Class: Devise::Strategies::TokenAuthenticatable

Inherits:

Authenticatable

Object
Authenticatable
Devise::Strategies::TokenAuthenticatable

show all

Defined in:: lib/tiddle/strategy.rb

Instance Method Summary collapse

#authenticate! ⇒ Object
#clean_up_csrf? ⇒ Boolean

Avoid CSRF clean up for token authentication as it might trigger session creation in API environments even if CSRF prevention is not being used.
#store? ⇒ Boolean
#valid? ⇒ Boolean

Instance Method Details

#authenticate! ⇒ `Object`

# File 'lib/tiddle/strategy.rb', line 8

def authenticate!
  env["devise.skip_trackable"] = true

  resource = mapping.to.find_for_authentication(authentication_keys_from_headers)
  return fail(:invalid_token) unless resource

  token = Tiddle::TokenIssuer.build.find_token(resource, token_from_headers)
  if token && unexpired?(token)
    touch_token(token)
    return success!(resource)
  end

  fail(:invalid_token)
end

#clean_up_csrf? ⇒ `Boolean`

Avoid CSRF clean up for token authentication as it might trigger session creation in API environments even if CSRF prevention is not being used. Devise provides a ‘clean_up_csrf_token_on_authentication` option but it’s not always viable in applications with multiple user models and authentication strategies.

Returns:

(Boolean)



35
36
37

# File 'lib/tiddle/strategy.rb', line 35

def clean_up_csrf?
  false
end

#store? ⇒ `Boolean`

Returns:

(Boolean)



27
28
29

# File 'lib/tiddle/strategy.rb', line 27

def store?
  false
end

#valid? ⇒ `Boolean`

Returns:

(Boolean)



23
24
25

# File 'lib/tiddle/strategy.rb', line 23

def valid?
  authentication_keys_from_headers.present? && token_from_headers.present?
end

Class: Devise::Strategies::TokenAuthenticatable

Instance Method Summary collapse

Instance Method Details

#authenticate! ⇒ Object

#clean_up_csrf? ⇒ Boolean

#store? ⇒ Boolean

#valid? ⇒ Boolean

#authenticate! ⇒ `Object`

#clean_up_csrf? ⇒ `Boolean`

#store? ⇒ `Boolean`

#valid? ⇒ `Boolean`