heartcombo--devise/lib/devise/models/authenticatable.rb

require 'devise/hooks/activatable'

module Devise
  module Models
    # Authenticatable module. Holds common settings for authentication.
    #
    # == Options
    #
    # Authenticatable adds the following options to devise_for:
    #
    #   * +authentication_keys+: parameters used for authentication. By default [:email].
    #
    #   * +request_keys+: parameters from the request object used for authentication.
    #     By specifying a symbol (which should be a request method), it will automatically be
    #     passed to find_for_authentication method and considered in your model lookup.
    #
    #     For instance, if you set :request_keys to [:subdomain], :subdomain will be considered
    #     as key on authentication. This can also be a hash where the value is a boolean expliciting
    #     if the value is required or not.
    #
    #   * +http_authenticatable+: if this model allows http authentication. By default true.
    #     It also accepts an array specifying the strategies that should allow http.
    #
    #   * +params_authenticatable+: if this model allows authentication through request params. By default true.
    #     It also accepts an array specifying the strategies that should allow params authentication.
    #
    # == active_for_authentication?
    #
    # Before authenticating a user and in each request, Devise checks if your model is active by
    # calling model.active_for_authentication?. This method is overwriten by other devise modules. For instance,
    # :confirmable overwrites .active_for_authentication? to only return true if your model was confirmed.
    #
    # You overwrite this method yourself, but if you do, don't forget to call super:
    #
    #   def active_for_authentication?
    #     super && special_condition_is_valid?
    #   end
    #
    # Whenever active_for_authentication? returns false, Devise asks the reason why your model is inactive using
    # the inactive_message method. You can overwrite it as well:
    #
    #   def inactive_message
    #     special_condition_is_valid? ? super : :special_condition_is_not_valid
    #   end
    #
    module Authenticatable
      extend ActiveSupport::Concern

      included do
        class_attribute :devise_modules, :instance_writer => false
        self.devise_modules ||= []
      end

      # Check if the current object is valid for authentication. This method and
      # find_for_authentication are the methods used in a Warden::Strategy to check
      # if a model should be signed in or not.
      #
      # However, you should not overwrite this method, you should overwrite active_for_authentication?
      # and inactive_message instead.
      def valid_for_authentication?
        if active_for_authentication?
          block_given? ? yield : true
        else
          inactive_message
        end
      end

      def active_for_authentication?
        true
      end

      def inactive_message
        :inactive
      end

      def authenticatable_salt
      end

      %w(to_xml to_json).each do |method|
        class_eval <<-RUBY, __FILE__, __LINE__
          def #{method}(options={})
            if self.class.respond_to?(:accessible_attributes)
              options = { :only => self.class.accessible_attributes.to_a }.merge(options || {})
              super(options)
            else
              super
            end
          end
        RUBY
      end

      module ClassMethods
        Devise::Models.config(self, :authentication_keys, :request_keys, :case_insensitive_keys, :http_authenticatable, :params_authenticatable)

        def params_authenticatable?(strategy)
          params_authenticatable.is_a?(Array) ?
            params_authenticatable.include?(strategy) : params_authenticatable
        end

        def http_authenticatable?(strategy)
          http_authenticatable.is_a?(Array) ?
            http_authenticatable.include?(strategy) : http_authenticatable
        end

        # Find first record based on conditions given (ie by the sign in form).
        # Overwrite to add customized conditions, create a join, or maybe use a
        # namedscope to filter records while authenticating.
        # Example:
        #
        #   def self.find_for_authentication(conditions={})
        #     conditions[:active] = true
        #     super
        #   end
        #
        def find_for_authentication(conditions)
          filter_auth_params(conditions)
          (case_insensitive_keys || []).each { |k| conditions[k].try(:downcase!) }
          to_adapter.find_first(conditions)
        end

        # Find an initialize a record setting an error if it can't be found.
        def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc:
          find_or_initialize_with_errors([attribute], { attribute => value }, error)
        end

