/usr/lib/ruby/vendor_ruby/devise/token_authenticatable/model.rb is in ruby-devise-token-authenticatable 0.4.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 | module Devise
module Models
# The +TokenAuthenticatable+ module is responsible for generating an authentication token and
# validating the authenticity of the same while signing in.
#
# This module only provides a few helpers to help you manage the token, but it is up to you
# to choose how to use it.
#
# If you want to delete the token after it is used, you can do so in the
# after_token_authentication callback.
#
# == APIs
#
# If you are using token authentication with APIs and using trackable. Every
# request will be considered as a new sign in (since there is no session in
# APIs). You can disable this by creating a before filter as follow:
#
# before_filter :skip_trackable
#
# def skip_trackable
# request.env['devise.skip_trackable'] = true
# end
#
module TokenAuthenticatable
extend ActiveSupport::Concern
included do
before_save :reset_authentication_token_before_save
before_save :ensure_authentication_token_before_save
end
module ClassMethods
def find_for_token_authentication(conditions)
auth_conditions = conditions.dup
authentication_token = auth_conditions.delete(Devise::TokenAuthenticatable.token_authentication_key)
find_for_authentication(
auth_conditions.merge(authentication_token: authentication_token)
)
end
# Generate a token checking if one does not already exist in the database.
def authentication_token
loop do
token = Devise.friendly_token
break token unless to_adapter.find_first({ authentication_token: token })
end
end
Devise::Models.config(self, :expire_auth_token_on_timeout)
end
def self.required_fields(klass)
[:authentication_token]
end
# Generate new authentication token (a.k.a. "single access token").
def reset_authentication_token
self.authentication_token = self.class.authentication_token
end
# Generate new authentication token and save the record.
def reset_authentication_token!
reset_authentication_token
save(validate: false)
end
# Generate authentication token unless already exists.
def ensure_authentication_token
reset_authentication_token if authentication_token.blank?
end
# Generate authentication token unless already exists and save the record.
def ensure_authentication_token!
reset_authentication_token! if authentication_token.blank?
end
# Hook called after token authentication.
def after_token_authentication
end
def expire_auth_token_on_timeout
self.class.expire_auth_token_on_timeout
end
private
def reset_authentication_token_before_save
reset_authentication_token if Devise::TokenAuthenticatable.should_reset_authentication_token
end
def ensure_authentication_token_before_save
ensure_authentication_token if Devise::TokenAuthenticatable.should_ensure_authentication_token
end
end
end
end
|