af-devise 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +10 -0
- data/.travis.yml +15 -0
- data/CHANGELOG.rdoc +885 -0
- data/CONTRIBUTING.md +14 -0
- data/Gemfile +29 -0
- data/Gemfile.lock +155 -0
- data/MIT-LICENSE +20 -0
- data/README.md +394 -0
- data/Rakefile +34 -0
- data/app/controllers/devise/confirmations_controller.rb +43 -0
- data/app/controllers/devise/omniauth_callbacks_controller.rb +30 -0
- data/app/controllers/devise/passwords_controller.rb +65 -0
- data/app/controllers/devise/registrations_controller.rb +119 -0
- data/app/controllers/devise/sessions_controller.rb +50 -0
- data/app/controllers/devise/unlocks_controller.rb +44 -0
- data/app/controllers/devise_controller.rb +184 -0
- data/app/helpers/devise_helper.rb +25 -0
- data/app/mailers/devise/mailer.rb +15 -0
- data/app/views/devise/_links.erb +3 -0
- data/app/views/devise/confirmations/new.html.erb +12 -0
- data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
- data/app/views/devise/passwords/edit.html.erb +16 -0
- data/app/views/devise/passwords/new.html.erb +12 -0
- data/app/views/devise/registrations/edit.html.erb +25 -0
- data/app/views/devise/registrations/new.html.erb +18 -0
- data/app/views/devise/sessions/new.html.erb +17 -0
- data/app/views/devise/shared/_links.erb +25 -0
- data/app/views/devise/unlocks/new.html.erb +12 -0
- data/config/locales/en.yml +59 -0
- data/devise.gemspec +25 -0
- data/gemfiles/Gemfile.rails-3.1.x +35 -0
- data/gemfiles/Gemfile.rails-3.1.x.lock +167 -0
- data/lib/devise.rb +444 -0
- data/lib/devise/controllers/helpers.rb +285 -0
- data/lib/devise/controllers/rememberable.rb +52 -0
- data/lib/devise/controllers/scoped_views.rb +17 -0
- data/lib/devise/controllers/url_helpers.rb +67 -0
- data/lib/devise/delegator.rb +16 -0
- data/lib/devise/failure_app.rb +187 -0
- data/lib/devise/hooks/activatable.rb +11 -0
- data/lib/devise/hooks/forgetable.rb +9 -0
- data/lib/devise/hooks/lockable.rb +7 -0
- data/lib/devise/hooks/rememberable.rb +6 -0
- data/lib/devise/hooks/timeoutable.rb +25 -0
- data/lib/devise/hooks/trackable.rb +9 -0
- data/lib/devise/mailers/helpers.rb +91 -0
- data/lib/devise/mapping.rb +172 -0
- data/lib/devise/models.rb +128 -0
- data/lib/devise/models/authenticatable.rb +268 -0
- data/lib/devise/models/confirmable.rb +270 -0
- data/lib/devise/models/database_authenticatable.rb +127 -0
- data/lib/devise/models/lockable.rb +193 -0
- data/lib/devise/models/omniauthable.rb +27 -0
- data/lib/devise/models/recoverable.rb +140 -0
- data/lib/devise/models/registerable.rb +25 -0
- data/lib/devise/models/rememberable.rb +125 -0
- data/lib/devise/models/timeoutable.rb +49 -0
- data/lib/devise/models/token_authenticatable.rb +89 -0
- data/lib/devise/models/trackable.rb +35 -0
- data/lib/devise/models/validatable.rb +66 -0
- data/lib/devise/modules.rb +29 -0
- data/lib/devise/omniauth.rb +28 -0
- data/lib/devise/omniauth/config.rb +45 -0
- data/lib/devise/omniauth/url_helpers.rb +18 -0
- data/lib/devise/orm/active_record.rb +3 -0
- data/lib/devise/orm/mongoid.rb +3 -0
- data/lib/devise/param_filter.rb +41 -0
- data/lib/devise/rails.rb +54 -0
- data/lib/devise/rails/routes.rb +446 -0
- data/lib/devise/rails/warden_compat.rb +43 -0
- data/lib/devise/strategies/authenticatable.rb +176 -0
- data/lib/devise/strategies/base.rb +20 -0
- data/lib/devise/strategies/database_authenticatable.rb +20 -0
- data/lib/devise/strategies/rememberable.rb +55 -0
- data/lib/devise/strategies/token_authenticatable.rb +56 -0
- data/lib/devise/test_helpers.rb +131 -0
- data/lib/devise/time_inflector.rb +14 -0
- data/lib/devise/version.rb +3 -0
- data/lib/generators/active_record/devise_generator.rb +79 -0
