Module: Devise

Defined in:

lib/devise.rb,
lib/devise/orm.rb,
lib/devise/rails.rb,
lib/devise/models.rb,
lib/devise/mapping.rb,
lib/devise/version.rb,
lib/devise/omniauth.rb,
lib/devise/delegator.rb,
lib/devise/encryptor.rb,
lib/devise/failure_app.rb,
lib/devise/hooks/proxy.rb,
lib/devise/rails/routes.rb,
lib/devise/test_helpers.rb,
lib/devise/time_inflector.rb,
lib/devise/mailers/helpers.rb,
lib/devise/models/lockable.rb,
lib/devise/omniauth/config.rb,
lib/devise/strategies/base.rb,
lib/devise/token_generator.rb,
lib/devise/models/trackable.rb,
lib/devise/parameter_filter.rb,
lib/devise/models/confirmable.rb,
lib/devise/models/recoverable.rb,
lib/devise/models/timeoutable.rb,
lib/devise/models/validatable.rb,
lib/devise/controllers/helpers.rb,
lib/devise/models/omniauthable.rb,
lib/devise/models/registerable.rb,
lib/devise/models/rememberable.rb,
lib/devise/parameter_sanitizer.rb,
lib/devise/omniauth/url_helpers.rb,
lib/devise/controllers/responder.rb,
lib/devise/models/authenticatable.rb,
lib/generators/devise/orm_helpers.rb,
lib/devise/controllers/sign_in_out.rb,
lib/devise/controllers/url_helpers.rb,
lib/devise/strategies/rememberable.rb,
lib/devise/test/controller_helpers.rb,
lib/devise/controllers/rememberable.rb,
lib/devise/controllers/scoped_views.rb,
lib/devise/test/integration_helpers.rb,
lib/devise/controllers/store_location.rb,
lib/devise/strategies/authenticatable.rb,
lib/generators/devise/views_generator.rb,
lib/generators/devise/devise_generator.rb,
lib/generators/devise/install_generator.rb,
lib/devise/models/database_authenticatable.rb,
lib/generators/devise/controllers_generator.rb,
lib/devise/strategies/database_authenticatable.rb

Defined Under Namespace

Modules: Controllers, Encryptor, Generators, Hooks, Mailers, Models, OmniAuth, Orm, RouteSet, Strategies, Test, TestHelpers Classes: ConfirmationsController, Delegator, Engine, FailureApp, Getter, Mailer, Mapping, MissingWarden, OmniauthCallbacksController, ParameterFilter, ParameterSanitizer, PasswordsController, RegistrationsController, SessionsController, TimeInflector, TokenGenerator, UnlocksController

Constant Summary

ALL =

Constants which holds devise configuration for extensions. Those should not be modified by the “end user” (this is why they are constants).

[]

CONTROLLERS =

{}

ROUTES =

{}

STRATEGIES =

{}

URL_HELPERS =

{}

NO_INPUT =

Strategies that do not require user input.

[]

TRUE_VALUES =

True values used to check params

[true, 1, '1', 'on', 'ON', 't', 'T', 'true', 'TRUE']

VERSION =

"5.0.0.beta".freeze

@@secret_key =

nil

@@rememberable_options =

{}

@@stretches =

12

@@http_authentication_key =

nil

@@authentication_keys =

[:email]

@@request_keys =

[]

@@case_insensitive_keys =

[:email]

@@strip_whitespace_keys =

[:email]

@@http_authenticatable =

false

@@http_authenticatable_on_xhr =

true

@@params_authenticatable =

true

@@http_authentication_realm =

"Application"

@@email_regexp =

/\A[^@\s]+@[^@\s]+\z/

@@password_length =

6..128

@@remember_for =

2.weeks

@@extend_remember_period =

false

@@expire_all_remember_me_on_sign_out =

true

@@allow_unconfirmed_access_for =

0.days

@@confirm_within =

nil

@@confirmation_keys =

[:email]

@@reconfirmable =

true

@@timeout_in =

30.minutes

@@pepper =

nil

@@send_email_changed_notification =

false

@@send_password_change_notification =

false

@@scoped_views =

false

@@lock_strategy =

:failed_attempts

@@unlock_keys =

[:email]

@@unlock_strategy =

:both

@@maximum_attempts =

20

@@unlock_in =

1.hour

@@reset_password_keys =

[:email]

@@reset_password_within =

6.hours

@@sign_in_after_reset_password =

true

@@default_scope =

nil

@@mailer_sender =

nil

@@skip_session_storage =

[:http_auth]

@@navigational_formats =

["*/*", :html, :turbo_stream]

@@responder =

Devise::Controllers::Responder

@@sign_out_all_scopes =

true

@@sign_out_via =

:delete

@@parent_controller =

"ApplicationController"

@@parent_mailer =

"ActionMailer::Base"

@@router_name =

nil

@@omniauth_path_prefix =

nil

@@clean_up_csrf_token_on_authentication =

true

@@reload_routes =

true

@@mappings =

Store scopes mappings.

