authpwn_rails 0.17.2 → 0.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b095c66fb7394d72b05bd3c28f5c68a7c25c87ab
-  data.tar.gz: ccb3d3ce5a0ed4be9caf9ae575124d496dd3b89d
+  metadata.gz: 65618dde26dcdad94e8dc8e72daa2f32fd9ceef2
+  data.tar.gz: 423f8dcf94083a6e5c3ab49f6c73caa8ed6567ed
 SHA512:
-  metadata.gz: cd79f304e8a6251c48e03ae823b09968344fbb6706023c3934606bb2c14a46da30a8e09fbc96c2bd2c3464680fe00398fe80b9e73bac1cad28dc45f752c20f34
-  data.tar.gz: 8086d3687c7cd22126e1d13863d39aa3f0e3ef179f54dfdf970863a960bb359c645351b203313a2d66416f78df41dbe6297deb896597d1867c83d439c5e2ffc2
+  metadata.gz: 434cb53b2466d1fa67cef7daa6b3d5a46a588568ebd82b7cef7533ac5c33e4f883b034113d8bc6a07911026e3f61d9617740e525a450aad5fb5081dd7c89bf07
+  data.tar.gz: 243f68501820c8eaecddc32d17ff36b5931ebdeacb703d0f09d696e4919ca92c687a2ea319878e155e30c2f7e63547d2aa2f394f38b73a41832e72c89f739005

data/.travis.yml

@@ -9,6 +9,5 @@ gemfile:
   - Gemfile.rails41
   - Gemfile.rails42
 rvm:
-  - 2.0.0
   - 2.1.0
-  - rbx
+  - 2.2.0

data/Gemfile

@@ -1,15 +1,15 @@
 source 'https://rubygems.org'
 
-gem 'rails', '>= 4.0.9'
+gem 'rails', '>= 4.0.13'
 
 group :development do
-  gem 'bundler', '>= 1.7.3'
+  gem 'bundler', '>= 1.6.6'
   gem 'mocha', '>= 0.14.0'
   gem 'jeweler', '>= 2.0.1'
   gem 'simplecov', '>= 0'
-  gem 'mysql2', '>= 0.3.16'
+  gem 'mysql2', '>= 0.3.18'
   gem 'omniauth', '>= 1.2.2'
-  gem 'pg', '>= 0.17.1'
+  gem 'pg', '>= 0.18.2'
   gem 'sqlite3', '>= 1.3.9'
   gem 'rubysl', platforms: [:rbx]
   gem 'rubysl-bundler', platforms: [:rbx]

