heartcombo--devise/lib/devise/strategies/token_authenticatable.rb

require 'devise/strategies/base'

module Devise
  module Strategies
    # Strategy for signing in a user, based on a authenticatable token. This works for both params
    # and http. For the former, all you need to do is to pass the params in the URL:
    #
    #   http://myapp.example.com/?user_token=SECRET
    #
    # For HTTP, you can pass the token as username. Since some clients may require a password,
    # you can pass anything and it will simply be ignored.
    class TokenAuthenticatable < Authenticatable
      def authenticate!
        if resource = mapping.to.authenticate_with_token(authentication_hash)
          success!(resource)
        else
          fail(:invalid_token)
        end
      end

    private

      # TokenAuthenticatable params can be given to any controller.
      def valid_controller?
        true
      end

      # Do not use remember_me behavir with token.
      def remember_me?
        false
      end

      # Try both scoped and non scoped keys.
      def params_auth_hash
        params[scope] || params
      end

      # Overwrite authentication keys to use token_authentication_key.
      def authentication_keys
        @authentication_keys ||= [mapping.to.token_authentication_key]
      end
    end
  end
end

Warden::Strategies.add(:token_authenticatable, Devise::Strategies::TokenAuthenticatable)
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`require 'devise/strategies/base'`

			`module Devise`
			`module Strategies`
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 13:09:33 -04:00			`# Strategy for signing in a user, based on a authenticatable token. This works for both params`
			`# and http. For the former, all you need to do is to pass the params in the URL:`
			`#`
			`# http://myapp.example.com/?user_token=SECRET`
			`#`
			`# For HTTP, you can pass the token as username. Since some clients may require a password,`
			`# you can pass anything and it will simply be ignored.`
			`class TokenAuthenticatable < Authenticatable`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`def authenticate!`
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 13:09:33 -04:00			`if resource = mapping.to.authenticate_with_token(authentication_hash)`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`success!(resource)`
			`else`
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 13:09:33 -04:00			`fail(:invalid_token)`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`end`
			`end`

Add Http Basic Authentication support. 2010-02-05 19:33:32 -05:00			`private`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 13:09:33 -04:00			`# TokenAuthenticatable params can be given to any controller.`
			`def valid_controller?`
			`true`
			`end`

			`# Do not use remember_me behavir with token.`
			`def remember_me?`
			`false`
			`end`

			`# Try both scoped and non scoped keys.`
			`def params_auth_hash`
			`params[scope] \|\| params`
			`end`

			`# Overwrite authentication keys to use token_authentication_key.`
			`def authentication_keys`
			`@authentication_keys \|\|= [mapping.to.token_authentication_key]`
Add Http Basic Authentication support. 2010-02-05 19:33:32 -05:00			`end`
Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. Signed-off-by: José Valim <jose.valim@gmail.com> 2010-01-23 21:38:52 -05:00			`end`
			`end`
			`end`

			`Warden::Strategies.add(:token_authenticatable, Devise::Strategies::TokenAuthenticatable)`