        # Find an initialize a group of attributes based on a list of required attributes.
        def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
          (case_insensitive_keys || []).each { |k| attributes[k].try(:downcase!) }
          
          attributes = attributes.slice(*required_attributes)
          attributes.delete_if { |key, value| value.blank? }

          if attributes.size == required_attributes.size
            record = to_adapter.find_first(filter_auth_params(attributes))
          end
          
          unless record
            record = new

            required_attributes.each do |key|
              value = attributes[key]
              record.send("#{key}=", value)
              record.errors.add(key, value.present? ? error : :blank)
            end
          end

          record
        end

        protected

        # Force keys to be string to avoid injection on mongoid related database.
        def filter_auth_params(conditions)
          conditions.each do |k, v|
            conditions[k] = v.to_s
          end if conditions.is_a?(Hash)
        end

        # Generate a token by looping and ensuring does not already exist.
        def generate_token(column)
          loop do
            token = Devise.friendly_token
            break token unless to_adapter.find_first({ column => token })
          end
        end
      end
    end
  end
end
:activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 16:34:22 +02:00			`require 'devise/hooks/activatable'`

Create authenticatable base model and strategy. 2010-03-29 20:52:34 +02:00			`module Devise`
			`module Models`
typos (remaining instances of authenticable -> authenticatable) 2011-01-12 02:53:17 +08:00			`# Authenticatable module. Holds common settings for authentication.`
Create authenticatable base model and strategy. 2010-03-29 20:52:34 +02:00			`#`
Add OAuth2 documentation. 2010-07-15 13:01:31 +02:00			`# == Options`
Create authenticatable base model and strategy. 2010-03-29 20:52:34 +02:00			`#`
Add OAuth2 documentation. 2010-07-15 13:01:31 +02:00			`# Authenticatable adds the following options to devise_for:`
Create authenticatable base model and strategy. 2010-03-29 20:52:34 +02:00			`#`
Add OAuth2 documentation. 2010-07-15 13:01:31 +02:00			`# * +authentication_keys+: parameters used for authentication. By default [:email].`
Create authenticatable base model and strategy. 2010-03-29 20:52:34 +02:00			`#`
Add request_keys support. Closes #401. 2010-09-21 11:45:44 +02:00			`# * +request_keys+: parameters from the request object used for authentication.`
			`# By specifying a symbol (which should be a request method), it will automatically be`
			`# passed to find_for_authentication method and considered in your model lookup.`
			`#`
			`# For instance, if you set :request_keys to [:subdomain], :subdomain will be considered`
			`# as key on authentication. This can also be a hash where the value is a boolean expliciting`
			`# if the value is required or not.`
			`#`
Add OAuth2 documentation. 2010-07-15 13:01:31 +02:00			`# * +http_authenticatable+: if this model allows http authentication. By default true.`
			`# It also accepts an array specifying the strategies that should allow http.`
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 19:09:33 +02:00			`#`
Add OAuth2 documentation. 2010-07-15 13:01:31 +02:00			`# * +params_authenticatable+: if this model allows authentication through request params. By default true.`
			`# It also accepts an array specifying the strategies that should allow params authentication.`
Create authenticatable base model and strategy. 2010-03-29 20:52:34 +02:00			`#`
Rename active? to active_for_authentication? 2011-03-25 15:39:08 +01:00			`# == active_for_authentication?`
:activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 16:34:22 +02:00			`#`
corrected 'an user' to 'a user' in comments and docs 2011-02-06 23:34:31 +08:00			`# Before authenticating a user and in each request, Devise checks if your model is active by`
Rename active? to active_for_authentication? 2011-03-25 15:39:08 +01:00			`# calling model.active_for_authentication?. This method is overwriten by other devise modules. For instance,`
			`# :confirmable overwrites .active_for_authentication? to only return true if your model was confirmed.`
:activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 16:34:22 +02:00			`#`
			`# You overwrite this method yourself, but if you do, don't forget to call super:`
			`#`
Rename active? to active_for_authentication? 2011-03-25 15:39:08 +01:00			`# def active_for_authentication?`
:activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 16:34:22 +02:00			`# super && special_condition_is_valid?`
			`# end`
			`#`
Rename active? to active_for_authentication? 2011-03-25 15:39:08 +01:00			`# Whenever active_for_authentication? returns false, Devise asks the reason why your model is inactive using`
:activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 16:34:22 +02:00			`# the inactive_message method. You can overwrite it as well:`
			`#`
			`# def inactive_message`
			`# special_condition_is_valid? ? super : :special_condition_is_not_valid`
			`# end`
			`#`
Create authenticatable base model and strategy. 2010-03-29 20:52:34 +02:00			`module Authenticatable`
			`extend ActiveSupport::Concern`