- data/lib/generators/active_record/templates/migration.rb +19 -0
- data/lib/generators/active_record/templates/migration_existing.rb +26 -0
- data/lib/generators/devise/devise_generator.rb +24 -0
- data/lib/generators/devise/install_generator.rb +24 -0
- data/lib/generators/devise/orm_helpers.rb +32 -0
- data/lib/generators/devise/views_generator.rb +116 -0
- data/lib/generators/mongoid/devise_generator.rb +57 -0
- data/lib/generators/templates/README +35 -0
- data/lib/generators/templates/devise.rb +240 -0
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +5 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +8 -0
- data/lib/generators/templates/markerb/unlock_instructions.markerb +7 -0
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +15 -0
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +19 -0
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +15 -0
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +22 -0
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +17 -0
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +15 -0
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +15 -0
- data/test/controllers/custom_strategy_test.rb +62 -0
- data/test/controllers/helpers_test.rb +253 -0
- data/test/controllers/internal_helpers_test.rb +110 -0
- data/test/controllers/sessions_controller_test.rb +85 -0
- data/test/controllers/url_helpers_test.rb +59 -0
- data/test/delegator_test.rb +19 -0
- data/test/devise_test.rb +72 -0
- data/test/failure_app_test.rb +221 -0
- data/test/generators/active_record_generator_test.rb +75 -0
- data/test/generators/devise_generator_test.rb +39 -0
- data/test/generators/install_generator_test.rb +13 -0
- data/test/generators/mongoid_generator_test.rb +23 -0
- data/test/generators/views_generator_test.rb +52 -0
- data/test/helpers/devise_helper_test.rb +51 -0
- data/test/integration/authenticatable_test.rb +633 -0
- data/test/integration/confirmable_test.rb +298 -0
- data/test/integration/database_authenticatable_test.rb +82 -0
- data/test/integration/http_authenticatable_test.rb +97 -0
- data/test/integration/lockable_test.rb +242 -0
- data/test/integration/omniauthable_test.rb +133 -0
- data/test/integration/recoverable_test.rb +334 -0
- data/test/integration/registerable_test.rb +345 -0
- data/test/integration/rememberable_test.rb +158 -0
- data/test/integration/timeoutable_test.rb +140 -0
- data/test/integration/token_authenticatable_test.rb +161 -0
- data/test/integration/trackable_test.rb +92 -0
- data/test/mailers/confirmation_instructions_test.rb +102 -0
- data/test/mailers/reset_password_instructions_test.rb +83 -0
- data/test/mailers/unlock_instructions_test.rb +77 -0
- data/test/mapping_test.rb +127 -0
- data/test/models/authenticatable_test.rb +7 -0
- data/test/models/confirmable_test.rb +391 -0
- data/test/models/database_authenticatable_test.rb +196 -0
- data/test/models/lockable_test.rb +273 -0
- data/test/models/omniauthable_test.rb +7 -0
- data/test/models/recoverable_test.rb +205 -0
- data/test/models/registerable_test.rb +7 -0
- data/test/models/rememberable_test.rb +174 -0
- data/test/models/serializable_test.rb +49 -0
- data/test/models/timeoutable_test.rb +46 -0
- data/test/models/token_authenticatable_test.rb +55 -0
- data/test/models/trackable_test.rb +13 -0
- data/test/models/validatable_test.rb +117 -0
- data/test/models_test.rb +179 -0
- data/test/omniauth/config_test.rb +57 -0
- data/test/omniauth/url_helpers_test.rb +51 -0
- data/test/orm/active_record.rb +9 -0
- data/test/orm/mongoid.rb +13 -0
- data/test/rails_app/Rakefile +10 -0
- data/test/rails_app/app/active_record/admin.rb +6 -0
- data/test/rails_app/app/active_record/shim.rb +2 -0
