2011-02-10 08:46:49 -05:00
|
|
|
require 'rails'
|
2010-03-10 08:59:57 -05:00
|
|
|
require 'active_support/core_ext/numeric/time'
|
2010-06-12 14:56:55 -04:00
|
|
|
require 'active_support/dependencies'
|
2010-10-10 11:51:12 -04:00
|
|
|
require 'orm_adapter'
|
2010-07-13 07:11:04 -04:00
|
|
|
require 'set'
|
2010-03-10 08:59:57 -05:00
|
|
|
|
2009-10-18 11:30:32 -04:00
|
|
|
module Devise
|
2009-12-01 13:35:46 -05:00
|
|
|
autoload :FailureApp, 'devise/failure_app'
|
2010-10-14 14:04:02 -04:00
|
|
|
autoload :OmniAuth, 'devise/omniauth'
|
2010-06-13 06:39:20 -04:00
|
|
|
autoload :PathChecker, 'devise/path_checker'
|
2009-12-12 19:52:48 -05:00
|
|
|
autoload :Schema, 'devise/schema'
|
|
|
|
autoload :TestHelpers, 'devise/test_helpers'
|
|
|
|
|
|
|
|
module Controllers
|
|
|
|
autoload :Helpers, 'devise/controllers/helpers'
|
2010-01-13 12:12:13 -05:00
|
|
|
autoload :InternalHelpers, 'devise/controllers/internal_helpers'
|
2011-02-24 15:55:41 -05:00
|
|
|
autoload :Rememberable, 'devise/controllers/rememberable'
|
2010-02-17 06:25:20 -05:00
|
|
|
autoload :ScopedViews, 'devise/controllers/scoped_views'
|
2009-12-12 19:52:48 -05:00
|
|
|
autoload :UrlHelpers, 'devise/controllers/url_helpers'
|
|
|
|
end
|
|
|
|
|
|
|
|
module Encryptors
|
2010-01-08 17:19:57 -05:00
|
|
|
autoload :Base, 'devise/encryptors/base'
|
2009-12-12 19:52:48 -05:00
|
|
|
autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
|
2010-02-12 10:00:58 -05:00
|
|
|
autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1'
|
2009-12-12 19:52:48 -05:00
|
|
|
autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
|
|
|
|
autoload :Sha512, 'devise/encryptors/sha512'
|
|
|
|
autoload :Sha1, 'devise/encryptors/sha1'
|
|
|
|
end
|
|
|
|
|
2010-03-31 15:43:19 -04:00
|
|
|
module Strategies
|
|
|
|
autoload :Base, 'devise/strategies/base'
|
|
|
|
autoload :Authenticatable, 'devise/strategies/authenticatable'
|
|
|
|
end
|
|
|
|
|
2010-03-03 05:57:23 -05:00
|
|
|
# Constants which holds devise configuration for extensions. Those should
|
2010-07-13 06:17:25 -04:00
|
|
|
# not be modified by the "end user" (this is why they are constants).
|
2010-04-03 07:11:45 -04:00
|
|
|
ALL = []
