Module: Devise::Models::Rememberable

Extended by:
ActiveSupport::Concern
Defined in:
lib/devise/models/rememberable.rb

Overview

Rememberable manages generating and clearing token for remembering the user from a saved cookie. Rememberable also has utility methods for dealing with serializing the user into the cookie and back from the cookie, trying to lookup the record based on the saved information. You probably wouldn't use rememberable methods directly, they are used mostly internally for handling the remember token.

Options

Rememberable adds the following options in devise_for:

* +remember_for+: the time you want the user will be remembered without
  asking for credentials. After this time the user will be blocked and
  will have to enter their credentials again. This configuration is also
  used to calculate the expires time for the cookie created to remember
  the user. By default remember_for is 2.weeks.

* +extend_remember_period+: if true, extends the user's remember period
  when remembered via cookie. False by default.

* +rememberable_options+: configuration options passed to the created cookie.

Examples

User.find(1).remember_me!  # regenerating the token
User.find(1).forget_me!    # clearing the token

# generating info to put into cookies
User.serialize_into_cookie(user)

# lookup the user based on the incoming cookie information
User.serialize_from_cookie(cookie_string)

Defined Under Namespace

Modules: ClassMethods

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#remember_meObject

Returns the value of attribute remember_me



44
45
46
# File 'lib/devise/models/rememberable.rb', line 44

def remember_me
  @remember_me
end

Class Method Details

.required_fields(klass) ⇒ Object



46
47
48
# File 'lib/devise/models/rememberable.rb', line 46

def self.required_fields(klass)
  [:remember_created_at]
end

Instance Method Details

#after_rememberedObject

A callback initiated after successfully being remembered. This can be used to insert your own logic that is only run after the user is remembered.

Example:

def after_remembered
  self.update_attribute(:invite_code, nil)
end


100
101
# File 'lib/devise/models/rememberable.rb', line 100

def after_remembered
end

#extend_remember_periodObject



69
70
71
# File 'lib/devise/models/rememberable.rb', line 69

def extend_remember_period
  self.class.extend_remember_period
end

#forget_me!Object

If the record is persisted, remove the remember token (but only if it exists), and save the record without validations.



58
59
60
61
62
63
# File 'lib/devise/models/rememberable.rb', line 58

def forget_me!
  return unless persisted?
  self.remember_token = nil if respond_to?(:remember_token)
  self.remember_created_at = nil if self.class.expire_all_remember_me_on_sign_out
  save(validate: false)
end

#remember_expires_atObject



65
66
67
# File 'lib/devise/models/rememberable.rb', line 65

def remember_expires_at
  self.class.remember_for.from_now
end

#remember_me!Object



50
51
52
53
54
# File 'lib/devise/models/rememberable.rb', line 50

def remember_me!
  self.remember_token ||= self.class.remember_token if respond_to?(:remember_token)
  self.remember_created_at ||= Time.now.utc
  save(validate: false) if self.changed?
end

#remember_me?(token, generated_at) ⇒ Boolean

Returns:

  • (Boolean)


103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# File 'lib/devise/models/rememberable.rb', line 103

def remember_me?(token, generated_at)
  # TODO: Normalize the JSON type coercion along with the Timeoutable hook
  # in a single place https://github.com/plataformatec/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
  if generated_at.is_a?(String)
    generated_at = time_from_json(generated_at)
  end

  # The token is only valid if:
  # 1. we have a date
  # 2. the current time does not pass the expiry period
  # 3. the record has a remember_created_at date
  # 4. the token date is bigger than the remember_created_at
  # 5. the token matches
  generated_at.is_a?(Time) &&
   (self.class.remember_for.ago < generated_at) &&
   (generated_at > (remember_created_at || Time.now).utc) &&
   Devise.secure_compare(rememberable_value, token)
end

#rememberable_optionsObject



86
87
88
# File 'lib/devise/models/rememberable.rb', line 86

def rememberable_options
  self.class.rememberable_options
end

#rememberable_valueObject



73
74
75
76
77
78
79
80
81
82
83
84
# File 'lib/devise/models/rememberable.rb', line 73

def rememberable_value
  if respond_to?(:remember_token)
    remember_token
  elsif respond_to?(:authenticatable_salt) && (salt = authenticatable_salt.presence)
    salt
  else
    raise "authenticatable_salt returned nil for the #{self.class.name} model. " \
      "In order to use rememberable, you must ensure a password is always set " \
      "or have a remember_token column in your model or implement your own " \
      "rememberable_value in the model with custom logic."
  end
end