class Devise::Strategies::TokenAuthenticatable

Strategy for signing in a user, based on a authenticatable token. This works for both params and http. For the former, all you need to do is to pass the params in the URL:

http://myapp.example.com/?user_token=SECRET

For headers, you can use basic authentication passing the token as username and blank password. Since some clients may require a password, you can pass “X” as password and it will simply be ignored.

You may also pass the token using the Token authentication mechanism provided by Rails: api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html The token options are stored in request.env

Public Instance Methods

authenticate!() click to toggle source
# File lib/devise/strategies/token_authenticatable.rb, line 26
def authenticate!
  resource = mapping.to.find_for_token_authentication(authentication_hash)
  return fail(:invalid_token) unless resource

  if validate(resource)
    resource.after_token_authentication
    success!(resource)
  end
end
store?() click to toggle source
# File lib/devise/strategies/token_authenticatable.rb, line 18
def store?
  super && !mapping.to.skip_session_storage.include?(:token_auth)
end
valid?() click to toggle source
# File lib/devise/strategies/token_authenticatable.rb, line 22
def valid?
  super || valid_for_token_auth?
end

Private Instance Methods

auth_token() click to toggle source

Extract the auth token from the request

# File lib/devise/strategies/token_authenticatable.rb, line 64
def auth_token
  @auth_token ||= ActionController::HttpAuthentication::Token.token_and_options(request)
end
authentication_keys() click to toggle source

Overwrite authentication keys to use token_authentication_key.

# File lib/devise/strategies/token_authenticatable.rb, line 84
def authentication_keys
  @authentication_keys ||= [mapping.to.token_authentication_key]
end
params_auth_hash() click to toggle source

Try both scoped and non scoped keys

# File lib/devise/strategies/token_authenticatable.rb, line 75
def params_auth_hash
  if params[scope].kind_of?(Hash) && params[scope].has_key?(authentication_keys.first)
    params[scope]
  else
    params
  end
end
remember_me?() click to toggle source

Do not use remember_me behavior with token.

# File lib/devise/strategies/token_authenticatable.rb, line 44
def remember_me?
  false
end
token_auth_hash() click to toggle source

Extract a hash with attributes:values from the #auth_token

# File lib/devise/strategies/token_authenticatable.rb, line 69
def token_auth_hash
  request.env['devise.token_options'] = auth_token.last
  { authentication_keys.first => auth_token.first }
end
token_authenticatable?() click to toggle source

Check if the model accepts this strategy as token authenticatable.

# File lib/devise/strategies/token_authenticatable.rb, line 49
def token_authenticatable?
  mapping.to.http_authenticatable?(:token_options)
end
valid_for_token_auth?() click to toggle source

Check if this is strategy is valid for token authentication by:

* Validating if the model allows http token authentication;
* If the http auth token exists;
* If all authentication keys are present;
# File lib/devise/strategies/token_authenticatable.rb, line 59
def valid_for_token_auth?
  token_authenticatable? && auth_token.present? && with_authentication_hash(:token_auth, token_auth_hash)
end
valid_params_request?() click to toggle source

Token Authenticatable can be authenticated with params in any controller and any verb.

# File lib/devise/strategies/token_authenticatable.rb, line 39
def valid_params_request?
  true
end