heartcombo--devise/lib/devise/models/rememberable.rb

require 'devise/strategies/rememberable'
require 'devise/hooks/rememberable'
require 'devise/hooks/forgetable'

module Devise
  module Models
    # Rememberable manages generating and clearing token for remember the user
    # from a saved cookie. Rememberable also has utility methods for dealing
    # with serializing the user into the cookie and back from the cookie, trying
    # to lookup the record based on the saved information.
    # You probably wouldn't use rememberable methods directly, they are used
    # mostly internally for handling the remember token.
    #
    # Configuration:
    #
    #   remember_for: the time you want the user will be remembered without
    #                 asking for credentials. After this time the user will be
    #                 blocked and will have to enter his credentials again.
    #                 This configuration is also used to calculate the expires
    #                 time for the cookie created to remember the user.
    #                 By default remember_for is 2.weeks.
    #
    #   remember_across_browsers: if a valid remember token can be re-used
    #                             between multiple browsers.
    #                             By default remember_across_browsers is true.
    #
    # Examples:
    #
    #   User.find(1).remember_me!  # regenerating the token
    #   User.find(1).forget_me!    # clearing the token
    #
    #   # generating info to put into cookies
    #   User.serialize_into_cookie(user)
    #
    #   # lookup the user based on the incoming cookie information
    #   User.serialize_from_cookie(cookie_string)
    module Rememberable
      extend ActiveSupport::Concern

      included do
        # Remember me option available in after_authentication hook.
        attr_accessor :remember_me
      end

      # Generate a new remember token and save the record without validations
      # unless remember_across_browsers is true and the user already has a valid token.
      def remember_me!
        return if self.class.remember_across_browsers && self.remember_created_at && !self.remember_expired?
        self.remember_token = Devise.friendly_token
        self.remember_created_at = Time.now.utc
        save(:validate => false)
      end

      # Removes the remember token only if it exists, and save the record
      # without validations.
      def forget_me!
        if remember_token
          self.remember_token = nil
          self.remember_created_at = nil
          save(:validate => false)
        end
      end

      # Remember token should be expired if expiration time not overpass now.
      def remember_expired?
        remember_expires_at <= Time.now.utc
      end

      # Remember token expires at created time + remember_for configuration
      def remember_expires_at
        remember_created_at + self.class.remember_for
      end

      def cookie_domain
        self.class.cookie_domain
      end

      def cookie_domain?
        self.class.cookie_domain != false
      end

      module ClassMethods
        # Create the cookie key using the record id and remember_token
        def serialize_into_cookie(record)
          [record.id, record.remember_token]
        end

        # Recreate the user based on the stored cookie
        def serialize_from_cookie(id, remember_token)
          conditions = { :id => id, :remember_token => remember_token }
          record = find(:first, :conditions => conditions)
          record if record && !record.remember_expired?
        end

        Devise::Models.config(self, :remember_for, :remember_across_browsers, :cookie_domain)
      end
    end
  end
end
Bring rememberable back. 2010-01-14 15:47:14 +01:00			`require 'devise/strategies/rememberable'`
			`require 'devise/hooks/rememberable'`
:activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 16:34:22 +02:00			`require 'devise/hooks/forgetable'`
Bring rememberable back. 2010-01-14 15:47:14 +01:00
Creating rememberable module. 2009-10-20 00:31:33 -02:00			`module Devise`
			`module Models`
Updating docs and TODO. 2009-10-20 00:52:31 -02:00			`# Rememberable manages generating and clearing token for remember the user`
			`# from a saved cookie. Rememberable also has utility methods for dealing`
			`# with serializing the user into the cookie and back from the cookie, trying`
			`# to lookup the record based on the saved information.`
			`# You probably wouldn't use rememberable methods directly, they are used`
			`# mostly internally for handling the remember token.`
Documentation about confirm_in and remember_for configurations and some tests. 2009-10-22 09:49:19 -02:00			`#`
			`# Configuration:`
			`#`
			`# remember_for: the time you want the user will be remembered without`
			`# asking for credentials. After this time the user will be`
			`# blocked and will have to enter his credentials again.`
			`# This configuration is also used to calculate the expires`
			`# time for the cookie created to remember the user.`
Updating default remember_for, using only .days while testing confirmation period, and some more docs. 2009-10-22 09:54:23 -02:00			`# By default remember_for is 2.weeks.`
Documentation about confirm_in and remember_for configurations and some tests. 2009-10-22 09:49:19 -02:00			`#`
remember_across_browsers option for rememberable module Signed-off-by: José Valim <jose.valim@gmail.com> 2010-06-29 20:54:19 -05:00			`# remember_across_browsers: if a valid remember token can be re-used`
			`# between multiple browsers.`
			`# By default remember_across_browsers is true.`
			`#`
Updating docs and TODO. 2009-10-20 00:52:31 -02:00			`# Examples:`
			`#`
			`# User.find(1).remember_me! # regenerating the token`
			`# User.find(1).forget_me! # clearing the token`
Small refactoring. 2009-10-20 08:44:21 -02:00			`#`
Updating docs and TODO. 2009-10-20 00:52:31 -02:00			`# # generating info to put into cookies`
			`# User.serialize_into_cookie(user)`
Small refactoring. 2009-10-20 08:44:21 -02:00			`#`
Updating docs and TODO. 2009-10-20 00:52:31 -02:00			`# # lookup the user based on the incoming cookie information`
			`# User.serialize_from_cookie(cookie_string)`
Creating rememberable module. 2009-10-20 00:31:33 -02:00			`module Rememberable`
Use ActiveSupport::Concern. 2010-02-17 12:35:38 +01:00			`extend ActiveSupport::Concern`
Creating rememberable module. 2009-10-20 00:31:33 -02:00
Use ActiveSupport::Concern. 2010-02-17 12:35:38 +01:00			`included do`
			`# Remember me option available in after_authentication hook.`
			`attr_accessor :remember_me`
Creating rememberable module. 2009-10-20 00:31:33 -02:00			`end`

