module Devise::Models::Authenticatable

Authenticatable module. Holds common settings for authentication.

Options

Authenticatable adds the following options to devise_for:

* +authentication_keys+: parameters used for authentication. By default [:email].

* +request_keys+: parameters from the request object used for authentication.
  By specifying a symbol (which should be a request method), it will automatically be
  passed to find_for_authentication method and considered in your model lookup.

  For instance, if you set :request_keys to [:subdomain], :subdomain will be considered
  as key on authentication. This can also be a hash where the value is a boolean expliciting
  if the value is required or not.

* +http_authenticatable+: if this model allows http authentication. By default true.
  It also accepts an array specifying the strategies that should allow http.

* +params_authenticatable+: if this model allows authentication through request params. By default true.
  It also accepts an array specifying the strategies that should allow params authentication.

* +skip_session_storage+: By default Devise will store the user in session.
  You can skip storage for http and token auth by appending values to array:
  :skip_session_storage => [:token_auth] or :skip_session_storage => [:http_auth, :token_auth],
  by default is set to :skip_session_storage => [:http_auth].

active_for_authentication?

After authenticating a user and in each request, Devise checks if your model is active by calling model.active_for_authentication?. This method is overwriten by other devise modules. For instance, :confirmable overwrites .active_for_authentication? to only return true if your model was confirmed.

You overwrite this method yourself, but if you do, don’t forget to call super:

def active_for_authentication?
  super && special_condition_is_valid?
end

Whenever active_for_authentication? returns false, Devise asks the reason why your model is inactive using the #inactive_message method. You can overwrite it as well:

def inactive_message
  special_condition_is_valid? ? super : :special_condition_is_not_valid
end

Constants

BLACKLIST_FOR_SERIALIZATION

Public Instance Methods

active_for_authentication?() click to toggle source
# File lib/devise/models/authenticatable.rb, line 85
def active_for_authentication?
  true
end
authenticatable_salt() click to toggle source
# File lib/devise/models/authenticatable.rb, line 93
def authenticatable_salt
end
headers_for(name) click to toggle source
# File lib/devise/models/authenticatable.rb, line 96
def headers_for(name)
  {}
end
inactive_message() click to toggle source
# File lib/devise/models/authenticatable.rb, line 89
def inactive_message
  :inactive
end
unauthenticated_message() click to toggle source
# File lib/devise/models/authenticatable.rb, line 81
def unauthenticated_message
  :invalid
end
valid_for_authentication?() { |: true| ... } click to toggle source

Check if the current object is valid for authentication. This method and find_for_authentication are the methods used in a Warden::Strategy to check if a model should be signed in or not.

However, you should not overwrite this method, you should overwrite active_for_authentication? and #inactive_message instead.

# File lib/devise/models/authenticatable.rb, line 77
def valid_for_authentication?
  block_given? ? yield : true
end

Protected Instance Methods

devise_mailer() click to toggle source
# File lib/devise/models/authenticatable.rb, line 127
def devise_mailer
  Devise.mailer
end
downcase_keys() click to toggle source
# File lib/devise/models/authenticatable.rb, line 166
def downcase_keys
  self.class.case_insensitive_keys.each { |k| self[k].try(:downcase!) }
end
send_devise_notification(notification) click to toggle source

This is an internal method called every time Devise needs to send a notification/mail. This can be overriden if you need to customize the e-mail delivery logic. For instance, if you are using a queue to deliver e-mails (delayed job, sidekiq, resque, etc), you must add the delivery to the queue just after the transaction was committed. To achieve this, you can override #send_devise_notification to store the deliveries until the after_commit callback is triggered:

class User
  devise :database_authenticatable, :confirmable

  after_commit :send_pending_notifications

  protected

  def send_devise_notification(notification)
    pending_notifications << notification
  end

  def send_pending_notifications
    pending_notifications.each do |n|
      devise_mailer.send(n, self).deliver
    end
  end

  def pending_notifications
    @pending_notifications ||= []
  end
end
# File lib/devise/models/authenticatable.rb, line 162
def send_devise_notification(notification)
  devise_mailer.send(notification, self).deliver
end
strip_whitespace() click to toggle source
# File lib/devise/models/authenticatable.rb, line 170
def strip_whitespace
  self.class.strip_whitespace_keys.each { |k| self[k].try(:strip!) }
end

Public Class Methods

required_fields(klass) click to toggle source
# File lib/devise/models/authenticatable.rb, line 67
def self.required_fields(klass)
  []
end