module Devise::Controllers::SignInOut
def bypass_sign_in(resource, scope: nil)
bypass_sign_in @user, scope: :user
Examples:
signed in, but we want to refresh the credentials in session.
straight in session. This option is useful in cases the user is already
Sign in a user bypassing the warden callbacks and stores the user
def bypass_sign_in(resource, scope: nil) scope ||= Devise::Mapping.find_scope!(resource) expire_data_after_sign_in! warden.session_serializer.store(resource, scope) end
def expire_data_after_sign_in!
def expire_data_after_sign_in! # TODO: remove once Rails 5.2+ and forward are only supported. # session.keys will return an empty array if the session is not yet loaded. # This is a bug in both Rack and Rails. # A call to #empty? forces the session to be loaded. session.empty? session.keys.grep(/^devise\./).each { |k| session.delete(k) } end
def sign_in(resource_or_scope, *args)
sign_in @user, store: false # sign_in(resource, options)
sign_in @user, event: :authentication # sign_in(resource, options)
sign_in @user # sign_in(resource)
sign_in :user, @user # sign_in(scope, resource)
Examples:
in the sessions controller: https://github.com/heartcombo/devise/blob/main/app/controllers/devise/sessions_controller.rb#L7
set `env["devise.skip_timeout"] = true` in the request to use this method, like we do
If you are using a custom warden strategy and the timeoutable module, you have to
to the set_user method in warden.
users in after sign up. All options given to sign_in is passed forward
Sign in a user that already was authenticated. This helper is useful for logging
def sign_in(resource_or_scope, *args) options = args.extract_options! scope = Devise::Mapping.find_scope!(resource_or_scope) resource = args.last || resource_or_scope expire_data_after_sign_in! if options[:bypass] ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller) [Devise] bypass option is deprecated and it will be removed in future version of Devise. Please use bypass_sign_in method instead. Example: bypass_sign_in(user) DEPRECATION warden.session_serializer.store(resource, scope) elsif warden.user(scope) == resource && !options.delete(:force) # Do nothing. User already signed in and we are not forcing it. true else warden.set_user(resource, options.merge!(scope: scope)) end end
def sign_out(resource_or_scope = nil)
sign_out @user # sign_out(resource)
sign_out :user # sign_out(scope)
Examples:
is no user logged in on the referred scope
after deleting accounts. Returns true if there was a logout and false if there
Sign out a given user or scope. This helper is useful for signing out a user
def sign_out(resource_or_scope = nil) return sign_out_all_scopes unless resource_or_scope scope = Devise::Mapping.find_scope!(resource_or_scope) user = warden.user(scope: scope, run_callbacks: false) # If there is no user warden.logout(scope) warden.clear_strategies_cache!(scope: scope) instance_variable_set(:"@current_#{scope}", nil) !!user end
def sign_out_all_scopes(lock = true)
in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout
Sign out all active users or scopes. This helper is useful for signing out all roles
def sign_out_all_scopes(lock = true) users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) } warden.logout expire_data_after_sign_out! warden.clear_strategies_cache! warden.lock! if lock users.any? end
def signed_in?(scope = nil)
if a scope has already previously been authenticated without running
cause exceptions to be thrown from this method; if you simply want to check
true if any scope is signed in. This will run authentication hooks, which may
Return true if the given scope is signed in session. If no scope given, return
def signed_in?(scope = nil) [scope || Devise.mappings.keys].flatten.any? do |_scope| warden.authenticate?(scope: _scope) end end