{}

@@omniauth_configs =

{}

@@helpers =

Set.new

@@warden_config =

nil

@@warden_config_blocks =

[]

@@paranoid =

false

@@last_attempt_warning =

true

@@token_generator =

nil

@@sign_in_after_change_password =

true

Class Method Summary

• .activerecord51? ⇒ Boolean

  :nodoc:.

• .add_mapping(resource, options) ⇒ Object

  Small method that adds a mapping to Devise.

• .add_module(module_name, options = {}) ⇒ Object

  Register available devise modules.

• .available_router_name ⇒ Object
• .configure_warden! ⇒ Object

  A method used internally to complete the setup of warden manager after routes are loaded.

• .deprecator ⇒ Object
• .friendly_token(length = 20) ⇒ Object

  Generate a friendly string randomly to be used as token.

• .include_helpers(scope) ⇒ Object

  Include helpers in the given scope to AC and AV.

• .mailer ⇒ Object

  Get the mailer class from the mailer reference object.

• .mailer=(class_name) ⇒ Object

  Set the mailer reference object to access the mailer.

• .mappings ⇒ Object
• .omniauth(provider, *args) ⇒ Object

  Specify an OmniAuth provider.

• .omniauth_providers ⇒ Object
• .ref(arg) ⇒ Object
• .regenerate_helpers! ⇒ Object

  Regenerates url helpers considering Devise.mapping.

• .secure_compare(a, b) ⇒ Object

  constant-time comparison algorithm to prevent timing attacks.

• .setup {|_self| ... } ⇒ Object

  Default way to set up Devise.

• .warden(&block) ⇒ Object

  Sets warden configuration using a block that will be invoked on warden initialization.

Class Method Details

.activerecord51? ⇒ Boolean

:nodoc:

Returns:

• (Boolean)

# File 'lib/devise.rb', line 533

def self.activerecord51? # :nodoc:
  deprecator.warn <<-DEPRECATION.strip_heredoc
    [Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version.
    It is a non-public method that's no longer used internally, but that other libraries have been relying on.
  DEPRECATION
  defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
end

.add_mapping(resource, options) ⇒ Object

Small method that adds a mapping to Devise.

# File 'lib/devise.rb', line 365

def self.add_mapping(resource, options)
  mapping = Devise::Mapping.new(resource, options)
  @@mappings[mapping.name] = mapping
  @@default_scope ||= mapping.name
  @@helpers.each { |h| h.define_helpers(mapping) }
  mapping
end

.add_module(module_name, options = {}) ⇒ Object

Register available devise modules. For the standard modules that Devise provides, this method is called from lib/devise/modules.rb. Third-party modules need to be added explicitly using this method.

Note that adding a module using this method does not cause it to be used in the authentication process. That requires that the module be listed in the arguments passed to the ‘devise’ method in the model class definition.

Options:

+model+      - String representing the load path to a custom *model* for this module (to autoload.)
+controller+ - Symbol representing the name of an existing or custom *controller* for this module.
+route+      - Symbol representing the named *route* helper for this module.
+strategy+   - Symbol representing if this module got a custom *strategy*.
+insert_at+  - Integer representing the order in which this module's model will be included

All values, except :model, accept also a boolean and will have the same name as the given module name.

Examples:

Devise.add_module(:party_module)
Devise.add_module(:party_module, strategy: true, controller: :sessions)
Devise.add_module(:party_module, model: 'party_module/model')
Devise.add_module(:party_module, insert_at: 0)

# File 'lib/devise.rb', line 398

def self.add_module(module_name, options = {})
  options.assert_valid_keys(:strategy, :model, :controller, :route, :no_input, :insert_at)

  ALL.insert (options[:insert_at] || -1), module_name

  if strategy = options[:strategy]
    strategy = (strategy == true ? module_name : strategy)
    STRATEGIES[module_name] = strategy
  end

  if controller = options[:controller]
    controller = (controller == true ? module_name : controller)
    CONTROLLERS[module_name] = controller
  end

  NO_INPUT << strategy if options[:no_input]

  if route = options[:route]
    case route
    when TrueClass
      key, value = module_name, []
    when Symbol
      key, value = route, []
    when Hash
      key, value = route.keys.first, route.values.flatten
    else
      raise ArgumentError, ":route should be true, a Symbol or a Hash"
    end

    URL_HELPERS[key] ||= []
    URL_HELPERS[key].concat(value)
    URL_HELPERS[key].uniq!

    ROUTES[module_name] = key
  end

  if options[:model]
    path = (options[:model] == true ? "devise/models/#{module_name}" : options[:model])
    camelized = ActiveSupport::Inflector.camelize(module_name.to_s)
    Devise::Models.send(:autoload, camelized.to_sym, path)
  end

  Devise::Mapping.add_module module_name
end

.available_router_name ⇒ Object

# File 'lib/devise.rb', line 345

def self.available_router_name
  router_name || :main_app
end

.configure_warden! ⇒ Object

A method used internally to complete the setup of warden manager after routes are loaded. See lib/devise/rails/routes.rb - ActionDispatch::Routing::RouteSet#finalize_with_devise!

