heartcombo--devise/lib/devise/strategies/token_authenticatable.rb

require 'devise/strategies/base'

module Devise
  module Strategies
    # Strategy for signing in a user, based on a authenticatable token. This works for both params
    # and http. For the former, all you need to do is to pass the params in the URL:
    #
    #   http://myapp.example.com/?user_token=SECRET
    #
    # For HTTP, you can pass the token as username and blank password. Since some clients may require
    # a password, you can pass "X" as password and it will simply be ignored.
    class TokenAuthenticatable < Authenticatable
      def store?
        !mapping.to.stateless_token
      end

      def authenticate!
        resource = mapping.to.find_for_token_authentication(authentication_hash)

        if validate(resource)
          resource.after_token_authentication
          success!(resource)
        elsif !halted?
          fail(:invalid_token)
        end
      end

    private

      # TokenAuthenticatable request is valid for any controller and any verb.
      def valid_request?
        true
      end

      # Do not use remember_me behavior with token.
      def remember_me?
        false
      end

      # Try both scoped and non scoped keys.
      def params_auth_hash
        params[scope] || params
      end

      # Overwrite authentication keys to use token_authentication_key.
      def authentication_keys
        @authentication_keys ||= [mapping.to.token_authentication_key]
      end
    end
  end
end

Warden::Strategies.add(:token_authenticatable, Devise::Strategies::TokenAuthenticatable)
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`require 'devise/strategies/base'`

			`module Devise`
			`module Strategies`
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 13:09:33 -04:00			`# Strategy for signing in a user, based on a authenticatable token. This works for both params`
			`# and http. For the former, all you need to do is to pass the params in the URL:`
			`#`
			`# http://myapp.example.com/?user_token=SECRET`
			`#`
Add tests to cookie domain, closes #254. 2010-05-16 08:13:43 -04:00			`# For HTTP, you can pass the token as username and blank password. Since some clients may require`
			`# a password, you can pass "X" as password and it will simply be ignored.`
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 13:09:33 -04:00			`class TokenAuthenticatable < Authenticatable`
Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication 2010-09-25 14:28:14 -04:00			`def store?`
			`!mapping.to.stateless_token`
			`end`

Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`def authenticate!`
:activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 10:34:22 -04:00			`resource = mapping.to.find_for_token_authentication(authentication_hash)`

			`if validate(resource)`
Small changes to token_authenticatable. 2010-04-06 07:26:56 -04:00			`resource.after_token_authentication`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`success!(resource)`
Be sure to halt on failures, closes #856 2011-02-24 16:31:48 -05:00			`elsif !halted?`
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 13:09:33 -04:00			`fail(:invalid_token)`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`end`
			`end`

Add Http Basic Authentication support. 2010-02-05 19:33:32 -05:00			`private`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00
Tidying up some lose ends and adding more docs. 2010-04-01 16:11:59 -04:00			`# TokenAuthenticatable request is valid for any controller and any verb.`
			`def valid_request?`
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 13:09:33 -04:00			`true`
			`end`

Small doc fix 2010-09-24 07:59:30 -04:00			`# Do not use remember_me behavior with token.`
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 13:09:33 -04:00			`def remember_me?`
			`false`
			`end`

			`# Try both scoped and non scoped keys.`
			`def params_auth_hash`
			`params[scope] \|\| params`
			`end`

			`# Overwrite authentication keys to use token_authentication_key.`
			`def authentication_keys`
			`@authentication_keys \|\|= [mapping.to.token_authentication_key]`
Add Http Basic Authentication support. 2010-02-05 19:33:32 -05:00			`end`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`end`
			`end`
			`end`

			`Warden::Strategies.add(:token_authenticatable, Devise::Strategies::TokenAuthenticatable)`