module Clearance::Authentication
Public Instance Methods
Authenticate a user with a provided email and password @param [ActionController::Parameters] params The parameters from the
sign in form. `params[:session][:email]` and `params[:session][:password]` are required.
@return [User, nil] The user or nil if authentication fails.
# File lib/clearance/authentication.rb, line 26 def authenticate(params) session_params = params.require(:session) Clearance.configuration.user_model.authenticate( session_params[:email], session_params[:password] ) end
Get the user from the current clearance session. Exposed as a ‘helper_method`, making it visible to views. Prefer {#signed_in?} or {#signed_out?} if you only want to check for the presence of a current user rather than access the actual user.
@return [User, nil] The user if one is signed in or nil otherwise.
# File lib/clearance/authentication.rb, line 40 def current_user clearance_session.current_user end
CSRF protection in Rails >= 3.0.4
weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails @private
# File lib/clearance/authentication.rb, line 111 def handle_unverified_request super sign_out end
Sign in the provided user. @param [User] user
Signing in will run the stack of {Configuration#sign_in_guards}.
You can provide a block to this method to handle the result of that stack. Your block will receive either a {SuccessStatus} or {FailureStatus}
sign_in(user) do |status| if status.success? # ... else # ... end end
For an example of how clearance uses this internally, see {SessionsController#create}.
Signing in will also regenerate the CSRF token for the current session, provided {Configuration#rotate_csrf_on_sign_in?} is set.
# File lib/clearance/authentication.rb, line 65 def sign_in(user, &block) clearance_session.sign_in(user, &block) if signed_in? && Clearance.configuration.rotate_csrf_on_sign_in? if request.respond_to?(:reset_csrf_token) # Rails 7.1+ request.reset_csrf_token else request.session.try(:delete, :_csrf_token) end form_authenticity_token end end
Destroy the current user’s Clearance
session. See {Session#sign_out} for specifics.
# File lib/clearance/authentication.rb, line 81 def sign_out clearance_session.sign_out end
True if there is a currently-signed-in user. Exposed as a ‘helper_method`, making it available to views.
Using ‘signed_in?` is preferable to checking {#current_user} against nil as it will allow you to introduce a null user object more simply at a later date.
@return [Boolean]
# File lib/clearance/authentication.rb, line 93 def signed_in? clearance_session.signed_in? end
True if there is no currently-signed-in user. Exposed as a ‘helper_method`, making it available to views.
Usings ‘signed_out?` is preferable to checking for presence of {#current_user} as it will allow you to introduce a null user object more simply at a later date.
# File lib/clearance/authentication.rb, line 103 def signed_out? !signed_in? end
Protected Instance Methods
@api private
# File lib/clearance/authentication.rb, line 119 def clearance_session request.env[:clearance] end