- data/test/rails_app/app/active_record/user.rb +6 -0
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +6 -0
- data/test/rails_app/app/controllers/admins_controller.rb +11 -0
- data/test/rails_app/app/controllers/application_controller.rb +8 -0
- data/test/rails_app/app/controllers/home_controller.rb +25 -0
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +14 -0
- data/test/rails_app/app/controllers/users_controller.rb +23 -0
- data/test/rails_app/app/helpers/application_helper.rb +3 -0
- data/test/rails_app/app/mailers/users/mailer.rb +8 -0
- data/test/rails_app/app/mongoid/admin.rb +29 -0
- data/test/rails_app/app/mongoid/shim.rb +24 -0
- data/test/rails_app/app/mongoid/user.rb +42 -0
- data/test/rails_app/app/views/admins/index.html.erb +1 -0
- data/test/rails_app/app/views/admins/sessions/new.html.erb +2 -0
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -0
- data/test/rails_app/app/views/home/index.html.erb +1 -0
- data/test/rails_app/app/views/home/join.html.erb +1 -0
- data/test/rails_app/app/views/home/private.html.erb +1 -0
- data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -0
- data/test/rails_app/app/views/layouts/application.html.erb +24 -0
- data/test/rails_app/app/views/users/index.html.erb +1 -0
- data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +1 -0
- data/test/rails_app/app/views/users/sessions/new.html.erb +1 -0
- data/test/rails_app/config.ru +4 -0
- data/test/rails_app/config/application.rb +41 -0
- data/test/rails_app/config/boot.rb +8 -0
- data/test/rails_app/config/database.yml +18 -0
- data/test/rails_app/config/environment.rb +5 -0
- data/test/rails_app/config/environments/development.rb +18 -0
- data/test/rails_app/config/environments/production.rb +33 -0
- data/test/rails_app/config/environments/test.rb +33 -0
- data/test/rails_app/config/initializers/backtrace_silencers.rb +7 -0
- data/test/rails_app/config/initializers/devise.rb +178 -0
- data/test/rails_app/config/initializers/inflections.rb +2 -0
- data/test/rails_app/config/initializers/secret_token.rb +2 -0
- data/test/rails_app/config/routes.rb +100 -0
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +74 -0
- data/test/rails_app/db/schema.rb +52 -0
- data/test/rails_app/lib/shared_admin.rb +14 -0
- data/test/rails_app/lib/shared_user.rb +26 -0
- data/test/rails_app/public/404.html +26 -0
- data/test/rails_app/public/422.html +26 -0
- data/test/rails_app/public/500.html +26 -0
- data/test/rails_app/public/favicon.ico +0 -0
- data/test/rails_app/script/rails +10 -0
- data/test/routes_test.rb +248 -0
- data/test/support/assertions.rb +40 -0
- data/test/support/helpers.rb +91 -0
- data/test/support/integration.rb +92 -0
- data/test/support/locale/en.yml +4 -0
- data/test/support/webrat/integrations/rails.rb +24 -0
- data/test/test_helper.rb +27 -0
- data/test/test_helpers_test.rb +151 -0
- metadata +421 -0
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
require 'devise/omniauth'
|
|
2
|
+
|
|
3
|
+
module Devise
|
|
4
|
+
module Models
|
|
5
|
+
# Adds OmniAuth support to your model.
|
|
6
|
+
#
|
|
7
|
+
# == Options
|
|
8
|
+
#
|
|
9
|
+
# Oauthable adds the following options to devise_for:
|
|
10
|
+
#
|
|
11
|
+
# * +omniauth_providers+: Which providers are avaialble to this model. It expects an array:
|
|
12
|
+
#
|
|
13
|
+
# devise_for :database_authenticatable, :omniauthable, :omniauth_providers => [:twitter]
|
|
14
|
+
#
|
|
15
|
+
module Omniauthable
|
|
16
|
+
extend ActiveSupport::Concern
|
|
17
|
+
|
|
18
|
+
def self.required_fields(klass)
|
|
19
|
+
[]
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
module ClassMethods
|
|
23
|
+
Devise::Models.config(self, :omniauth_providers)