More more logic to Authenticatable. 2010-04-16 22:00:06 +02:00			`included do`
			`class_attribute :devise_modules, :instance_writer => false`
			`self.devise_modules \|\|= []`
			`end`

Add tests to cookie domain, closes #254. 2010-05-16 14:13:43 +02:00			`# Check if the current object is valid for authentication. This method and`
			`# find_for_authentication are the methods used in a Warden::Strategy to check`
			`# if a model should be signed in or not.`
:activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 16:34:22 +02:00			`#`
Rename active? to active_for_authentication? 2011-03-25 15:39:08 +01:00			`# However, you should not overwrite this method, you should overwrite active_for_authentication?`
			`# and inactive_message instead.`
Allow several authentications to share a common path. 2010-03-29 23:44:47 +02:00			`def valid_for_authentication?`
Rename active? to active_for_authentication? 2011-03-25 15:39:08 +01:00			`if active_for_authentication?`
:activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 16:34:22 +02:00			`block_given? ? yield : true`
			`else`
			`inactive_message`
			`end`
			`end`

Rename active? to active_for_authentication? 2011-03-25 15:39:08 +01:00			`def active_for_authentication?`
Remove deprecations, bump to .dev and update template. 2011-03-28 21:26:53 +02:00			`true`
:activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 16:34:22 +02:00			`end`

			`def inactive_message`
			`:inactive`
Allow several authentications to share a common path. 2010-03-29 23:44:47 +02:00			`end`

Store the salt in session and expire the session if the user changes his password 2010-09-25 17:24:42 +02:00			`def authenticatable_salt`
			`end`

Other minor improvements in the REST code. 2011-04-19 08:35:03 +02:00			`%w(to_xml to_json).each do \|method\|`
			`class_eval <<-RUBY, __FILE__, __LINE__`
			`def #{method}(options={})`
			`if self.class.respond_to?(:accessible_attributes)`
			`options = { :only => self.class.accessible_attributes.to_a }.merge(options \|\| {})`
			`super(options)`
			`else`
			`super`
			`end`
			`end`
			`RUBY`
			`end`

