Module: Devise

Defined in:

lib/devise.rb,
lib/devise/rails.rb,
lib/devise/models.rb,
lib/devise/mapping.rb,
lib/devise/version.rb,
lib/devise/omniauth.rb,
lib/devise/delegator.rb,
lib/devise/failure_app.rb,
lib/devise/hooks/proxy.rb,
lib/devise/test_helpers.rb,
lib/devise/time_inflector.rb,
lib/devise/mailers/helpers.rb,
lib/devise/models/lockable.rb,
lib/devise/omniauth/config.rb,
lib/devise/strategies/base.rb,
lib/devise/token_generator.rb,
lib/devise/models/trackable.rb,
lib/devise/parameter_filter.rb,
lib/devise/models/confirmable.rb,
lib/devise/models/recoverable.rb,
lib/devise/models/timeoutable.rb,
lib/devise/models/validatable.rb,
lib/devise/controllers/helpers.rb,
lib/devise/models/omniauthable.rb,
lib/devise/models/registerable.rb,
lib/devise/models/rememberable.rb,
lib/devise/parameter_sanitizer.rb,
lib/devise/omniauth/url_helpers.rb,
lib/devise/models/authenticatable.rb,
lib/generators/devise/orm_helpers.rb,
lib/devise/controllers/sign_in_out.rb,
lib/devise/controllers/url_helpers.rb,
lib/devise/strategies/rememberable.rb,
lib/devise/controllers/rememberable.rb,
lib/devise/controllers/scoped_views.rb,
lib/devise/controllers/store_location.rb,
lib/devise/strategies/authenticatable.rb,
lib/generators/devise/views_generator.rb,
lib/generators/devise/devise_generator.rb,
lib/generators/devise/install_generator.rb,
lib/devise/models/database_authenticatable.rb,
lib/devise/strategies/database_authenticatable.rb

Defined Under Namespace

Modules: Controllers, Generators, Hooks, Mailers, Models, OmniAuth, Strategies, TestHelpers Classes: BaseSanitizer, CachingKeyGenerator, ConfirmationsController, Delegator, Engine, FailureApp, Getter, KeyGenerator, Mailer, Mapping, OmniauthCallbacksController, ParameterFilter, ParameterSanitizer, PasswordsController, RegistrationsController, TimeInflector, TokenGenerator, UnlocksController

Constant Summary

ALL =

Constants which holds devise configuration for extensions. Those should not be modified by the “end user” (this is why they are constants).

[]

CONTROLLERS =

ActiveSupport::OrderedHash.new

ROUTES =

ActiveSupport::OrderedHash.new

STRATEGIES =

ActiveSupport::OrderedHash.new

URL_HELPERS =

ActiveSupport::OrderedHash.new

NO_INPUT =

Strategies that do not require user input.

[]

TRUE_VALUES =

True values used to check params

[true, 1, '1', 't', 'T', 'true', 'TRUE']

VERSION =

"3.3.0".freeze

@@secret_key =

nil

@@rememberable_options =

{}

@@stretches =

10

@@http_authentication_key =

nil

@@authentication_keys =

[ :email ]

@@request_keys =

[]

@@case_insensitive_keys =

[ :email ]

@@strip_whitespace_keys =

[]

@@http_authenticatable =

false

@@http_authenticatable_on_xhr =

true

@@params_authenticatable =

true

@@http_authentication_realm =

"Application"

@@email_regexp =

/\A[^@\s]+@([^@\s]+\.)+[^@\s]+\z/

@@password_length =

6..128

@@remember_for =

2.weeks

@@extend_remember_period =

false

@@expire_all_remember_me_on_sign_out =

true

@@allow_unconfirmed_access_for =

0.days

@@confirm_within =

nil

@@confirmation_keys =

[ :email ]

@@reconfirmable =

false

@@timeout_in =

30.minutes

@@expire_auth_token_on_timeout =

false

@@pepper =

nil

@@scoped_views =

false

@@lock_strategy =

:failed_attempts

@@unlock_keys =

[ :email ]

@@unlock_strategy =

:both

@@maximum_attempts =

20

@@unlock_in =

1.hour

@@reset_password_keys =

[ :email ]

@@reset_password_within =

6.hours

@@default_scope =

nil

@@mailer_sender =

nil

@@skip_session_storage =

[]

@@navigational_formats =

["*/*", :html]

@@sign_out_all_scopes =

true

@@sign_out_via =

:get

@@parent_controller =

"ApplicationController"

@@parent_mailer =

"ActionMailer::Base"

@@router_name =

nil

@@omniauth_path_prefix =

nil

@@clean_up_csrf_token_on_authentication =

true

@@mappings =

ActiveSupport::OrderedHash.new

@@omniauth_configs =

ActiveSupport::OrderedHash.new

@@helpers =

Set.new

@@warden_config =

nil

@@warden_config_blocks =

[]

@@paranoid =

false

@@last_attempt_warning =

false

@@token_generator =

nil

Class Method Summary

• .add_mapping(resource, options) ⇒ Object

  Small method that adds a mapping to Devise.

