2017-12-21 17:36:29 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2012-03-31 11:17:16 +00:00
|
|
|
require 'devise/strategies/authenticatable'
|
2010-01-14 14:47:14 +00:00
|
|
|
|
|
|
|
module Devise
|
|
|
|
module Strategies
|
|
|
|
# Remember the user through the remember token. This strategy is responsible
|
|
|
|
# to verify whether there is a cookie with the remember token, and to
|
2010-03-31 19:43:19 +00:00
|
|
|
# recreate the user from this cookie if it exists. Must be called *before*
|
2010-01-14 14:47:14 +00:00
|
|
|
# authenticatable.
|
2010-07-23 21:57:31 +00:00
|
|
|
class Rememberable < Authenticatable
|
2010-01-14 14:47:14 +00:00
|
|
|
# A valid strategy for rememberable needs a remember token in the cookies.
|
|
|
|
def valid?
|
2011-06-30 11:03:24 +00:00
|
|
|
@remember_cookie = nil
|
|
|
|
remember_cookie.present?
|
2010-01-14 14:47:14 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# To authenticate a user we deserialize the cookie and attempt finding
|
|
|
|
# the record in the database. If the attempt fails, we pass to another
|
|
|
|
# strategy handle the authentication.
|
|
|
|
def authenticate!
|
2011-06-30 11:03:24 +00:00
|
|
|
resource = mapping.to.serialize_from_cookie(*remember_cookie)
|
2010-04-06 14:34:22 +00:00
|
|
|
|
2012-05-22 12:10:06 +00:00
|
|
|
unless resource
|
|
|
|
cookies.delete(remember_key)
|
|
|
|
return pass
|
|
|
|
end
|
|
|
|
|
2010-04-06 14:34:22 +00:00
|
|
|
if validate(resource)
|
2016-04-14 21:45:41 +00:00
|
|
|
remember_me(resource) if extend_remember_me?(resource)
|
2014-11-08 23:39:24 +00:00
|
|
|
resource.after_remembered
|
2010-01-14 14:47:14 +00:00
|
|
|
success!(resource)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-05-23 20:13:59 +00:00
|
|
|
# No need to clean up the CSRF when using rememberable.
|
|
|
|
# In fact, cleaning it up here would be a bug because
|
|
|
|
# rememberable is triggered on GET requests which means
|
|
|
|
# we would render a page on first access with all csrf
|
|
|
|
# tokens expired.
|
|
|
|
def clean_up_csrf?
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
2010-01-14 14:47:14 +00:00
|
|
|
private
|
|
|
|
|
2016-04-14 21:45:41 +00:00
|
|
|
def extend_remember_me?(resource)
|
|
|
|
resource.respond_to?(:extend_remember_period) && resource.extend_remember_period
|
2011-02-24 20:55:41 +00:00
|
|
|
end
|
|
|
|
|
2010-07-23 14:31:42 +00:00
|
|
|
def remember_me?
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
2010-03-31 11:31:45 +00:00
|
|
|
def remember_key
|
2013-01-20 19:07:51 +00:00
|
|
|
mapping.to.rememberable_options.fetch(:key, "remember_#{scope}_token")
|
2010-03-31 11:31:45 +00:00
|
|
|
end
|
2011-06-30 11:03:24 +00:00
|
|
|
|
|
|
|
def remember_cookie
|
|
|
|
@remember_cookie ||= cookies.signed[remember_key]
|
|
|
|
end
|
|
|
|
|
2010-01-14 14:47:14 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-01-20 19:07:51 +00:00
|
|
|
Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)
|