Class: Devise::Strategies::DatabaseAuthenticatable

Inherits:
Authenticatable
  • Object
show all
Defined in:
lib/devise/strategies/database_authenticatable.rb

Overview

Default strategy for signing in a user, based on their email and password in the database.

Instance Method Summary collapse

Instance Method Details

#authenticate!Object


9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# File 'lib/devise/strategies/database_authenticatable.rb', line 9

def authenticate!
  resource  = password.present? && mapping.to.find_for_database_authentication(authentication_hash)
  hashed = false

  if validate(resource){ hashed = true; resource.valid_password?(password) }
    remember_me(resource)
    resource.after_database_authentication
    success!(resource)
  end

  # In paranoid mode, hash the password even when a resource doesn't exist for the given authentication key.
  # This is necessary to prevent enumeration attacks - e.g. the request is faster when a resource doesn't
  # exist in the database if the password hashing algorithm is not called.
  mapping.to.new.password = password if !hashed && Devise.paranoid
  unless resource
    Devise.paranoid ? fail(:invalid) : fail(:not_found_in_database)
  end
end