data/Gemfile.lock

@@ -1,42 +1,42 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (4.2.0)
-      actionpack (= 4.2.0)
-      actionview (= 4.2.0)
-      activejob (= 4.2.0)
+    actionmailer (4.2.2)
+      actionpack (= 4.2.2)
+      actionview (= 4.2.2)
+      activejob (= 4.2.2)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.0)
-      actionview (= 4.2.0)
-      activesupport (= 4.2.0)
-      rack (~> 1.6.0)
+    actionpack (4.2.2)
+      actionview (= 4.2.2)
+      activesupport (= 4.2.2)
+      rack (~> 1.6)
       rack-test (~> 0.6.2)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.1)
-    actionview (4.2.0)
-      activesupport (= 4.2.0)
+    actionview (4.2.2)
+      activesupport (= 4.2.2)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.1)
-    activejob (4.2.0)
-      activesupport (= 4.2.0)
+    activejob (4.2.2)
+      activesupport (= 4.2.2)
       globalid (>= 0.3.0)
-    activemodel (4.2.0)
-      activesupport (= 4.2.0)
+    activemodel (4.2.2)
+      activesupport (= 4.2.2)
       builder (~> 3.1)
-    activerecord (4.2.0)
-      activemodel (= 4.2.0)
-      activesupport (= 4.2.0)
+    activerecord (4.2.2)
+      activemodel (= 4.2.2)
+      activesupport (= 4.2.2)
       arel (~> 6.0)
-    activesupport (4.2.0)
+    activesupport (4.2.2)
       i18n (~> 0.7)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
-    addressable (2.3.6)
+    addressable (2.3.8)
     arel (6.0.0)
     builder (3.2.2)
     descendants_tracker (0.0.4)
@@ -46,8 +46,8 @@ GEM
     faraday (0.9.1)
       multipart-post (>= 1.2, < 3)
     ffi2-generators (0.1.1)
-    git (1.2.8)
-    github_api (0.12.2)
+    git (1.2.9.1)
+    github_api (0.12.3)
       addressable (~> 2.3)
       descendants_tracker (~> 0.0.4)
       faraday (~> 0.8, < 0.10)
@@ -55,11 +55,10 @@ GEM
       multi_json (>= 1.7.5, < 2.0)
       nokogiri (~> 1.6.3)
       oauth2
-    globalid (0.3.0)
+    globalid (0.3.5)
       activesupport (>= 4.1.0)
-    hashie (3.3.2)
-    highline (1.6.21)
-    hike (1.2.3)
+    hashie (3.4.2)
+    highline (1.7.2)
     i18n (0.7.0)
     jeweler (2.0.1)
       builder
@@ -70,23 +69,23 @@ GEM
       nokogiri (>= 1.5.10)
       rake
       rdoc
-    json (1.8.2)
-    jwt (1.2.0)
-    loofah (2.0.1)
+    json (1.8.3)
+    jwt (1.5.0)
+    loofah (2.0.2)
       nokogiri (>= 1.5.9)
     mail (2.6.3)
       mime-types (>= 1.16, < 3)
     metaclass (0.0.4)
-    mime-types (2.4.3)
+    mime-types (2.6.1)
     mini_portile (0.6.2)
-    minitest (5.5.1)
+    minitest (5.7.0)
     mocha (1.1.0)
       metaclass (~> 0.0.1)
-    multi_json (1.10.1)
+    multi_json (1.11.1)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
-    mysql2 (0.3.17)
-    nokogiri (1.6.5)
+    mysql2 (0.3.18)
+    nokogiri (1.6.6.2)
       mini_portile (~> 0.6.0)
     oauth2 (1.0.0)
       faraday (>= 0.8, < 0.10)
@@ -97,38 +96,36 @@ GEM
     omniauth (1.2.2)
       hashie (>= 1.2, < 4)
       rack (~> 1.0)
-    pg (0.18.1)
-    rack (1.6.0)
+    pg (0.18.2)
+    rack (1.6.2)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.2.0)
-      actionmailer (= 4.2.0)
-      actionpack (= 4.2.0)
-      actionview (= 4.2.0)
-      activejob (= 4.2.0)
-      activemodel (= 4.2.0)
-      activerecord (= 4.2.0)
-      activesupport (= 4.2.0)
+    rails (4.2.2)
+      actionmailer (= 4.2.2)
+      actionpack (= 4.2.2)
+      actionview (= 4.2.2)
+      activejob (= 4.2.2)
+      activemodel (= 4.2.2)
+      activerecord (= 4.2.2)
+      activesupport (= 4.2.2)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.0)
+      railties (= 4.2.2)
       sprockets-rails
     rails-deprecated_sanitizer (1.0.3)
       activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.5)
+    rails-dom-testing (1.0.6)
       activesupport (>= 4.2.0.beta, < 5.0)
       nokogiri (~> 1.6.0)
       rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.1)
+    rails-html-sanitizer (1.0.2)
       loofah (~> 2.0)
-    railties (4.2.0)
-      actionpack (= 4.2.0)
-      activesupport (= 4.2.0)
+    railties (4.2.2)
+      actionpack (= 4.2.2)
+      activesupport (= 4.2.2)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rake (10.4.2)
-    rb-readline (0.5.2)
     rdoc (4.2.0)
-      json (~> 1.4)
     rubysl (2.1.0)
       rubysl-abbrev (~> 2.0)
       rubysl-base64 (~> 2.0)
@@ -242,9 +239,9 @@ GEM
     rubysl-csv (2.0.2)
       rubysl-english (~> 2.0)
     rubysl-curses (2.0.1)
-    rubysl-date (2.0.8)
+    rubysl-date (2.0.9)
     rubysl-delegate (2.0.1)
-    rubysl-digest (2.0.3)
+    rubysl-digest (2.0.8)
     rubysl-drb (2.0.1)
     rubysl-e2mmap (2.0.0)
     rubysl-english (2.0.0)
@@ -267,8 +264,7 @@ GEM
     rubysl-io-nonblock (2.0.0)
     rubysl-io-wait (2.0.0)
     rubysl-ipaddr (2.0.0)
-    rubysl-irb (2.1.0)
-      rb-readline (~> 0.5)
+    rubysl-irb (2.1.1)
       rubysl-e2mmap (~> 2.0)
       rubysl-mathn (~> 2.0)
       rubysl-thread (~> 2.0)
@@ -295,7 +291,7 @@ GEM
     rubysl-observer (2.0.0)
     rubysl-open-uri (2.0.0)
     rubysl-open3 (2.0.0)
-    rubysl-openssl (2.2.1)
+    rubysl-openssl (2.3.0)
     rubysl-optparse (2.0.1)
       rubysl-shellwords (~> 2.0)
     rubysl-ostruct (2.0.4)
@@ -320,7 +316,7 @@ GEM
       rubysl-tempfile (~> 2.0)
       rubysl-thread (~> 2.0)
     rubysl-rational (2.0.1)
-    rubysl-resolv (2.1.0)
+    rubysl-resolv (2.1.2)
     rubysl-rexml (2.0.4)
     rubysl-rinda (2.0.1)
     rubysl-rss (2.0.0)
@@ -336,7 +332,7 @@ GEM
     rubysl-syslog (2.1.0)
       ffi2-generators (~> 0.1)
     rubysl-tempfile (2.0.1)
-    rubysl-thread (2.0.2)
+    rubysl-thread (2.0.3)
     rubysl-thwait (2.0.0)
     rubysl-time (2.0.3)
     rubysl-timeout (2.0.0)
@@ -351,24 +347,20 @@ GEM
     rubysl-xmlrpc (2.0.0)
     rubysl-yaml (2.1.0)
     rubysl-zlib (2.0.1)
-    simplecov (0.9.1)
+    simplecov (0.10.0)
       docile (~> 1.1.0)
-      multi_json (~> 1.0)
-      simplecov-html (~> 0.8.0)
-    simplecov-html (0.8.0)
-    sprockets (2.12.3)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
+      json (~> 1.8)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.0)
+    sprockets (3.2.0)
       rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.2.2)
+    sprockets-rails (2.3.1)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (>= 2.8, < 4.0)
     sqlite3 (1.3.10)
     thor (0.19.1)
-    thread_safe (0.3.4)
-    tilt (1.4.1)
+    thread_safe (0.3.5)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
 
