Make HttpAuthenticatable opt-in.

README.rdoc

@@ -7,9 +7,11 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 * Allows you to have multiple roles (or models/scopes) signed in at the same time;
 * Is based on a modularity concept: use just what you really need.
 
-Right now it's composed of twelve modules:
+Right now it's composed of 12 modules:
 
 * Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
+* Token Authenticatable: validates authenticity of a user while signing in using an authentication token (also known as "single access token").
+* HttpAuthenticatable: sign in users using basic HTTP authentication.
 * Confirmable: responsible for verifying whether an account is already confirmed to sign in, and to send emails with confirmation instructions.
 * Recoverable: takes care of reseting the user password and send reset instructions.
 * Registerable: handles signing up users through a registration process.
@@ -17,9 +19,7 @@ Right now it's composed of twelve modules:
 * Trackable: tracks sign in count, timestamps and ip.
 * Timeoutable: expires sessions without activity in a certain period of time.
 * Validatable: creates all needed validations for email and password. It's totally optional, so you're able to to customize validations by yourself.
-* HttpAuthenticatable: sign in users using basic HTTP authentication.
 * Lockable: takes care of locking an account based on the number of failed sign in attempts. Handles unlock via expire and email.
-* Token Authenticatable: validates authenticity of a user while signing in using an authentication token (also known as "single access token").
 * Activatable: if you need to activate accounts by other means, which are not through confirmation, use this module.
 
 There's an example application using Devise at http://github.com/plataformatec/devise_example .

generators/devise/templates/model.rb

@@ -1,6 +1,6 @@
 class <%= class_name %> < ActiveRecord::Base
-  # Include default devise modules.
-  # Others available are :lockable, :timeoutable and :activatable.
+  # Include default devise modules. Others available are:
+  # :http_authenticatable, :token_authenticatable, :lockable, :timeoutable and :activatable
   devise :registerable, :authenticatable, :confirmable, :recoverable,
          :rememberable, :trackable, :validatable
 

lib/devise.rb

@@ -28,7 +28,7 @@ module Devise
   ALL = []
 
   # Authentication ones first
-  ALL.push :authenticatable, :token_authenticatable, :rememberable
+  ALL.push :authenticatable, :http_authenticatable, :token_authenticatable, :rememberable
 
   # Misc after
   ALL.push :recoverable, :registerable, :validatable

lib/devise/models/authenticatable.rb

@@ -1,5 +1,4 @@
 require 'devise/strategies/authenticatable'
-require 'devise/strategies/http_authenticatable'
 
 module Devise
   module Models
@@ -120,11 +119,6 @@ module Devise
           resource if resource.try(:valid_for_authentication?, attributes)
         end
 
-        # Authenticate an user using http.
-        def authenticate_with_http(username, password)
-          authenticate(authentication_keys.first => username, :password => password)
-        end
-
         # Returns the class for the configured encryptor.
         def encryptor_class
           @encryptor_class ||= ::Devise::Encryptors.const_get(encryptor.to_s.classify)

lib/devise/models/http_authenticatable.rb

@@ -0,0 +1,21 @@
+require 'devise/strategies/http_authenticatable'
+
+module Devise
+  module Models
+    # Adds HttpAuthenticatable behavior to your model. It expects that your
+    # model class responds to authenticate and authentication_keys methods
+    # (which for example are defined in authenticatable).
+    module HttpAuthenticatable
+      def self.included(base)
+        base.extend ClassMethods
+      end
+
+      module ClassMethods
+        # Authenticate an user using http.
+        def authenticate_with_http(username, password)
+          authenticate(authentication_keys.first => username, :password => password)
+        end
+      end
+    end
+  end
+end

test/rails_app/app/active_record/user.rb

@@ -1,5 +1,5 @@
 class User < ActiveRecord::Base
-  devise :authenticatable, :confirmable, :lockable, :recoverable,
+  devise :authenticatable, :http_authenticatable, :confirmable, :lockable, :recoverable,
          :registerable, :rememberable, :timeoutable, :token_authenticatable,
          :trackable, :validatable
 

test/rails_app/app/mongo_mapper/user.rb

@@ -1,7 +1,8 @@
 class User
   include MongoMapper::Document
   key :created_at, DateTime
-  devise :authenticatable, :confirmable, :recoverable, :rememberable, :trackable,
-         :validatable, :timeoutable, :lockable, :token_authenticatable
+  devise :authenticatable, :http_authenticatable, :confirmable, :recoverable,
+         :rememberable, :trackable, :validatable, :timeoutable, :lockable,
+         :token_authenticatable
   # attr_accessible :username, :email, :password, :password_confirmation
 end