Skip to content
Browse files

changed case_insensitive_keys config setting to an array and added do…

…wncasing of keys as a before filter on database authentication module
  • Loading branch information...
1 parent 26b1bc4 commit e911abf13bc5e643adc4f9444ad8aea2caed2d2d @adahl adahl committed Nov 18, 2010
View
8 lib/devise.rb
@@ -59,17 +59,17 @@ module Strategies
mattr_accessor :stretches
@@stretches = 10
- # Keys used when authenticating an user.
+ # Keys used when authenticating a user.
mattr_accessor :authentication_keys
@@authentication_keys = [ :email ]
- # Request keys used when authenticating an user.
+ # Request keys used when authenticating a user.
mattr_accessor :request_keys
@@request_keys = []
- # If authentication keys should be case-insensitive by default.
+ # Keys that should be case-insensitive.
mattr_accessor :case_insensitive_keys
- @@case_insensitive_keys = false
+ @@case_insensitive_keys = [ :email ]
# If http authentication is enabled by default.
mattr_accessor :http_authenticatable
View
8 lib/devise/models/authenticatable.rb
@@ -100,9 +100,7 @@ def http_authenticatable?(strategy)
# end
#
def find_for_authentication(conditions)
- if case_insensitive_keys
- authentication_keys.each { |k| conditions[k].try(:downcase!) }
- end
+ case_insensitive_keys.each { |k| attributes[k].try(:downcase!) }
to_adapter.find_first(conditions)
end
@@ -113,9 +111,7 @@ def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc:
# Find an initialize a group of attributes based on a list of required attributes.
def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
- if case_insensitive_keys
- authentication_keys.each { |k| attributes[k].try(:downcase!) }
- end
+ case_insensitive_keys.each { |k| attributes[k].try(:downcase!) }
attributes = attributes.slice(*required_attributes)
attributes.delete_if { |key, value| value.blank? }
View
8 lib/devise/models/database_authenticatable.rb
@@ -22,6 +22,7 @@ module DatabaseAuthenticatable
included do
attr_reader :password, :current_password
attr_accessor :password_confirmation
+ before_save :downcase_keys
end
# Generates password encryption based on the given value.
@@ -73,13 +74,18 @@ def authenticatable_salt
protected
+ # Downcase case-insensitive keys
+ def downcase_keys
+ self.class.case_insensitive_keys.each { |k| self[k].try(:downcase!) }
+ end
+
# Digests the password using bcrypt.
def password_digest(password)
::BCrypt::Password.create("#{password}#{self.class.pepper}", :cost => self.class.stretches).to_s
end
module ClassMethods
- Devise::Models.config(self, :pepper, :stretches)
+ Devise::Models.config(self, :pepper, :stretches, :case_insensitive_keys)
# We assume this method already gets the sanitized values from the
# DatabaseAuthenticatable strategy. If you are using this method on
View
16 lib/generators/templates/devise.rb
@@ -15,24 +15,26 @@
require 'devise/orm/<%= options[:orm] %>'
# ==> Configuration for any authentication mechanism
- # Configure which keys are used when authenticating an user. By default is
+ # Configure which keys are used when authenticating a user. The default is
# just :email. You can configure it to use [:username, :subdomain], so for
- # authenticating an user, both parameters are required. Remember that those
+ # authenticating a user, both parameters are required. Remember that those
# parameters are used only when authenticating and not when retrieving from
# session. If you need permissions, you should implement that in a before filter.
- # You can also supply hash where the value is a boolean expliciting if authentication
- # should be aborted or not if the value is not present. By default is empty.
+ # You can also supply a hash where the value is a boolean determining whether
+ # or not authentication should be aborted when the value is not present.
# config.authentication_keys = [ :email ]
# Configure parameters from the request object used for authentication. Each entry
- # given should be a request method and it will automatically be passed to
+ # given should be a request method and it will automatically be passed to the
# find_for_authentication method and considered in your model lookup. For instance,
# if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
# The same considerations mentioned for authentication_keys also apply to request_keys.
# config.request_keys = []
- # If authentication keys should be case-insensitive. False by default.
- # config.case_insensitive_keys = false
+ # Configure which authentication keys should be case-insensitive.
+ # These keys will be downcased upon creating or modifying a user and when used
+ # to authenticate or find a user. Default is :email.
+ # config.case_insensitive_keys = [ :email ]
# Tell if authentication through request.params is enabled. True by default.
# config.params_authenticatable = true

0 comments on commit e911abf

Please sign in to comment.
Something went wrong with that request. Please try again.