Sha256: a956f565fc11edb19db7f24e7790c9fe1daca7af277987b5755d8c8a32b1331d
Contents?: true
Size: 1.21 KB
Versions: 2
Compression:
Stored size: 1.21 KB
Contents
# frozen_string_literal: true
require 'kingsman/strategies/authenticatable'
module Kingsman
module Strategies
# Default strategy for signing in a user, based on their email and password in the database.
class DatabaseAuthenticatable < Authenticatable
def authenticate!
resource = password.present? && mapping.to.find_for_database_authentication(authentication_hash)
hashed = false
if validate(resource){ hashed = true; resource.valid_password?(password) }
remember_me(resource)
resource.after_database_authentication
success!(resource)
end
# In paranoid mode, hash the password even when a resource doesn't exist for the given authentication key.
# This is necessary to prevent enumeration attacks - e.g. the request is faster when a resource doesn't
# exist in the database if the password hashing algorithm is not called.
mapping.to.new.password = password if !hashed && Kingsman.paranoid
unless resource
Kingsman.paranoid ? fail(:invalid) : fail(:not_found_in_database)
end
end
end
end
end
Warden::Strategies.add(:database_authenticatable, Kingsman::Strategies::DatabaseAuthenticatable)
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| kingsman-0.1.1 | lib/kingsman/strategies/database_authenticatable.rb |
| kingsman-0.1.0 | lib/kingsman/strategies/database_authenticatable.rb |