class Devise::Strategies::TokenAuthenticatable
Public Instance Methods
authenticate!()
click to toggle source
# File lib/tiddle/strategy.rb, line 8 def authenticate! env["devise.skip_trackable"] = true resource = mapping.to.find_for_authentication(authentication_keys_from_headers) return fail(:invalid_token) unless resource token = Tiddle::TokenIssuer.build.find_token(resource, token_from_headers) if token && unexpired?(token) touch_token(token) return success!(resource) end fail(:invalid_token) end
clean_up_csrf?()
click to toggle source
Avoid CSRF clean up for token authentication as it might trigger session creation in API environments even if CSRF prevention is not being used. Devise
provides a `clean_up_csrf_token_on_authentication` option but it's not always viable in applications with multiple user models and authentication strategies.
# File lib/tiddle/strategy.rb, line 35 def clean_up_csrf? false end
store?()
click to toggle source
# File lib/tiddle/strategy.rb, line 27 def store? false end
valid?()
click to toggle source
# File lib/tiddle/strategy.rb, line 23 def valid? authentication_keys_from_headers.present? && token_from_headers.present? end
Private Instance Methods
authentication_keys()
click to toggle source
# File lib/tiddle/strategy.rb, line 55 def authentication_keys mapping.to.authentication_keys end
authentication_keys_from_headers()
click to toggle source
# File lib/tiddle/strategy.rb, line 41 def authentication_keys_from_headers authentication_keys.map do |key| { key => env["HTTP_X_#{model_name}_#{key.upcase}"] } end.reduce(:merge) end
model_name()
click to toggle source
# File lib/tiddle/strategy.rb, line 51 def model_name Tiddle::ModelName.new.with_underscores(mapping.to) end
token_from_headers()
click to toggle source
# File lib/tiddle/strategy.rb, line 47 def token_from_headers env["HTTP_X_#{model_name}_TOKEN"] end
touch_token(token)
click to toggle source
# File lib/tiddle/strategy.rb, line 59 def touch_token(token) token.update_attribute(:last_used_at, Time.current) if token.last_used_at < 1.hour.ago end
unexpired?(token)
click to toggle source
# File lib/tiddle/strategy.rb, line 63 def unexpired?(token) return true unless token.respond_to?(:expires_in) return true if token.expires_in.blank? || token.expires_in.zero? Time.current <= token.last_used_at + token.expires_in end