custom domain cookie support

Signed-off-by: José Valim <jose.valim@gmail.com>
2022-11-09 12:18:31 -05:00 · 2010-05-05 18:25:59 +01:00 · 2010-05-05 18:25:59 +01:00 · 21129ae38c
commit 21129ae38c
parent f1bbce58f3
4 changed files with 26 additions and 5 deletions
--- a/lib/devise.rb
+++ b/lib/devise.rb
@ -47,6 +47,10 @@ module Devise
    :bcrypt => 60
  }

+  # Custom domain for cookies. Not set by default
+  mattr_accessor :cookie_domain
+  @@cookie_domain = false
+
  # Used to encrypt password. Please generate one with rake secret.
  mattr_accessor :pepper
  @@pepper = nil
--- a/lib/devise/hooks/forgetable.rb
+++ b/lib/devise/hooks/forgetable.rb
@ -2,9 +2,10 @@
 # to forget_me! Also clear remember token to ensure the user won't be
 # remembered again. Notice that we forget the user unless the record is frozen.
 # This avoids forgetting deleted users.
-Warden::Manager.before_logout do |record, warden, scope|
+Warden::Manager.before_logout do |record, warden, options|
  if record.respond_to?(:forget_me!)
    record.forget_me! unless record.frozen?
-    warden.cookies.delete "remember_#{scope}_token"
+
+    warden.cookies.delete("remember_#{options[:scope].to_s}_token", :domain => record.cookie_domain, :path => "/")
  end
-end
+end
--- a/lib/devise/hooks/rememberable.rb
+++ b/lib/devise/hooks/rememberable.rb
@ -11,11 +11,17 @@ module Devise
        if succeeded? && resource.respond_to?(:remember_me!) && remember_me?
          resource.remember_me!

-          cookies.signed["remember_#{scope}_token"] = {
+          conf = {
            :value => resource.class.serialize_into_cookie(resource),
            :expires => resource.remember_expires_at,
            :path => "/"
          }
+
+          conf[:domain] = resource.cookie_domain if resource.cookie_domain?  
+
+          Warden::Manager.after_set_user do |record, warden, options|
+            warden.cookies["remember_#{options[:scope]}_token"] = conf
+          end
        end
      end

@ -28,4 +34,5 @@ module Devise
  end
 end

-Devise::Strategies::Authenticatable.send :include, Devise::Hooks::Rememberable
+Devise::Strategies::Authenticatable.send :include, Devise::Hooks::Rememberable
+
--- a/lib/devise/models/rememberable.rb
+++ b/lib/devise/models/rememberable.rb
@ -65,6 +65,14 @@ module Devise
        remember_created_at + self.class.remember_for
      end

+      def cookie_domain
+        self.class.cookie_domain
+      end
+
+      def cookie_domain?
+        self.class.cookie_domain != false
+      end
+
      module ClassMethods
        # Create the cookie key using the record id and remember_token
        def serialize_into_cookie(record)
@ -79,6 +87,7 @@ module Devise
        end

        Devise::Models.config(self, :remember_for)
+        Devise::Models.config(self, :cookie_domain)
      end
    end
  end