Module: Devise

Defined in:
lib/devise.rb,
lib/devise/rails.rb,
lib/devise/models.rb,
lib/devise/mapping.rb,
lib/devise/version.rb,
lib/devise/omniauth.rb,
lib/devise/encryptor.rb,
lib/devise/delegator.rb,
lib/devise/hooks/proxy.rb,
lib/devise/failure_app.rb,
lib/devise/test_helpers.rb,
lib/devise/rails/routes.rb,
lib/devise/time_inflector.rb,
lib/devise/models/lockable.rb,
lib/devise/mailers/helpers.rb,
lib/devise/token_generator.rb,
lib/devise/omniauth/config.rb,
lib/devise/strategies/base.rb,
lib/devise/models/trackable.rb,
lib/devise/parameter_filter.rb,
lib/devise/models/validatable.rb,
lib/devise/models/confirmable.rb,
lib/devise/models/recoverable.rb,
lib/devise/models/timeoutable.rb,
lib/devise/models/rememberable.rb,
lib/devise/models/omniauthable.rb,
lib/devise/parameter_sanitizer.rb,
lib/devise/controllers/helpers.rb,
lib/devise/models/registerable.rb,
lib/devise/omniauth/url_helpers.rb,
lib/devise/models/authenticatable.rb,
lib/generators/devise/orm_helpers.rb,
lib/devise/controllers/url_helpers.rb,
lib/devise/controllers/sign_in_out.rb,
lib/devise/strategies/rememberable.rb,
lib/devise/controllers/scoped_views.rb,
lib/devise/controllers/rememberable.rb,
lib/generators/devise/views_generator.rb,
lib/devise/strategies/authenticatable.rb,
lib/devise/controllers/store_location.rb,
lib/generators/devise/devise_generator.rb,
lib/generators/devise/install_generator.rb,
lib/devise/models/database_authenticatable.rb,
lib/generators/devise/controllers_generator.rb,
lib/devise/strategies/database_authenticatable.rb

Defined Under Namespace

Modules: Controllers, Encryptor, Generators, Hooks, Mailers, Models, OmniAuth, RouteSet, Strategies, TestHelpers Classes: ConfirmationsController, Delegator, Engine, FailureApp, Getter, Mailer, Mapping, OmniauthCallbacksController, ParameterFilter, ParameterSanitizer, PasswordsController, RegistrationsController, SessionsController, TimeInflector, TokenGenerator, UnlocksController

Constant Summary

ALL =

Constants which holds devise configuration for extensions. Those should not be modified by the “end user” (this is why they are constants).

[]
CONTROLLERS =
ActiveSupport::OrderedHash.new
ROUTES =
ActiveSupport::OrderedHash.new
STRATEGIES =
ActiveSupport::OrderedHash.new
URL_HELPERS =
ActiveSupport::OrderedHash.new
NO_INPUT =

Strategies that do not require user input.

[]
TRUE_VALUES =

True values used to check params

[true, 1, '1', 't', 'T', 'true', 'TRUE']
VERSION =
"4.0.0".freeze
@@app_set_configs =
Set.new
@@secret_key =
nil
@@rememberable_options =
{}
@@stretches =
11
@@http_authentication_key =
nil
@@authentication_keys =
[:email]
@@request_keys =
[]
@@case_insensitive_keys =
[:email]
@@strip_whitespace_keys =
[]
@@http_authenticatable =
false
@@http_authenticatable_on_xhr =
true
@@params_authenticatable =
true
@@http_authentication_realm =
"Application"
@@email_regexp =
/\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/
@@password_length =
6..128
@@remember_for =
2.weeks
@@extend_remember_period =
false
@@expire_all_remember_me_on_sign_out =
true
@@allow_unconfirmed_access_for =
0.days
@@confirm_within =
nil
@@confirmation_keys =
[:email]
@@reconfirmable =
false
@@timeout_in =
30.minutes
@@pepper =
nil
@@send_password_change_notification =
false
@@scoped_views =
false
@@lock_strategy =
:failed_attempts
@@unlock_keys =
[:email]
@@unlock_strategy =
:both
@@maximum_attempts =
20
@@unlock_in =
1.hour
@@reset_password_keys =
[:email]
@@reset_password_within =
6.hours
@@sign_in_after_reset_password =
true
@@default_scope =
nil
@@mailer_sender =
nil
@@skip_session_storage =
[]
["*/*", :html]
@@sign_out_all_scopes =
true
@@sign_out_via =
:get
@@parent_controller =
"ApplicationController"
@@parent_mailer =
"ActionMailer::Base"
@@router_name =
nil
@@omniauth_path_prefix =
nil
@@clean_up_csrf_token_on_authentication =
true
@@mappings =
ActiveSupport::OrderedHash.new
@@omniauth_configs =
ActiveSupport::OrderedHash.new
@@helpers =
Set.new
@@warden_config =
nil
@@warden_config_blocks =
[]
@@paranoid =
false
@@last_attempt_warning =
true
@@token_generator =
nil

