class Clearance::Configuration

Attributes

allow_sign_up[W]

Controls whether the sign up route is enabled. Defaults to `true`. Set to `false` to disable user creation routes. The setting is ignored if routes are disabled. @param [Boolean] value @return [Boolean]

allowed_backdoor_environments[RW]

The array of allowed environments where `Clearance::BackDoor` is enabled. Defaults to [“test”, “ci”, “development”] @return [Array<String>]

httponly[RW]

Controls whether the HttpOnly flag should be set on the remember token cookie. Defaults to `true`, which prevents the cookie from being made available to JavaScript. For more see [RFC6265](tools.ietf.org/html/rfc6265#section-5.2.6). @return [Boolean]

mailer_sender[RW]

Controls the address the password reset email is sent from. Defaults to reply@example.com. @return [String]

parent_controller[W]

The controller class that all Clearance controllers will inherit from. Defaults to `::ApplicationController`. @return [ActionController::Base]

password_strategy[RW]

The password strategy to use when authenticating and setting passwords. Defaults to {Clearance::PasswordStrategies::BCrypt}. @return [Module authenticated? password=]

redirect_url[RW]

The default path Clearance will redirect signed in users to. Defaults to `“/”`. This can often be overridden for specific scenarios by overriding controller methods that rely on it. @return [String]

rotate_csrf_on_sign_in[RW]

Controls whether Clearance will rotate the CSRF token on sign in. Defaults to `nil` which generates a warning. Will default to true in Clearance 2.0.

routes[W]

Set to `false` to disable Clearance's built-in routes. Defaults to `true`. When set to false, your app is responsible for all routes. You can dump a copy of Clearance's default routes with `rails generate clearance:routes`. @return [Boolean]

same_site[RW]

Same-site cookies (“First-Party-Only” or “First-Party”) allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain. Defaults to `nil`. For more, see [RFC6265](tools.ietf.org/html/draft-west-first-party-cookies-06#section-4.1.1). and github.com/rack/rack/blob/6eda04886e3a57918ca2d6a482fda02a678fef0a/lib/rack/utils.rb#L232-L244 @return [String]

sign_in_guards[RW]

The array of sign in guards to run when signing a user in. Defaults to an empty array. Sign in guards respond to `call` and are initialized with a session and the current stack. Each guard can decide to fail the sign in, yield to the next guard, or allow the sign in. @return [Array<#call>]

user_model[W]

The ActiveRecord class that represents users in your application. Defaults to `::User`. @return [ActiveRecord::Base]

Public Class Methods

new() click to toggle source
# File lib/clearance/configuration.rb, line 121
def initialize
  @allow_sign_up = true
  @allowed_backdoor_environments = ["test", "ci", "development"]
  @cookie_domain = nil
  @cookie_expiration = ->(cookies) { 1.year.from_now.utc }
  @cookie_name = "remember_token"
  @cookie_path = '/'
  @httponly = true
  @same_site = nil
  @mailer_sender = 'reply@example.com'
  @redirect_url = '/'
  @rotate_csrf_on_sign_in = true
  @routes = true
  @secure_cookie = false
  @signed_cookie = false
  @sign_in_guards = []
end

Public Instance Methods

allow_sign_up?() click to toggle source

Is the user sign up route enabled? @return [Boolean]

# File lib/clearance/configuration.rb, line 165
def allow_sign_up?
  @allow_sign_up
end
parent_controller() click to toggle source

The class representing the configured base controller. In the default configuration, this is the `ApplicationController` class. @return [Class]

# File lib/clearance/configuration.rb, line 159
def parent_controller
  (@parent_controller || "ApplicationController").to_s.constantize
end
reload_user_model() click to toggle source

Reloads the clearance user model class. This is called from the Clearance engine to reload the configured user class during each request while in development mode, but only once in production.

@api private

# File lib/clearance/configuration.rb, line 208
def reload_user_model
  if @user_model.present?
    @user_model = @user_model.to_s.constantize
  end
end
rotate_csrf_on_sign_in?() click to toggle source
# File lib/clearance/configuration.rb, line 214
def rotate_csrf_on_sign_in?
  !!rotate_csrf_on_sign_in
end
routes_enabled?() click to toggle source

@return [Boolean] are Clearance's built-in routes enabled?

# File lib/clearance/configuration.rb, line 198
def routes_enabled?
  @routes
end
user_actions() click to toggle source

Specifies which controller actions are allowed for user resources. This will be `[:create]` is `allow_sign_up` is true (the default), and empty otherwise. @return [Array<Symbol>]

# File lib/clearance/configuration.rb, line 173
def  user_actions
  if allow_sign_up?
    [:create]
  else
    []
  end
end
user_id_parameter() click to toggle source

The name of foreign key parameter for the configured user model. This is derived from the `model_name` of the `user_model` setting. In the default configuration, this is `user_id`. @return [Symbol]

# File lib/clearance/configuration.rb, line 193
def user_id_parameter
  "#{user_parameter}_id".to_sym
end
user_model() click to toggle source

The class representing the configured user model. In the default configuration, this is the `User` class. @return [Class]

# File lib/clearance/configuration.rb, line 152
def user_model
  (@user_model || "User").to_s.constantize
end
user_parameter() click to toggle source

The name of user parameter for the configured user model. This is derived from the `model_name` of the `user_model` setting. In the default configuration, this is `user`. @return [Symbol]

# File lib/clearance/configuration.rb, line 185
def user_parameter
  user_model.model_name.singular.to_sym
end