class Devise::Strategies::Authenticatable

This strategy should be used as basis for authentication strategies. It retrieves parameters both from params or from http authorization headers. See database_authenticatable for an example.

Attributes

authentication_hash[RW]
authentication_type[RW]
password[RW]

Public Instance Methods

store?() click to toggle source
Calls superclass method
# File lib/devise/strategies/authenticatable.rb, line 11
def store?
  super && !mapping.to.skip_session_storage.include?(authentication_type)
end
valid?() click to toggle source
# File lib/devise/strategies/authenticatable.rb, line 15
def valid?
  valid_for_params_auth? || valid_for_http_auth?
end

Private Instance Methods

authenticatable_name() click to toggle source

Holds the authenticatable name for this class. Devise::Strategies::DatabaseAuthenticatable becomes simply :database.

# File lib/devise/strategies/authenticatable.rb, line 160
def authenticatable_name
  @authenticatable_name ||=
    ActiveSupport::Inflector.underscore(self.class.name.split("::").last).
      sub("_authenticatable", "").to_sym
end
authentication_keys() click to toggle source
# File lib/devise/strategies/authenticatable.rb, line 125
def authentication_keys
  @authentication_keys ||= mapping.to.authentication_keys
end
decode_credentials() click to toggle source

Helper to decode credentials from HTTP.

# File lib/devise/strategies/authenticatable.rb, line 111
def decode_credentials
  return [] unless request.authorization && request.authorization =~ /^Basic (.*)/m
  Base64.decode64($1).split(/:/, 2)
end
decorate(resource) click to toggle source

Get values from params and set in the resource.

# File lib/devise/strategies/authenticatable.rb, line 43
def decorate(resource)
  resource.remember_me = remember_me? if resource.respond_to?(:remember_me=)
end
http_auth_hash() click to toggle source

Extract a hash with attributes:values from the http params.

# File lib/devise/strategies/authenticatable.rb, line 90
def http_auth_hash
  keys = [http_authentication_key, :password]
  Hash[*keys.zip(decode_credentials).flatten]
end
http_authenticatable?() click to toggle source

Check if the model accepts this strategy as http authenticatable.

# File lib/devise/strategies/authenticatable.rb, line 75
def http_authenticatable?
  mapping.to.http_authenticatable?(authenticatable_name)
end
http_authentication_key() click to toggle source
# File lib/devise/strategies/authenticatable.rb, line 129
def http_authentication_key
  @http_authentication_key ||= mapping.to.http_authentication_key || case authentication_keys
    when Array then authentication_keys.first
    when Hash then authentication_keys.keys.first
  end
end
params_auth_hash() click to toggle source

Extract the appropriate subhash for authentication from params.

# File lib/devise/strategies/authenticatable.rb, line 85
def params_auth_hash
  params[scope]
end
params_authenticatable?() click to toggle source

Check if the model accepts this strategy as params authenticatable.

# File lib/devise/strategies/authenticatable.rb, line 80
def params_authenticatable?
  mapping.to.params_authenticatable?(authenticatable_name)
end
parse_authentication_key_values(hash, keys) click to toggle source
# File lib/devise/strategies/authenticatable.rb, line 146
def parse_authentication_key_values(hash, keys)
  keys.each do |key, enforce|
    value = hash[key].presence
    if value
      self.authentication_hash[key] = value
    else
      return false unless enforce == false
    end
  end
  true
end
remember_me?() click to toggle source

Should this resource be marked to be remembered?

# File lib/devise/strategies/authenticatable.rb, line 48
def remember_me?
  valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
end
request_keys() click to toggle source
# File lib/devise/strategies/authenticatable.rb, line 136
def request_keys
  @request_keys ||= mapping.to.request_keys
end
request_values() click to toggle source
# File lib/devise/strategies/authenticatable.rb, line 140
def request_values
  keys = request_keys.respond_to?(:keys) ? request_keys.keys : request_keys
  values = keys.map { |k| self.request.send(k) }
  Hash[keys.zip(values)]
end
valid_for_http_auth?() click to toggle source

Check if this is a valid strategy for http authentication by:

* Validating if the model allows params authentication;
* If any of the authorization headers were sent;
* If all authentication keys are present;
# File lib/devise/strategies/authenticatable.rb, line 58
def valid_for_http_auth?
  http_authenticatable? && request.authorization && with_authentication_hash(:http_auth, http_auth_hash)
end
valid_for_params_auth?() click to toggle source

Check if this is a valid strategy for params authentication by:

* Validating if the model allows params authentication;
* If the request hits the sessions controller through POST;
* If the params[scope] returns a hash with credentials;
* If all authentication keys are present;
# File lib/devise/strategies/authenticatable.rb, line 69
def valid_for_params_auth?
  params_authenticatable? && valid_params_request? &&
    valid_params? && with_authentication_hash(:params_auth, params_auth_hash)
end
valid_params?() click to toggle source

If the request is valid, finally check if params_auth_hash returns a hash.

# File lib/devise/strategies/authenticatable.rb, line 101
def valid_params?
  params_auth_hash.is_a?(Hash)
end
valid_params_request?() click to toggle source

By default, a request is valid if the controller set the proper env variable.

# File lib/devise/strategies/authenticatable.rb, line 96
def valid_params_request?
  !!env["devise.allow_params_authentication"]
end
valid_password?() click to toggle source

Check if password is present.

# File lib/devise/strategies/authenticatable.rb, line 106
def valid_password?
  password.present?
end
validate(resource, &block) click to toggle source

Receives a resource and check if it is valid by calling valid_for_authentication? An optional block that will be triggered while validating can be optionally given as parameter. Check Devise::Models::Authenticable.valid_for_authentication? for more information.

In case the resource can't be validated, it will fail with the given unauthenticated_message.

# File lib/devise/strategies/authenticatable.rb, line 28
def validate(resource, &block)
  result = resource && resource.valid_for_authentication?(&block)

  if result
    decorate(resource)
    true
  else
    if resource
      fail!(resource.unauthenticated_message)
    end
    false
  end
end
with_authentication_hash(auth_type, auth_values) click to toggle source

Sets the authentication hash and the password from params_auth_hash or http_auth_hash.

# File lib/devise/strategies/authenticatable.rb, line 117
def with_authentication_hash(auth_type, auth_values)
  self.authentication_hash, self.authentication_type = {}, auth_type
  self.password = auth_values[:password]

  parse_authentication_key_values(auth_values, authentication_keys) &&
  parse_authentication_key_values(request_values, request_keys)
end