|
|
|
|
CONTROLLERS = ActiveSupport::OrderedHash.new
|
|
|
|
ROUTES = ActiveSupport::OrderedHash.new
|
|
|
|
STRATEGIES = ActiveSupport::OrderedHash.new
|
2010-07-13 04:09:55 -04:00
|
|
|
URL_HELPERS = ActiveSupport::OrderedHash.new
|
2010-01-23 21:38:52 -05:00
|
|
|
|
2010-03-03 05:57:23 -05:00
|
|
|
# True values used to check params
|
2009-12-08 15:29:00 -05:00
|
|
|
TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
|
2009-10-18 11:30:32 -04:00
|
|
|
|
2009-11-10 15:55:13 -05:00
|
|
|
# Declare encryptors length which are used in migrations.
|
|
|
|
ENCRYPTORS_LENGTH = {
|
|
|
|
:sha1 => 40,
|
|
|
|
:sha512 => 128,
|
|
|
|
:clearance_sha1 => 40,
|
|
|
|
:restful_authentication_sha1 => 40,
|
2010-09-25 10:08:46 -04:00
|
|
|
:authlogic_sha512 => 128
|
2009-11-10 15:55:13 -05:00
|
|
|
}
|
|
|
|
|
2010-05-05 13:25:59 -04:00
|
|
|
# Custom domain for cookies. Not set by default
|
2010-09-25 15:13:54 -04:00
|
|
|
mattr_accessor :cookie_options
|
|
|
|
@@cookie_options = {}
|
2010-05-05 13:25:59 -04:00
|
|
|
|
2009-11-09 19:00:44 -05:00
|
|
|
# The number of times to encrypt password.
|
|
|
|
mattr_accessor :stretches
|
|
|
|
@@stretches = 10
|
2009-11-13 17:54:21 -05:00
|
|
|
|
2010-11-18 17:29:53 -05:00
|
|
|
# Keys used when authenticating a user.
|
2009-11-15 00:31:13 -05:00
|
|
|
mattr_accessor :authentication_keys
|
|
|
|
@@authentication_keys = [ :email ]
|
2010-03-29 14:52:34 -04:00
|
|
|
|
2010-11-18 17:29:53 -05:00
|
|
|
# Request keys used when authenticating a user.
|
2010-09-21 05:45:44 -04:00
|
|
|
mattr_accessor :request_keys
|
|
|
|
@@request_keys = []
|
|
|
|
|
2010-11-18 17:29:53 -05:00
|
|
|
# Keys that should be case-insensitive.
|
2011-03-15 07:52:53 -04:00
|
|
|
# False by default for backwards compatibility.
|
2010-11-18 15:24:42 -05:00
|
|
|
mattr_accessor :case_insensitive_keys
|
2011-03-15 07:52:53 -04:00
|
|
|
@@case_insensitive_keys = false
|
2010-11-18 15:24:42 -05:00
|
|
|
|
2010-03-29 14:52:34 -04:00
|
|
|
# If http authentication is enabled by default.
|
|
|
|
mattr_accessor :http_authenticatable
|
2010-08-23 09:22:31 -04:00
|
|
|
@@http_authenticatable = false
|
2010-03-29 14:52:34 -04:00
|
|
|
|
2010-08-23 09:22:31 -04:00
|
|
|
# If http headers should be returned for ajax requests. True by default.
|
2010-07-01 11:55:58 -04:00
|
|
|
mattr_accessor :http_authenticatable_on_xhr
|
|
|
|
@@http_authenticatable_on_xhr = true
|
|
|
|
|
2010-04-01 13:09:33 -04:00
|
|
|
# If params authenticatable is enabled by default.
|
|
|
|
mattr_accessor :params_authenticatable
|
|
|
|
@@params_authenticatable = true
|
|
|
|
|
2010-03-29 14:52:34 -04:00
|
|
|
# The realm used in Http Basic Authentication.
|
|
|
|
mattr_accessor :http_authentication_realm
|
|
|
|
@@http_authentication_realm = "Application"
|
|
|
|
|
2010-03-26 16:52:12 -04:00
|
|
|
# Email regex used to validate email formats. Adapted from authlogic.
|
2010-03-28 01:15:52 -04:00
|
|
|
mattr_accessor :email_regexp
|
2010-12-01 11:19:45 -05:00
|
|
|
@@email_regexp = /\A([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})\z/i