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
@@ -0,0 +1,140 @@
|
|
|
1
|
+
module Devise
|
|
2
|
+
module Models
|
|
3
|
+
|
|
4
|
+
# Recoverable takes care of reseting the user password and send reset instructions.
|
|
5
|
+
#
|
|
6
|
+
# ==Options
|
|
7
|
+
#
|
|
8
|
+
# Recoverable adds the following options to devise_for:
|
|
9
|
+
#
|
|
10
|
+
# * +reset_password_keys+: the keys you want to use when recovering the password for an account
|
|
11
|
+
#
|
|
12
|
+
# == Examples
|
|
13
|
+
#
|
|
14
|
+
# # resets the user password and save the record, true if valid passwords are given, otherwise false
|
|
15
|
+
# User.find(1).reset_password!('password123', 'password123')
|
|
16
|
+
#
|
|
17
|
+
# # only resets the user password, without saving the record
|
|
18
|
+
# user = User.find(1)
|
|
19
|
+
# user.reset_password('password123', 'password123')
|
|
20
|
+
#
|
|
21
|
+
# # creates a new token and send it with instructions about how to reset the password
|
|
22
|
+
# User.find(1).send_reset_password_instructions
|
|
23
|
+
#
|
|
24
|
+
module Recoverable
|
|
25
|
+
extend ActiveSupport::Concern
|
|
26
|
+
|
|
27
|
+
def self.required_fields(klass)
|
|
28
|
+
[:reset_password_sent_at, :reset_password_token]
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# Update password saving the record and clearing token. Returns true if
|
|
32
|
+
# the passwords are valid and the record was saved, false otherwise.
|
|
33
|
+
def reset_password!(new_password, new_password_confirmation)
|
|
34
|
+
self.password = new_password
|
|
35
|
+
self.password_confirmation = new_password_confirmation
|
|
36
|
+
|
|
37
|
+
if valid?
|
|
38
|
+
clear_reset_password_token
|
|
39
|
+
after_password_reset
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
save
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
# Resets reset password token and send reset password instructions by email
|
|
46
|
+
def send_reset_password_instructions
|
|
47
|
+
generate_reset_password_token! if should_generate_reset_token?
|
|
48
|
+
send_devise_notification(:reset_password_instructions)
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
# Checks if the reset password token sent is within the limit time.
|
|
52
|
+
# We do this by calculating if the difference between today and the
|
|
53
|
+
# sending date does not exceed the confirm in time configured.
|
|
54
|
+
# Returns true if the resource is not responding to reset_password_sent_at at all.
|
|
55
|
+
# reset_password_within is a model configuration, must always be an integer value.
|
|
56
|
+
#
|
|
57
|
+
# Example:
|
|
58
|
+
#
|
|
59
|
+
# # reset_password_within = 1.day and reset_password_sent_at = today
|
|
60
|
+
# reset_password_period_valid? # returns true
|
|
61
|
+
#
|
|
62
|
+
# # reset_password_within = 5.days and reset_password_sent_at = 4.days.ago
|
|
63
|
+
# reset_password_period_valid? # returns true
|
|
64
|
+
#
|
|
65
|
+
# # reset_password_within = 5.days and reset_password_sent_at = 5.days.ago
|
|
66
|
+
# reset_password_period_valid? # returns false
|
|
67
|
+
#
|
|
68
|
+
# # reset_password_within = 0.days
|
|
69
|
+
# reset_password_period_valid? # will always return false
|
|
70
|
+
#
|
|
71
|
+
def reset_password_period_valid?
|
|
72
|
+
reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
protected
|
|
76
|
+
|
|
77
|
+
def should_generate_reset_token?
|
|
78
|
+
reset_password_token.nil? || !reset_password_period_valid?
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
# Generates a new random token for reset password
|
|
82
|
+
def generate_reset_password_token
|
|
83
|
+
self.reset_password_token = self.class.reset_password_token
|
|
84
|
+
self.reset_password_sent_at = Time.now.utc
|
|
85
|
+
self.reset_password_token
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
# Resets the reset password token with and save the record without
|
|
89
|
+
# validating
|
|
90
|
+
def generate_reset_password_token!
|
|
91
|
+
generate_reset_password_token && save(:validate => false)
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
# Removes reset_password token
|
|
95
|
+
def clear_reset_password_token
|
|
96
|
+
self.reset_password_token = nil
|
|
97
|
+
self.reset_password_sent_at = nil
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
def after_password_reset
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
module ClassMethods
|
|
104
|
+
# Attempt to find a user by its email. If a record is found, send new
|
|
105
|
+
# password instructions to it. If not user is found, returns a new user
|
|
106
|
+
# with an email not found error.
|
|
107
|
+
# Attributes must contain the user email
|
|
108
|
+
def send_reset_password_instructions(attributes={})
|
|
109
|
+
recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
|
|
110
|
+
recoverable.send_reset_password_instructions if recoverable.persisted?
