| Module | AuthenticatedSystem |
| In: |
lib/authenticated_system.rb
|
Inclusion hook to make current_user and logged_in? available as ActionView helper methods.
# File lib/authenticated_system.rb, line 95
95: def self.included(base)
96: base.send :helper_method, :current_user, :logged_in?
97: end
Redirect as appropriate when an access request fails.
The default action is to redirect to the login screen.
Override this method in your controllers if you want to have special behavior in case the user is not authorized to access the requested action. For example, a popup window might simply close itself.
# File lib/authenticated_system.rb, line 64
64: def access_denied
65: respond_to do |accepts|
66: accepts.html do
67: store_location
68: redirect_to :controller => '/account', :action => 'login'
69: end
70: accepts.xml do
71: headers["Status"] = "Unauthorized"
72: headers["WWW-Authenticate"] = %(Basic realm="Web Password")
73: render :text => "Could't authenticate you", :status => '401 Unauthorized'
74: end
75: end
76: false
77: end
Check if the user is authorized.
Override this method in your controllers if you want to restrict access to only a few actions or if you want to check if the user has the correct rights.
Example:
# only allow nonbobs def authorize? current_user.login != "bob" end
# File lib/authenticated_system.rb, line 32
32: def authorized?
33: true
34: end
Accesses the current user from the session.
# File lib/authenticated_system.rb, line 10
10: def current_user
11: @current_user ||= (session[:user] && User.find_by_id(session[:user])) || :false
12: end
Store the given user in the session.
# File lib/authenticated_system.rb, line 15
15: def current_user=(new_user)
16: session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
17: @current_user = new_user
18: end
Returns true or false if the user is logged in. Preloads @current_user with the user model if they‘re logged in.
# File lib/authenticated_system.rb, line 5 5: def logged_in? 6: current_user != :false 7: end
When called with before_filter :login_from_cookie will check for an :auth_token cookie and log the user back in if apropriate
# File lib/authenticated_system.rb, line 101
101: def login_from_cookie
102: return unless cookies[:auth_token] && !logged_in?
103: user = User.find_by_remember_token(cookies[:auth_token])
104: if user && user.remember_token?
105: user.remember_me
106: self.current_user = user
107: cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
108: flash[:notice] = "Logged in successfully"
109: end
110: end
Filter method to enforce a login requirement.
To require logins for all actions, use this in your controllers:
before_filter :login_required
To require logins for specific actions, use this in your controllers:
before_filter :login_required, :only => [ :edit, :update ]
To skip this in a subclassed controller:
skip_before_filter :login_required
# File lib/authenticated_system.rb, line 50
50: def login_required
51: username, passwd = get_auth_data
52: self.current_user ||= User.authenticate(username, passwd) || :false if username && passwd
53: logged_in? && authorized? ? true : access_denied
54: end
Redirect to the URI stored by the most recent store_location call or to the passed default.
# File lib/authenticated_system.rb, line 88
88: def redirect_back_or_default(default)
89: session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
90: session[:return_to] = nil
91: end
Store the URI of the current request in the session.
We can return to this location by calling redirect_back_or_default.
# File lib/authenticated_system.rb, line 82
82: def store_location
83: session[:return_to] = request.request_uri
84: end