• .add_module(module_name, options = {}) ⇒ Object

  Make Devise aware of an 3rd party Devise-module (like invitable).

• .available_router_name ⇒ Object
• .bcrypt(klass, password) ⇒ Object

  Digests the password using bcrypt.

• .configure_warden! ⇒ Object

  A method used internally to setup warden manager from the Rails initialize block.

• .friendly_token ⇒ Object

  Generate a friendly string randomly to be used as token.

• .include_helpers(scope) ⇒ Object

  Include helpers in the given scope to AC and AV.

• .mailer ⇒ Object

  Get the mailer class from the mailer reference object.

• .mailer=(class_name) ⇒ Object

  Set the mailer reference object to access the mailer.

• .omniauth(provider, *args) ⇒ Object

  Specify an omniauth provider.

• .omniauth_providers ⇒ Object
• .ref(arg) ⇒ Object
• .regenerate_helpers! ⇒ Object

  Regenerates url helpers considering Devise.mapping.

• .secure_compare(a, b) ⇒ Object

  constant-time comparison algorithm to prevent timing attacks.

• .setup {|_self| ... } ⇒ Object

  Default way to setup Devise.

• .warden(&block) ⇒ Object

  Sets warden configuration using a block that will be invoked on warden initialization.

Class Method Details

.add_mapping(resource, options) ⇒ Object

Small method that adds a mapping to Devise.

# File 'lib/devise.rb', line 334

def self.add_mapping(resource, options)
  mapping = Devise::Mapping.new(resource, options)
  @@mappings[mapping.name] = mapping
  @@default_scope ||= mapping.name
  @@helpers.each { |h| h.define_helpers(mapping) }
  mapping
end

.add_module(module_name, options = {}) ⇒ Object

Make Devise aware of an 3rd party Devise-module (like invitable). For convenience.

Options:

+model+      - String representing the load path to a custom *model* for this module (to autoload.)
+controller+ - Symbol representing the name of an existing or custom *controller* for this module.
+route+      - Symbol representing the named *route* helper for this module.
+strategy+   - Symbol representing if this module got a custom *strategy*.

All values, except :model, accept also a boolean and will have the same name as the given module name.

Examples:

Devise.add_module(:party_module)
Devise.add_module(:party_module, strategy: true, controller: :sessions)
Devise.add_module(:party_module, model: 'party_module/model')

# File 'lib/devise.rb', line 360

def self.add_module(module_name, options = {})
  ALL << module_name
  options.assert_valid_keys(:strategy, :model, :controller, :route, :no_input)

  if strategy = options[:strategy]
    strategy = (strategy == true ? module_name : strategy)
    STRATEGIES[module_name] = strategy
  end

  if controller = options[:controller]
    controller = (controller == true ? module_name : controller)
    CONTROLLERS[module_name] = controller
  end

  NO_INPUT << strategy if options[:no_input]

  if route = options[:route]
    case route
    when TrueClass
      key, value = module_name, []
    when Symbol
      key, value = route, []
    when Hash
      key, value = route.keys.first, route.values.flatten
    else
      raise ArgumentError, ":route should be true, a Symbol or a Hash"
    end

    URL_HELPERS[key] ||= []
    URL_HELPERS[key].concat(value)
    URL_HELPERS[key].uniq!

    ROUTES[module_name] = key
  end

  if options[:model]
    path = (options[:model] == true ? "devise/models/#{module_name}" : options[:model])
    camelized = ActiveSupport::Inflector.camelize(module_name.to_s)
    Devise::Models.send(:autoload, camelized.to_sym, path)
  end

  Devise::Mapping.add_module module_name
end

.available_router_name ⇒ Object

# File 'lib/devise.rb', line 314

def self.available_router_name
  router_name || :main_app
end

.bcrypt(klass, password) ⇒ Object

Digests the password using bcrypt.

