Small changes to token_authenticatable.

zmack · Apr 6, 2010 · 0d3c6b9 · 0d3c6b9
1 parent 71f74a1
commit 0d3c6b9
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 47 deletions.
diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb
@@ -75,6 +75,9 @@ def update_with_password(params={})
         result
       end
 
+      def after_database_authentication
+      end
+
     protected
 
       # Digests the password using the configured encryptor.
@@ -90,8 +93,8 @@ def encryptor_class
           @encryptor_class ||= ::Devise::Encryptors.const_get(encryptor.to_s.classify)
         end
 
-        def find_for_database_authentication(*args)
-          find_for_authentication(*args)
+        def find_for_database_authentication(conditions)
+          find_for_authentication(conditions)
         end
       end
     end

diff --git a/lib/devise/models/token_authenticatable.rb b/lib/devise/models/token_authenticatable.rb
@@ -2,8 +2,11 @@
 
 module Devise
   module Models
-    # Token Authenticatable Module, responsible for generate authentication token and validating
-    # authenticity of a user while signing in using an authentication token (say follows an URL).
+    # The TokenAuthenticatable module is responsible for generating an authentication token and
+    # validating the authenticity of the same while signing in.
+    #
+    # This module only provides a few helpers to help you manage the token. Creating and resetting
+    # the token is your responsibility.
     #
     # == Configuration:
     #
@@ -12,19 +15,10 @@ module Models
     #
     # +token_authentication_key+ - Defines name of the authentication token params key. E.g. /users/sign_in?some_key=...
     #
-    # == Examples:
-    #
-    #    User.authenticate_with_token(:auth_token => '123456789')           # returns authenticated user or nil
-    #    User.find(1).valid_authentication_token?('rI1t6PKQ8yP7VetgwdybB')  # returns true/false
-    #
     module TokenAuthenticatable
       extend  ActiveSupport::Concern
       include Devise::Models::Authenticatable
 
-      included do
-        before_save :ensure_authentication_token
-      end
-
       # Generate new authentication token (a.k.a. "single access token").
       def reset_authentication_token
         self.authentication_token = self.class.authentication_token
@@ -33,7 +27,7 @@ def reset_authentication_token
       # Generate new authentication token and save the record.
       def reset_authentication_token!
         reset_authentication_token
-        self.save
+        self.save(:validate => false)
       end
 
       # Generate authentication token unless already exists.
@@ -46,35 +40,21 @@ def ensure_authentication_token!
         self.reset_authentication_token! if self.authentication_token.blank?
       end
 
+      # Hook called after token authentication.
+      def after_token_authentication
+      end
+
       module ClassMethods
         ::Devise::Models.config(self, :token_authentication_key)
 
-        # Authenticate a user based on authentication token.
-        def authenticate_with_token(attributes)
-          token = attributes[self.token_authentication_key]
-          self.find_for_token_authentication(token)
+        def find_for_token_authentication(conditions)
+          conditions[:authentication_token] ||= conditions.delete(token_authentication_key)
+          find_for_authentication(conditions)
         end
 
         def authentication_token
           ::Devise.friendly_token
         end
-
-      protected
-
-        # Find first record based on conditions given (ie by the sign in form).
-        # Overwrite to add customized conditions, create a join, or maybe use a
-        # namedscope to filter records while authenticating.
-        #
-        # == Example:
-        #
-        #   def self.find_for_token_authentication(token, conditions = {})
-        #     conditions = {:active => true}
-        #     super
-        #   end
-        #
-        def find_for_token_authentication(token)
-          self.find(:first, :conditions => { :authentication_token => token})
-        end
       end
     end
   end

diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb
@@ -8,6 +8,7 @@ def authenticate!
         resource = mapping.to.find_for_database_authentication(authentication_hash)
 
         if validate(resource){ resource.valid_password?(password) }
+          resource.after_database_authentication
           success!(resource)
         else
           fail(:invalid)

diff --git a/lib/devise/strategies/token_authenticatable.rb b/lib/devise/strategies/token_authenticatable.rb
@@ -11,7 +11,8 @@ module Strategies
     # you can pass anything and it will simply be ignored.
     class TokenAuthenticatable < Authenticatable
       def authenticate!
-        if resource = mapping.to.authenticate_with_token(authentication_hash)
+        if resource = mapping.to.find_for_token_authentication(authentication_hash)
+          resource.after_token_authentication
           success!(resource)
         else
           fail(:invalid_token)

diff --git a/lib/generators/devise/templates/migration.rb b/lib/generators/devise/templates/migration.rb
@@ -6,7 +6,9 @@ def self.up
       t.recoverable
       t.rememberable
       t.trackable
+
       # t.lockable :lock_strategy => :<%= Devise.lock_strategy %>, :unlock_strategy => :<%= Devise.unlock_strategy %>
+      # t.token_authenticatable
 
       t.timestamps
     end

diff --git a/test/models/token_authenticatable_test.rb b/test/models/token_authenticatable_test.rb
@@ -2,13 +2,6 @@
 
 class TokenAuthenticatableTest < ActiveSupport::TestCase
 
-  test 'should generate friendly authentication token on create' do
-    User.expects(:authentication_token).returns(VALID_AUTHENTICATION_TOKEN)
-    user = create_user
-    assert_present user.authentication_token
-    assert_equal VALID_AUTHENTICATION_TOKEN, user.authentication_token
-  end
-
   test 'should reset authentication token' do
     user = new_user
     user.reset_authentication_token
@@ -26,18 +19,18 @@ class TokenAuthenticatableTest < ActiveSupport::TestCase
   end
 
   test 'should authenticate a valid user with authentication token and return it' do
-    User.expects(:authentication_token).returns(VALID_AUTHENTICATION_TOKEN)
     user = create_user
+    user.ensure_authentication_token!
     user.confirm!
-    authenticated_user = User.authenticate_with_token(:auth_token => user.authentication_token)
+    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token)
     assert_equal authenticated_user, user
   end
 
   test 'should return nil when authenticating an invalid user by authentication token' do
-    User.expects(:authentication_token).returns(VALID_AUTHENTICATION_TOKEN)
     user = create_user
+    user.ensure_authentication_token!
     user.confirm!
-    authenticated_user = User.authenticate_with_token(:auth_token => user.authentication_token.reverse)
+    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token.reverse)
     assert_nil authenticated_user
   end