Make HttpAuthenticatable opt-in.

2010-02-15 14:11:33 +01:00 · 2010-02-15 14:11:33 +01:00 · bdacffab58
parent 085b12a710
commit bdacffab58
7 changed files with 31 additions and 15 deletions
--- a/README.rdoc
+++ b/README.rdoc
@ -7,9 +7,11 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 * Allows you to have multiple roles (or models/scopes) signed in at the same time;
 * Is based on a modularity concept: use just what you really need.

-Right now it's composed of twelve modules:
+Right now it's composed of 12 modules:

 * Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
+* Token Authenticatable: validates authenticity of a user while signing in using an authentication token (also known as "single access token").
+* HttpAuthenticatable: sign in users using basic HTTP authentication.
 * Confirmable: responsible for verifying whether an account is already confirmed to sign in, and to send emails with confirmation instructions.
 * Recoverable: takes care of reseting the user password and send reset instructions.
 * Registerable: handles signing up users through a registration process.
@ -17,9 +19,7 @@ Right now it's composed of twelve modules:
 * Trackable: tracks sign in count, timestamps and ip.
 * Timeoutable: expires sessions without activity in a certain period of time.
 * Validatable: creates all needed validations for email and password. It's totally optional, so you're able to to customize validations by yourself.
-* HttpAuthenticatable: sign in users using basic HTTP authentication.
 * Lockable: takes care of locking an account based on the number of failed sign in attempts. Handles unlock via expire and email.
-* Token Authenticatable: validates authenticity of a user while signing in using an authentication token (also known as "single access token").
 * Activatable: if you need to activate accounts by other means, which are not through confirmation, use this module.

 There's an example application using Devise at http://github.com/plataformatec/devise_example .
--- a/generators/devise/templates/model.rb
+++ b/generators/devise/templates/model.rb
@ -1,6 +1,6 @@
 class <%= class_name %> < ActiveRecord::Base
-  # Include default devise modules.
-  # Others available are :lockable, :timeoutable and :activatable.
+  # Include default devise modules. Others available are:
+  # :http_authenticatable, :token_authenticatable, :lockable, :timeoutable and :activatable
  devise :registerable, :authenticatable, :confirmable, :recoverable,
         :rememberable, :trackable, :validatable

--- a/lib/devise.rb
+++ b/lib/devise.rb
@ -28,7 +28,7 @@ module Devise
  ALL = []

  # Authentication ones first
-  ALL.push :authenticatable, :token_authenticatable, :rememberable
+  ALL.push :authenticatable, :http_authenticatable, :token_authenticatable, :rememberable

  # Misc after
  ALL.push :recoverable, :registerable, :validatable
--- a/lib/devise/models/authenticatable.rb
+++ b/lib/devise/models/authenticatable.rb
@ -1,5 +1,4 @@
 require 'devise/strategies/authenticatable'
-require 'devise/strategies/http_authenticatable'

 module Devise
  module Models
@ -120,11 +119,6 @@ module Devise
          resource if resource.try(:valid_for_authentication?, attributes)
        end

-        # Authenticate an user using http.
-        def authenticate_with_http(username, password)
-          authenticate(authentication_keys.first => username, :password => password)
-        end
-
        # Returns the class for the configured encryptor.
        def encryptor_class
          @encryptor_class ||= ::Devise::Encryptors.const_get(encryptor.to_s.classify)
--- a/lib/devise/models/http_authenticatable.rb
+++ b/lib/devise/models/http_authenticatable.rb
@ -0,0 +1,21 @@
+require 'devise/strategies/http_authenticatable'
+
+module Devise
+  module Models
+    # Adds HttpAuthenticatable behavior to your model. It expects that your
+    # model class responds to authenticate and authentication_keys methods
+    # (which for example are defined in authenticatable).
+    module HttpAuthenticatable
+      def self.included(base)
+        base.extend ClassMethods
+      end
+
+      module ClassMethods
+        # Authenticate an user using http.
+        def authenticate_with_http(username, password)
+          authenticate(authentication_keys.first => username, :password => password)
+        end
+      end
+    end
+  end
+end
--- a/test/rails_app/app/active_record/user.rb
+++ b/test/rails_app/app/active_record/user.rb
@ -1,5 +1,5 @@
 class User < ActiveRecord::Base
-  devise :authenticatable, :confirmable, :lockable, :recoverable,
+  devise :authenticatable, :http_authenticatable, :confirmable, :lockable, :recoverable,
         :registerable, :rememberable, :timeoutable, :token_authenticatable,
         :trackable, :validatable

--- a/test/rails_app/app/mongo_mapper/user.rb
+++ b/test/rails_app/app/mongo_mapper/user.rb
@ -1,7 +1,8 @@
 class User
  include MongoMapper::Document
  key :created_at, DateTime
-  devise :authenticatable, :confirmable, :recoverable, :rememberable, :trackable,
-         :validatable, :timeoutable, :lockable, :token_authenticatable
+  devise :authenticatable, :http_authenticatable, :confirmable, :recoverable,
+         :rememberable, :trackable, :validatable, :timeoutable, :lockable,
+         :token_authenticatable
  # attr_accessible :username, :email, :password, :password_confirmation
 end