lib/devise/token_authenticatable/model.rb
module Devise
module Models
# The +TokenAuthenticatable+ module is responsible for generating an authentication token and
# validating the authenticity of the same while signing in.
#
# This module only provides a few helpers to help you manage the token, but it is up to you
# to choose how to use it.
#
# If you want to delete the token after it is used, you can do so in the
# after_token_authentication callback.
#
# == APIs
#
# If you are using token authentication with APIs and using trackable. Every
# request will be considered as a new sign in (since there is no session in
# APIs). You can disable this by creating a before filter as follow:
#
# before_filter :skip_trackable
#
# def skip_trackable
# request.env['devise.skip_trackable'] = true
# end
#
module TokenAuthenticatable
extend ActiveSupport::Concern
included do
before_save :reset_authentication_token_before_save
before_save :ensure_authentication_token_before_save
attr_writer :token_expires_in
end
module ClassMethods
def find_for_token_authentication(conditions)
auth_conditions = conditions.dup
authentication_token = auth_conditions.delete(Devise::TokenAuthenticatable.token_authentication_key)
find_for_authentication(
auth_conditions.merge(authentication_token: authentication_token)
)
end
# Generate a token checking if one does not already exist in the database.
def authentication_token
loop do
token = Devise.friendly_token
break token unless to_adapter.find_first({ authentication_token: token })
end
end
end
def self.required_fields(klass)
fields = [:authentication_token]
unless Devise::TokenAuthenticatable.token_expires_in.blank?
fields.push(:authentication_token_created_at)
end
fields
end
# Generate new authentication token (a.k.a. "single access token").
def reset_authentication_token
self.authentication_token = self.class.authentication_token
self.authentication_token_created_at = Time.now unless token_expires_in.blank?
end
# Generate new authentication token and save the record.
def reset_authentication_token!
reset_authentication_token
save(validate: false)
end
# Generate authentication token unless already exists.
def ensure_authentication_token
reset_authentication_token if authentication_token.blank?
end
# Generate authentication token unless already exists and save the record.
def ensure_authentication_token!
reset_authentication_token! if authentication_token.blank?
end
# Hook called after token authentication.
def after_token_authentication
end
def token_expires_in
Devise::TokenAuthenticatable.token_expires_in
end
private
def reset_authentication_token_before_save
reset_authentication_token if Devise::TokenAuthenticatable.should_reset_authentication_token
end
def ensure_authentication_token_before_save
ensure_authentication_token if Devise::TokenAuthenticatable.should_ensure_authentication_token
end
end
end
end