|
|
111
|
+
recoverable
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
# Generate a token checking if one does not already exist in the database.
|
|
115
|
+
def reset_password_token
|
|
116
|
+
generate_token(:reset_password_token)
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
# Attempt to find a user by its reset_password_token to reset its
|
|
120
|
+
# password. If a user is found and token is still valid, reset its password and automatically
|
|
121
|
+
# try saving the record. If not user is found, returns a new user
|
|
122
|
+
# containing an error in reset_password_token attribute.
|
|
123
|
+
# Attributes must contain reset_password_token, password and confirmation
|
|
124
|
+
def reset_password_by_token(attributes={})
|
|
125
|
+
recoverable = find_or_initialize_with_error_by(:reset_password_token, attributes[:reset_password_token])
|
|
126
|
+
if recoverable.persisted?
|
|
127
|
+
if recoverable.reset_password_period_valid?
|
|
128
|
+
recoverable.reset_password!(attributes[:password], attributes[:password_confirmation])
|
|
129
|
+
else
|
|
130
|
+
recoverable.errors.add(:reset_password_token, :expired)
|
|
131
|
+
end
|
|
132
|
+
end
|
|
133
|
+
recoverable
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
Devise::Models.config(self, :reset_password_keys, :reset_password_within)
|
|
137
|
+
end
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
module Devise
|
|
2
|
+
module Models
|
|
3
|
+
# Registerable is responsible for everything related to registering a new
|
|
4
|
+
# resource (ie user sign up).
|
|
5
|
+
module Registerable
|
|
6
|
+
extend ActiveSupport::Concern
|
|
7
|
+
|
|
8
|
+
def self.required_fields(klass)
|
|
9
|
+
[]
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
module ClassMethods
|
|
13
|
+
# A convenience method that receives both parameters and session to
|
|
14
|
+
# initialize a user. This can be used by OAuth, for example, to send
|
|
15
|
+
# in the user token and be stored on initialization.
|
|
16
|
+
#
|
|
17
|
+
# By default discards all information sent by the session by calling
|
|
18
|
+
# new with params.
|
|
19
|
+
def new_with_session(params, session)
|
|
20
|
+
new(params)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
require 'devise/strategies/rememberable'
|
|
2
|
+
require 'devise/hooks/rememberable'
|
|
3
|
+
require 'devise/hooks/forgetable'
|
|
4
|
+
|
|
5
|
+
module Devise
|
|
6
|
+
module Models
|
|
7
|
+
# Rememberable manages generating and clearing token for remember the user
|
|
8
|
+
# from a saved cookie. Rememberable also has utility methods for dealing
|
|
9
|
+
# with serializing the user into the cookie and back from the cookie, trying
|
|
10
|
+
# to lookup the record based on the saved information.
|
|
11
|
+
# You probably wouldn't use rememberable methods directly, they are used
|
|
12
|
+
# mostly internally for handling the remember token.
|
|
13
|
+
#
|
|
14
|
+
# == Options
|
|
15
|
+
#
|
|
16
|
+
# Rememberable adds the following options in devise_for:
|
|
17
|
+
#
|
|
18
|
+
# * +remember_for+: the time you want the user will be remembered without
|
|
19
|
+
# asking for credentials. After this time the user will be blocked and
|
|
20
|
+
# will have to enter his credentials again. This configuration is also
|
|
21
|
+
# used to calculate the expires time for the cookie created to remember
|
|
22
|
+
# the user. By default remember_for is 2.weeks.
|
|
23
|
+
#
|
|
24
|
+
# * +extend_remember_period+: if true, extends the user's remember period
|
|
25
|
+
# when remembered via cookie. False by default.
|
|
26
|
+
#
|
|
27
|
+
# * +rememberable_options+: configuration options passed to the created cookie.
|
|
28
|
+
#
|
|
29
|
+
# == Examples
|
|
30
|
+
#
|
|
31
|
+
# User.find(1).remember_me! # regenerating the token
|
|
32
|
+
# User.find(1).forget_me! # clearing the token
|
|
33
|
+
#
|
|
34
|
+
# # generating info to put into cookies
|
|
35
|
+
# User.serialize_into_cookie(user)
|
|
36
|
+
#
|
|
37
|
+
# # lookup the user based on the incoming cookie information
|
|
38
|
+
# User.serialize_from_cookie(cookie_string)
|
|
39
|
+
module Rememberable
|
|
40
|
+
extend ActiveSupport::Concern
|
|
41
|
+
|
|
42
|
+
attr_accessor :remember_me, :extend_remember_period
|
|
43
|
+
|
|
44
|
+
def self.required_fields(klass)
|
|
45
|
+
[:remember_created_at]
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
# Generate a new remember token and save the record without validations
|
|
49
|
+
# unless remember_across_browsers is true and the user already has a valid token.
|
|
50
|
+
def remember_me!(extend_period=false)
|
|
51
|
+
self.remember_token = self.class.remember_token if generate_remember_token?
