1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
heartcombo--devise/lib/devise.rb

465 lines
14 KiB
Ruby
Raw Normal View History

require 'rails'
require 'active_support/core_ext/numeric/time'
require 'active_support/dependencies'
2010-10-10 11:51:12 -04:00
require 'orm_adapter'
require 'set'
require 'securerandom'
module Devise
autoload :Delegator, 'devise/delegator'
autoload :FailureApp, 'devise/failure_app'
autoload :OmniAuth, 'devise/omniauth'
autoload :ParamFilter, 'devise/param_filter'
autoload :PathChecker, 'devise/path_checker'
autoload :Schema, 'devise/schema'
2009-12-12 19:52:48 -05:00
autoload :TestHelpers, 'devise/test_helpers'
module Controllers
autoload :Helpers, 'devise/controllers/helpers'
2010-01-13 12:12:13 -05:00
autoload :InternalHelpers, 'devise/controllers/internal_helpers'
2011-02-24 15:55:41 -05:00
autoload :Rememberable, 'devise/controllers/rememberable'
autoload :ScopedViews, 'devise/controllers/scoped_views'
autoload :SharedHelpers, 'devise/controllers/shared_helpers'
2009-12-12 19:52:48 -05:00
autoload :UrlHelpers, 'devise/controllers/url_helpers'
end
module Encryptors
autoload :Base, 'devise/encryptors/base'
2009-12-12 19:52:48 -05:00
autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1'
2009-12-12 19:52:48 -05:00
autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
autoload :Sha512, 'devise/encryptors/sha512'
autoload :Sha1, 'devise/encryptors/sha1'
end
module Mailers
autoload :Helpers, 'devise/mailers/helpers'
end
module Strategies
autoload :Base, 'devise/strategies/base'
autoload :Authenticatable, 'devise/strategies/authenticatable'
end
# Constants which holds devise configuration for extensions. Those should
2010-07-13 06:17:25 -04:00
# not be modified by the "end user" (this is why they are constants).
ALL = []
CONTROLLERS = ActiveSupport::OrderedHash.new
ROUTES = ActiveSupport::OrderedHash.new
STRATEGIES = ActiveSupport::OrderedHash.new
2010-07-13 04:09:55 -04:00
URL_HELPERS = ActiveSupport::OrderedHash.new
# Strategies that do not require user input.
NO_INPUT = []
# True values used to check params
TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
2009-11-10 15:55:13 -05:00
# Declare encryptors length which are used in migrations.
ENCRYPTORS_LENGTH = {
:sha1 => 40,
:sha512 => 128,
:clearance_sha1 => 40,
:restful_authentication_sha1 => 40,
:authlogic_sha512 => 128
2009-11-10 15:55:13 -05:00
}
# Custom domain for cookies. Not set by default
mattr_accessor :cookie_options
@@cookie_options = {}
# The number of times to encrypt password.
mattr_accessor :stretches
@@stretches = 10
# Keys used when authenticating a user.
2009-11-15 00:31:13 -05:00
mattr_accessor :authentication_keys
@@authentication_keys = [ :email ]
# Request keys used when authenticating a user.
2010-09-21 05:45:44 -04:00
mattr_accessor :request_keys
@@request_keys = []
# Keys that should be case-insensitive.
2011-03-15 07:52:53 -04:00
# False by default for backwards compatibility.
2010-11-18 15:24:42 -05:00
mattr_accessor :case_insensitive_keys
2011-03-15 07:52:53 -04:00
@@case_insensitive_keys = false
# Keys that should have whitespace stripped.
# False by default for backwards compatibility.
mattr_accessor :strip_whitespace_keys
@@strip_whitespace_keys = false
2010-11-18 15:24:42 -05:00
# If http authentication is enabled by default.
mattr_accessor :http_authenticatable
@@http_authenticatable = false
# If http headers should be returned for ajax requests. True by default.
mattr_accessor :http_authenticatable_on_xhr
@@http_authenticatable_on_xhr = true
# If params authenticatable is enabled by default.
mattr_accessor :params_authenticatable
@@params_authenticatable = true
# The realm used in Http Basic Authentication.
mattr_accessor :http_authentication_realm
@@http_authentication_realm = "Application"