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.add_mapping(resource, options) ⇒ Object

Small method that adds a mapping to Devise.



410
411
412
413
414
415
416
# File 'lib/devise.rb', line 410

def self.add_mapping(resource, options)
  mapping = Devise::Mapping.new(resource, options)
  @@mappings[mapping.name] = mapping
  @@default_scope ||= mapping.name
  @@helpers.each { |h| h.define_helpers(mapping) }
  mapping
end

.add_module(module_name, options = {}) ⇒ Object

Register available devise modules. For the standard modules that Devise provides, this method is called from lib/devise/modules.rb. Third-party modules need to be added explicitly using this method.

Note that adding a module using this method does not cause it to be used in the authentication process. That requires that the module be listed in the arguments passed to the 'devise' method in the model class definition.

Options:

+model+      - String representing the load path to a custom *model* for this module (to autoload.)
+controller+ - Symbol representing the name of an existing or custom *controller* for this module.
+route+      - Symbol representing the named *route* helper for this module.
+strategy+   - Symbol representing if this module got a custom *strategy*.
+insert_at+  - Integer representing the order in which this module's model will be included

All values, except :model, accept also a boolean and will have the same name as the given module name.

Examples:

Devise.add_module(:party_module)
Devise.add_module(:party_module, strategy: true, controller: :sessions)
Devise.add_module(:party_module, model: 'party_module/model')
Devise.add_module(:party_module, insert_at: 0)


443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
# File 'lib/devise.rb', line 443

def self.add_module(module_name, options = {})
  options.assert_valid_keys(:strategy, :model, :controller, :route, :no_input, :insert_at)

  ALL.insert (options[:insert_at] || -1), module_name

  if strategy = options[:strategy]
    strategy = (strategy == true ? module_name : strategy)
    STRATEGIES[module_name] = strategy
  end

  if controller = options[:controller]
    controller = (controller == true ? module_name : controller)
    CONTROLLERS[module_name] = controller
  end

  NO_INPUT << strategy if options[:no_input]

  if route = options[:route]
    case route
    when TrueClass
      key, value = module_name, []
    when Symbol
      key, value = route, []
    when Hash
      key, value = route.keys.first, route.values.flatten
    else
      raise ArgumentError, ":route should be true, a Symbol or a Hash"
    end

    URL_HELPERS[key] ||= []
    URL_HELPERS[key].concat(value)
    URL_HELPERS[key].uniq!

    ROUTES[module_name] = key
  end

  if options[:model]
    path = (options[:model] == true ? "devise/models/#{module_name}" : options[:model])
    camelized = ActiveSupport::Inflector.camelize(module_name.to_s)
    Devise::Models.send(:autoload, camelized.to_sym, path)
  end

  Devise::Mapping.add_module module_name
end

.available_router_nameObject



390
391
392
# File 'lib/devise.rb', line 390

def self.available_router_name
  router_name || :main_app
end

.bcrypt(klass, password) ⇒ Object



4
5
6
7
# File 'lib/devise/models/database_authenticatable.rb', line 4

def self.bcrypt(klass, password)
  ActiveSupport::Deprecation.warn "Devise.bcrypt is deprecated; use Devise::Encryptor.digest instead"
  Devise::Encryptor.digest(klass, password)
end

.configure_warden!Object

A method used internally to complete the setup of warden manager after routes are loaded. See lib/devise/rails/routes.rb - ActionDispatch::Routing::RouteSet#finalize_with_devise!