|
2010-03-29 14:52:34 -04:00
|
|
|
|
|
|
|
# Range validation for password length
|
|
|
|
mattr_accessor :password_length
|
2011-04-13 04:45:45 -04:00
|
|
|
@@password_length = 6..128
|
2010-03-29 14:52:34 -04:00
|
|
|
|
2010-07-23 12:31:39 -04:00
|
|
|
# The time the user will be remembered without asking for credentials again.
|
2009-11-09 19:00:44 -05:00
|
|
|
mattr_accessor :remember_for
|
|
|
|
@@remember_for = 2.weeks
|
2009-11-13 17:54:21 -05:00
|
|
|
|
2010-07-23 12:31:39 -04:00
|
|
|
# If true, a valid remember token can be re-used between multiple browsers.
|
2010-06-29 21:54:19 -04:00
|
|
|
mattr_accessor :remember_across_browsers
|
|
|
|
@@remember_across_browsers = true
|
|
|
|
|
2010-07-23 12:31:39 -04:00
|
|
|
# If true, extends the user's remember period when remembered via cookie.
|
2010-07-23 10:31:42 -04:00
|
|
|
mattr_accessor :extend_remember_period
|
|
|
|
@@extend_remember_period = false
|
|
|
|
|
2010-09-25 06:37:06 -04:00
|
|
|
# If true, uses salt as remember token and does not create it in the database.
|
|
|
|
# By default is false for backwards compatibility.
|
|
|
|
mattr_accessor :use_salt_as_remember_token
|
|
|
|
@@use_salt_as_remember_token = false
|
|
|
|
|
2009-11-09 19:00:44 -05:00
|
|
|
# Time interval you can access your account before confirming your account.
|
|
|
|
mattr_accessor :confirm_within
|
|
|
|
@@confirm_within = 0.days
|
2011-02-06 16:23:36 -05:00
|
|
|
|
2011-01-27 11:20:37 -05:00
|
|
|
# Defines which key will be used when confirming an account
|
|
|
|
mattr_accessor :confirmation_keys
|
|
|
|
@@confirmation_keys = [ :email ]
|
2009-11-03 19:34:37 -05:00
|
|
|
|
2009-11-22 19:19:29 -05:00
|
|
|
# Time interval to timeout the user session without activity.
|
2009-11-24 21:11:49 -05:00
|
|
|
mattr_accessor :timeout_in
|
|
|
|
@@timeout_in = 30.minutes
|
2009-11-22 19:19:29 -05:00
|
|
|
|
2010-09-25 10:08:46 -04:00
|
|
|
# Used to encrypt password. Please generate one with rake secret.
|
|
|
|
mattr_accessor :pepper
|
|
|
|
@@pepper = nil
|
|
|
|
|
2009-11-10 15:55:13 -05:00
|
|
|
# Used to define the password encryption algorithm.
|
2009-11-22 19:32:54 -05:00
|
|
|
mattr_accessor :encryptor
|
2010-09-25 10:08:46 -04:00
|
|
|
@@encryptor = nil
|
2009-11-10 15:55:13 -05:00
|
|
|
|
2009-11-18 06:41:42 -05:00
|
|
|
# Tells if devise should apply the schema in ORMs where devise declaration
|
2010-03-26 15:25:12 -04:00
|
|
|
# and schema belongs to the same class (as Datamapper and Mongoid).
|
2009-11-18 06:41:42 -05:00
|
|
|
mattr_accessor :apply_schema
|
|
|
|
@@apply_schema = true
|
|
|
|
|
2009-11-21 17:07:37 -05:00
|
|
|
# Scoped views. Since it relies on fallbacks to render default views, it's
|
|
|
|
# turned off by default.
|
|
|
|
mattr_accessor :scoped_views
|
|
|
|
@@scoped_views = false
|
|
|
|
|
2010-03-31 05:54:11 -04:00
|
|
|
# Defines which strategy can be used to lock an account.
|
|
|
|
# Values: :failed_attempts, :none
|
|
|
|
mattr_accessor :lock_strategy
|
|
|
|
@@lock_strategy = :failed_attempts
|
2009-12-30 12:19:33 -05:00
|
|
|
|
2010-12-29 03:06:55 -05:00
|
|
|
# Defines which key will be used when locking and unlocking an account
|
|
|
|
mattr_accessor :unlock_keys
|
|
|
|
@@unlock_keys = [ :email ]