|
|
52
|
+
self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
|
|
53
|
+
save(:validate => false)
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
# If the record is persisted, remove the remember token (but only if
|
|
57
|
+
# it exists), and save the record without validations.
|
|
58
|
+
def forget_me!
|
|
59
|
+
return unless persisted?
|
|
60
|
+
self.remember_token = nil if respond_to?(:remember_token=)
|
|
61
|
+
self.remember_created_at = nil
|
|
62
|
+
save(:validate => false)
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
# Remember token should be expired if expiration time not overpass now.
|
|
66
|
+
def remember_expired?
|
|
67
|
+
remember_created_at.nil? || (remember_expires_at <= Time.now.utc)
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
# Remember token expires at created time + remember_for configuration
|
|
71
|
+
def remember_expires_at
|
|
72
|
+
remember_created_at + self.class.remember_for
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
def rememberable_value
|
|
76
|
+
if respond_to?(:remember_token)
|
|
77
|
+
remember_token
|
|
78
|
+
elsif respond_to?(:authenticatable_salt) && (salt = authenticatable_salt)
|
|
79
|
+
salt
|
|
80
|
+
else
|
|
81
|
+
raise "authenticable_salt returned nil for the #{self.class.name} model. " \
|
|
82
|
+
"In order to use rememberable, you must ensure a password is always set " \
|
|
83
|
+
"or have a remember_token column in your model or implement your own " \
|
|
84
|
+
"rememberable_value in the model with custom logic."
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
def rememberable_options
|
|
89
|
+
self.class.rememberable_options
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
protected
|
|
93
|
+
|
|
94
|
+
def generate_remember_token? #:nodoc:
|
|
95
|
+
respond_to?(:remember_token) && remember_expired?
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
# Generate a timestamp if extend_remember_period is true, if no remember_token
|
|
99
|
+
# exists, or if an existing remember token has expired.
|
|
100
|
+
def generate_remember_timestamp?(extend_period) #:nodoc:
|
|
101
|
+
extend_period || remember_created_at.nil? || remember_expired?
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
module ClassMethods
|
|
105
|
+
# Create the cookie key using the record id and remember_token
|
|
106
|
+
def serialize_into_cookie(record)
|
|
107
|
+
[record.to_key, record.rememberable_value]
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
# Recreate the user based on the stored cookie
|
|
111
|
+
def serialize_from_cookie(id, remember_token)
|
|
112
|
+
record = to_adapter.get(id)
|
|
113
|
+
record if record && record.rememberable_value == remember_token && !record.remember_expired?
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
# Generate a token checking if one does not already exist in the database.
|
|
117
|
+
def remember_token #:nodoc:
|
|
118
|
+
generate_token(:remember_token)
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options)
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
end
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
require 'devise/hooks/timeoutable'
|
|
2
|
+
|
|
3
|
+
module Devise
|
|
4
|
+
module Models
|
|
5
|
+
# Timeoutable takes care of veryfing whether a user session has already
|
|
6
|
+
# expired or not. When a session expires after the configured time, the user
|
|
7
|
+
# will be asked for credentials again, it means, he/she will be redirected
|
|
8
|
+
# to the sign in page.
|
|
9
|
+
#
|
|
10
|
+
# == Options
|
|
11
|
+
#
|
|
12
|
+
# Timeoutable adds the following options to devise_for:
|
|
13
|
+
#
|
|
14
|
+
# * +timeout_in+: the interval to timeout the user session without activity.
|
|
15
|
+
#
|
|
16
|
+
# == Examples
|
|
17
|
+
#
|
|
18
|
+
# user.timedout?(30.minutes.ago)
|
|
19
|
+
#
|
|
20
|
+
module Timeoutable
|
|
21
|
+
extend ActiveSupport::Concern
|
|
22
|
+
|
|
23
|
+
def self.required_fields(klass)
|
|
24
|
+
[]
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# Checks whether the user session has expired based on configured time.
|
|
28
|
+
def timedout?(last_access)
|
|
29
|
+
return false if remember_exists_and_not_expired?
|
|
30
|
+
!timeout_in.nil? && last_access && last_access <= timeout_in.ago
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def timeout_in
|
|
34
|
+
self.class.timeout_in
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
private
|
|
38
|
+
|
|
39
|
+
def remember_exists_and_not_expired?
|
|
40
|
+
return false unless respond_to?(:remember_created_at)
|
|
41
|
+
remember_created_at && !remember_expired?
