2010-01-23 21:38:52 -05:00
|
|
|
require 'devise/strategies/base'
|
|
|
|
|
|
|
|
module Devise
|
|
|
|
module Strategies
|
2010-04-01 13:09:33 -04:00
|
|
|
# Strategy for signing in a user, based on a authenticatable token. This works for both params
|
|
|
|
# and http. For the former, all you need to do is to pass the params in the URL:
|
|
|
|
#
|
|
|
|
# http://myapp.example.com/?user_token=SECRET
|
|
|
|
#
|
2010-05-16 08:13:43 -04:00
|
|
|
# For HTTP, you can pass the token as username and blank password. Since some clients may require
|
|
|
|
# a password, you can pass "X" as password and it will simply be ignored.
|
2010-04-01 13:09:33 -04:00
|
|
|
class TokenAuthenticatable < Authenticatable
|
2010-09-25 14:28:14 -04:00
|
|
|
def store?
|
|
|
|
!mapping.to.stateless_token
|
|
|
|
end
|
|
|
|
|
2010-01-23 21:38:52 -05:00
|
|
|
def authenticate!
|
2010-04-06 10:34:22 -04:00
|
|
|
resource = mapping.to.find_for_token_authentication(authentication_hash)
|
|
|
|
|
|
|
|
if validate(resource)
|
2010-04-06 07:26:56 -04:00
|
|
|
resource.after_token_authentication
|
2010-01-23 21:38:52 -05:00
|
|
|
success!(resource)
|
2011-02-24 16:31:48 -05:00
|
|
|
elsif !halted?
|
2010-04-01 13:09:33 -04:00
|
|
|
fail(:invalid_token)
|
2010-01-23 21:38:52 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2010-02-05 19:33:32 -05:00
|
|
|
private
|
2010-01-23 21:38:52 -05:00
|
|
|
|
2010-04-01 16:11:59 -04:00
|
|
|
# TokenAuthenticatable request is valid for any controller and any verb.
|
|
|
|
def valid_request?
|
2010-04-01 13:09:33 -04:00
|
|
|
true
|
|
|
|
end
|
|
|
|
|
2010-09-24 07:59:30 -04:00
|
|
|
# Do not use remember_me behavior with token.
|
2010-04-01 13:09:33 -04:00
|
|
|
def remember_me?
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
|
|
|
# Try both scoped and non scoped keys.
|
|
|
|
def params_auth_hash
|
2011-07-23 11:45:45 -04:00
|
|
|
token_authentication_key = authentication_keys.first
|
|
|
|
return params if params[scope].kind_of?(Hash) && !params[scope].has_key?(token_authentication_key) && params.has_key?(token_authentication_key)
|
2010-04-01 13:09:33 -04:00
|
|
|
params[scope] || params
|
|
|
|
end
|
|
|
|
|
|
|
|
# Overwrite authentication keys to use token_authentication_key.
|
|
|
|
def authentication_keys
|
|
|
|
@authentication_keys ||= [mapping.to.token_authentication_key]
|
2010-02-05 19:33:32 -05:00
|
|
|
end
|
2010-01-23 21:38:52 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
Warden::Strategies.add(:token_authenticatable, Devise::Strategies::TokenAuthenticatable)
|