# File 'lib/devise.rb', line 487

def self.configure_warden! #:nodoc:
  @@warden_configured ||= begin
    warden_config.failure_app   = Devise::Delegator.new
    warden_config.default_scope = Devise.default_scope
    warden_config.intercept_401 = false

    Devise.mappings.each_value do |mapping|
      warden_config.scope_defaults mapping.name, strategies: mapping.strategies

      warden_config.serialize_into_session(mapping.name) do |record|
        mapping.to.serialize_into_session(record)
      end

      warden_config.serialize_from_session(mapping.name) do |args|
        mapping.to.serialize_from_session(*args)
      end
    end

    @@warden_config_blocks.map { |block| block.call Devise.warden_config }
    true
  end
end

.deprecator ⇒ Object

# File 'lib/devise.rb', line 529

def self.deprecator
  @deprecator ||= ActiveSupport::Deprecation.new("5.0", "Devise")
end

.friendly_token(length = 20) ⇒ Object

Generate a friendly string randomly to be used as token. By default, length is 20 characters.

# File 'lib/devise.rb', line 512

def self.friendly_token(length = 20)
  # To calculate real characters, we must perform this operation.
  # See SecureRandom.urlsafe_base64
  rlength = (length * 3) / 4
  SecureRandom.urlsafe_base64(rlength).tr('lIO0', 'sxyz')
end

.include_helpers(scope) ⇒ Object

Include helpers in the given scope to AC and AV.

# File 'lib/devise.rb', line 468

def self.include_helpers(scope)
  ActiveSupport.on_load(:action_controller) do
    include scope::Helpers if defined?(scope::Helpers)
    include scope::UrlHelpers
  end

  ActiveSupport.on_load(:action_view) do
    include scope::UrlHelpers
  end
end

.mailer ⇒ Object

Get the mailer class from the mailer reference object.

# File 'lib/devise.rb', line 354

def self.mailer
  @@mailer_ref.get
end

.mailer=(class_name) ⇒ Object

Set the mailer reference object to access the mailer.

# File 'lib/devise.rb', line 359

def self.mailer=(class_name)
  @@mailer_ref = ref(class_name)
end

.mappings ⇒ Object

# File 'lib/devise.rb', line 278

def self.mappings
  # Starting from Rails 8.0, routes are lazy-loaded by default in test and development environments.
  # However, Devise's mappings are built during the routes loading phase.
  # To ensure it works correctly, we need to load the routes first before accessing @@mappings.
  Rails.application.try(:reload_routes_unless_loaded)
  @@mappings
end

.omniauth(provider, *args) ⇒ Object

Specify an OmniAuth provider.

config.omniauth :github, APP_ID, APP_SECRET

# File 'lib/devise.rb', line 462

def self.omniauth(provider, *args)
  config = Devise::OmniAuth::Config.new(provider, args)
  @@omniauth_configs[config.strategy_name.to_sym] = config
end

.omniauth_providers ⇒ Object

# File 'lib/devise.rb', line 349

def self.omniauth_providers
  omniauth_configs.keys
end

.ref(arg) ⇒ Object

# File 'lib/devise.rb', line 337

def self.ref(arg)
  # TODO: Remove AS::Dependencies usage when dropping support to Rails < 7.
  if ActiveSupport::Dependencies.respond_to?(:reference)
    ActiveSupport::Dependencies.reference(arg)
  end
  Getter.new(arg)
end

.regenerate_helpers! ⇒ Object

Regenerates url helpers considering Devise.mapping

# File 'lib/devise.rb', line 480

def self.regenerate_helpers!
  Devise::Controllers::UrlHelpers.remove_helpers!
  Devise::Controllers::UrlHelpers.generate_helpers!
end

.secure_compare(a, b) ⇒ Object

constant-time comparison algorithm to prevent timing attacks

# File 'lib/devise.rb', line 520

def self.secure_compare(a, b)
  return false if a.blank? || b.blank? || a.bytesize != b.bytesize
  l = a.unpack "C#{a.bytesize}"

  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end

.setup {|_self| ... } ⇒ Object

Default way to set up Devise. Run rails generate devise_install to create a fresh initializer with all configuration values.

Yields:

• (_self)

Yield Parameters:

• _self (Devise) —

  the object that the method was called on

# File 'lib/devise.rb', line 318

def self.setup
  yield self
end

.warden(&block) ⇒ Object

Sets warden configuration using a block that will be invoked on warden initialization.

Devise.setup do |config|
  config.allow_unconfirmed_access_for = 2.days

  config.warden do |manager|
    # Configure warden to use other strategies, like oauth.
    manager.oauth(:twitter)
  end
end

# File 'lib/devise.rb', line 454

def self.warden(&block)
  @@warden_config_blocks << block
end