class Devise::Strategies::Authenticatable

for an example.
parameters both from params or from http authorization headers. See database_authenticatable
This strategy should be used as basis for authentication strategies. It retrieves

def authenticatable_name

becomes simply :database.
Holds the authenticatable name for this class. Devise::Strategies::DatabaseAuthenticatable 
def authenticatable_name
  @authenticatable_name ||=
    ActiveSupport::Inflector.underscore(self.class.name.split("::").last).
      sub("_authenticatable", "").to_sym
end

def authentication_keys

Holds the authentication keys. 
def authentication_keys
  @authentication_keys ||= mapping.to.authentication_keys
end

def decode_credentials

Helper to decode credentials from HTTP. 
def decode_credentials
  return [] unless request.authorization && request.authorization =~ /^Basic (.*)/m
  ActiveSupport::Base64.decode64($1).split(/:/, 2)
end

def decorate(resource)

Get values from params and set in the resource. 
def decorate(resource)
  resource.remember_me = remember_me? if resource.respond_to?(:remember_me=)
end

def http_auth_hash

Extract a hash with attributes:values from the http params. 
def http_auth_hash
  keys = [authentication_keys.first, :password]
  Hash[*keys.zip(decode_credentials).flatten]
end

def http_authenticatable?

Check if the model accepts this strategy as http authenticatable. 
def http_authenticatable?
  mapping.to.http_authenticatable?(authenticatable_name)
end

def params_auth_hash

Extract the appropriate subhash for authentication from params. 
def params_auth_hash
   params[scope]
 end

def params_authenticatable?

Check if the model accepts this strategy as params authenticatable. 
def params_authenticatable?
  mapping.to.params_authenticatable?(authenticatable_name)
end

def parse_authentication_key_values(hash, keys)

Parse authentication keys considering if they should be enforced or not. 
def parse_authentication_key_values(hash, keys)
  keys.each do |key, enforce|
    value = hash[key].presence
    if value
      self.authentication_hash[key] = value
    else
      return false unless enforce == false
    end
  end
  true
end

def remember_me?

Should this resource be marked to be remembered? 
def remember_me?
  valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
end

def request_keys

Holds request keys. 
def request_keys
  @request_keys ||= mapping.to.request_keys
end

def request_values

Returns values from the request object. 
def request_values
  keys = request_keys.respond_to?(:keys) ? request_keys.keys : request_keys
  values = keys.map { |k| self.request.send(k) }
  Hash[keys.zip(values)]
end

def valid? 

def valid?
  valid_for_params_auth? || valid_for_http_auth?
end

def valid_for_http_auth?


* If all authentication keys are present;
* If any of the authorization headers were sent;
* Validating if the model allows params authentication;

Check if this is strategy is valid for http authentication by: 
def valid_for_http_auth?
  http_authenticatable? && request.authorization && with_authentication_hash(http_auth_hash)
end

def valid_for_params_auth?


* If all authentication keys are present;
* If the params[scope] returns a hash with credentials;
* If the request hits the sessions controller through POST;
* Validating if the model allows params authentication;

Check if this is strategy is valid for params authentication by: 
def valid_for_params_auth?
  params_authenticatable? && valid_request? &&
    valid_params? && with_authentication_hash(params_auth_hash)
end

def valid_params?

If the request is valid, finally check if params_auth_hash returns a hash. 
def valid_params?
  params_auth_hash.is_a?(Hash)
end

def valid_password?

Check if password is present and is not equal to "X" (default value for token). 
def valid_password?
  password.present? && password != "X"
end

def valid_request?

By default, a request is valid if the controller is allowed and the VERB is POST. 
def valid_request?
  !!env["devise.allow_params_authentication"]
end

def validate(resource, &block)

Simply invokes valid_for_authentication? with the given block and deal with the result. 
def validate(resource, &block)
  result = resource && resource.valid_for_authentication?(&block)
  case result
  when String, Symbol
    fail!(result)
    false
  when TrueClass
    decorate(resource)
    true
  else
    result
  end
end

def with_authentication_hash(auth_values)

Sets the authentication hash and the password from params_auth_hash or http_auth_hash. 
def with_authentication_hash(auth_values)
  self.authentication_hash = {}
  self.password = auth_values[:password]
  parse_authentication_key_values(auth_values, authentication_keys) &&
  parse_authentication_key_values(request_values, request_keys)
end