Skip to content

Commit 143a619

Browse files
committed
Move instance methods in user concern out of it
1 parent 449a0be commit 143a619

File tree

2 files changed

+59
-59
lines changed

2 files changed

+59
-59
lines changed

app/models/devise_token_auth/concerns/user.rb

Lines changed: 46 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -39,68 +39,68 @@ def self.tokens_match?(token_hash, token)
3939
# remove old tokens if password has changed
4040
before_save :remove_tokens_after_password_reset
4141

42-
# don't use default devise email validation
43-
def email_required?; false; end
44-
def email_changed?; false; end
45-
def will_save_change_to_email?; false; end
46-
4742
if DeviseTokenAuth.send_confirmation_email && devise_modules.include?(:confirmable)
4843
include DeviseTokenAuth::Concerns::ConfirmableSupport
4944
end
45+
end
5046

51-
def password_required?
52-
return false unless provider == 'email'
53-
super
54-
end
47+
# don't use default devise email validation
48+
def email_required?; false; end
49+
def email_changed?; false; end
50+
def will_save_change_to_email?; false; end
5551

56-
# override devise method to include additional info as opts hash
57-
def send_confirmation_instructions(opts = {})
58-
generate_confirmation_token! unless @raw_confirmation_token
52+
def password_required?
53+
return false unless provider == 'email'
54+
super
55+
end
5956

60-
# fall back to "default" config name
61-
opts[:client_config] ||= 'default'
62-
opts[:to] = unconfirmed_email if pending_reconfirmation?
63-
opts[:redirect_url] ||= DeviseTokenAuth.default_confirm_success_url
57+
# override devise method to include additional info as opts hash
58+
def send_confirmation_instructions(opts = {})
59+
generate_confirmation_token! unless @raw_confirmation_token
6460

65-
send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)
66-
end
61+
# fall back to "default" config name
62+
opts[:client_config] ||= 'default'
63+
opts[:to] = unconfirmed_email if pending_reconfirmation?
64+
opts[:redirect_url] ||= DeviseTokenAuth.default_confirm_success_url
6765

68-
# override devise method to include additional info as opts hash
69-
def send_reset_password_instructions(opts = {})
70-
token = set_reset_password_token
66+
send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)
67+
end
7168

72-
# fall back to "default" config name
73-
opts[:client_config] ||= 'default'
69+
# override devise method to include additional info as opts hash
70+
def send_reset_password_instructions(opts = {})
71+
token = set_reset_password_token
7472

75-
send_devise_notification(:reset_password_instructions, token, opts)
76-
token
77-
end
73+
# fall back to "default" config name
74+
opts[:client_config] ||= 'default'
7875

79-
# override devise method to include additional info as opts hash
80-
def send_unlock_instructions(opts = {})
81-
raw, enc = Devise.token_generator.generate(self.class, :unlock_token)
82-
self.unlock_token = enc
83-
save(validate: false)
76+
send_devise_notification(:reset_password_instructions, token, opts)
77+
token
78+
end
8479

85-
# fall back to "default" config name
86-
opts[:client_config] ||= 'default'
80+
# override devise method to include additional info as opts hash
81+
def send_unlock_instructions(opts = {})
82+
raw, enc = Devise.token_generator.generate(self.class, :unlock_token)
83+
self.unlock_token = enc
84+
save(validate: false)
8785

88-
send_devise_notification(:unlock_instructions, raw, opts)
89-
raw
90-
end
86+
# fall back to "default" config name
87+
opts[:client_config] ||= 'default'
88+
89+
send_devise_notification(:unlock_instructions, raw, opts)
90+
raw
91+
end
9192

92-
def create_token(client: nil, lifespan: nil, cost: nil, **token_extras)
93-
token = DeviseTokenAuth::TokenFactory.create(client: client, lifespan: lifespan, cost: cost)
93+
def create_token(client: nil, lifespan: nil, cost: nil, **token_extras)
94+
token = DeviseTokenAuth::TokenFactory.create(client: client, lifespan: lifespan, cost: cost)
9495

