2009-10-30 10:29:10 +00:00
|
|
|
require 'devise/strategies/authenticatable'
|
2009-11-15 02:13:43 +00:00
|
|
|
require 'devise/serializers/authenticatable'
|
2009-10-12 11:37:28 +00:00
|
|
|
|
2009-09-17 12:24:33 +00:00
|
|
|
module Devise
|
2009-10-09 11:30:25 +00:00
|
|
|
module Models
|
2009-12-07 23:00:44 +00:00
|
|
|
module SessionSerializer
|
|
|
|
|
# Hook to serialize user into session. Overwrite if you want.
|
|
|
|
|
def serialize_into_session(record)
|
|
|
|
|
[record.class, record.id]
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Hook to serialize user from session. Overwrite if you want.
|
|
|
|
|
def serialize_from_session(keys)
|
|
|
|
|
klass, id = keys
|
|
|
|
|
raise "#{self} cannot serialize from #{klass} session since it's not its ancestors" unless klass <= self
|
|
|
|
|
klass.find(:first, :conditions => { :id => id })
|
|
|
|
|
end
|
|
|
|
|
end
|
2009-10-09 12:27:44 +00:00
|
|
|
|
|
|
|
|
# Authenticable Module, responsible for encrypting password and validating
|
|
|
|
|
# authenticity of a user while signing in.
|
|
|
|
|
#
|
|
|
|
|
# Configuration:
|
2009-10-20 13:55:57 +00:00
|
|
|
#
|
|
|
|
|
# You can overwrite configuration values by setting in globally in Devise,
|
|
|
|
|
# using devise method or overwriting the respective instance method.
|
|
|
|
|
#
|
2009-10-09 12:27:44 +00:00
|
|
|
# pepper: encryption key used for creating encrypted password. Each time
|
|
|
|
|
# password changes, it's gonna be encrypted again, and this key
|
|
|
|
|
# is added to the password and salt to create a secure hash.
|
2009-10-20 13:55:57 +00:00
|
|
|
# Always use `rake secret' to generate a new key.
|
2009-10-15 18:52:25 +00:00
|
|
|
#
|
2009-10-09 12:27:44 +00:00
|
|
|
# stretches: defines how many times the password will be encrypted.
|
|
|
|
|
#
|
2009-11-15 05:31:13 +00:00
|
|
|
# encryptor: the encryptor going to be used. By default :sha1.
|
|
|
|
|
#
|
|
|
|
|
# authentication_keys: parameters used for authentication. By default [:email]
|
|
|
|
|
#
|
2009-10-09 12:27:44 +00:00
|
|
|
# Examples:
|
|
|
|
|
#
|
|
|
|
|
# User.authenticate('email@test.com', 'password123') # returns authenticated user or nil
|
|
|
|
|
# User.find(1).valid_password?('password123') # returns true/false
|
2009-10-20 13:55:57 +00:00
|
|
|
#
|
2009-10-30 10:29:10 +00:00
|
|
|
module Authenticatable
|
2009-10-09 11:30:25 +00:00
|
|
|
def self.included(base)
|
|
|
|
|
base.class_eval do
|
|
|
|
|
extend ClassMethods
|
2009-12-07 23:00:44 +00:00
|
|
|
extend SessionSerializer
|
2009-09-17 14:06:46 +00:00
|
|
|
|
2009-10-15 18:52:25 +00:00
|
|
|
attr_reader :password
|
|
|
|
|
attr_accessor :password_confirmation
|
2009-10-09 11:30:25 +00:00
|
|
|
end
|
2009-09-17 12:24:33 +00:00
|
|
|
end
|
|
|
|
|
|
2009-11-25 01:19:12 +00:00
|
|
|
# Regenerates password salt and encrypted password each time password is set.
|
2009-10-15 18:52:25 +00:00
|
|
|
def password=(new_password)
|
|
|
|
|
@password = new_password
|
2009-11-25 01:19:12 +00:00
|
|
|
|
|
|
|
|
if @password.present?
