Module: Concerns::ModelAuthentication::ClassMethods

Includes:

Pillowfort::ModelFinder, Pillowfort::TokenGenerator

Defined in:

app/models/pillowfort/concerns/model_authentication.rb

Instance Method Summary

• #authenticate_securely(email, token) ⇒ Object
• #find_and_authenticate(email, password) ⇒ Object

Methods included from Pillowfort::ModelFinder

#find_by_email_case_insensitive

Methods included from Pillowfort::TokenGenerator

#friendly_token, #secure_compare

Instance Method Details

#authenticate_securely(email, token) ⇒ Object

# File 'app/models/pillowfort/concerns/model_authentication.rb', line 72

def authenticate_securely(email, token)
  return false if email.blank? || token.blank?

  transaction do
    resource = find_by_email_case_insensitive(email)

    if resource

      # if the resource token is expired, reset it and
      # return false, triggering a 401
      if resource.auth_token_expired?
        resource.reset_auth_token!
        return false
      else
        if secure_compare(resource.auth_token, token)

          # If the resource successfully authenticates within the alotted window
          # of time, we'll extend the window.
          resource.send :touch_token_expiry!
          yield resource
        end
      end
    end
  end
end

#find_and_authenticate(email, password) ⇒ Object

# File 'app/models/pillowfort/concerns/model_authentication.rb', line 98

def find_and_authenticate(email, password)
  resource = find_by_email_case_insensitive(email)

  if resource && resource.authenticate(password)
    resource.tap do |u|
      u.reset_auth_token!
    end
  else
    return false
  end
end