95-
tokens[token.client] = {
96-
token: token.token_hash,
97-
expiry: token.expiry
98-
}.merge!(token_extras)
96+
tokens[token.client] = {
97+
token: token.token_hash,
98+
expiry: token.expiry
99+
}.merge!(token_extras)
99100

100-
clean_old_tokens
101+
clean_old_tokens
101102

102-
token
103-
end
103+
token
104104
end
105105

106106
def valid_token?(token, client = 'default')
@@ -218,7 +218,7 @@ def destroy_expired_tokens
218218
end
219219

220220
def should_remove_tokens_after_password_reset?
221-
if Rails::VERSION::MAJOR <= 5 ||defined?('Mongoid')
221+
if Rails::VERSION::MAJOR <= 5 || const_defined?('Mongoid')
222222
encrypted_password_changed? &&
223223
DeviseTokenAuth.remove_tokens_after_password_reset
224224
else

docs/config/initialization.md

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -4,20 +4,20 @@ The following settings are available for configuration in `config/initializers/d
44

55
| Name (default) | Description|
66
|---|---|---|
7-
| **`change_headers_on_each_request`** (`true`) | By default the access-token header will change after each request. The client is responsible for keeping track of the changing tokens. Both [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) and [jToker](https://github.com/lynndylanhurley/j-toker) do this out of the box. While this implementation is more secure, it can be difficult to manage. Set this to false to prevent the `access-token` header from changing after each request. [Read more](/conceptual#about-token-management). |
8-
| **`token_lifespan`** (`2.weeks`) | Set the length of your tokens' lifespans. Users will need to re-authenticate after this duration of time has passed since their last login. |
9-
| **`token_cost`** (`10`) | Set the cost of your tokens' cost. The possible cost value is within range from 4 to 31. It is recommended to not use a value more than 10. For details see [BCrypt Cost Factors](https://github.com/codahale/bcrypt-ruby#cost-factors). |
10-
| **`batch_request_buffer_throttle`** (`5.seconds`) | Sometimes it's necessary to make several requests to the API at the same time. In this case, each request in the batch will need to share the same auth token. This setting determines how far apart the requests can be while still using the same auth token. [Read more](conceptual#about-batch-requests). |
11-
| **`omniauth_prefix`** (`"/omniauth"`) | This route will be the prefix for all oauth2 redirect callbacks. For example, using the default '/omniauth' setting, the github oauth2 provider will redirect successful authentications to '/omniauth/github/callback'. [Read more](#omniauth-provider-settings). |
12-
| **`default_confirm_success_url`** (`nil`) | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful email confirmation. If this param is set, the API will redirect to this value when no value is provided by the client. |
13-
| **`default_password_reset_url`** (`nil`) | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful password resets. If this param is set, the API will redirect to this value when no value is provided by the client. |
14-
| **`redirect_whitelist`** (`nil`) | As an added security measure, you can limit the URLs to which the API will redirect after email token validation (password reset, email confirmation, etc.). This value should be an array containing matches to the client URLs to be visited after validation. Wildcards are supported. |
15-
| **`enable_standard_devise_support`** (`false`) | By default, only Bearer Token authentication is implemented out of the box. If, however, you wish to integrate with legacy Devise authentication, you can do so by enabling this flag. NOTE: This feature is highly experimental! |
16-
| **`remove_tokens_after_password_reset`** (`false`) | By default, old tokens are not invalidated when password is changed. Enable this option if you want to make passwords updates to logout other devices. |
7+
| **`change_headers_on_each_request`**<br />(`true`) | By default the access-token header will change after each request. The client is responsible for keeping track of the changing tokens. Both [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) and [jToker](https://github.com/lynndylanhurley/j-toker) do this out of the box. While this implementation is more secure, it can be difficult to manage. Set this to false to prevent the `access-token` header from changing after each request. [Read more](/conceptual#about-token-management). |
8+
| **`token_lifespan`**<br />(`2.weeks`) | Set the length of your tokens' lifespans. Users will need to re-authenticate after this duration of time has passed since their last login. |
9+
| **`token_cost`**<br />(`10`) | Set the cost of your tokens' cost. The possible cost value is within range from 4 to 31. It is recommended to not use a value more than 10. For details see [BCrypt Cost Factors](https://github.com/codahale/bcrypt-ruby#cost-factors). |