# Email regex used to validate email formats. It simply asserts that
# an one (and only one) @ exists in the given string. This is mainly
# to give user feedback and not to assert the e-mail validity.
2010-03-28 01:15:52 -04:00
mattr_accessor :email_regexp
2011-08-29 08:55:56 -04:00
@@email_regexp = /\A[^@]+@([^@\.]+\.)+[^@\.]+\z/
# Range validation for password length
mattr_accessor :password_length
@@password_length = 6..128
# The time the user will be remembered without asking for credentials again.
mattr_accessor :remember_for
@@remember_for = 2.weeks
# If true, extends the user's remember period when remembered via cookie.
mattr_accessor :extend_remember_period
@@extend_remember_period = false
# Time interval you can access your account before confirming your account.
mattr_accessor :allow_unconfirmed_access_for
@@allow_unconfirmed_access_for = 0.days
2011-02-06 16:23:36 -05:00
# Defines which key will be used when confirming an account.
mattr_accessor :confirmation_keys
@@confirmation_keys = [ :email ]
# Defines if email should be reconfirmable.
# False by default for backwards compatibility.
mattr_accessor :reconfirmable
@@reconfirmable = false
# Time interval to timeout the user session without activity.
mattr_accessor :timeout_in
@@timeout_in = 30.minutes
# Used to encrypt password. Please generate one with rake secret.
mattr_accessor :pepper
@@pepper = nil
2009-11-10 15:55:13 -05:00
# Used to define the password encryption algorithm.
mattr_accessor :encryptor
@@encryptor = nil
2009-11-10 15:55:13 -05:00
# Scoped views. Since it relies on fallbacks to render default views, it's
# turned off by default.
mattr_accessor :scoped_views
@@scoped_views = false
2010-03-31 05:54:11 -04:00
# Defines which strategy can be used to lock an account.
# Values: :failed_attempts, :none
mattr_accessor :lock_strategy
@@lock_strategy = :failed_attempts
2009-12-30 12:19:33 -05:00
# Defines which key will be used when locking and unlocking an account
mattr_accessor :unlock_keys
@@unlock_keys = [ :email ]
2009-12-30 12:19:33 -05:00
# Defines which strategy can be used to unlock an account.
# Values: :email, :time, :both
mattr_accessor :unlock_strategy
@@unlock_strategy = :both
2010-03-31 05:54:11 -04:00
# Number of authentication tries before locking an account
mattr_accessor :maximum_attempts
@@maximum_attempts = 20
2009-12-30 12:19:33 -05:00
# Time interval to unlock the account if :time is defined as unlock_strategy.
mattr_accessor :unlock_in
@@unlock_in = 1.hour
# Defines which key will be used when recovering the password for an account
mattr_accessor :reset_password_keys
@@reset_password_keys = [ :email ]
2011-04-18 09:39:29 -04:00
# Time interval you can reset your password with a reset password key
# Nil by default for backwards compatibility.
mattr_accessor :reset_password_within
2011-03-30 09:35:38 -04:00
@@reset_password_within = nil
# The default scope which is used by warden.
2010-01-05 07:44:13 -05:00
mattr_accessor :default_scope
@@default_scope = nil
# Address which sends Devise e-mails.
mattr_accessor :mailer_sender
@@mailer_sender = nil
# Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
mattr_accessor :token_authentication_key
@@token_authentication_key = :auth_token
# Skip session storage for the following strategies
mattr_accessor :skip_session_storage
@@skip_session_storage = []
# Which formats should be treated as navigational.
2011-02-15 04:26:28 -05:00
# We need both :"*/*" and "*/*" to work on different Rails versions.
mattr_accessor :navigational_formats
2011-02-15 04:26:28 -05:00
@@navigational_formats = [:"*/*", "*/*", :html]
# When set to true, signing out a user signs out all other scopes.
2010-07-12 12:56:27 -04:00
mattr_accessor :sign_out_all_scopes
@@sign_out_all_scopes = true
2010-07-12 12:56:27 -04:00
2010-08-23 08:05:40 -04:00
# The default method used while signing out
mattr_accessor :sign_out_via
@@sign_out_via = :get
# DEPRECATED CONFIG
# If true, uses salt as remember token and does not create it in the database.
# By default is false for backwards compatibility.
mattr_accessor :use_salt_as_remember_token
@@use_salt_as_remember_token = false
# Tells if devise should apply the schema in ORMs where devise declaration
# and schema belongs to the same class (as Datamapper and Mongoid).
mattr_accessor :apply_schema
@@apply_schema = true
def self.remember_across_browsers=(value)
puts "\n[DEVISE] Devise.remember_across_browsers is deprecated and has no effect. Please remove it."
