Class: Devise::Strategies::DatabaseAuthenticatable

Inherits:
Authenticatable
  • Object
show all
Defined in:
lib/devise/strategies/database_authenticatable.rb

Overview

Default strategy for signing in a user, based on their email and password in the database.

Instance Method Summary collapse

Instance Method Details

#authenticate!Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/devise/strategies/database_authenticatable.rb', line 9

def authenticate!
  resource  = password.present? && mapping.to.find_for_database_authentication(authentication_hash)
  hashed = false

  if validate(resource){ hashed = true; resource.valid_password?(password) }
    if otp_challenge_required_on?(resource)
      # Redirect to challenge
      challenge = resource.generate_otp_challenge!
      redirect!(otp_challenge_url, {:challenge => challenge})
    else
      # Sign in user as usual
      remember_me(resource)
      resource.after_database_authentication
      success!(resource)
    end
  end

  # In paranoid mode, hash the password even when a resource doesn't exist for the given authentication key.
  # This is necessary to prevent enumeration attacks - e.g. the request is faster when a resource doesn't
  # exist in the database if the password hashing algorithm is not called.
  mapping.to.new.password = password if !hashed && Devise.paranoid
  unless resource
    Devise.paranoid ? fail(:invalid) : fail(:not_found_in_database)
  end
end