Create authenticatable base model and strategy. 2010-03-29 20:52:34 +02:00			`module ClassMethods`
first attempt 2010-11-18 21:24:42 +01:00			`Devise::Models.config(self, :authentication_keys, :request_keys, :case_insensitive_keys, :http_authenticatable, :params_authenticatable)`
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 19:09:33 +02:00
			`def params_authenticatable?(strategy)`
			`params_authenticatable.is_a?(Array) ?`
			`params_authenticatable.include?(strategy) : params_authenticatable`
			`end`
Create authenticatable base model and strategy. 2010-03-29 20:52:34 +02:00
TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 19:09:33 +02:00			`def http_authenticatable?(strategy)`
			`http_authenticatable.is_a?(Array) ?`
			`http_authenticatable.include?(strategy) : http_authenticatable`
			`end`
Create authenticatable base model and strategy. 2010-03-29 20:52:34 +02:00
			`# Find first record based on conditions given (ie by the sign in form).`
			`# Overwrite to add customized conditions, create a join, or maybe use a`
			`# namedscope to filter records while authenticating.`
			`# Example:`
			`#`
			`# def self.find_for_authentication(conditions={})`
			`# conditions[:active] = true`
			`# super`
			`# end`
			`#`
			`def find_for_authentication(conditions)`
Improve previous patch. 2011-03-11 20:46:08 +01:00			`filter_auth_params(conditions)`
Faster uniqueness queries, closes #917 2011-03-15 12:52:53 +01:00			`(case_insensitive_keys \|\| []).each { \|k\| conditions[k].try(:downcase!) }`
Depend on ORM Adapter. 2010-10-10 17:51:12 +02:00			`to_adapter.find_first(conditions)`
Create authenticatable base model and strategy. 2010-03-29 20:52:34 +02:00			`end`
More more logic to Authenticatable. 2010-04-16 22:00:06 +02:00
			`# Find an initialize a record setting an error if it can't be found.`
			`def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc:`
Refactor code related with authentication keys on password recovery and account unlocking, closes #396. 2010-09-21 12:05:17 +02:00			`find_or_initialize_with_errors([attribute], { attribute => value }, error)`
More more logic to Authenticatable. 2010-04-16 22:00:06 +02:00			`end`
Refactor code related with authentication keys on password recovery and account unlocking, closes #396. 2010-09-21 12:05:17 +02:00
			`# Find an initialize a group of attributes based on a list of required attributes.`
make User#send_reset_password_instructions to require all authentication_keys Signed-off-by: José Valim <jose.valim@gmail.com> 2010-07-25 20:53:42 +03:00			`def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:`
Faster uniqueness queries, closes #917 2011-03-15 12:52:53 +01:00			`(case_insensitive_keys \|\| []).each { \|k\| attributes[k].try(:downcase!) }`
first attempt 2010-11-18 21:24:42 +01:00
make User#send_reset_password_instructions to require all authentication_keys Signed-off-by: José Valim <jose.valim@gmail.com> 2010-07-25 20:53:42 +03:00			`attributes = attributes.slice(*required_attributes)`
			`attributes.delete_if { \|key, value\| value.blank? }`

			`if attributes.size == required_attributes.size`
Improve previous patch. 2011-03-11 20:46:08 +01:00			`record = to_adapter.find_first(filter_auth_params(attributes))`
make User#send_reset_password_instructions to require all authentication_keys Signed-off-by: José Valim <jose.valim@gmail.com> 2010-07-25 20:53:42 +03:00			`end`

			`unless record`
			`record = new`

Refactor code related with authentication keys on password recovery and account unlocking, closes #396. 2010-09-21 12:05:17 +02:00			`required_attributes.each do \|key\|`
All tests green on latest mongoid. 2010-09-24 11:30:08 +02:00			`value = attributes[key]`
			`record.send("#{key}=", value)`
			`record.errors.add(key, value.present? ? error : :blank)`
make User#send_reset_password_instructions to require all authentication_keys Signed-off-by: José Valim <jose.valim@gmail.com> 2010-07-25 20:53:42 +03:00			`end`
			`end`

			`record`
			`end`
Always loop before generating a token. 2010-07-18 23:32:56 +02:00
Improve previous patch. 2011-03-11 20:46:08 +01:00			`protected`

			`# Force keys to be string to avoid injection on mongoid related database.`
			`def filter_auth_params(conditions)`
			`conditions.each do \|k, v\|`
			`conditions[k] = v.to_s`
Oops, fix silly mistake. 2011-03-16 05:52:53 -07:00			`end if conditions.is_a?(Hash)`
Improve previous patch. 2011-03-11 20:46:08 +01:00			`end`

Always loop before generating a token. 2010-07-18 23:32:56 +02:00			`# Generate a token by looping and ensuring does not already exist.`
			`def generate_token(column)`
			`loop do`
			`token = Devise.friendly_token`
Use to_adapter in two more methods Authenticatable.generate_token and Warden::SessionSerializer#deserialize 2010-10-17 03:49:05 +08:00			`break token unless to_adapter.find_first({ column => token })`
Always loop before generating a token. 2010-07-18 23:32:56 +02:00			`end`
			`end`
Create authenticatable base model and strategy. 2010-03-29 20:52:34 +02:00			`end`
			`end`
			`end`
			`end`