class Devise::Strategies::TokenAuthenticatable

The TokenAuthenticatable strategy was extracted from Devise 3.1.0. Its purpose is to provide the deprecated functionality of the TokenAuthenticatable strategy. The following description was adapted accordingly.

See: github.com/plataformatec/devise/blob/v3.1/lib/devise/strategies/token_authenticatable.rb

Strategy for signing in a user, based on a authenticatable token. This works for both params and http. For the former, all you need to do is to pass the params in the URL:

http://myapp.example.com/?user_token=SECRET

For headers, you can use basic authentication passing the token as username and blank password. Since some clients may require a password, you can pass “X” as password and it will simply be ignored.

You may also pass the token using the Token authentication mechanism provided by Rails: api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html The token options are stored in request.env

Public Instance Methods

authenticate!() click to toggle source
# File lib/devise/token_authenticatable/strategy.rb, line 35
def authenticate!
  resource = mapping.to.find_for_token_authentication(authentication_hash)
  return fail(:invalid_token) unless resource

  unless token_expires_in.blank?
    if Time.now > (resource.authentication_token_created_at + token_expires_in.to_i)
      return fail(:expired_token)
    end
  end

  if validate(resource)
    resource.after_token_authentication
    success!(resource)
  end
end
store?() click to toggle source
Calls superclass method
# File lib/devise/token_authenticatable/strategy.rb, line 27
def store?
  super && !mapping.to.skip_session_storage.include?(:token_auth)
end
valid?() click to toggle source
Calls superclass method
# File lib/devise/token_authenticatable/strategy.rb, line 31
def valid?
  super || valid_for_token_auth?
end

Private Instance Methods

auth_token() click to toggle source

Extract the auth token from the request

# File lib/devise/token_authenticatable/strategy.rb, line 74
def auth_token
  @auth_token ||= ActionController::HttpAuthentication::Token.token_and_options(request)
end
authentication_keys() click to toggle source

Overwrite authentication keys to use token_authentication_key.

# File lib/devise/token_authenticatable/strategy.rb, line 94
def authentication_keys
  @authentication_keys ||= [Devise::TokenAuthenticatable.token_authentication_key]
end
params_auth_hash() click to toggle source

Try both scoped and non scoped keys

# File lib/devise/token_authenticatable/strategy.rb, line 85
def params_auth_hash
  if params[scope].kind_of?(Hash) && params[scope].has_key?(authentication_keys.first)
    params[scope]
  else
    params
  end
end
token_auth_hash() click to toggle source

Extract a hash with attributes:values from the auth_token

# File lib/devise/token_authenticatable/strategy.rb, line 79
def token_auth_hash
  request.env['devise.token_options'] = auth_token.last
  { authentication_keys.first => auth_token.first }
end
token_authenticatable?() click to toggle source

Check if the model accepts this strategy as token authenticatable.

# File lib/devise/token_authenticatable/strategy.rb, line 59
def token_authenticatable?
  mapping.to.http_authenticatable?(:token)
end
token_expires_in() click to toggle source
# File lib/devise/token_authenticatable/strategy.rb, line 98
def token_expires_in
  @token_expires_in ||= Devise::TokenAuthenticatable.token_expires_in
end
valid_for_token_auth?() click to toggle source

Check if this is strategy is valid for token authentication by:

* Validating if the model allows http token authentication;
* If the http auth token exists;
* If all authentication keys are present;
# File lib/devise/token_authenticatable/strategy.rb, line 69
def valid_for_token_auth?
  token_authenticatable? && auth_token.present? && with_authentication_hash(:token_auth, token_auth_hash)
end
valid_params_request?() click to toggle source

Token Authenticatable can be authenticated with params in any controller and any verb.

# File lib/devise/token_authenticatable/strategy.rb, line 54
def valid_params_request?
  true
end