Class: Devise::Strategies::Rememberable

Inherits:
Authenticatable show all
Defined in:
lib/devise/strategies/rememberable.rb

Overview

Remember the user through the remember token. This strategy is responsible to verify whether there is a cookie with the remember token, and to recreate the user from this cookie if it exists. Must be called before authenticatable.

Instance Method Summary collapse

Instance Method Details

#authenticate!Object

To authenticate a user we deserialize the cookie and attempt finding the record in the database. If the attempt fails, we pass to another strategy handle the authentication.



19
20
21
22
23
24
25
26
27
28
29
30
31
32
# File 'lib/devise/strategies/rememberable.rb', line 19

def authenticate!
  resource = mapping.to.serialize_from_cookie(*remember_cookie)

  unless resource
    cookies.delete(remember_key)
    return pass
  end

  if validate(resource)
    remember_me(resource) if extend_remember_me?(resource)
    resource.after_remembered
    success!(resource)
  end
end

#clean_up_csrf?Boolean

No need to clean up the CSRF when using rememberable. In fact, cleaning it up here would be a bug because rememberable is triggered on GET requests which means we would render a page on first access with all csrf tokens expired.

Returns:

  • (Boolean)


39
40
41
# File 'lib/devise/strategies/rememberable.rb', line 39

def clean_up_csrf?
  false
end

#valid?Boolean

A valid strategy for rememberable needs a remember token in the cookies.

Returns:

  • (Boolean)


11
12
13
14
# File 'lib/devise/strategies/rememberable.rb', line 11

def valid?
  @remember_cookie = nil
  remember_cookie.present?
end