module Devise::Models::Authenticatable
Authenticatable
module. Holds common settings for authentication.
Options¶ ↑
Authenticatable
adds the following options to devise_for:
* +authentication_keys+: parameters used for authentication. By default [:email]. * +http_authentication_key+: map the username passed via HTTP Auth to this parameter. Defaults to the first element in +authentication_keys+. * +request_keys+: parameters from the request object used for authentication. By specifying a symbol (which should be a request method), it will automatically be passed to find_for_authentication method and considered in your model lookup. For instance, if you set :request_keys to [:subdomain], :subdomain will be considered as key on authentication. This can also be a hash where the value is a boolean specifying if the value is required or not. * +http_authenticatable+: if this model allows http authentication. By default false. It also accepts an array specifying the strategies that should allow http. * +params_authenticatable+: if this model allows authentication through request params. By default true. It also accepts an array specifying the strategies that should allow params authentication. * +skip_session_storage+: By default Devise will store the user in session. By default is set to skip_session_storage: [:http_auth].
active_for_authentication?¶ ↑
After authenticating a user and in each request, Devise
checks if your model is active by calling model.active_for_authentication?. This method is overwritten by other devise modules. For instance, :confirmable overwrites .active_for_authentication? to only return true if your model was confirmed.
You overwrite this method yourself, but if you do, don't forget to call super:
def active_for_authentication? super && special_condition_is_valid? end
Whenever active_for_authentication? returns false, Devise
asks the reason why your model is inactive using the inactive_message
method. You can overwrite it as well:
def inactive_message special_condition_is_valid? ? super : :special_condition_is_not_valid end
Constants
- BLACKLIST_FOR_SERIALIZATION
Public Class Methods
# File lib/devise/models/authenticatable.rb, line 69 def self.required_fields(klass) [] end
Public Instance Methods
# File lib/devise/models/authenticatable.rb, line 87 def active_for_authentication? true end
# File lib/devise/models/authenticatable.rb, line 95 def authenticatable_salt end
# File lib/devise/models/authenticatable.rb, line 91 def inactive_message :inactive end
# File lib/devise/models/authenticatable.rb, line 83 def unauthenticated_message :invalid end
Check if the current object is valid for authentication. This method and find_for_authentication are the methods used in a Warden::Strategy to check if a model should be signed in or not.
However, you should not overwrite this method, you should overwrite active_for_authentication? and inactive_message
instead.
# File lib/devise/models/authenticatable.rb, line 79 def valid_for_authentication? block_given? ? yield : true end
Protected Instance Methods
# File lib/devise/models/authenticatable.rb, line 184 def apply_to_attribute_or_variable(attr, method) if self[attr] self[attr] = self[attr].try(method) # Use respond_to? here to avoid a regression where globally # configured strip_whitespace_keys or case_insensitive_keys were # attempting to strip or downcase when a model didn't have the # globally configured key. elsif respond_to?(attr) && respond_to?("#{attr}=") new_value = send(attr).try(method) send("#{attr}=", new_value) end end
# File lib/devise/models/authenticatable.rb, line 125 def devise_mailer Devise.mailer end
# File lib/devise/models/authenticatable.rb, line 176 def downcase_keys self.class.case_insensitive_keys.each { |k| apply_to_attribute_or_variable(k, :downcase) } end
This is an internal method called every time Devise
needs to send a notification/mail. This can be overridden if you need to customize the e-mail delivery logic. For instance, if you are using a queue to deliver e-mails (delayed job, sidekiq, resque, etc), you must add the delivery to the queue just after the transaction was committed. To achieve this, you can override send_devise_notification
to store the deliveries until the after_commit callback is triggered:
class User devise :database_authenticatable, :confirmable after_commit :send_pending_notifications protected def send_devise_notification(notification, *args) # If the record is new or changed then delay the # delivery until the after_commit callback otherwise # send now because after_commit will not be called. if new_record? || changed? pending_notifications << [notification, args] else devise_mailer.send(notification, self, *args).deliver end end def send_pending_notifications pending_notifications.each do |notification, args| devise_mailer.send(notification, self, *args).deliver end # Empty the pending notifications array because the # after_commit hook can be called multiple times which # could cause multiple emails to be sent. pending_notifications.clear end def pending_notifications @pending_notifications ||= [] end end
# File lib/devise/models/authenticatable.rb, line 172 def send_devise_notification(notification, *args) devise_mailer.send(notification, self, *args).deliver end
# File lib/devise/models/authenticatable.rb, line 180 def strip_whitespace self.class.strip_whitespace_keys.each { |k| apply_to_attribute_or_variable(k, :strip) } end