Class: Devise::Strategies::Rememberable

Inherits:
Authenticatable show all
Defined in:
lib/devise/strategies/rememberable.rb

Overview

Remember the user through the remember token. This strategy is responsible to verify whether there is a cookie with the remember token, and to recreate the user from this cookie if it exists. Must be called before authenticatable.

Instance Attribute Summary

Attributes inherited from Authenticatable

#authentication_hash, #authentication_type, #password

Instance Method Summary collapse

Methods inherited from Authenticatable

#store?

Methods inherited from Base

#mapping, #store?

Instance Method Details

#authenticate!Object

To authenticate a user we deserialize the cookie and attempt finding the record in the database. If the attempt fails, we pass to another strategy handle the authentication.



21
22
23
24
25
26
27
28
29
30
31
32
33
34
# File 'lib/devise/strategies/rememberable.rb', line 21

def authenticate!
  resource = mapping.to.serialize_from_cookie(*remember_cookie)

  unless resource
    cookies.delete(remember_key)
    return pass
  end

  if validate(resource)
    remember_me(resource) if extend_remember_me?(resource)
    resource.after_remembered
    success!(resource)
  end
end

#clean_up_csrf?Boolean

No need to clean up the CSRF when using rememberable. In fact, cleaning it up here would be a bug because rememberable is triggered on GET requests which means we would render a page on first access with all csrf tokens expired.

Returns:

  • (Boolean)


41
42
43
# File 'lib/devise/strategies/rememberable.rb', line 41

def clean_up_csrf?
  false
end

#valid?Boolean

A valid strategy for rememberable needs a remember token in the cookies.

Returns:

  • (Boolean)


13
14
15
16
# File 'lib/devise/strategies/rememberable.rb', line 13

def valid?
  @remember_cookie = nil
  remember_cookie.present?
end