kotovalexarian-likes-github/heartcombo--devise
1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
Code Releases Activity

Tidying up some lose ends and adding more docs.

Browse source
This commit is contained in:
José Valim 2010-04-01 22:11:59 +02:00
parent d8b6ba9022
commit 1ba525a0e9
5 changed files with 21 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.rdoc
View file

@ -7,10 +7,10 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
* Allows you to have multiple roles (or models/scopes) signed in at the same time; * Allows you to have multiple roles (or models/scopes) signed in at the same time;
* Is based on a modularity concept: use just what you really need. * Is based on a modularity concept: use just what you really need.
Right now it's composed of 12 modules: Right now it's composed of 11 modules:
* Database Authenticatable: encrypts and stores a password in the database to validate the authenticity of an user while signing in. * Database Authenticatable: encrypts and stores a password in the database to validate the authenticity of an user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
* Token Authenticatable: validates the authenticity of a user while signing in using an authentication token (also known as "single access token"). * Token Authenticatable: signs in an user based on an authentication token (also known as "single access token"). The token can be given both through query string or HTTP Basic Authentication.
* Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. * Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
* Recoverable: resets the user password and sends reset instructions. * Recoverable: resets the user password and sends reset instructions.
* Registerable: handles signing up users through a registration process. * Registerable: handles signing up users through a registration process.
@ -21,8 +21,6 @@ Right now it's composed of 12 modules:
* Lockable: locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. * Lockable: locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
* Activatable: use this module if you need to activate accounts by means other than confirmation. * Activatable: use this module if you need to activate accounts by means other than confirmation.
Additionaly, Devise has several extensions (listed at the end of this README) and has http authentication built in.
== Examples == Examples
* Example application using Devise at http://github.com/plataformatec/devise_example * Example application using Devise at http://github.com/plataformatec/devise_example

2
lib/devise/hooks/rememberable.rb
View file

@ -32,7 +32,7 @@ module Devise
protected protected
def remember_me? def remember_me?
@remember_me ||= Devise::TRUE_VALUES.include?(valid_params? && params[scope][:remember_me]) valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
end end
end end
end end

12
lib/devise/strategies/authenticatable.rb
View file

@ -33,7 +33,7 @@ module Devise
# Check if this is strategy is valid for params authentication. # Check if this is strategy is valid for params authentication.
def valid_for_params_auth? def valid_for_params_auth?
params_authenticatable? && valid_controller? && params_authenticatable? && valid_request? &&
valid_params? && with_authentication_hash(params_auth_hash) valid_params? && with_authentication_hash(params_auth_hash)
end end
@ -58,12 +58,22 @@ module Devise
Hash[*keys.zip(decode_credentials).flatten] Hash[*keys.zip(decode_credentials).flatten]
end end
# By default, a request is valid if the controller is allowed and the VERB is POST.
def valid_request?
valid_controller? && valid_verb?
end
# Check if the controller is valid for params authentication. # Check if the controller is valid for params authentication.
def valid_controller? def valid_controller?
mapping.controllers[:sessions] == params[:controller] mapping.controllers[:sessions] == params[:controller]
end end
# Check if the params_auth_hash is valid for params authentication. # Check if the params_auth_hash is valid for params authentication.
def valid_verb?
request.post?
end
# If the request is valid, finally check if params_auth_hash returns a hash.
def valid_params? def valid_params?
params_auth_hash.is_a?(Hash) params_auth_hash.is_a?(Hash)
end end

4
lib/devise/strategies/token_authenticatable.rb
View file

@ -20,8 +20,8 @@ module Devise
private private
# TokenAuthenticatable params can be given to any controller. # TokenAuthenticatable request is valid for any controller and any verb.
def valid_controller? def valid_request?
true true
end end

5
lib/generators/devise_install/templates/devise.rb
View file

@ -12,7 +12,10 @@ Devise.setup do |config|
# session. If you need permissions, you should implement that in a before filter. # session. If you need permissions, you should implement that in a before filter.
# config.authentication_keys = [ :email ] # config.authentication_keys = [ :email ]
# Tell if authentication for http is enabled. True by default. # Tell if authentication through request.params is enabled. True by default.
# config.params_authenticatable = true
# Tell if authentication through HTTP Basic Auth is enabled. True by default.
# config.http_authenticatable = true # config.http_authenticatable = true
# The realm used in Http Basic Authentication # The realm used in Http Basic Authentication