10+
| **`batch_request_buffer_throttle`**<br />(`5.seconds`) | Sometimes it's necessary to make several requests to the API at the same time. In this case, each request in the batch will need to share the same auth token. This setting determines how far apart the requests can be while still using the same auth token. [Read more](conceptual#about-batch-requests). |
11+
| **`omniauth_prefix`**<br />(`"/omniauth"`) | This route will be the prefix for all oauth2 redirect callbacks. For example, using the default '/omniauth' setting, the github oauth2 provider will redirect successful authentications to '/omniauth/github/callback'. [Read more](#omniauth-provider-settings). |
12+
| **`default_confirm_success_url`**<br />(`nil`) | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful email confirmation. If this param is set, the API will redirect to this value when no value is provided by the client. |
13+
| **`default_password_reset_url`**<br />(`nil`) | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful password resets. If this param is set, the API will redirect to this value when no value is provided by the client. |
14+
| **`redirect_whitelist`**<br />(`nil`) | As an added security measure, you can limit the URLs to which the API will redirect after email token validation (password reset, email confirmation, etc.). This value should be an array containing matches to the client URLs to be visited after validation. Wildcards are supported. |
15+
| **`enable_standard_devise_support`**<br />(`false`) | By default, only Bearer Token authentication is implemented out of the box. If, however, you wish to integrate with legacy Devise authentication, you can do so by enabling this flag. NOTE: This feature is highly experimental! |
16+
| **`remove_tokens_after_password_reset`**<br />(`false`) | By default, old tokens are not invalidated when password is changed. Enable this option if you want to make passwords updates to logout other devices. |
1717
| **`default_callbacks`** (`true`) | By default User model will include the `DeviseTokenAuth::Concerns::UserOmniauthCallbacks` concern, which has `email`, `uid` validations & `uid` synchronization callbacks. |
18-
| **`bypass_sign_in`** (`true`) | By default DeviseTokenAuth will not check user's `#active_for_authentication?` which includes confirmation check on each call (it will do it only on sign in). If you want it to be validated on each request (for example, to be able to deactivate logged in users on the fly), set it to false. |
19-
| **`send_confirmation_email`** (`false`) | By default DeviseTokenAuth will not send confirmation email, even when including devise confirmable module. If you want to use devise confirmable module and send email, set it to true. (This is a setting for compatibility) |
20-
| **`require_client_password_reset_token`** (`false`) | By default, the password-reset confirmation link redirects to the client with valid session credentials as querystring params. With this option enabled, the redirect will NOT include the valid session credentials. Instead the redirect will include a password_reset_token querystring param that can be used to reset the users password. Once the user has reset their password, the password-reset success response headers will contain valid session credentials. |
18+
| **`bypass_sign_in`**<br />(`true`) | By default DeviseTokenAuth will not check user's `#active_for_authentication?` which includes confirmation check on each call (it will do it only on sign in). If you want it to be validated on each request (for example, to be able to deactivate logged in users on the fly), set it to false. |
19+
| **`send_confirmation_email`**<br />(`false`) | By default DeviseTokenAuth will not send confirmation email, even when including devise confirmable module. If you want to use devise confirmable module and send email, set it to true. (This is a setting for compatibility) |
20+
| **`require_client_password_reset_token`**<br />(`false`) | By default, the password-reset confirmation link redirects to the client with valid session credentials as querystring params. With this option enabled, the redirect will NOT include the valid session credentials. Instead the redirect will include a password_reset_token querystring param that can be used to reset the users password. Once the user has reset their password, the password-reset success response headers will contain valid session credentials. |
2121

2222
Additionally, you can configure other aspects of devise by manually creating the traditional devise.rb file at `config/initializers/devise.rb`. Here are some examples of what you can do in this file:
2323

0 commit comments

Comments
 (0)