remember_across_browsers option for rememberable module Signed-off-by: José Valim <jose.valim@gmail.com> 2010-06-29 20:54:19 -05:00			`# Generate a new remember token and save the record without validations`
			`# unless remember_across_browsers is true and the user already has a valid token.`
Creating rememberable module. 2009-10-20 00:31:33 -02:00			`def remember_me!`
remember_across_browsers option for rememberable module Signed-off-by: José Valim <jose.valim@gmail.com> 2010-06-29 20:54:19 -05:00			`return if self.class.remember_across_browsers && self.remember_created_at && !self.remember_expired?`
Added Devise.all to freeze your app strategies and moved friendly_token to Devise module. 2009-11-18 09:26:47 -02:00			`self.remember_token = Devise.friendly_token`
[DEPRECATION] Notifier is deprecated, use DeviseMailer instead. Remember to rename app/views/notifier to app/views/devise_mailer and I18n key from devise.notifier to devise.mailer. 2009-11-02 23:14:27 -02:00			`self.remember_created_at = Time.now.utc`
Got tests running on Rails 3: 369 tests, 486 assertions, 45 failures, 124 errors. 2010-02-16 14:31:49 +01:00			`save(:validate => false)`
Creating rememberable module. 2009-10-20 00:31:33 -02:00			`end`

			`# Removes the remember token only if it exists, and save the record`
			`# without validations.`
			`def forget_me!`
Do not rely on attribute? methods since they are not available in Datamapper. 2009-11-22 00:24:34 -02:00			`if remember_token`
Creating rememberable module. 2009-10-20 00:31:33 -02:00			`self.remember_token = nil`
Remember the user only if the remember token has not expired. 2009-10-22 09:09:34 -02:00			`self.remember_created_at = nil`
Got tests running on Rails 3: 369 tests, 486 assertions, 45 failures, 124 errors. 2010-02-16 14:31:49 +01:00			`save(:validate => false)`
Creating rememberable module. 2009-10-20 00:31:33 -02:00			`end`
			`end`

Remember the user only if the remember token has not expired. 2009-10-22 09:09:34 -02:00			`# Remember token should be expired if expiration time not overpass now.`
			`def remember_expired?`
[DEPRECATION] Notifier is deprecated, use DeviseMailer instead. Remember to rename app/views/notifier to app/views/devise_mailer and I18n key from devise.notifier to devise.mailer. 2009-11-02 23:14:27 -02:00			`remember_expires_at <= Time.now.utc`
Remember the user only if the remember token has not expired. 2009-10-22 09:09:34 -02:00			`end`

			`# Remember token expires at created time + remember_for configuration`
			`def remember_expires_at`
Ensure all encryptor returns a symbol. Get the class using encryptor_class. 2009-11-22 22:32:54 -02:00			`remember_created_at + self.class.remember_for`
Creating rememberable module. 2009-10-20 00:31:33 -02:00			`end`
Add support to Warden 0.9.0.pre 2010-01-14 13:38:02 +01:00
custom domain cookie support Signed-off-by: José Valim <jose.valim@gmail.com> 2010-05-05 18:25:59 +01:00			`def cookie_domain`
			`self.class.cookie_domain`
			`end`

			`def cookie_domain?`
			`self.class.cookie_domain != false`
			`end`

Add support to Warden 0.9.0.pre 2010-01-14 13:38:02 +01:00			`module ClassMethods`
			`# Create the cookie key using the record id and remember_token`
			`def serialize_into_cookie(record)`
Use message verifier in cookies. Previous implementation allowed brute force attacks by cookies. Even though it is impossible for the brute force attack to succeed, the current implementation blocks the attacker even before hitting the database. 2010-03-31 13:31:45 +02:00			`[record.id, record.remember_token]`
Add support to Warden 0.9.0.pre 2010-01-14 13:38:02 +01:00			`end`

			`# Recreate the user based on the stored cookie`
Use message verifier in cookies. Previous implementation allowed brute force attacks by cookies. Even though it is impossible for the brute force attack to succeed, the current implementation blocks the attacker even before hitting the database. 2010-03-31 13:31:45 +02:00			`def serialize_from_cookie(id, remember_token)`
			`conditions = { :id => id, :remember_token => remember_token }`
			`record = find(:first, :conditions => conditions)`
			`record if record && !record.remember_expired?`
Add support to Warden 0.9.0.pre 2010-01-14 13:38:02 +01:00			`end`

remember_across_browsers option for rememberable module Signed-off-by: José Valim <jose.valim@gmail.com> 2010-06-29 20:54:19 -05:00			`Devise::Models.config(self, :remember_for, :remember_across_browsers, :cookie_domain)`
Add support to Warden 0.9.0.pre 2010-01-14 13:38:02 +01:00			`end`
Creating rememberable module. 2009-10-20 00:31:33 -02:00			`end`
			`end`
			`end`