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
module ClassMethods
|
|
45
|
+
Devise::Models.config(self, :timeout_in)
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
require 'devise/strategies/token_authenticatable'
|
|
2
|
+
|
|
3
|
+
module Devise
|
|
4
|
+
module Models
|
|
5
|
+
# The TokenAuthenticatable module is responsible for generating an authentication token and
|
|
6
|
+
# validating the authenticity of the same while signing in.
|
|
7
|
+
#
|
|
8
|
+
# This module only provides a few helpers to help you manage the token, but it is up to you
|
|
9
|
+
# to choose how to use it. For example, if you want to have a new token every time the user
|
|
10
|
+
# saves his account, you can do the following:
|
|
11
|
+
#
|
|
12
|
+
# before_save :reset_authentication_token
|
|
13
|
+
#
|
|
14
|
+
# On the other hand, if you want to generate token unless one exists, you should use instead:
|
|
15
|
+
#
|
|
16
|
+
# before_save :ensure_authentication_token
|
|
17
|
+
#
|
|
18
|
+
# If you want to delete the token after it is used, you can do so in the
|
|
19
|
+
# after_token_authentication callback.
|
|
20
|
+
#
|
|
21
|
+
# == APIs
|
|
22
|
+
#
|
|
23
|
+
# If you are using token authentication with APIs and using trackable. Every
|
|
24
|
+
# request will be considered as a new sign in (since there is no session in
|
|
25
|
+
# APIs). You can disable this by creating a before filter as follow:
|
|
26
|
+
#
|
|
27
|
+
# before_filter :skip_trackable
|
|
28
|
+
#
|
|
29
|
+
# def skip_trackable
|
|
30
|
+
# request.env['devise.skip_trackable'] = true
|
|
31
|
+
# end
|
|
32
|
+
#
|
|
33
|
+
# == Options
|
|
34
|
+
#
|
|
35
|
+
# TokenAuthenticatable adds the following options to devise_for:
|
|
36
|
+
#
|
|
37
|
+
# * +token_authentication_key+: Defines name of the authentication token params key. E.g. /users/sign_in?some_key=...
|
|
38
|
+
#
|
|
39
|
+
module TokenAuthenticatable
|
|
40
|
+
extend ActiveSupport::Concern
|
|
41
|
+
|
|
42
|
+
def self.required_fields(klass)
|
|
43
|
+
[:authentication_token]
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
# Generate new authentication token (a.k.a. "single access token").
|
|
47
|
+
def reset_authentication_token
|
|
48
|
+
self.authentication_token = self.class.authentication_token
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
# Generate new authentication token and save the record.
|
|
52
|
+
def reset_authentication_token!
|
|
53
|
+
reset_authentication_token
|
|
54
|
+
save(:validate => false)
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
# Generate authentication token unless already exists.
|
|
58
|
+
def ensure_authentication_token
|
|
59
|
+
reset_authentication_token if authentication_token.blank?
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
# Generate authentication token unless already exists and save the record.
|
|
63
|
+
def ensure_authentication_token!
|
|
64
|
+
reset_authentication_token! if authentication_token.blank?
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
# Hook called after token authentication.
|
|
68
|
+
def after_token_authentication
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def expire_auth_token_on_timeout
|
|
72
|
+
self.class.expire_auth_token_on_timeout
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
module ClassMethods
|
|
76
|
+
def find_for_token_authentication(conditions)
|
|
77
|
+
find_for_authentication(:authentication_token => conditions[token_authentication_key])
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
# Generate a token checking if one does not already exist in the database.
|
|
81
|
+
def authentication_token
|
|
82
|
+
generate_token(:authentication_token)
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
Devise::Models.config(self, :token_authentication_key, :expire_auth_token_on_timeout)
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
end
|