533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
# File 'lib/devise.rb', line 533

def self.configure_warden! #:nodoc:
  @@warden_configured ||= begin
    warden_config.failure_app   = Devise::Delegator.new
    warden_config.default_scope = Devise.default_scope
    warden_config.intercept_401 = false

    Devise.mappings.each_value do |mapping|
      warden_config.scope_defaults mapping.name, strategies: mapping.strategies

      warden_config.serialize_into_session(mapping.name) do |record|
        mapping.to.serialize_into_session(record)
      end

      warden_config.serialize_from_session(mapping.name) do |key|
        # Previous versions contained an additional entry at the beginning of
        # key with the record's class name.
        args = key[-2, 2]
        mapping.to.serialize_from_session(*args)
      end
    end

    @@warden_config_blocks.map { |block| block.call Devise.warden_config }
    true
  end
end

.email_regexp=(email_regexp) ⇒ Object



128
129
130
131
# File 'lib/devise.rb', line 128

def self.email_regexp=(email_regexp)
  app_set_configs << :email_regexp
  @@email_regexp = email_regexp
end

.friendly_token(length = 20) ⇒ Object

Generate a friendly string randomly to be used as token. By default, length is 20 characters.



561
562
563
564
565
566
# File 'lib/devise.rb', line 561

def self.friendly_token(length = 20)
  # To calculate real characters, we must perform this operation.
  # See SecureRandom.urlsafe_base64
  rlength = (length * 3) / 4
  SecureRandom.urlsafe_base64(rlength).tr('lIO0', 'sxyz')
end

.include_helpers(scope) ⇒ Object

Include helpers in the given scope to AC and AV.



514
515
516
517
518
519
520
521
522
523
# File 'lib/devise.rb', line 514

def self.include_helpers(scope)
  ActiveSupport.on_load(:action_controller) do
    include scope::Helpers if defined?(scope::Helpers)
    include scope::UrlHelpers
  end

  ActiveSupport.on_load(:action_view) do
    include scope::UrlHelpers
  end
end

.mailerObject

Get the mailer class from the mailer reference object.



399
400
401
# File 'lib/devise.rb', line 399

def self.mailer
  @@mailer_ref.get
end

.mailer=(class_name) ⇒ Object

Set the mailer reference object to access the mailer.



404
405
406
# File 'lib/devise.rb', line 404

def self.mailer=(class_name)
  @@mailer_ref = ref(class_name)
end

.omniauth(provider, *args) ⇒ Object

Specify an OmniAuth provider.

config.omniauth :github, APP_ID, APP_SECRET


507
508
509
510
511
# File 'lib/devise.rb', line 507

def self.omniauth(provider, *args)
  @@helpers << Devise::OmniAuth::UrlHelpers
  config = Devise::OmniAuth::Config.new(provider, args)
  @@omniauth_configs[config.strategy_name.to_sym] = config
end

.omniauth_providersObject



394
395
396
# File 'lib/devise.rb', line 394

def self.omniauth_providers
  omniauth_configs.keys
end

.reconfirmable=(reconfirmable) ⇒ Object



173
174
175
176
# File 'lib/devise.rb', line 173

def self.reconfirmable=(reconfirmable)
  app_set_configs << :reconfirmable
  @@reconfirmable = reconfirmable
end

.ref(arg) ⇒ Object



381
382
383
384
385
386
387
388
# File 'lib/devise.rb', line 381

def self.ref(arg)
  if defined?(ActiveSupport::Dependencies::ClassCache)
    ActiveSupport::Dependencies::reference(arg)
    Getter.new(arg)
  else
    ActiveSupport::Dependencies.ref(arg)
  end
end

.regenerate_helpers!Object

Regenerates url helpers considering Devise.mapping



526
527
528
529
# File 'lib/devise.rb', line 526

def self.regenerate_helpers!
  Devise::Controllers::UrlHelpers.remove_helpers!
  Devise::Controllers::UrlHelpers.generate_helpers!
end

.secure_compare(a, b) ⇒ Object

constant-time comparison algorithm to prevent timing attacks



569
570
571
572
573
574
575
576
# File 'lib/devise.rb', line 569

def self.secure_compare(a, b)
  return false if a.blank? || b.blank? || a.bytesize != b.bytesize
  l = a.unpack "C#{a.bytesize}"

  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end

.setup {|_self| ... } ⇒ Object

Default way to set up Devise. Run rails generate devise_install to create a fresh initializer with all configuration values.

