Move rememberable back to a hook.
This commit is contained in:
José Valim
parent
352edc024b
commit
2e43944567
|
|
@ -14,6 +14,7 @@ module Devise
|
|||
module Controllers
|
||||
autoload :Helpers, 'devise/controllers/helpers'
|
||||
autoload :InternalHelpers, 'devise/controllers/internal_helpers'
|
||||
autoload :Rememberable, 'devise/controllers/rememberable'
|
||||
autoload :ScopedViews, 'devise/controllers/scoped_views'
|
||||
autoload :UrlHelpers, 'devise/controllers/url_helpers'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -0,0 +1,52 @@
|
|||
module Devise
|
||||
module Controllers
|
||||
# A module that may be optionally included in a controller in order
|
||||
# to provide remember me behavior.
|
||||
module Rememberable
|
||||
# Return default cookie values retrieved from session options.
|
||||
def self.cookie_values
|
||||
Rails.configuration.session_options.slice(:path, :domain, :secure)
|
||||
end
|
||||
|
||||
# A small warden proxy so we can remember and forget uses from hooks.
|
||||
class Proxy #:nodoc:
|
||||
include Devise::Controllers::Rememberable
|
||||
|
||||
delegate :cookies, :env, :to => :@warden
|
||||
|
||||
def initialize(warden)
|
||||
@warden = warden
|
||||
end
|
||||
end
|
||||
|
||||
# Remembers the given resource by setting up a cookie
|
||||
def remember_me(resource)
|
||||
scope = Devise::Mapping.find_scope!(resource)
|
||||
resource.remember_me!(resource.extend_remember_period)
|
||||
cookies.signed["remember_#{scope}_token"] = remember_cookie_values(resource)
|
||||
end
|
||||
|
||||
# Forgets the given resource by deleting a cookie
|
||||
def forget_me(resource)
|
||||
scope = Devise::Mapping.find_scope!(resource)
|
||||
resource.forget_me! unless resource.frozen?
|
||||
cookies.delete("remember_#{scope}_token", forget_cookie_values(resource))
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def forget_cookie_values(resource)
|
||||
Devise::Controllers::Rememberable.cookie_values.merge!(resource.cookie_options)
|
||||
end
|
||||
|
||||
def remember_cookie_values(resource)
|
||||
options = { :httponly => true }
|
||||
options.merge!(forget_cookie_values(resource))
|
||||
options.merge!(
|
||||
:value => resource.class.serialize_into_cookie(resource),
|
||||
:expires => resource.remember_expires_at
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -4,9 +4,6 @@
|
|||
# This avoids forgetting deleted users.
|
||||
Warden::Manager.before_logout do |record, warden, options|
|
||||
if record.respond_to?(:forget_me!)
|
||||
record.forget_me! unless record.frozen?
|
||||
cookie_options = Rails.configuration.session_options.slice(:path, :domain, :secure)
|
||||
cookie_options.merge!(record.cookie_options)
|
||||
warden.cookies.delete("remember_#{options[:scope]}_token", cookie_options)
|
||||
Devise::Controllers::Rememberable::Proxy.new(warden).forget_me(record)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,48 +1,6 @@
|
|||
module Devise
|
||||
module Hooks
|
||||
# Overwrite success! in authentication strategies allowing users to be remembered.
|
||||
# We choose to implement this as an strategy hook instead of a warden hook to allow a specific
|
||||
# strategy (like token authenticatable or facebook authenticatable) to turn off remember_me?
|
||||
# cookies.
|
||||
module Rememberable #:nodoc:
|
||||
def success!(resource)
|
||||
super
|
||||
|
||||
if succeeded? && resource.respond_to?(:remember_me!) && remember_me?
|
||||
resource.remember_me!(extend_remember_period?)
|
||||
cookies.signed["remember_#{scope}_token"] = cookie_values(resource)
|
||||
end
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def cookie_values(resource)
|
||||
options = Rails.configuration.session_options.slice(:path, :domain, :secure)
|
||||
options[:httponly] = true
|
||||
|
||||
options.merge!(resource.cookie_options)
|
||||
options.merge!(
|
||||
:value => resource.class.serialize_into_cookie(resource),
|
||||
:expires => resource.remember_expires_at
|
||||
)
|
||||
|
||||
options
|
||||
end
|
||||
|
||||
def succeeded?
