class Devise::Strategies::TokenAuthenticatable

Public Instance Methods

authenticate!() click to toggle source
# File lib/tiddle/strategy.rb, line 8
def authenticate!
  env["devise.skip_trackable"] = true

  resource = mapping.to.find_for_authentication(authentication_keys_from_headers)
  return fail(:invalid_token) unless resource

  token = Tiddle::TokenIssuer.build.find_token(resource, token_from_headers)
  if token && unexpired?(token)
    touch_token(token)
    return success!(resource)
  end

  fail(:invalid_token)
end
clean_up_csrf?() click to toggle source

Avoid CSRF clean up for token authentication as it might trigger session creation in API environments even if CSRF prevention is not being used. Devise provides a `clean_up_csrf_token_on_authentication` option but it's not always viable in applications with multiple user models and authentication strategies.

# File lib/tiddle/strategy.rb, line 35
def clean_up_csrf?
  false
end
store?() click to toggle source
# File lib/tiddle/strategy.rb, line 27
def store?
  false
end
valid?() click to toggle source
# File lib/tiddle/strategy.rb, line 23
def valid?
  authentication_keys_from_headers.present? && token_from_headers.present?
end

Private Instance Methods

authentication_keys() click to toggle source
# File lib/tiddle/strategy.rb, line 55
def authentication_keys
  mapping.to.authentication_keys
end
authentication_keys_from_headers() click to toggle source
# File lib/tiddle/strategy.rb, line 41
def authentication_keys_from_headers
  authentication_keys.map do |key|
    { key => env["HTTP_X_#{model_name}_#{key.upcase}"] }
  end.reduce(:merge)
end
model_name() click to toggle source
# File lib/tiddle/strategy.rb, line 51
def model_name
  Tiddle::ModelName.new.with_underscores(mapping.to)
end
token_from_headers() click to toggle source
# File lib/tiddle/strategy.rb, line 47
def token_from_headers
  env["HTTP_X_#{model_name}_TOKEN"]
end
touch_token(token) click to toggle source
# File lib/tiddle/strategy.rb, line 59
def touch_token(token)
  token.update_attribute(:last_used_at, Time.current) if token.last_used_at < 1.hour.ago
end
unexpired?(token) click to toggle source
# File lib/tiddle/strategy.rb, line 63
def unexpired?(token)
  return true unless token.respond_to?(:expires_in)
  return true if token.expires_in.blank? || token.expires_in.zero?

  Time.current <= token.last_used_at + token.expires_in
end