Permalink
Browse files

Clean up remember token related config.

  • Loading branch information...
1 parent 72b6a0a commit df8ac1cfe64565f1b77c11ab29598c4d6c62907f @josevalim josevalim committed Feb 16, 2012
View
@@ -63,8 +63,8 @@ module Strategies
}
# Custom domain for cookies. Not set by default
- mattr_accessor :cookie_options
- @@cookie_options = {}
+ mattr_accessor :rememberable_options
+ @@rememberable_options = {}
# The number of times to encrypt password.
mattr_accessor :stretches
@@ -244,6 +244,11 @@ def self.confirm_within=(value)
Devise.allow_unconfirmed_access_for = value
end
+ def self.cookie_options=(value)
+ warn "\n[DEVISE] Devise.cookie_options= is deprecated. Please set Devise.rememberable_options= instead.\n"
+ Devise.rememberable_options = value
+ end
+
def self.stateless_token=(value)
warn "\n[DEVISE] Devise.stateless_token= is deprecated. Please append :token_auth to Devise.skip_session_storage " \
"instead, for example: Devise.skip_session_storage << :token_auth\n"
@@ -36,7 +36,7 @@ def forget_me(resource)
protected
def forget_cookie_values(resource)
- Devise::Controllers::Rememberable.cookie_values.merge!(resource.cookie_options)
+ Devise::Controllers::Rememberable.cookie_values.merge!(resource.rememberable_options)
end
def remember_cookie_values(resource)
@@ -44,18 +44,18 @@ module Rememberable
# Generate a new remember token and save the record without validations
# unless remember_across_browsers is true and the user already has a valid token.
def remember_me!(extend_period=false)
+ self.remember_token = self.class.remember_token if generate_remember_token?
self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
save(:validate => false)
end
# If the record is persisted, remove the remember token (but only if
# it exists), and save the record without validations.
def forget_me!
- if persisted?
- self.remember_token = nil if respond_to?(:remember_token=)
- self.remember_created_at = nil
- save(:validate => false)
- end
+ return unless persisted?
+ self.remember_token = nil if respond_to?(:remember_token=)
+ self.remember_created_at = nil
+ save(:validate => false)
end
# Remember token should be expired if expiration time not overpass now.
@@ -69,21 +69,28 @@ def remember_expires_at
end
def rememberable_value
- if salt = authenticatable_salt
+ if respond_to?(:remember_token)
+ remember_token
+ elsif salt = authenticatable_salt
salt
else
raise "authenticable_salt returned nil for the #{self.class.name} model. " \
"In order to use rememberable, you must ensure a password is always set " \
- "or implement rememberable_value in your model with your own logic."
+ "or have a remember_token column in your model or implement your own " \
+ "rememberable_value in the model with custom logic."
end
end
- def cookie_options
- self.class.cookie_options
+ def rememberable_options
+ self.class.rememberable_options
end
protected
+ def generate_remember_token?
+ respond_to?(:remember_token) && remember_expired?
+ end
+
# Generate a timestamp if extend_remember_period is true, if no remember_token
# exists, or if an existing remember token has expired.
def generate_remember_timestamp?(extend_period) #:nodoc:
@@ -107,7 +114,7 @@ def remember_token
generate_token(:remember_token)
end
- Devise::Models.config(self, :remember_for, :extend_remember_period, :cookie_options)
+ Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options)
end
end
end
@@ -51,7 +51,7 @@ def cookie_expires(key)
# We test this by asserting the cookie is not sent after the redirect
# since we changed the domain. This is the only difference with the
# previous test.
- swap Devise, :cookie_options => { :domain => "omg.somewhere.com" } do
+ swap Devise, :rememberable_options => { :domain => "omg.somewhere.com" } do
user = sign_in_as_user :remember_me => true
assert_nil request.cookies["remember_user_token"]
end

0 comments on commit df8ac1c

Please sign in to comment.