|
|
|
|
|
2009-12-30 12:19:33 -05:00
|
|
|
# Defines which strategy can be used to unlock an account.
|
|
|
|
# Values: :email, :time, :both
|
|
|
|
mattr_accessor :unlock_strategy
|
|
|
|
@@unlock_strategy = :both
|
|
|
|
|
2010-03-31 05:54:11 -04:00
|
|
|
# Number of authentication tries before locking an account
|
|
|
|
mattr_accessor :maximum_attempts
|
|
|
|
@@maximum_attempts = 20
|
|
|
|
|
2009-12-30 12:19:33 -05:00
|
|
|
# Time interval to unlock the account if :time is defined as unlock_strategy.
|
|
|
|
mattr_accessor :unlock_in
|
|
|
|
@@unlock_in = 1.hour
|
|
|
|
|
2010-12-29 03:06:55 -05:00
|
|
|
# Defines which key will be used when recovering the password for an account
|
|
|
|
mattr_accessor :reset_password_keys
|
|
|
|
@@reset_password_keys = [ :email ]
|
|
|
|
|
2011-01-24 10:48:44 -05:00
|
|
|
# Time interval you can reset your password with a reset password key
|
|
|
|
mattr_accessor :reset_password_within
|
2011-03-30 09:35:38 -04:00
|
|
|
@@reset_password_within = nil
|
2011-01-24 10:48:44 -05:00
|
|
|
|
2010-01-06 08:31:00 -05:00
|
|
|
# The default scope which is used by warden.
|
2010-01-05 07:44:13 -05:00
|
|
|
mattr_accessor :default_scope
|
|
|
|
@@default_scope = nil
|
|
|
|
|
2010-01-06 08:31:00 -05:00
|
|
|
# Address which sends Devise e-mails.
|
2010-01-05 10:01:16 -05:00
|
|
|
mattr_accessor :mailer_sender
|
2010-02-08 11:33:22 -05:00
|
|
|
@@mailer_sender = nil
|
2010-01-05 10:01:16 -05:00
|
|
|
|
2010-01-23 21:38:52 -05:00
|
|
|
# Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
|
2010-02-02 07:21:00 -05:00
|
|
|
mattr_accessor :token_authentication_key
|
|
|
|
@@token_authentication_key = :auth_token
|
2010-01-23 21:38:52 -05:00
|
|
|
|
2010-09-25 14:28:14 -04:00
|
|
|
# If true, authentication through token does not store user in session
|
|
|
|
mattr_accessor :stateless_token
|
|
|
|
@@stateless_token = false
|
|
|
|
|
2010-06-30 06:41:44 -04:00
|
|
|
# Which formats should be treated as navigational.
|
2011-02-15 04:26:28 -05:00
|
|
|
# We need both :"*/*" and "*/*" to work on different Rails versions.
|
2010-05-16 13:13:20 -04:00
|
|
|
mattr_accessor :navigational_formats
|
2011-02-15 04:26:28 -05:00
|
|
|
@@navigational_formats = [:"*/*", "*/*", :html]
