module Clearance::Authentication

Public Instance Methods

authenticate(params) click to toggle source

Authenticate a user with a provided email and password @param [ActionController::Parameters] params The parameters from the

sign in form. `params[:session][:email]` and
`params[:session][:password]` are required.

@return [User, nil] The user or nil if authentication fails.

# File lib/clearance/authentication.rb, line 26
def authenticate(params)
  session_params = params.require(:session)

  Clearance.configuration.user_model.authenticate(
    session_params[:email], session_params[:password]
  )
end
current_user() click to toggle source

Get the user from the current clearance session. Exposed as a ‘helper_method`, making it visible to views. Prefer {#signed_in?} or {#signed_out?} if you only want to check for the presence of a current user rather than access the actual user.

@return [User, nil] The user if one is signed in or nil otherwise.

# File lib/clearance/authentication.rb, line 40
def current_user
  clearance_session.current_user
end
handle_unverified_request() click to toggle source

CSRF protection in Rails >= 3.0.4

weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails @private

Calls superclass method
# File lib/clearance/authentication.rb, line 111
def handle_unverified_request
  super
  sign_out
end
sign_in(user, &block) click to toggle source

Sign in the provided user. @param [User] user

Signing in will run the stack of {Configuration#sign_in_guards}.

You can provide a block to this method to handle the result of that stack. Your block will receive either a {SuccessStatus} or {FailureStatus}

sign_in(user) do |status|
  if status.success?
    # ...
  else
    # ...
  end
end

For an example of how clearance uses this internally, see {SessionsController#create}.

Signing in will also regenerate the CSRF token for the current session, provided {Configuration#rotate_csrf_on_sign_in?} is set.

# File lib/clearance/authentication.rb, line 65
def sign_in(user, &block)
  clearance_session.sign_in(user, &block)

  if signed_in? && Clearance.configuration.rotate_csrf_on_sign_in?
    if request.respond_to?(:reset_csrf_token)
      # Rails 7.1+
      request.reset_csrf_token
    else
      request.session.try(:delete, :_csrf_token)
    end
    form_authenticity_token
  end
end
sign_out() click to toggle source

Destroy the current user’s Clearance session. See {Session#sign_out} for specifics.

# File lib/clearance/authentication.rb, line 81
def sign_out
  clearance_session.sign_out
end
signed_in?() click to toggle source

True if there is a currently-signed-in user. Exposed as a ‘helper_method`, making it available to views.

Using ‘signed_in?` is preferable to checking {#current_user} against nil as it will allow you to introduce a null user object more simply at a later date.

@return [Boolean]

# File lib/clearance/authentication.rb, line 93
def signed_in?
  clearance_session.signed_in?
end
signed_out?() click to toggle source

True if there is no currently-signed-in user. Exposed as a ‘helper_method`, making it available to views.

Usings ‘signed_out?` is preferable to checking for presence of {#current_user} as it will allow you to introduce a null user object more simply at a later date.

# File lib/clearance/authentication.rb, line 103
def signed_out?
  !signed_in?
end

Protected Instance Methods

clearance_session() click to toggle source

@api private

# File lib/clearance/authentication.rb, line 119
def clearance_session
  request.env[:clearance]
end