lib/devise/models/authenticatable.rb in devise-1.4.9 vs lib/devise/models/authenticatable.rb in devise-1.5.0.rc1
- old
+ new
@@ -25,11 +25,11 @@
# * +params_authenticatable+: if this model allows authentication through request params. By default true.
# It also accepts an array specifying the strategies that should allow params authentication.
#
# == active_for_authentication?
#
- # Before authenticating a user and in each request, Devise checks if your model is active by
+ # After authenticating a user and in each request, Devise checks if your model is active by
# calling model.active_for_authentication?. This method is overwriten by other devise modules. For instance,
# :confirmable overwrites .active_for_authentication? to only return true if your model was confirmed.
#
# You overwrite this method yourself, but if you do, don't forget to call super:
#
@@ -59,15 +59,11 @@
# if a model should be signed in or not.
#
# However, you should not overwrite this method, you should overwrite active_for_authentication?
# and inactive_message instead.
def valid_for_authentication?
- if active_for_authentication?
- block_given? ? yield : true
- else
- inactive_message
- end
+ block_given? ? yield : true
end
def active_for_authentication?
true
end
@@ -77,10 +73,14 @@
end
def authenticatable_salt
end
+ def devise_mailer
+ Devise.mailer
+ end
+
module ClassMethods
Devise::Models.config(self, :authentication_keys, :request_keys, :strip_whitespace_keys, :case_insensitive_keys, :http_authenticatable, :params_authenticatable)
def serialize_into_session(record)
[record.to_key, record.authenticatable_salt]
@@ -110,31 +110,29 @@
# conditions[:active] = true
# super
# end
#
def find_for_authentication(conditions)
- conditions = filter_auth_params(conditions.dup)
- (case_insensitive_keys || []).each { |k| conditions[k].try(:downcase!) }
- (strip_whitespace_keys || []).each { |k| conditions[k].try(:strip!) }
- to_adapter.find_first(conditions)
+ find_first_by_auth_conditions(conditions)
end
+ def find_first_by_auth_conditions(conditions)
+ to_adapter.find_first devise_param_filter.filter(conditions)
+ end
+
# Find an initialize a record setting an error if it can't be found.
def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc:
find_or_initialize_with_errors([attribute], { attribute => value }, error)
end
# Find an initialize a group of attributes based on a list of required attributes.
def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
- (case_insensitive_keys || []).each { |k| attributes[k].try(:downcase!) }
- (strip_whitespace_keys || []).each { |k| attributes[k].try(:strip!) }
-
attributes = attributes.slice(*required_attributes)
attributes.delete_if { |key, value| value.blank? }
if attributes.size == required_attributes.size
- record = to_adapter.find_first(filter_auth_params(attributes))
+ record = find_first_by_auth_conditions(attributes)
end
unless record
record = new
@@ -148,19 +146,11 @@
record
end
protected
- # Force keys to be string to avoid injection on mongoid related database.
- def filter_auth_params(conditions)
- conditions.each do |k, v|
- conditions[k] = v.to_s if auth_param_requires_string_conversion?(v)
- end if conditions.is_a?(Hash)
- end
-
- # Determine which values should be transformed to string or passed as-is to the query builder underneath
- def auth_param_requires_string_conversion?(value)
- true unless value.is_a?(TrueClass) || value.is_a?(FalseClass) || value.is_a?(Fixnum)
+ def devise_param_filter
+ @devise_param_filter ||= Devise::ParamFilter.new(case_insensitive_keys, strip_whitespace_keys)
end
# Generate a token by looping and ensuring does not already exist.
def generate_token(column)
loop do
\ No newline at end of file