# File 'lib/devise/models/database_authenticatable.rb', line 6

def self.bcrypt(klass, password)
  ::BCrypt::Password.create("#{password}#{klass.pepper}", cost: klass.stretches).to_s
end

.configure_warden! ⇒ Object

A method used internally to setup warden manager from the Rails initialize block.

# File 'lib/devise.rb', line 449

def self.configure_warden! #:nodoc:
  @@warden_configured ||= begin
    warden_config.failure_app   = Devise::Delegator.new
    warden_config.default_scope = Devise.default_scope
    warden_config.intercept_401 = false

    Devise.mappings.each_value do |mapping|
      warden_config.scope_defaults mapping.name, strategies: mapping.strategies

      warden_config.serialize_into_session(mapping.name) do |record|
        mapping.to.serialize_into_session(record)
      end

      warden_config.serialize_from_session(mapping.name) do |key|
        # Previous versions contained an additional entry at the beginning of
        # key with the record's class name.
        args = key[-2, 2]
        mapping.to.serialize_from_session(*args)
      end
    end

    @@warden_config_blocks.map { |block| block.call Devise.warden_config }
    true
  end
end

.friendly_token ⇒ Object

Generate a friendly string randomly to be used as token.

# File 'lib/devise.rb', line 476

def self.friendly_token
  SecureRandom.urlsafe_base64(15).tr('lIO0', 'sxyz')
end

.include_helpers(scope) ⇒ Object

Include helpers in the given scope to AC and AV.

# File 'lib/devise.rb', line 430

def self.include_helpers(scope)
  ActiveSupport.on_load(:action_controller) do
    include scope::Helpers if defined?(scope::Helpers)
    include scope::UrlHelpers
  end

  ActiveSupport.on_load(:action_view) do
    include scope::UrlHelpers
  end
end

.mailer ⇒ Object

Get the mailer class from the mailer reference object.

# File 'lib/devise.rb', line 323

def self.mailer
  @@mailer_ref.get
end

.mailer=(class_name) ⇒ Object

Set the mailer reference object to access the mailer.

# File 'lib/devise.rb', line 328

def self.mailer=(class_name)
  @@mailer_ref = ref(class_name)
end

.omniauth(provider, *args) ⇒ Object

Specify an omniauth provider.

config.omniauth :github, APP_ID, APP_SECRET

# File 'lib/devise.rb', line 423

def self.omniauth(provider, *args)
  @@helpers << Devise::OmniAuth::UrlHelpers
  config = Devise::OmniAuth::Config.new(provider, args)
  @@omniauth_configs[config.strategy_name.to_sym] = config
end

.omniauth_providers ⇒ Object

# File 'lib/devise.rb', line 318

def self.omniauth_providers
  omniauth_configs.keys
end

.ref(arg) ⇒ Object

# File 'lib/devise.rb', line 305

def self.ref(arg)
  if defined?(ActiveSupport::Dependencies::ClassCache)
    ActiveSupport::Dependencies::reference(arg)
    Getter.new(arg)
  else
    ActiveSupport::Dependencies.ref(arg)
  end
end

.regenerate_helpers! ⇒ Object

Regenerates url helpers considering Devise.mapping

# File 'lib/devise.rb', line 442

def self.regenerate_helpers!
  Devise::Controllers::UrlHelpers.remove_helpers!
  Devise::Controllers::UrlHelpers.generate_helpers!
end

.secure_compare(a, b) ⇒ Object

constant-time comparison algorithm to prevent timing attacks

# File 'lib/devise.rb', line 481

def self.secure_compare(a, b)
  return false if a.blank? || b.blank? || a.bytesize != b.bytesize
  l = a.unpack "C#{a.bytesize}"

  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end

.setup {|_self| ... } ⇒ Object

Default way to setup Devise. Run rails generate devise_install to create a fresh initializer with all configuration values.

Yields:

• (_self)

Yield Parameters:

• _self (Devise) —

  the object that the method was called on

# File 'lib/devise.rb', line 291

def self.setup
  yield self
end

.warden(&block) ⇒ Object

Sets warden configuration using a block that will be invoked on warden initialization.

Devise.setup do |config|
  config.allow_unconfirmed_access_for = 2.days

  config.warden do |manager|
    # Configure warden to use other strategies, like oauth.
    manager.oauth(:twitter)
  end
end

# File 'lib/devise.rb', line 415

def self.warden(&block)
  @@warden_config_blocks << block
end