Refactoring devise strategies.

2022-11-09 12:18:31 -05:00 · 2009-10-18 11:15:23 -02:00 · 2009-10-18 11:15:23 -02:00 · fb160f8be4
commit fb160f8be4
parent f1bb64fb1e
5 changed files with 107 additions and 82 deletions
--- a/lib/devise.rb
+++ b/lib/devise.rb
@ -5,7 +5,7 @@ rescue
  require 'warden'
 end
-require 'devise/initializers/warden'
+require 'devise/warden'
 require 'devise/mapping'
 require 'devise/routes'
--- a/lib/devise/initializers/warden.rb
+++ b/lib/devise/initializers/warden.rb
@ -1,81 +0,0 @@
 # Taken from RailsWarden, thanks to Hassox.
 # http://github.com/hassox/rails_warden
 module Warden::Mixins::Common
  # Gets the rails request object by default if it's available
  def request
    return @request if @request
    if env['action_controller.rescue.request']
      @request = env['action_controller.rescue.request']
    else
      Rack::Request.new(env)
    end
  end
  def raw_session
    request.session
  end
  def reset_session!
    raw_session.inspect # why do I have to inspect it to get it to clear?
    raw_session.clear
  end
 end
 # Session Serialization in. This block determines how the user will be stored
 # in the session. If you're using a complex object like an ActiveRecord model,
 # it is not a good idea to store the complete object. An ID is sufficient.
 Warden::Manager.serialize_into_session{ |user| [user.class, user.id] }
 # Session Serialization out. This block gets the user out of the session.
 # It should be the reverse of serializing the object into the session
 Warden::Manager.serialize_from_session do |klass, id|
  klass.find(id)
 end
 # Default strategy for signing in a user, based on his email and password.
 # If no email and no password are present, no authentication is attempted.
 Warden::Strategies.add(:authenticable) do
  def valid?
    raise "You need to give a scope for Devise authentication" unless scope
    raise "You need to give a valid Devise mapping"            unless @mapping = Devise.mappings[scope]
    true
  end
  # Authenticate a user based on email and password params, returning to warden
  # success and the authenticated user if everything is okay. Otherwise redirect
  # to sign in page.
  def authenticate!
    if valid_attributes? && resource = @mapping.to.authenticate(attributes)
      success!(resource)
    else
      store_location
      redirect!("/#{@mapping.as}/#{@mapping.path_names[:sign_in]}", :unauthenticated => true)
    end
  end
  # Find the attributes for the current mapping.
  def attributes
    @attributes ||= request.params[scope]
  end
  # Check for the right keys.
  def valid_attributes?
    attributes && attributes[:email].present? && attributes[:password].present?
  end
  # Stores requested uri to redirect the user after signing in. We cannot use
  # scoped session provided by warden here, since the user is not authenticated
  # yet, but we still need to store the uri based on scope, so different scopes
  # would never use the same uri to redirect.
  def store_location
    session[:"#{@mapping.name}.return_to"] = request.request_uri if request.get?
  end
 end
 # Adds Warden Manager to Rails middleware stack, configuring default devise
 # strategy and also the controller who will manage not authenticated users.
 Rails.configuration.middleware.use Warden::Manager do |manager|
  manager.default_strategies :authenticable
  manager.failure_app = SessionsController
 end
--- a/lib/devise/strategies/authenticable.rb
+++ b/lib/devise/strategies/authenticable.rb
@ -0,0 +1,38 @@
 module Devise
  module Strategies
    # Default strategy for signing in a user, based on his email and password.
    # If no email and no password are present, no authentication is attempted.
    class Authenticable < Devise::Strategies::Base
      # Authenticate a user based on email and password params, returning to warden
      # success and the authenticated user if everything is okay. Otherwise redirect
      # to sign in page.
      def authenticate!
        if valid_attributes? && resource = mapping.to.authenticate(attributes)
          success!(resource)
        else
          store_location
          redirect!("/#{mapping.as}/#{mapping.path_names[:sign_in]}", :unauthenticated => true)
        end
      end
      # Find the attributes for the current mapping.
      def attributes
        @attributes ||= request.params[scope]
      end
      # Check for the right keys.
      def valid_attributes?
        attributes && attributes[:email].present? && attributes[:password].present?
      end
      # Stores requested uri to redirect the user after signing in. We cannot use
      # scoped session provided by warden here, since the user is not authenticated
      # yet, but we still need to store the uri based on scope, so different scopes
      # would never use the same uri to redirect.
      def store_location
        session[:"#{mapping.name}.return_to"] = request.request_uri if request.get?
      end
    end
  end
 end
--- a/lib/devise/strategies/base.rb
+++ b/lib/devise/strategies/base.rb
@ -0,0 +1,25 @@
 module Devise
  module Strategies
    # Base strategy for Devise. Responsible for verifying correct scope and
    # mapping.
    class Base < Warden::Strategies::Base
      # Validate strategy. By default will raise an error if no scope or an
      # invalid mapping is found.
      def valid?
        mapping
        true
      end
      # Checks if a valid scope was given for devise and find mapping based on
      # this scope.
      def mapping
        @mapping ||= begin
          raise "You need to give a scope for Devise authentication" unless scope
          raise "You need to give a valid Devise mapping"            unless mapping = Devise.mappings[scope]
          mapping
        end
      end
    end
  end
 end
--- a/lib/devise/warden.rb
+++ b/lib/devise/warden.rb
@ -0,0 +1,43 @@
 # Taken from RailsWarden, thanks to Hassox.
 # http://github.com/hassox/rails_warden
 module Warden::Mixins::Common
  # Gets the rails request object by default if it's available
  def request
    return @request if @request
    if env['action_controller.rescue.request']
      @request = env['action_controller.rescue.request']
    else
      Rack::Request.new(env)
    end
  end
  def raw_session
    request.session
  end
  def reset_session!
    raw_session.inspect # why do I have to inspect it to get it to clear?
    raw_session.clear
  end
 end
 # Session Serialization in. This block determines how the user will be stored
 # in the session. If you're using a complex object like an ActiveRecord model,
 # it is not a good idea to store the complete object. An ID is sufficient.
 Warden::Manager.serialize_into_session{ |user| [user.class, user.id] }
 # Session Serialization out. This block gets the user out of the session.
 # It should be the reverse of serializing the object into the session
 Warden::Manager.serialize_from_session do |klass, id|
  klass.find(id)
 end
 # Adds Warden Manager to Rails middleware stack, configuring default devise
 # strategy and also the controller who will manage not authenticated users.
 Rails.configuration.middleware.use Warden::Manager do |manager|
  manager.default_strategies :authenticable
  manager.failure_app = SessionsController
 end
 # Setup devise strategies for Warden
 Warden::Strategies.add(:authenticable, Devise::Strategies::Authenticable)