module Devise::Controllers::Helpers
def self.define_helpers(mapping) #:nodoc:
before_action :authenticate_admin! # Tell devise to use :admin map
before_action :authenticate_user! # Tell devise to use :user map
Use:
admin_session # Session data available only to the admin scope
user_session # Session data available only to the user scope
current_admin # Current signed in admin
current_user # Current signed in user
admin_signed_in? # Checks whether there is an admin signed in or not
user_signed_in? # Checks whether there is a user signed in or not
authenticate_admin! # Signs admin in or redirect
authenticate_user! # Signs user in or redirect
Generated methods:
Admin
User
Roles:
Example:
access that specific controller/action.
so you can control the scope of the user who should be signed in to
These filters should be used inside the controllers as before_actions,
Define authentication filters and accessor helpers based on mappings.
def self.define_helpers(mapping) #:nodoc: mapping = mapping.name class_eval <<-METHODS, __FILE__, __LINE__ + 1 def authenticate_#{mapping}!(opts = {}) opts[:scope] = :#{mapping} warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) end def #{mapping}_signed_in? !!current_#{mapping} end def current_#{mapping} @current_#{mapping} ||= warden.authenticate(scope: :#{mapping}) end def #{mapping}_session current_#{mapping} && warden.session(:#{mapping}) end METHODS ActiveSupport.on_load(:action_controller) do if respond_to?(:helper_method) helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session" end end end
def after_sign_in_path_for(resource_or_scope)
end
end
super
else
publisher_url
if resource.is_a?(User) && resource.can_publish?
stored_location_for(resource) ||
def after_sign_in_path_for(resource)
if this default is not enough, you can customize it, for example:
If the resource root path is not defined, root_path is used. However,
end
root 'users#index' # creates user_root_path
namespace :user do
get '/users' => 'users#index', as: :user_root # creates user_root_path
the following way:
root path. For a user scope, you can define the default url in
session, then it fallbacks to resource_root_path, otherwise it uses the
By default, it first tries to find a valid resource_return_to key in the
provide a custom hook for a custom resource.
controllers and you can overwrite it in your ApplicationController to
The default url to be used after signing in. This is used by all Devise
def after_sign_in_path_for(resource_or_scope) stored_location_for(resource_or_scope) || signed_in_root_path(resource_or_scope) end
def after_sign_out_path_for(resource_or_scope)
receives a symbol with the scope, and not the resource.
scope. Notice that differently from +after_sign_in_path_for+ this method
it in your ApplicationController to provide a custom hook for a custom
Method used by sessions controller to sign out a user. You can overwrite
def after_sign_out_path_for(resource_or_scope) scope = Devise::Mapping.find_scope!(resource_or_scope) router_name = Devise.mappings[scope].router_name context = router_name ? send(router_name) : self context.respond_to?(:root_path) ? context.root_path : "/" end
def allow_params_authentication!
def allow_params_authentication! request.env["devise.allow_params_authentication"] = true end
def devise_controller?
filter to all controllers, except the ones in devise:
the controllers defined inside devise. Useful if you want to apply a before
Return true if it's a devise_controller. false to all controllers unless
def devise_controller? is_a?(::DeviseController) end
def devise_parameter_sanitizer
lib/devise/parameter_sanitizer.rb for more info. Override this
Set up a param sanitizer to filter parameters using strong_parameters. See
def devise_parameter_sanitizer @devise_parameter_sanitizer ||= Devise::ParameterSanitizer.new(resource_class, resource_name, params) end
def expire_data_after_sign_out!
def expire_data_after_sign_out! Devise.mappings.each { |_,m| instance_variable_set("@current_#{m.name}", nil) } super end
def handle_unverified_request
Overwrite Rails' handle unverified request to sign out all scopes,
def handle_unverified_request super # call the default behavior which resets/nullifies/raises request.env["devise.skip_storage"] = true sign_out_all_scopes(false) end
def is_flashing_format?
Check if flash messages should be emitted. Default is to do it on
def is_flashing_format? request.respond_to?(:flash) && is_navigational_format? end
def is_navigational_format?
def is_navigational_format? Devise.navigational_formats.include?(request_format) end
def request_format
def request_format @request_format ||= request.format.try(:ref) end
def sign_in_and_redirect(resource_or_scope, *args)
then to the url specified by after_sign_in_path_for. It accepts the same
Sign in a user and tries to redirect first to the stored location and
def sign_in_and_redirect(resource_or_scope, *args) options = args.extract_options! scope = Devise::Mapping.find_scope!(resource_or_scope) resource = args.last || resource_or_scope sign_in(scope, resource, options) redirect_to after_sign_in_path_for(resource) end
def sign_out_and_redirect(resource_or_scope)
Sign out a user and tries to redirect to the url specified by
def sign_out_and_redirect(resource_or_scope) scope = Devise::Mapping.find_scope!(resource_or_scope) redirect_path = after_sign_out_path_for(scope) Devise.sign_out_all_scopes ? sign_out : sign_out(scope) redirect_to redirect_path end
def signed_in_root_path(resource_or_scope)
The scope root url to be used when they're signed in. By default, it first
def signed_in_root_path(resource_or_scope) scope = Devise::Mapping.find_scope!(resource_or_scope) router_name = Devise.mappings[scope].router_name home_path = "#{scope}_root_path" context = router_name ? send(router_name) : self if context.respond_to?(home_path, true) context.send(home_path) elsif context.respond_to?(:root_path) context.root_path elsif respond_to?(:root_path) root_path else "/" end end
def warden
def warden request.env['warden'] or raise MissingWarden end