Yields:

  • (_self)

Yield Parameters:

  • _self (Devise)

    the object that the method was called on



341
342
343
344
345
346
347
348
349
# File 'lib/devise.rb', line 341

def self.setup
  yield self

  warn_default_config_changed(:email_regexp, '/\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/', '/\A[^@\s]+@[^@\s]+\z/')
  warn_default_config_changed(:reconfirmable, 'false', 'true')
  warn_default_config_changed(:sign_out_via, ':get', ':delete')
  warn_default_config_changed(:skip_session_storage, '[]', '[:http_auth]')
  warn_default_config_changed(:strip_whitespace_keys, '[]', '[:email]')
end

.sign_out_via=(sign_out_via) ⇒ Object



270
271
272
273
# File 'lib/devise.rb', line 270

def self.sign_out_via=(sign_out_via)
  app_set_configs << :sign_out_via
  @@sign_out_via = sign_out_via
end

.skip_session_storage=(skip_session_storage) ⇒ Object



247
248
249
250
# File 'lib/devise.rb', line 247

def self.skip_session_storage=(skip_session_storage)
  app_set_configs << :skip_session_storage
  @@skip_session_storage = skip_session_storage
end

.strip_whitespace_keys=(strip_whitespace_keys) ⇒ Object



95
96
97
98
# File 'lib/devise.rb', line 95

def self.strip_whitespace_keys=(strip_whitespace_keys)
  app_set_configs << :strip_whitespace_keys
  @@strip_whitespace_keys = strip_whitespace_keys
end

.warden(&block) ⇒ Object

Sets warden configuration using a block that will be invoked on warden initialization.

Devise.setup do |config|
  config.allow_unconfirmed_access_for = 2.days

  config.warden do |manager|
    # Configure warden to use other strategies, like oauth.
    manager.oauth(:twitter)
  end
end


499
500
501
# File 'lib/devise.rb', line 499

def self.warden(&block)
  @@warden_config_blocks << block
end

.warn_default_config_changed(config, current_default, new_default) ⇒ Object



351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
# File 'lib/devise.rb', line 351

def self.warn_default_config_changed(config, current_default, new_default)
  unless app_set_configs.include?(config)
    warn = <<-MESSAGE.strip_heredoc
      [Devise] config.#{config} will have a new default on Devise 4.1
      To keep the current behavior please set in your config/initializers/devise.rb the following:

        Devise.setup do |config|
          config.#{config} = #{current_default}
        end

      If you want to use the new default:

        Devise.setup do |config|
          config.#{config} = #{new_default}
        end
    MESSAGE
    ActiveSupport::Deprecation.warn(warn)
  end
end

Instance Method Details

#email_regexp=(email_regexp) ⇒ Object



133
134
135
136
# File 'lib/devise.rb', line 133

def email_regexp=(email_regexp)
  app_set_configs << :email_regexp
  @@email_regexp = email_regexp
end

#reconfirmable=(reconfirmable) ⇒ Object



178
179
180
181
# File 'lib/devise.rb', line 178

def reconfirmable=(reconfirmable)
  app_set_configs << :reconfirmable
  @@reconfirmable = reconfirmable
end

#sign_out_via=(sign_out_via) ⇒ Object



275
276
277
278
# File 'lib/devise.rb', line 275

def sign_out_via=(sign_out_via)
  app_set_configs << :sign_out_via
  @@sign_out_via = sign_out_via
end

#skip_session_storage=(skip_session_storage) ⇒ Object



252
253
254
255
# File 'lib/devise.rb', line 252

def skip_session_storage=(skip_session_storage)
  app_set_configs << :skip_session_storage
  @@skip_session_storage = skip_session_storage
end

#strip_whitespace_keys=(strip_whitespace_keys) ⇒ Object



100
101
102
103
# File 'lib/devise.rb', line 100

def strip_whitespace_keys=(strip_whitespace_keys)
  app_set_configs << :strip_whitespace_keys
  @@strip_whitespace_keys = strip_whitespace_keys
end