|
2010-05-16 13:13:20 -04:00
|
|
|
|
2011-02-06 10:34:31 -05:00
|
|
|
# When set to true, signing out a user signs out all other scopes.
|
2010-07-12 12:56:27 -04:00
|
|
|
mattr_accessor :sign_out_all_scopes
|
2010-08-23 08:18:39 -04:00
|
|
|
@@sign_out_all_scopes = true
|
2010-07-12 12:56:27 -04:00
|
|
|
|
2010-08-23 08:05:40 -04:00
|
|
|
# The default method used while signing out
|
|
|
|
mattr_accessor :sign_out_via
|
|
|
|
@@sign_out_via = :get
|
|
|
|
|
2010-07-12 12:56:27 -04:00
|
|
|
# PRIVATE CONFIGURATION
|
|
|
|
|
2010-07-13 06:17:25 -04:00
|
|
|
# Store scopes mappings.
|
|
|
|
mattr_reader :mappings
|
|
|
|
@@mappings = ActiveSupport::OrderedHash.new
|
|
|
|
|
2010-10-14 14:04:02 -04:00
|
|
|
# Omniauth configurations.
|
|
|
|
mattr_reader :omniauth_configs
|
|
|
|
@@omniauth_configs = ActiveSupport::OrderedHash.new
|
|
|
|
|
2010-07-13 07:11:04 -04:00
|
|
|
# Define a set of modules that are called when a mapping is added.
|
|
|
|
mattr_reader :helpers
|
|
|
|
@@helpers = Set.new
|
|
|
|
@@helpers << Devise::Controllers::Helpers
|
|
|
|
|
2010-03-28 08:51:03 -04:00
|
|
|
# Private methods to interface with Warden.
|
2010-03-31 05:54:11 -04:00
|
|
|
mattr_accessor :warden_config
|
2010-03-28 08:51:03 -04:00
|
|
|
@@warden_config = nil
|
|
|
|
@@warden_config_block = nil
|
|
|
|
|
2010-03-03 05:57:23 -05:00
|
|
|
# Default way to setup Devise. Run rails generate devise_install to create
|
|
|
|
# a fresh initializer with all configuration values.
|
|
|
|
def self.setup
|
|
|
|
yield self
|
|
|
|
end
|
2009-11-03 06:35:11 -05:00
|
|
|
|
2011-03-24 15:25:54 -04:00
|
|
|
def self.ref(arg)
|
2011-03-24 18:22:05 -04:00
|
|
|
if defined?(ActiveSupport::Dependencies::ClassCache)
|
|
|
|
ActiveSupport::Dependencies::Reference.store(arg)
|
|
|
|
else
|
|
|
|
ActiveSupport::Dependencies.ref(arg)
|
|
|
|
end
|
2011-03-24 15:25:54 -04:00
|
|
|
end
|
|
|
|
|
2010-10-14 14:04:02 -04:00
|
|
|
def self.omniauth_providers
|
|
|
|
omniauth_configs.keys
|
|
|
|
end
|
|
|
|
|
2010-06-12 14:56:55 -04:00
|
|
|
# Get the mailer class from the mailer reference object.
|
|
|
|
def self.mailer
|
2011-03-24 18:22:05 -04:00
|
|
|
if defined?(ActiveSupport::Dependencies::ClassCache)
|
|
|
|
@@mailer_ref.get "Devise::Mailer"
|
|
|
|
else
|
|
|
|
@@mailer_ref.get
|
|
|
|
end
|
2010-06-12 14:56:55 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
# Set the mailer reference object to access the mailer.
|
|
|
|
def self.mailer=(class_name)
|
2011-03-24 15:25:54 -04:00
|
|
|
@@mailer_ref = ref(class_name)
|
2010-06-12 14:56:55 -04:00
|
|
|
end
|
|
|
|
self.mailer = "Devise::Mailer"
|
|
|
|
|
2010-07-05 19:27:20 -04:00
|
|
|
# Small method that adds a mapping to Devise.
|
|
|
|
def self.add_mapping(resource, options)
|
2010-03-28 08:51:03 -04:00
|
|
|
mapping = Devise::Mapping.new(resource, options)