end
def self.confirm_within=(value)
puts "\n[DEVISE] Devise.confirm_within= is deprecated. Please set Devise.allow_unconfirmed_access_for= instead."
Devise.allow_unconfirmed_access_for = value
end
def self.stateless_token=(value)
puts "\n[DEVISE] Devise.stateless_token= is deprecated. Please append :token_auth to Devise.skip_session_storage " \
"instead, for example: Devise.skip_session_storage << :token_auth"
Devise.skip_session_storage << :token_auth
end
2010-07-12 12:56:27 -04:00
# PRIVATE CONFIGURATION
2010-07-13 06:17:25 -04:00
# Store scopes mappings.
mattr_reader :mappings
@@mappings = ActiveSupport::OrderedHash.new
2010-10-14 14:04:02 -04:00
# Omniauth configurations.
mattr_reader :omniauth_configs
@@omniauth_configs = ActiveSupport::OrderedHash.new
# Define a set of modules that are called when a mapping is added.
mattr_reader :helpers
@@helpers = Set.new
@@helpers << Devise::Controllers::Helpers
# Private methods to interface with Warden.
2010-03-31 05:54:11 -04:00
mattr_accessor :warden_config
@@warden_config = nil
@@warden_config_block = nil
2011-06-22 12:01:49 -04:00
# When true, enter in paranoid mode to avoid user enumeration.
2011-05-20 18:41:40 -04:00
mattr_accessor :paranoid
@@paranoid = false
# Default way to setup Devise. Run rails generate devise_install to create
# a fresh initializer with all configuration values.
def self.setup
yield self
end
class Getter
def initialize name
@name = name
end
def get
ActiveSupport::Dependencies.constantize(@name)
end
end
2011-03-24 15:25:54 -04:00
def self.ref(arg)
if defined?(ActiveSupport::Dependencies::ClassCache)
ActiveSupport::Dependencies::reference(arg)
Getter.new(arg)
else
ActiveSupport::Dependencies.ref(arg)
end
2011-03-24 15:25:54 -04:00
end
2010-10-14 14:04:02 -04:00
def self.omniauth_providers
omniauth_configs.keys
end
# Get the mailer class from the mailer reference object.
def self.mailer
@@mailer_ref.get
end
# Set the mailer reference object to access the mailer.
def self.mailer=(class_name)
2011-03-24 15:25:54 -04:00
@@mailer_ref = ref(class_name)
end
self.mailer = "Devise::Mailer"
# Small method that adds a mapping to Devise.
def self.add_mapping(resource, options)
mapping = Devise::Mapping.new(resource, options)
