Class: Devise::Strategies::TokenAuthenticatable
- Inherits:
-
Authenticatable
- Object
- Authenticatable
- Devise::Strategies::TokenAuthenticatable
- Defined in:
- lib/devise/token_authenticatable/strategy.rb
Overview
The TokenAuthenticatable
strategy was extracted from Devise 3.1.0. Its purpose is to provide the deprecated functionality of the TokenAuthenticatable
strategy. The following description was adapted accordingly.
See: github.com/plataformatec/devise/blob/v3.1/lib/devise/strategies/token_authenticatable.rb
Strategy for signing in a user, based on a authenticatable token. This works for both params and http. For the former, all you need to do is to pass the params in the URL:
http://myapp.example.com/?user_token=SECRET
For headers, you can use basic authentication passing the token as username and blank password. Since some clients may require a password, you can pass “X” as password and it will simply be ignored.
You may also pass the token using the Token authentication mechanism provided by Rails: api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html The token options are stored in request.env
Instance Method Summary collapse
Instance Method Details
#authenticate! ⇒ Object
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/devise/token_authenticatable/strategy.rb', line 35 def authenticate! resource = mapping.to.find_for_token_authentication(authentication_hash) return fail(:invalid_token) unless resource unless token_expires_in.blank? if Time.now > (resource.authentication_token_created_at + token_expires_in.to_i) return fail(:expired_token) end end if validate(resource) resource.after_token_authentication success!(resource) end end |
#store? ⇒ Boolean
27 28 29 |
# File 'lib/devise/token_authenticatable/strategy.rb', line 27 def store? super && !mapping.to.skip_session_storage.include?(:token_auth) end |
#valid? ⇒ Boolean
31 32 33 |
# File 'lib/devise/token_authenticatable/strategy.rb', line 31 def valid? super || valid_for_token_auth? end |