|
2010-07-13 07:11:04 -04:00
|
|
|
@@mappings[mapping.name] = mapping
|
|
|
|
@@default_scope ||= mapping.name
|
2010-07-15 12:13:55 -04:00
|
|
|
@@helpers.each { |h| h.define_helpers(mapping) }
|
2010-03-28 08:51:03 -04:00
|
|
|
mapping
|
|
|
|
end
|
|
|
|
|
2010-07-13 04:09:55 -04:00
|
|
|
# Make Devise aware of an 3rd party Devise-module (like invitable). For convenience.
|
2010-03-03 05:57:23 -05:00
|
|
|
#
|
|
|
|
# == Options:
|
|
|
|
#
|
2010-03-28 08:51:03 -04:00
|
|
|
# +model+ - String representing the load path to a custom *model* for this module (to autoload.)
|
|
|
|
# +controller+ - Symbol representing the name of an exisiting or custom *controller* for this module.
|
|
|
|
# +route+ - Symbol representing the named *route* helper for this module.
|
|
|
|
# +strategy+ - Symbol representing if this module got a custom *strategy*.
|
|
|
|
#
|
|
|
|
# All values, except :model, accept also a boolean and will have the same name as the given module
|
|
|
|
# name.
|
2010-03-03 05:57:23 -05:00
|
|
|
#
|
|
|
|
# == Examples:
|
|
|
|
#
|
|
|
|
# Devise.add_module(:party_module)
|
|
|
|
# Devise.add_module(:party_module, :strategy => true, :controller => :sessions)
|
2010-03-28 08:51:03 -04:00
|
|
|
# Devise.add_module(:party_module, :model => 'party_module/model')
|
2010-03-03 05:57:23 -05:00
|
|
|
#
|
|
|
|
def self.add_module(module_name, options = {})
|
|
|
|
ALL << module_name
|
2010-04-03 07:11:45 -04:00
|
|
|
options.assert_valid_keys(:strategy, :model, :controller, :route)
|
2010-03-28 08:51:03 -04:00
|
|
|
|
2010-07-13 04:09:55 -04:00
|
|
|
if strategy = options[:strategy]
|
|
|
|
STRATEGIES[module_name] = (strategy == true ? module_name : strategy)
|
|
|
|
end
|
2010-03-03 05:57:23 -05:00
|
|
|
|
2010-07-13 04:09:55 -04:00
|
|
|
if controller = options[:controller]
|
|
|
|
CONTROLLERS[module_name] = (controller == true ? module_name : controller)
|
|
|
|
end
|
2010-02-19 04:13:53 -05:00
|
|
|
|
2010-07-13 04:09:55 -04:00
|
|
|
if route = options[:route]
|
|
|
|
case route
|
|
|
|
when TrueClass
|
|
|
|
key, value = module_name, []
|
|
|
|
when Symbol
|
|
|
|
key, value = route, []
|
|
|
|
when Hash
|
|
|
|
key, value = route.keys.first, route.values.flatten
|
2010-03-28 08:51:03 -04:00
|
|
|
else
|
2010-07-13 04:09:55 -04:00
|
|
|
raise ArgumentError, ":route should be true, a Symbol or a Hash"
|
2010-03-28 08:51:03 -04:00
|
|
|
end
|
2010-07-13 04:09:55 -04:00
|
|
|
|
|
|
|
URL_HELPERS[key] ||= []
|
|
|
|
URL_HELPERS[key].concat(value)
|
|
|
|
URL_HELPERS[key].uniq!
|
|
|
|
|
|
|
|
ROUTES[module_name] = key
|
2010-02-19 03:26:17 -05:00
|
|
|
end
|
|
|
|
|
2010-03-03 05:57:23 -05:00
|
|
|
if options[:model]
|
2010-07-12 12:56:27 -04:00
|
|
|
path = (options[:model] == true ? "devise/models/#{module_name}" : options[:model])
|
|
|
|
Devise::Models.send(:autoload, module_name.to_s.camelize.to_sym, path)
|
2009-11-03 06:35:11 -05:00
|
|
|
end
|
|
|
|
|
2010-03-28 08:51:03 -04:00
|
|
|
Devise::Mapping.add_module module_name
|
2010-03-03 05:57:23 -05:00
|
|
|
end
|
2009-11-03 06:35:11 -05:00
|
|
|
|
2010-03-03 05:57:23 -05:00
|
|
|
# Sets warden configuration using a block that will be invoked on warden
|
|
|
|
# initialization.
|
|
|
|
#
|
|
|
|
# Devise.initialize do |config|
|
|
|
|
# config.confirm_within = 2.days
|
|
|
|
#
|
|
|
|
# config.warden do |manager|
|
|
|
|
# # Configure warden to use other strategies, like oauth.
|
|
|
|
# manager.oauth(:twitter)
|
|
|
|
# end
|
|
|
|
# end
|
|
|
|
def self.warden(&block)