@@mappings[mapping.name] = mapping
@@default_scope ||= mapping.name
2010-07-15 12:13:55 -04:00
@@helpers.each { |h| h.define_helpers(mapping) }
mapping
end
2010-07-13 04:09:55 -04:00
# Make Devise aware of an 3rd party Devise-module (like invitable). For convenience.
#
# == Options:
#
# +model+ - String representing the load path to a custom *model* for this module (to autoload.)
# +controller+ - Symbol representing the name of an exisiting or custom *controller* for this module.
# +route+ - Symbol representing the named *route* helper for this module.
# +strategy+ - Symbol representing if this module got a custom *strategy*.
#
# All values, except :model, accept also a boolean and will have the same name as the given module
# name.
#
# == Examples:
#
# Devise.add_module(:party_module)
# Devise.add_module(:party_module, :strategy => true, :controller => :sessions)
# Devise.add_module(:party_module, :model => 'party_module/model')
#
def self.add_module(module_name, options = {})
ALL << module_name
options.assert_valid_keys(:strategy, :model, :controller, :route)
2010-07-13 04:09:55 -04:00
if strategy = options[:strategy]
strategy = (strategy == true ? module_name : strategy)
STRATEGIES[module_name] = strategy
2010-07-13 04:09:55 -04:00
end
2010-07-13 04:09:55 -04:00
if controller = options[:controller]
controller = (controller == true ? module_name : controller)
CONTROLLERS[module_name] = controller
2010-07-13 04:09:55 -04:00
end
NO_INPUT << strategy if strategy && controller != :sessions
2010-07-13 04:09:55 -04:00
if route = options[:route]
case route
when TrueClass
key, value = module_name, []
when Symbol
key, value = route, []
when Hash
key, value = route.keys.first, route.values.flatten
else
2010-07-13 04:09:55 -04:00
raise ArgumentError, ":route should be true, a Symbol or a Hash"
end
2010-07-13 04:09:55 -04:00
URL_HELPERS[key] ||= []
URL_HELPERS[key].concat(value)
URL_HELPERS[key].uniq!
ROUTES[module_name] = key
end
if options[:model]
2010-07-12 12:56:27 -04:00
path = (options[:model] == true ? "devise/models/#{module_name}" : options[:model])
2011-04-16 07:30:15 -04:00
camelized = ActiveSupport::Inflector.camelize(module_name.to_s)
Devise::Models.send(:autoload, camelized.to_sym, path)
end
Devise::Mapping.add_module module_name
end
# Sets warden configuration using a block that will be invoked on warden
# initialization.
#
# Devise.initialize do |config|
# config.allow_unconfirmed_access_for = 2.days
#
# config.warden do |manager|
# # Configure warden to use other strategies, like oauth.
# manager.oauth(:twitter)
# end
# end
def self.warden(&block)
@@warden_config_block = block
end
2010-10-14 14:04:02 -04:00
# Specify an omniauth provider.
#
# config.omniauth :github, APP_ID, APP_SECRET
#
def self.omniauth(provider, *args)
@@helpers << Devise::OmniAuth::UrlHelpers
config = Devise::OmniAuth::Config.new(provider, args)
@@omniauth_configs[config.strategy_name.to_sym] = config
2010-10-14 14:04:02 -04:00
end
# Include helpers in the given scope to AC and AV.
def self.include_helpers(scope)
ActiveSupport.on_load(:action_controller) do
2010-10-14 14:04:02 -04:00
include scope::Helpers if defined?(scope::Helpers)
include scope::UrlHelpers
end
ActiveSupport.on_load(:action_view) do
include scope::UrlHelpers
end
end
2010-11-20 17:18:41 -05:00
# Returns true if Rails version is bigger than 3.0.x
def self.rack_session?
Rails::VERSION::STRING[0,3] != "3.0"
end
2011-09-02 06:35:31 -04:00
# Regenerates url helpers considering Devise.mapping
def self.regenerate_helpers!
Devise::Controllers::UrlHelpers.remove_helpers!
Devise::Controllers::UrlHelpers.generate_helpers!
end
# A method used internally to setup warden manager from the Rails initialize
# block.
2010-03-31 16:04:48 -04:00
def self.configure_warden! #:nodoc:
@@warden_configured ||= begin
warden_config.failure_app = Devise::Delegator.new
warden_config.default_scope = Devise.default_scope
warden_config.intercept_401 = false
Devise.mappings.each_value do |mapping|
warden_config.scope_defaults mapping.name, :strategies => mapping.strategies
end
@@warden_config_block.try :call, Devise.warden_config
true
end
end
2009-10-20 22:12:21 -04:00
# Generate a friendly string randomically to be used as token.
def self.friendly_token
SecureRandom.base64(15).tr('+/=lIO0', 'pqrsxyz')
end
2011-02-15 05:33:54 -05:00
# constant-time comparison algorithm to prevent timing attacks
def self.secure_compare(a, b)
return false if a.blank? || b.blank? || a.bytesize != b.bytesize
2011-02-15 05:33:54 -05:00
l = a.unpack "C#{a.bytesize}"
res = 0
b.each_byte { |byte| res |= byte ^ l.shift }
res == 0
end
2009-11-14 21:13:43 -05:00
end
require 'warden'
require 'devise/mapping'
require 'devise/models'
require 'devise/modules'
require 'devise/rails'