class Devise::Strategies::Authenticatable
This strategy should be used as basis for authentication strategies. It retrieves parameters both from params or from http authorization headers. See database_authenticatable for an example.
Attributes
Public Instance Methods
Override and set to false for things like OmniAuth
that technically run through Authentication (user_set) very often, which would normally reset CSRF data in the session
# File lib/devise/strategies/authenticatable.rb, line 24 def clean_up_csrf? true end
# File lib/devise/strategies/authenticatable.rb, line 13 def store? super && !mapping.to.skip_session_storage.include?(authentication_type) end
# File lib/devise/strategies/authenticatable.rb, line 17 def valid? valid_for_params_auth? || valid_for_http_auth? end
Private Instance Methods
Holds the authenticatable name for this class. Devise::Strategies::DatabaseAuthenticatable
becomes simply :database.
# File lib/devise/strategies/authenticatable.rb, line 171 def authenticatable_name @authenticatable_name ||= ActiveSupport::Inflector.underscore(self.class.name.split("::").last). sub("_authenticatable", "").to_sym end
# File lib/devise/strategies/authenticatable.rb, line 136 def authentication_keys @authentication_keys ||= mapping.to.authentication_keys end
Helper to decode credentials from HTTP.
# File lib/devise/strategies/authenticatable.rb, line 122 def decode_credentials return [] unless request.authorization && request.authorization =~ /^Basic (.*)/mi Base64.decode64($1).split(/:/, 2) end
Extract a hash with attributes:values from the http params.
# File lib/devise/strategies/authenticatable.rb, line 98 def http_auth_hash keys = [http_authentication_key, :password] Hash[*keys.zip(decode_credentials).flatten] end
Check if the model accepts this strategy as http authenticatable.
# File lib/devise/strategies/authenticatable.rb, line 83 def http_authenticatable? mapping.to.http_authenticatable?(authenticatable_name) end
# File lib/devise/strategies/authenticatable.rb, line 140 def http_authentication_key @http_authentication_key ||= mapping.to.http_authentication_key || case authentication_keys when Array then authentication_keys.first when Hash then authentication_keys.keys.first end end
Extract the appropriate subhash for authentication from params.
# File lib/devise/strategies/authenticatable.rb, line 93 def params_auth_hash params[scope] end
Check if the model accepts this strategy as params authenticatable.
# File lib/devise/strategies/authenticatable.rb, line 88 def params_authenticatable? mapping.to.params_authenticatable?(authenticatable_name) end
# File lib/devise/strategies/authenticatable.rb, line 157 def parse_authentication_key_values(hash, keys) keys.each do |key, enforce| value = hash[key].presence if value self.authentication_hash[key] = value else return false unless enforce == false end end true end
Get values from params and set in the resource.
# File lib/devise/strategies/authenticatable.rb, line 51 def remember_me(resource) resource.remember_me = remember_me? if resource.respond_to?(:remember_me=) end
Should this resource be marked to be remembered?
# File lib/devise/strategies/authenticatable.rb, line 56 def remember_me? valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me]) end
# File lib/devise/strategies/authenticatable.rb, line 147 def request_keys @request_keys ||= mapping.to.request_keys end
# File lib/devise/strategies/authenticatable.rb, line 151 def request_values keys = request_keys.respond_to?(:keys) ? request_keys.keys : request_keys values = keys.map { |k| self.request.send(k) } Hash[keys.zip(values)] end
Check if this is a valid strategy for http authentication by:
* Validating if the model allows http authentication; * If any of the authorization headers were sent; * If all authentication keys are present;
# File lib/devise/strategies/authenticatable.rb, line 66 def valid_for_http_auth? http_authenticatable? && request.authorization && with_authentication_hash(:http_auth, http_auth_hash) end
Check if this is a valid strategy for params authentication by:
* Validating if the model allows params authentication; * If the request hits the sessions controller through POST; * If the params[scope] returns a hash with credentials; * If all authentication keys are present;
# File lib/devise/strategies/authenticatable.rb, line 77 def valid_for_params_auth? params_authenticatable? && valid_params_request? && valid_params? && with_authentication_hash(:params_auth, params_auth_hash) end
If the request is valid, finally check if params_auth_hash
returns a hash.
# File lib/devise/strategies/authenticatable.rb, line 109 def valid_params? params_auth_hash.is_a?(Hash) end
By default, a request is valid if the controller set the proper env variable.
# File lib/devise/strategies/authenticatable.rb, line 104 def valid_params_request? !!env["devise.allow_params_authentication"] end
Note: unlike ‘Model.valid_password?`, this method does not actually ensure that the password in the params matches the password stored in the database. It only checks if the password is present. Do not rely on this method for validating that a given password is correct.
# File lib/devise/strategies/authenticatable.rb, line 117 def valid_password? password.present? end
Receives a resource and check if it is valid by calling valid_for_authentication? A block that will be triggered while validating can be optionally given as parameter. Check Devise::Models::Authenticatable.valid_for_authentication?
for more information.
In case the resource can’t be validated, it will fail with the given unauthenticated_message.
# File lib/devise/strategies/authenticatable.rb, line 37 def validate(resource, &block) result = resource && resource.valid_for_authentication?(&block) if result true else if resource fail!(resource.unauthenticated_message) end false end end
Sets the authentication hash and the password from params_auth_hash
or http_auth_hash.
# File lib/devise/strategies/authenticatable.rb, line 128 def with_authentication_hash(auth_type, auth_values) self.authentication_hash, self.authentication_type = {}, auth_type self.password = auth_values[:password] parse_authentication_key_values(auth_values, authentication_keys) && parse_authentication_key_values(request_values, request_keys) end