|
2010-03-28 08:51:03 -04:00
|
|
|
@@warden_config_block = block
|
2010-03-03 05:57:23 -05:00
|
|
|
end
|
2009-11-13 17:54:21 -05:00
|
|
|
|
2010-10-14 14:04:02 -04:00
|
|
|
# Specify an omniauth provider.
|
|
|
|
#
|
|
|
|
# config.omniauth :github, APP_ID, APP_SECRET
|
|
|
|
#
|
|
|
|
def self.omniauth(provider, *args)
|
|
|
|
@@helpers << Devise::OmniAuth::UrlHelpers
|
|
|
|
@@omniauth_configs[provider] = Devise::OmniAuth::Config.new(provider, args)
|
|
|
|
end
|
|
|
|
|
2010-07-13 07:35:53 -04:00
|
|
|
# Include helpers in the given scope to AC and AV.
|
|
|
|
def self.include_helpers(scope)
|
|
|
|
ActiveSupport.on_load(:action_controller) do
|
2010-10-14 14:04:02 -04:00
|
|
|
include scope::Helpers if defined?(scope::Helpers)
|
2010-07-13 07:35:53 -04:00
|
|
|
include scope::UrlHelpers
|
|
|
|
end
|
|
|
|
|
|
|
|
ActiveSupport.on_load(:action_view) do
|
|
|
|
include scope::UrlHelpers
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2010-11-20 17:18:41 -05:00
|
|
|
# Returns true if Rails version is bigger than 3.0.x
|
|
|
|
def self.rack_session?
|
|
|
|
Rails::VERSION::STRING[0,3] != "3.0"
|
|
|
|
end
|
|
|
|
|
2010-03-03 05:57:23 -05:00
|
|
|
# A method used internally to setup warden manager from the Rails initialize
|
|
|
|
# block.
|
2010-03-31 16:04:48 -04:00
|
|
|
def self.configure_warden! #:nodoc:
|
2010-05-15 18:38:40 -04:00
|
|
|
@@warden_configured ||= begin
|
|
|
|
warden_config.failure_app = Devise::FailureApp
|
|
|
|
warden_config.default_scope = Devise.default_scope
|
2010-11-09 17:42:14 -05:00
|
|
|
warden_config.intercept_401 = false
|
2010-04-22 13:59:52 -04:00
|
|
|
|
2010-05-15 18:38:40 -04:00
|
|
|
Devise.mappings.each_value do |mapping|
|
|
|
|
warden_config.scope_defaults mapping.name, :strategies => mapping.strategies
|
|
|
|
end
|
2010-04-22 13:59:52 -04:00
|
|
|
|
2010-05-15 18:38:40 -04:00
|
|
|
@@warden_config_block.try :call, Devise.warden_config
|
|
|
|
true
|
2010-04-22 13:59:52 -04:00
|
|
|
end
|
2009-11-03 06:35:11 -05:00
|
|
|
end
|
2009-10-20 22:12:21 -04:00
|
|
|
|
2010-03-03 05:57:23 -05:00
|
|
|
# Generate a friendly string randomically to be used as token.
|
|
|
|
def self.friendly_token
|
2011-02-10 08:35:32 -05:00
|
|
|
ActiveSupport::SecureRandom.base64(15).tr('+/=', 'xyz')
|
2010-03-03 05:57:23 -05:00
|
|
|
end
|
2011-02-15 05:33:54 -05:00
|
|
|
|
|
|
|
# constant-time comparison algorithm to prevent timing attacks
|
|
|
|
def self.secure_compare(a, b)
|
2011-02-26 22:41:22 -05:00
|
|
|
return false if a.blank? || b.blank? || a.bytesize != b.bytesize
|
2011-02-15 05:33:54 -05:00
|
|
|
l = a.unpack "C#{a.bytesize}"
|
|
|
|
|
|
|
|
res = 0
|
|
|
|
b.each_byte { |byte| res |= byte ^ l.shift }
|
|
|
|
res == 0
|
|
|
|
end
|
2009-11-14 21:13:43 -05:00
|
|
|
end
|
|
|
|
|
2010-03-03 05:57:23 -05:00
|
|
|
require 'warden'
|
2010-01-21 03:15:07 -05:00
|
|
|
require 'devise/mapping'
|
2010-03-03 05:57:23 -05:00
|
|
|
require 'devise/models'
|
|
|
|
require 'devise/modules'
|
2010-01-23 19:26:06 -05:00
|
|
|
require 'devise/rails'
|