|
||||
@result == :success
|
||||
end
|
||||
|
||||
def extend_remember_period?
|
||||
false
|
||||
end
|
||||
|
||||
def remember_me?
|
||||
valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
|
||||
end
|
||||
end
|
||||
Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
|
||||
scope = options[:scope]
|
||||
if record.respond_to?(:remember_me) && record.remember_me && warden.authenticated?(scope)
|
||||
Devise::Controllers::Rememberable::Proxy.new(warden).remember_me(record)
|
||||
end
|
||||
end
|
||||
|
||||
Devise::Strategies::Authenticatable.send :include, Devise::Hooks::Rememberable
|
||||
|
||||
end
|
||||
|
|
@ -44,10 +44,7 @@ module Devise
|
|||
module Rememberable
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
included do
|
||||
# Remember me option available in after_authentication hook.
|
||||
attr_accessor :remember_me
|
||||
end
|
||||
attr_accessor :remember_me, :extend_remember_period
|
||||
|
||||
# Generate a new remember token and save the record without validations
|
||||
# unless remember_across_browsers is true and the user already has a valid token.
|
||||
|
|
@ -60,7 +57,7 @@ module Devise
|
|||
# Removes the remember token only if it exists, and save the record
|
||||
# without validations.
|
||||
def forget_me!
|
||||
self.remember_token = nil if respond_to?(:remember_token)
|
||||
self.remember_token = nil if respond_to?(:remember_token=)
|
||||
self.remember_created_at = nil
|
||||
save(:validate => false)
|
||||
end
|
||||
|
|
|
|||
|
|
@ -19,13 +19,26 @@ module Devise
|
|||
result = resource && resource.valid_for_authentication?(&block)
|
||||
|
||||
case result
|
||||
when Symbol, String
|
||||
when String, Symbol
|
||||
fail!(result)
|
||||
when TrueClass
|
||||
decorate(resource)
|
||||
true
|
||||
else
|
||||
result
|
||||
end
|
||||
end
|
||||
|
||||
# Get values from params and set in the resource.
|
||||
def decorate(resource)
|
||||
resource.remember_me = remember_me? if resource.respond_to?(:remember_me=)
|
||||
end
|
||||
|
||||
# Should this resource be marked to be remembered?
|
||||
def remember_me?
|
||||
valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
|
||||
end
|
||||
|
||||
# Check if this is strategy is valid for http authentication by:
|
||||
#
|
||||
# * Validating if the model allows params authentication;
|
||||
|
|
|
|||
|
|
@ -28,6 +28,11 @@ module Devise
|
|||
|
||||
private
|
||||
|
||||
def decorate(resource)
|
||||
super
|
||||
resource.extend_remember_period = mapping.to.extend_remember_period if resource.respond_to?(:extend_remember_period=)
|
||||
end
|
||||
|
||||
def remember_me?
|
||||
true
|
||||
end
|
||||
|
|
@ -36,10 +41,6 @@ module Devise
|
|||
"remember_#{scope}_token"
|
||||
end
|
||||
|
||||
def extend_remember_period?
|
||||
mapping.to.extend_remember_period
|
||||
end
|
||||
|
||||
# Accessor for remember cookie
|
||||
def remember_cookie
|
||||
@remember_cookie ||= cookies.signed[remember_key]
|
||||
|
|
|
|||
|
|
@ -161,7 +161,6 @@ class RememberMeTest < ActionController::IntegrationTest
|
|||
|
||||
get users_path
|
||||
assert_not warden.authenticated?(:user)
|
||||
assert_nil warden.cookies['remember_user_token']
|
||||
end
|
||||
|
||||
test 'do not remember the admin anymore after forget' do
|
||||
|
|
@ -171,11 +170,11 @@ class RememberMeTest < ActionController::IntegrationTest
|
|||
|
||||
get destroy_admin_session_path
|
||||
assert_not warden.authenticated?(:admin)
|
||||
assert_nil admin.reload.remember_token
|
||||
assert_nil warden.cookies['remember_admin_token']
|
||||
|
||||
get root_path
|
||||
assert_not warden.authenticated?(:admin)
|
||||
assert_nil warden.cookies['remember_admin_token']
|
||||
end
|
||||
|
||||
test 'changing user password expires remember me token' do
|
||||
|
|
|
|||
Loading…
Reference in New Issue