source| result = send(source) end result || false end
# File lib/sorcery/controller.rb, line 139 def login_from_session @current_user = if session[:user_id] user_class.sorcery_adapter.find_by_id(session[:user_id]) end end
# File lib/sorcery/controller.rb, line 165 def user_class @user_class ||= Config.user_class.to_s.constantize rescue NameError raise ArgumentError, 'You have incorrectly defined user_class or have forgotten to define it in intitializer file (config.user_class = \'User\').' end