Class: Devise::Strategies::DatabaseAuthenticatable
- Inherits:
-
Authenticatable
- Object
- Authenticatable
- Devise::Strategies::DatabaseAuthenticatable
- Defined in:
- lib/devise/strategies/database_authenticatable.rb
Overview
Default strategy for signing in a user, based on their email and password in the database.
Instance Method Summary collapse
Instance Method Details
#authenticate! ⇒ Object
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/devise/strategies/database_authenticatable.rb', line 9 def authenticate! resource = password.present? && mapping.to.find_for_database_authentication(authentication_hash) hashed = false if validate(resource){ hashed = true; resource.valid_password?(password) } if second_factor_enabled?(resource) session[:current_authentication_resource_id] = resource.id session[:current_authentication_remember_me] = remember_me? request.flash[:notice] = request.commit_flash redirect!(two_factor_authentication_path, {}, message: ) else remember_me(resource) resource.after_database_authentication success!(resource) end end # In paranoid mode, hash the password even when a resource doesn't exist for the given authentication key. # This is necessary to prevent enumeration attacks - e.g. the request is faster when a resource doesn't # exist in the database if the password hashing algorithm is not called. mapping.to.new.password = password if !hashed && Devise.paranoid unless resource Devise.paranoid ? fail(:invalid) : fail(:not_found_in_database) end end |