Class: Devise::Strategies::TokenAuthenticatable

Inherits:

Authenticatable

Object
Authenticatable
Devise::Strategies::TokenAuthenticatable

Defined in:: lib/devise/token_authenticatable/strategy.rb

Overview

The TokenAuthenticatable strategy was extracted from Devise 3.1.0. Its purpose is to provide the deprecated functionality of the TokenAuthenticatable strategy. The following description was adapted accordingly.

See: github.com/plataformatec/devise/blob/v3.1/lib/devise/strategies/token_authenticatable.rb

Strategy for signing in a user, based on a authenticatable token. This works for both params and http. For the former, all you need to do is to pass the params in the URL:

http://myapp.example.com/?user_token=SECRET

For headers, you can use basic authentication passing the token as username and blank password. Since some clients may require a password, you can pass “X” as password and it will simply be ignored.

You may also pass the token using the Token authentication mechanism provided by Rails: api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html The token options are stored in request.env

Instance Method Summary collapse

Instance Method Details

#authenticate! ⇒ `Object`

# File 'lib/devise/token_authenticatable/strategy.rb', line 35

def authenticate!
  resource = mapping.to.find_for_token_authentication(authentication_hash)
  return fail(:invalid_token) unless resource

  unless token_expires_in.blank?
    if Time.now > (resource.authentication_token_created_at + token_expires_in.to_i)
      return fail(:expired_token)
    end
  end

  if validate(resource)
    resource.after_token_authentication
    success!(resource)
  end
end

#store? ⇒ `Boolean`

Returns:

(Boolean)



27
28
29

# File 'lib/devise/token_authenticatable/strategy.rb', line 27

def store?
  super && !mapping.to.skip_session_storage.include?(:token_auth)
end

#valid? ⇒ `Boolean`