lib/devise/models/authenticatable.rb in devise-0.5.0 vs lib/devise/models/authenticatable.rb in devise-0.5.1

@@ -1,6 +1,7 @@
 require 'devise/strategies/authenticatable'
+require 'devise/serializers/authenticatable'
 
 module Devise
   module Models
 
     # Authenticable Module, responsible for encrypting password and validating
@@ -16,10 +17,14 @@
     #           is added to the password and salt to create a secure hash.
     #           Always use `rake secret' to generate a new key.
     #
     #   stretches: defines how many times the password will be encrypted.
     #
+    #   encryptor: the encryptor going to be used. By default :sha1.
+    #
+    #   authentication_keys: parameters used for authentication. By default [:email]
+    #
     # Examples:
     #
     #    User.authenticate('email@test.com', 'password123')  # returns authenticated user or nil
     #    User.find(1).valid_password?('password123')         # returns true/false
     #
@@ -62,11 +67,13 @@
       module ClassMethods
         # Authenticate a user based on email and password. Returns the
         # authenticated user if it's valid or nil.
         # Attributes are :email and :password
         def authenticate(attributes={})
-          authenticatable = find_by_email(attributes[:email])
+          return unless authentication_keys.all? { |k| attributes[k].present? }
+          conditions = attributes.slice(*authentication_keys)
+          authenticatable = find(:first, :conditions => conditions)
           authenticatable if authenticatable.try(:valid_password?, attributes[:password])
         end
 
         # Attempt to find a user by it's email. If not user is found, returns a
         # new user with an email not found error.
@@ -75,13 +82,23 @@
           if perishable.new_record?
             perishable.errors.add(:email, :not_found, :default => 'not found')
           end
           perishable
         end
+
+        # Hook to serialize user into session. Overwrite if you want.
+        def serialize_into_session(record)
+          [record.class, record.id]
+        end
+
+        # Hook to serialize user from session. Overwrite if you want.
+        def serialize_from_session(keys)
+          klass, id = keys
+          raise "#{self} cannot serialize from #{klass} session since it's not its ancestors" unless klass <= self 
+          klass.find_by_id(id)
+        end
       end
 
-      Devise::Models.config(self, :pepper)
-      Devise::Models.config(self, :stretches)
-      Devise::Models.config(self, :encryptor)
+      Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
     end
   end
 end