Custom authentication strategy for devise
I found this very helpful snippet in this thread on the devise google group
initializers/some_initializer.rb:
Warden::Strategies.add(:custom_strategy_name) do
def valid?
# code here to check whether to try and authenticate using this strategy;
return true/false
end
def authenticate!
# code here for doing authentication;
# if successful, call
success!(resource) # where resource is the whatever you've authenticated, e.g. user;
# if fail, call
fail!(message) # where message is the failure message
end
end
add following to initializers/devise.rb
config.warden do |manager|
manager.default_strategies.unshift :custom_strategy_name
end
Devise lockable and custom strategy
I ended up using devise_custom_authenticatable in combination with the resources posted on the original question. For lockable to work, database_authenticable must be present. Toni's answer above should work if you have control over LDAP, which I did not when I posed the question.
Run warden strategy in devise when user is already authenticated
Before calling any strategies warden checks if there's already a stored user in session (from previous requests, where some strategy with store?
=true (the default) has succeeded)
You can try faking a 'non-set' user (without full log out) by something like:
# manager is Warden::Manager
manager.prepend_on_request do |proxy|
proxy.set_user(nil, scope: :user, store: false) if proxy.env["HTTP_AUTHORIZATION"].present?
end
PS. your strategy probably should also have def store?; false; end
, as api keys are usually required with each request, and also should not result in persisted session
Related Topics
What's the Best Way to Model Recurring Events in a Calendar Application
Best Way to Convert Strings to Symbols in Hash
Rails 4: Before_Filter Vs. Before_Action
Is There a Performance Gain in Using Single Quotes VS Double Quotes in Ruby
Is It Good Style to Explicitly Return in Ruby
Difference Between '..' (Double-Dot) and '...' (Triple-Dot) in Range Generation
What Are the Restrictions For Method Names in Ruby
How to Configure Webrick to Use Ssl in Rails
Custom Authentication Strategy For Devise
Access Variables Programmatically by Name in Ruby
Naked Asterisk as Parameter in Method Definition: Def F(*)
Why Are We Installing Ruby 1.9.2/1.9.3 Gems into a 1.9.1 Folder
Why Is "Slurping" a File Not a Good Practice
Installed Ruby 1.9.3 With Rvm But Command Line Doesn't Show Ruby -V