class Devise::Strategies::Authenticatable
This strategy should be used as basis for authentication strategies. It retrieves parameters both from params or from http authorization headers. See database_authenticatable for an example.
Attributes
Public Instance Methods
Override and set to false for things like OmniAuth
that technically run through Authentication (user_set) very often, which would normally reset CSRF data in the session
# File lib/devise/strategies/authenticatable.rb, line 22 def clean_up_csrf? true end
# File lib/devise/strategies/authenticatable.rb, line 11 def store? super && !mapping.to.skip_session_storage.include?(authentication_type) end
# File lib/devise/strategies/authenticatable.rb, line 15 def valid? valid_for_params_auth? || valid_for_http_auth? end
Private Instance Methods
Holds the authenticatable name for this class. Devise::Strategies::DatabaseAuthenticatable
becomes simply :database.
# File lib/devise/strategies/authenticatable.rb, line 166 def authenticatable_name @authenticatable_name ||= ActiveSupport::Inflector.underscore(self.class.name.split("::").last). sub("_authenticatable", "").to_sym end
# File lib/devise/strategies/authenticatable.rb, line 131 def authentication_keys @authentication_keys ||= mapping.to.authentication_keys end
Helper to decode credentials from HTTP.
# File lib/devise/strategies/authenticatable.rb, line 117 def decode_credentials return [] unless request.authorization && request.authorization =~ /^Basic (.*)/m Base64.decode64($1).split(/:/, 2) end
Extract a hash with attributes:values from the http params.
# File lib/devise/strategies/authenticatable.rb, line 96 def http_auth_hash keys = [http_authentication_key, :password] Hash[*keys.zip(decode_credentials).flatten] end
Check if the model accepts this strategy as http authenticatable.
# File lib/devise/strategies/authenticatable.rb, line 81 def http_authenticatable? mapping.to.http_authenticatable?(authenticatable_name) end
# File lib/devise/strategies/authenticatable.rb, line 135 def http_authentication_key @http_authentication_key ||= mapping.to.http_authentication_key || case authentication_keys when Array then authentication_keys.first when Hash then authentication_keys.keys.first end end
Extract the appropriate subhash for authentication from params.
# File lib/devise/strategies/authenticatable.rb, line 91 def params_auth_hash params[scope] end
Check if the model accepts this strategy as params authenticatable.
# File lib/devise/strategies/authenticatable.rb, line 86 def params_authenticatable? mapping.to.params_authenticatable?(authenticatable_name) end
# File lib/devise/strategies/authenticatable.rb, line 152 def parse_authentication_key_values(hash, keys) keys.each do |key, enforce| value = hash[key].presence if value self.authentication_hash[key] = value else return false unless enforce == false end end true end
Get values from params and set in the resource.
# File lib/devise/strategies/authenticatable.rb, line 49 def remember_me(resource) resource.remember_me = remember_me? if resource.respond_to?(:remember_me=) end
Should this resource be marked to be remembered?
# File lib/devise/strategies/authenticatable.rb, line 54 def remember_me? valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me]) end
# File lib/devise/strategies/authenticatable.rb, line 142 def request_keys @request_keys ||= mapping.to.request_keys end
# File lib/devise/strategies/authenticatable.rb, line 146 def request_values keys = request_keys.respond_to?(:keys) ? request_keys.keys : request_keys values = keys.map { |k| self.request.send(k) } Hash[keys.zip(values)] end
Check if this is a valid strategy for http authentication by:
* Validating if the model allows params authentication; * If any of the authorization headers were sent; * If all authentication keys are present;
# File lib/devise/strategies/authenticatable.rb, line 64 def valid_for_http_auth? http_authenticatable? && request.authorization && with_authentication_hash(:http_auth, http_auth_hash) end
Check if this is a valid strategy for params authentication by:
* Validating if the model allows params authentication; * If the request hits the sessions controller through POST; * If the params[scope] returns a hash with credentials; * If all authentication keys are present;
# File lib/devise/strategies/authenticatable.rb, line 75 def valid_for_params_auth? params_authenticatable? && valid_params_request? && valid_params? && with_authentication_hash(:params_auth, params_auth_hash) end
If the request is valid, finally check if params_auth_hash
returns a hash.
# File lib/devise/strategies/authenticatable.rb, line 107 def valid_params? params_auth_hash.is_a?(Hash) end
By default, a request is valid if the controller set the proper env variable.
# File lib/devise/strategies/authenticatable.rb, line 102 def valid_params_request? !!env["devise.allow_params_authentication"] end
Check if password is present.
# File lib/devise/strategies/authenticatable.rb, line 112 def valid_password? password.present? end
Receives a resource and check if it is valid by calling valid_for_authentication? An optional block that will be triggered while validating can be optionally given as parameter. Check Devise::Models::Authenticable.valid_for_authentication? for more information.
In case the resource can’t be validated, it will fail with the given unauthenticated_message.
# File lib/devise/strategies/authenticatable.rb, line 35 def validate(resource, &block) result = resource && resource.valid_for_authentication?(&block) if result true else if resource fail!(resource.unauthenticated_message) end false end end
Sets the authentication hash and the password from params_auth_hash
or http_auth_hash.
# File lib/devise/strategies/authenticatable.rb, line 123 def with_authentication_hash(auth_type, auth_values) self.authentication_hash, self.authentication_type = {}, auth_type self.password = auth_values[:password] parse_authentication_key_values(auth_values, authentication_keys) && parse_authentication_key_values(request_values, request_keys) end