kotovalexarian-likes-github
/
heartcombo--devise
mirror of https://github.com/heartcombo/devise.git
1
0
Fork 0
Code Releases Activity

Tidying up some lose ends and adding more docs.

This commit is contained in:
José Valim 2010-04-01 22:11:59 +02:00
parent d8b6ba9022
commit 1ba525a0e9
5 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.rdoc
View File

@ -7,10 +7,10 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
* Allows you to have multiple roles (or models/scopes) signed in at the same time;
* Is based on a modularity concept: use just what you really need.
Right now it's composed of 12 modules:
Right now it's composed of 11 modules:
* Database Authenticatable: encrypts and stores a password in the database to validate the authenticity of an user while signing in.
* Token Authenticatable: validates the authenticity of a user while signing in using an authentication token (also known as "single access token").
* Database Authenticatable: encrypts and stores a password in the database to validate the authenticity of an user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
* Token Authenticatable: signs in an user based on an authentication token (also known as "single access token"). The token can be given both through query string or HTTP Basic Authentication.
* Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
* Recoverable: resets the user password and sends reset instructions.
* Registerable: handles signing up users through a registration process.
@ -21,8 +21,6 @@ Right now it's composed of 12 modules:
* Lockable: locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
* Activatable: use this module if you need to activate accounts by means other than confirmation.
Additionaly, Devise has several extensions (listed at the end of this README) and has http authentication built in.
== Examples
* Example application using Devise at http://github.com/plataformatec/devise_example

2
lib/devise/hooks/rememberable.rb
View File

@ -32,7 +32,7 @@ module Devise
protected
def remember_me?
@remember_me ||= Devise::TRUE_VALUES.include?(valid_params? && params[scope][:remember_me])
valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
end
end
end

12
lib/devise/strategies/authenticatable.rb
View File

@ -33,7 +33,7 @@ module Devise
# Check if this is strategy is valid for params authentication.
def valid_for_params_auth?
params_authenticatable? && valid_controller? &&
params_authenticatable? && valid_request? &&
valid_params? && with_authentication_hash(params_auth_hash)
end
@ -58,12 +58,22 @@ module Devise
Hash[*keys.zip(decode_credentials).flatten]
end
# By default, a request is valid if the controller is allowed and the VERB is POST.
def valid_request?
valid_controller? && valid_verb?
end
# Check if the controller is valid for params authentication.
def valid_controller?
mapping.controllers[:sessions] == params[:controller]
end
# Check if the params_auth_hash is valid for params authentication.
def valid_verb?
request.post?
end
# If the request is valid, finally check if params_auth_hash returns a hash.
def valid_params?
params_auth_hash.is_a?(Hash)
end

4
lib/devise/strategies/token_authenticatable.rb
View File

@ -20,8 +20,8 @@ module Devise
private
# TokenAuthenticatable params can be given to any controller.
def valid_controller?
# TokenAuthenticatable request is valid for any controller and any verb.
def valid_request?
true
end

5
lib/generators/devise_install/templates/devise.rb
View File

@ -12,7 +12,10 @@ Devise.setup do |config|
# session. If you need permissions, you should implement that in a before filter.
# config.authentication_keys = [ :email ]
# Tell if authentication for http is enabled. True by default.
# Tell if authentication through request.params is enabled. True by default.
# config.params_authenticatable = true
# Tell if authentication through HTTP Basic Auth is enabled. True by default.
# config.http_authenticatable = true
# The realm used in Http Basic Authentication