heartcombo--devise/lib/devise/strategies/rememberable.rb

require 'devise/strategies/authenticatable'

module Devise
  module Strategies
    # Remember the user through the remember token. This strategy is responsible
    # to verify whether there is a cookie with the remember token, and to
    # recreate the user from this cookie if it exists. Must be called *before*
    # authenticatable.
    class Rememberable < Authenticatable
      # A valid strategy for rememberable needs a remember token in the cookies.
      def valid?
        @remember_cookie = nil
        remember_cookie.present?
      end

      # To authenticate a user we deserialize the cookie and attempt finding
      # the record in the database. If the attempt fails, we pass to another
      # strategy handle the authentication.
      def authenticate!
        resource = mapping.to.serialize_from_cookie(*remember_cookie)

        unless resource
          cookies.delete(remember_key)
          return pass
        end

        if validate(resource)
          success!(resource)
        end
      end

    private

      def decorate(resource)
        super
        resource.extend_remember_period = mapping.to.extend_remember_period if resource.respond_to?(:extend_remember_period=)
      end

      def remember_me?
        true
      end

      def remember_key
        mapping.to.rememberable_options.fetch(:key, "remember_#{scope}_token")
      end

      def remember_cookie
        @remember_cookie ||= cookies.signed[remember_key]
      end

    end
  end
end

Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)
Fix require for rememberable strategy 2012-03-31 07:17:16 -04:00			`require 'devise/strategies/authenticatable'`
Bring rememberable back. 2010-01-14 09:47:14 -05:00
			`module Devise`
			`module Strategies`
			`# Remember the user through the remember token. This strategy is responsible`
			`# to verify whether there is a cookie with the remember token, and to`
Move remember_me hook inside strategies. 2010-03-31 15:43:19 -04:00			`# recreate the user from this cookie if it exists. Must be called before`
Bring rememberable back. 2010-01-14 09:47:14 -05:00			`# authenticatable.`
More about extend remember period feature. 2010-07-23 17:57:31 -04:00			`class Rememberable < Authenticatable`
Bring rememberable back. 2010-01-14 09:47:14 -05:00			`# A valid strategy for rememberable needs a remember token in the cookies.`
			`def valid?`
Temporary fix for 3-1-stable that does not implement key? on cookie jar, closes #1179 2011-06-30 07:03:24 -04:00			`@remember_cookie = nil`
			`remember_cookie.present?`
Bring rememberable back. 2010-01-14 09:47:14 -05:00			`end`

			`# To authenticate a user we deserialize the cookie and attempt finding`
			`# the record in the database. If the attempt fails, we pass to another`
			`# strategy handle the authentication.`
			`def authenticate!`
Temporary fix for 3-1-stable that does not implement key? on cookie jar, closes #1179 2011-06-30 07:03:24 -04:00			`resource = mapping.to.serialize_from_cookie(*remember_cookie)`
:activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 10:34:22 -04:00
Simplify validation logic inside strategies 2012-05-22 08:10:06 -04:00			`unless resource`
			`cookies.delete(remember_key)`
			`return pass`
			`end`

:activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 10:34:22 -04:00			`if validate(resource)`
Bring rememberable back. 2010-01-14 09:47:14 -05:00			`success!(resource)`
			`end`
			`end`

			`private`

Move rememberable back to a hook. 2011-02-24 15:55:41 -05:00			`def decorate(resource)`
			`super`
			`resource.extend_remember_period = mapping.to.extend_remember_period if resource.respond_to?(:extend_remember_period=)`
			`end`

Add extend_remember_period, closes #340. 2010-07-23 10:31:42 -04:00			`def remember_me?`
			`true`
			`end`

Use message verifier in cookies. Previous implementation allowed brute force attacks by cookies. Even though it is impossible for the brute force attack to succeed, the current implementation blocks the attacker even before hitting the database. 2010-03-31 07:31:45 -04:00			`def remember_key`
add key option to rememberable_options closes #2218 2013-01-20 14:07:51 -05:00			`mapping.to.rememberable_options.fetch(:key, "remember_#{scope}_token")`
Use message verifier in cookies. Previous implementation allowed brute force attacks by cookies. Even though it is impossible for the brute force attack to succeed, the current implementation blocks the attacker even before hitting the database. 2010-03-31 07:31:45 -04:00			`end`
Temporary fix for 3-1-stable that does not implement key? on cookie jar, closes #1179 2011-06-30 07:03:24 -04:00
			`def remember_cookie`
			`@remember_cookie \|\|= cookies.signed[remember_key]`
			`end`

Bring rememberable back. 2010-01-14 09:47:14 -05:00			`end`
			`end`
			`end`

add key option to rememberable_options closes #2218 2013-01-20 14:07:51 -05:00			`Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)`