class Devise::Strategies::Authenticatable
This strategy should be used as basis for authentication strategies. It retrieves parameters both from params or from http authorization headers. See database_authenticatable for an example.
Attributes
Public Instance Methods
Override and set to false for things like OmniAuth that technically run through Authentication (user_set) very often, which would normally reset CSRF data in the session
# File lib/devise/strategies/authenticatable.rb, line 23 def clean_up_csrf? true end
# File lib/devise/strategies/authenticatable.rb, line 12 def store? super && !mapping.to.skip_session_storage.include?(authentication_type) end
# File lib/devise/strategies/authenticatable.rb, line 16 def valid? valid_for_params_auth? || valid_for_http_auth? end
Private Instance Methods
Holds the authenticatable name for this class. Devise::Strategies::DatabaseAuthenticatable becomes simply :database.
# File lib/devise/strategies/authenticatable.rb, line 170 def authenticatable_name @authenticatable_name ||= ActiveSupport::Inflector.underscore(self.class.name.split("::").last). sub("_authenticatable", "").to_sym end
# File lib/devise/strategies/authenticatable.rb, line 135 def authentication_keys @authentication_keys ||= mapping.to.authentication_keys end
Helper to decode credentials from HTTP.
# File lib/devise/strategies/authenticatable.rb, line 121 def decode_credentials return [] unless request.authorization && request.authorization =~ /^Basic (.*)/mi Base64.decode64($1).split(/:/, 2) end
Extract a hash with attributes:values from the http params.
# File lib/devise/strategies/authenticatable.rb, line 97 def http_auth_hash keys = [http_authentication_key, :password] Hash[*keys.zip(decode_credentials).flatten] end
Check if the model accepts this strategy as http authenticatable.
# File lib/devise/strategies/authenticatable.rb, line 82 def http_authenticatable? mapping.to.http_authenticatable?(authenticatable_name) end
# File lib/devise/strategies/authenticatable.rb, line 139 def http_authentication_key @http_authentication_key ||= mapping.to.http_authentication_key || case authentication_keys when Array then authentication_keys.first when Hash then authentication_keys.keys.first end end
Extract the appropriate subhash for authentication from params.
# File lib/devise/strategies/authenticatable.rb, line 92 def params_auth_hash params[scope] end
Check if the model accepts this strategy as params authenticatable.
# File lib/devise/strategies/authenticatable.rb, line 87 def params_authenticatable? mapping.to.params_authenticatable?(authenticatable_name) end
# File lib/devise/strategies/authenticatable.rb, line 156 def parse_authentication_key_values(hash, keys) keys.each do |key, enforce| value = hash[key].presence if value self.authentication_hash[key] = value else return false unless enforce == false end end true end
Get values from params and set in the resource.
# File lib/devise/strategies/authenticatable.rb, line 50 def remember_me(resource) resource.remember_me = remember_me? if resource.respond_to?(:remember_me=) end
Should this resource be marked to be remembered?
# File lib/devise/strategies/authenticatable.rb, line 55 def remember_me? valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me]) end
# File lib/devise/strategies/authenticatable.rb, line 146 def request_keys @request_keys ||= mapping.to.request_keys end
# File lib/devise/strategies/authenticatable.rb, line 150 def request_values keys = request_keys.respond_to?(:keys) ? request_keys.keys : request_keys values = keys.map { |k| self.request.send(k) } Hash[keys.zip(values)] end
Check if this is a valid strategy for http authentication by:
* Validating if the model allows http authentication; * If any of the authorization headers were sent; * If all authentication keys are present;
# File lib/devise/strategies/authenticatable.rb, line 65 def valid_for_http_auth? http_authenticatable? && request.authorization && with_authentication_hash(:http_auth, http_auth_hash) end
Check if this is a valid strategy for params authentication by:
* Validating if the model allows params authentication; * If the request hits the sessions controller through POST; * If the params[scope] returns a hash with credentials; * If all authentication keys are present;
# File lib/devise/strategies/authenticatable.rb, line 76 def valid_for_params_auth? params_authenticatable? && valid_params_request? && valid_params? && with_authentication_hash(:params_auth, params_auth_hash) end
If the request is valid, finally check if #params_auth_hash returns a hash.
# File lib/devise/strategies/authenticatable.rb, line 108 def valid_params? params_auth_hash.is_a?(Hash) end
By default, a request is valid if the controller set the proper env variable.
# File lib/devise/strategies/authenticatable.rb, line 103 def valid_params_request? !!env["devise.allow_params_authentication"] end
Note: unlike `Model.valid_password?`, this method does not actually ensure that the password in the params matches the password stored in the database. It only checks if the password is present. Do not rely on this method for validating that a given password is correct.
# File lib/devise/strategies/authenticatable.rb, line 116 def valid_password? password.present? end
Receives a resource and check if it is valid by calling valid_for_authentication? An optional block that will be triggered while validating can be optionally given as parameter. Check Devise::Models::Authenticatable#valid_for_authentication? for more information.
In case the resource can't be validated, it will fail with the given unauthenticated_message.
# File lib/devise/strategies/authenticatable.rb, line 36 def validate(resource, &block) result = resource && resource.valid_for_authentication?(&block) if result true else if resource fail!(resource.unauthenticated_message) end false end end
Sets the authentication hash and the password from #params_auth_hash or http_auth_hash.
# File lib/devise/strategies/authenticatable.rb, line 127 def with_authentication_hash(auth_type, auth_values) self.authentication_hash, self.authentication_type = {}, auth_type self.password = auth_values[:password] parse_authentication_key_values(auth_values, authentication_keys) && parse_authentication_key_values(request_values, request_keys) end