2010-01-23 21:38:52 -05:00
|
|
|
require 'devise/strategies/base'
|
|
|
|
|
|
|
|
module Devise
|
|
|
|
module Strategies
|
2010-04-01 13:09:33 -04:00
|
|
|
# Strategy for signing in a user, based on a authenticatable token. This works for both params
|
|
|
|
# and http. For the former, all you need to do is to pass the params in the URL:
|
|
|
|
#
|
|
|
|
# http://myapp.example.com/?user_token=SECRET
|
|
|
|
#
|
|
|
|
# For HTTP, you can pass the token as username. Since some clients may require a password,
|
|
|
|
# you can pass anything and it will simply be ignored.
|
|
|
|
class TokenAuthenticatable < Authenticatable
|
2010-01-23 21:38:52 -05:00
|
|
|
def authenticate!
|
2010-04-06 07:26:56 -04:00
|
|
|
if resource = mapping.to.find_for_token_authentication(authentication_hash)
|
|
|
|
resource.after_token_authentication
|
2010-01-23 21:38:52 -05:00
|
|
|
success!(resource)
|
|
|
|
else
|
2010-04-01 13:09:33 -04:00
|
|
|
fail(:invalid_token)
|
2010-01-23 21:38:52 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2010-02-05 19:33:32 -05:00
|
|
|
private
|
2010-01-23 21:38:52 -05:00
|
|
|
|
2010-04-01 16:11:59 -04:00
|
|
|
# TokenAuthenticatable request is valid for any controller and any verb.
|
|
|
|
def valid_request?
|
2010-04-01 13:09:33 -04:00
|
|
|
true
|
|
|
|
end
|
|
|
|
|
|
|
|
# Do not use remember_me behavir with token.
|
|
|
|
def remember_me?
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
|
|
|
# Try both scoped and non scoped keys.
|
|
|
|
def params_auth_hash
|
|
|
|
params[scope] || params
|
|
|
|
end
|
|
|
|
|
|
|
|
# Overwrite authentication keys to use token_authentication_key.
|
|
|
|
def authentication_keys
|
|
|
|
@authentication_keys ||= [mapping.to.token_authentication_key]
|
2010-02-05 19:33:32 -05:00
|
|
|
end
|
2010-01-23 21:38:52 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
Warden::Strategies.add(:token_authenticatable, Devise::Strategies::TokenAuthenticatable)
|