Class: Devise::Strategies::Rememberable

Inherits:

Authenticatable

• Object
• Warden::Strategies::Base
• Base
• Authenticatable
• Devise::Strategies::Rememberable

Defined in:

lib/devise/strategies/rememberable.rb

Overview

Remember the user through the remember token. This strategy is responsible to verify whether there is a cookie with the remember token, and to recreate the user from this cookie if it exists. Must be called before authenticatable.

Instance Method Summary

• #authenticate! ⇒ Object

  To authenticate a user we deserialize the cookie and attempt finding the record in the database.

• #clean_up_csrf? ⇒ Boolean

  No need to clean up the CSRF when using rememberable.

• #valid? ⇒ Boolean

  A valid strategy for rememberable needs a remember token in the cookies.

Instance Method Details

#authenticate! ⇒ Object

To authenticate a user we deserialize the cookie and attempt finding the record in the database. If the attempt fails, we pass to another strategy handle the authentication.

# File 'lib/devise/strategies/rememberable.rb', line 21

def authenticate!
  resource = mapping.to.serialize_from_cookie(*remember_cookie)

  unless resource
    cookies.delete(remember_key)
    return pass
  end

  if validate(resource)
    remember_me(resource) if extend_remember_me?(resource)
    resource.after_remembered
    success!(resource)
  end
end

#clean_up_csrf? ⇒ Boolean

No need to clean up the CSRF when using rememberable. In fact, cleaning it up here would be a bug because rememberable is triggered on GET requests which means we would render a page on first access with all csrf tokens expired.

Returns:

• (Boolean)

# File 'lib/devise/strategies/rememberable.rb', line 41

def clean_up_csrf?
  false
end

#valid? ⇒ Boolean

A valid strategy for rememberable needs a remember token in the cookies.

Returns:

• (Boolean)

# File 'lib/devise/strategies/rememberable.rb', line 13

def valid?
  @remember_cookie = nil
  remember_cookie.present?
end