|
|
|
|
|
self.password_salt = Devise.friendly_token
|
|
|
|
|
self.encrypted_password = password_digest(@password)
|
|
|
|
|
end
|
2009-10-15 18:52:25 +00:00
|
|
|
end
|
|
|
|
|
|
2009-11-25 01:19:12 +00:00
|
|
|
# Verifies whether an incoming_password (ie from login) is the user password.
|
2009-10-09 11:30:25 +00:00
|
|
|
def valid_password?(incoming_password)
|
2009-11-25 01:19:12 +00:00
|
|
|
password_digest(incoming_password) == encrypted_password
|
2009-09-17 12:24:33 +00:00
|
|
|
end
|
|
|
|
|
|
2009-10-20 13:08:40 +00:00
|
|
|
protected
|
2009-11-18 11:26:47 +00:00
|
|
|
|
2009-11-23 00:32:54 +00:00
|
|
|
# Digests the password using the configured encryptor.
|
2009-11-10 15:27:43 +00:00
|
|
|
def password_digest(password)
|
2009-11-23 00:32:54 +00:00
|
|
|
self.class.encryptor_class.digest(password, self.class.stretches, password_salt, self.class.pepper)
|
2009-10-09 11:30:25 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
module ClassMethods
|
2009-11-19 15:53:57 +00:00
|
|
|
# Authenticate a user based on configured attribute keys. Returns the
|
|
|
|
|
# authenticated user if it's valid or nil. Attributes are by default
|
2009-12-06 19:21:18 +00:00
|
|
|
# :email and :password, but the latter is always required.
|
2009-10-10 19:20:23 +00:00
|
|
|
def authenticate(attributes={})
|
2009-11-15 05:31:13 +00:00
|
|
|
return unless authentication_keys.all? { |k| attributes[k].present? }
|
|
|
|
|
conditions = attributes.slice(*authentication_keys)
|
2009-11-24 14:53:03 +00:00
|
|
|
resource = find_for_authentication(conditions)
|
|
|
|
|
valid_for_authentication(resource, attributes) if resource
|
2009-10-09 11:30:25 +00:00
|
|
|
end
|
2009-10-18 11:14:52 +00:00
|
|
|
|
2009-11-24 14:53:03 +00:00
|
|
|
# Returns the class for the configured encryptor.
|
|
|
|
|
def encryptor_class
|
|
|
|
|
@encryptor_class ||= ::Devise::Encryptors.const_get(encryptor.to_s.classify)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
protected
|
|
|
|
|
|
2009-11-19 15:53:57 +00:00
|
|
|
# Find first record based on conditions given (ie by the sign in form).
|
|
|
|
|
# Overwrite to add customized conditions, create a join, or maybe use a
|
|
|
|
|
# namedscope to filter records while authenticating.
|
2009-11-19 16:00:15 +00:00
|
|
|
# Example:
|
|
|
|
|
#
|
|
|
|
|
# def self.find_for_authentication(conditions={})
|
|
|
|
|
# conditions[:active] = true
|
|
|
|
|
# find(:first, :conditions => conditions)
|
|
|
|
|
# end
|
|
|
|
|
#
|
2009-11-19 15:53:57 +00:00
|
|
|
def find_for_authentication(conditions)
|
|
|
|
|
find(:first, :conditions => conditions)
|
|
|
|
|
end
|
|
|
|
|
|
2009-11-24 14:53:03 +00:00
|
|
|
# Contains the logic used in authentication. Overwritten by other devise modules.
|
|
|
|
|
def valid_for_authentication(resource, attributes)
|
|
|
|
|
resource if resource.valid_password?(attributes[:password])
|
|
|
|
|
end
|
|
|
|
|
|
2009-11-23 00:32:54 +00:00
|
|
|
Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
|
|
|
|
|
end
|
2009-09-17 12:46:40 +00:00
|
|
|
end
|
2009-09-17 12:24:33 +00:00
|
|
|
end
|
|
|
|
|
end
|
