Refactor Rememberable.serialized_in_cookie? to split class/instance API.

We now expose a `remember_me?` instance method as internal API for the controller layer check if the remember me cookie is still valid.
2022-11-09 12:18:31 -05:00 · 2016-01-27 13:32:34 -02:00 · 2016-01-27 13:32:34 -02:00 · 6008885152
commit 6008885152
parent d1d8c2f03d
2 changed files with 17 additions and 27 deletions
--- a/lib/devise/controllers/rememberable.rb
+++ b/lib/devise/controllers/rememberable.rb
@ -12,8 +12,8 @@ module Devise
      def remember_me_is_active?(resource)
        return false unless resource.respond_to?(:remember_me)
        scope = Devise::Mapping.find_scope!(resource)
-        cookie = cookies.signed[remember_key(resource, scope)]
-        resource.class.serialized_in_cookie?(resource, *cookie)
+        _, token, generated_at = cookies.signed[remember_key(resource, scope)]
+        resource.remember_me?(token, generated_at)
      end

      # Remembers the given resource by setting up a cookie
--- a/lib/devise/models/rememberable.rb
+++ b/lib/devise/models/rememberable.rb
@ -96,6 +96,18 @@ module Devise
      def after_remembered
      end

+      def remember_me?(token, generated_at)
+        # The token is only valid if:
+        # 1. we have a date
+        # 2. the current time does not pass the expiry period
+        # 3. the record has a remember_created_at date
+        # 4. the token date is bigger than the remember_created_at
+        # 5. the token matches
+        generated_at.is_a?(Time) &&
+         (self.class.remember_for.ago < generated_at) &&
+         (generated_at > (remember_created_at || Time.now).utc) &&
+         Devise.secure_compare(rememberable_value, token)
+      end

      module ClassMethods
        # Create the cookie key using the record id and remember_token
@ -105,12 +117,10 @@ module Devise

        # Recreate the user based on the stored cookie
        def serialize_from_cookie(*args)
-          serialize_from_cookie_with_or_without_record(nil, args)
-        end
+          id, token, generated_at = *args

-        # Check if the given record is the one serialized in cookie
-        def serialized_in_cookie?(record, *args)
-          !!serialize_from_cookie_with_or_without_record(record, args)
+          record = to_adapter.get(id)
+          record if record && record.remember_me?(token, generated_at)
        end

        # Generate a token checking if one does not already exist in the database.
@ -123,26 +133,6 @@ module Devise

        private

-        def serialize_from_cookie_with_or_without_record(record, args)
-          id, token, generated_at = args
-
-          # The token is only valid if:
-          # 1. we have a date
-          # 2. the current time does not pass the expiry period
-          # 3. there is a record with the given id
-          # 4. the record has a remember_created_at date
-          # 5. the token date is bigger than the remember_created_at
-          # 6. the token matches
-          if generated_at.is_a?(Time) &&
-             (self.remember_for.ago < generated_at) &&
-             (record ||= to_adapter.get(id)) && (id == record.to_key) &&
-             (generated_at > (record.remember_created_at || Time.now).utc) &&
-             Devise.secure_compare(record.rememberable_value, token)
-            record
-          end
-        end
-
-
        # TODO: extend_remember_period is no longer used
        Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out)
      end