@@ -376,13 +368,13 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (>= 1.7.3)
+  bundler (>= 1.6.6)
   jeweler (>= 2.0.1)
   mocha (>= 0.14.0)
-  mysql2 (>= 0.3.16)
+  mysql2 (>= 0.3.18)
   omniauth (>= 1.2.2)
-  pg (>= 0.17.1)
-  rails (>= 4.0.9)
+  pg (>= 0.18.2)
+  rails (>= 4.0.13)
   rubysl
   rubysl-bundler
   rubysl-rake

data/Gemfile.rails4

@@ -1,15 +1,15 @@
 source 'https://rubygems.org'
 
-gem 'rails', '~> 4.0.9'
+gem 'rails', '~> 4.0.13'
 
 group :development do
-  gem 'bundler', '>= 1.6.2'
+  gem 'bundler', '>= 1.6.6'
   gem 'mocha', '>= 1.1.0'
   gem 'jeweler', '>= 2.0.1'
   gem 'simplecov', '>= 0'
-  gem 'mysql2', '>= 0.3.16'
+  gem 'mysql2', '>= 0.3.18'
   gem 'omniauth', '>= 1.2.2'
-  gem 'pg', '>= 0.17.1'
+  gem 'pg', '>= 0.18.2'
   gem 'sqlite3', '>= 1.3.10'
   gem 'rubysl', platforms: [:rbx]
   gem 'rubysl-bundler', platforms: [:rbx]

data/Gemfile.rails41

@@ -1,15 +1,15 @@
 source 'https://rubygems.org'
 
-gem 'rails', '~> 4.1.7'
+gem 'rails', '~> 4.1.10'
 
 group :development do
-  gem 'bundler', '>= 1.6.2'
+  gem 'bundler', '>= 1.6.6'
   gem 'mocha', '>= 1.1.0'
   gem 'jeweler', '>= 2.0.1'
   gem 'simplecov', '>= 0'
-  gem 'mysql2', '>= 0.3.16'
+  gem 'mysql2', '>= 0.3.18'
   gem 'omniauth', '>= 1.2.2'
-  gem 'pg', '>= 0.17.1'
+  gem 'pg', '>= 0.18.2'
   gem 'sqlite3', '>= 1.3.10'
   gem 'rubysl', platforms: [:rbx]
   gem 'rubysl-bundler', platforms: [:rbx]

data/Gemfile.rails42

@@ -1,15 +1,15 @@
 source 'https://rubygems.org'
 
-gem 'rails', '>= 4.2.0'
+gem 'rails', '~> 4.2.2'
 
 group :development do
-  gem 'bundler', '>= 1.6.2'
+  gem 'bundler', '>= 1.6.6'
   gem 'mocha', '>= 1.1.0'
   gem 'jeweler', '>= 2.0.1'
   gem 'simplecov', '>= 0'
-  gem 'mysql2', '>= 0.3.16'
+  gem 'mysql2', '>= 0.3.18'
   gem 'omniauth', '>= 1.2.2'
-  gem 'pg', '>= 0.17.1'
+  gem 'pg', '>= 0.18.2'
   gem 'sqlite3', '>= 1.3.10'
   gem 'rubysl', platforms: [:rbx]
   gem 'rubysl-bundler', platforms: [:rbx]

data/VERSION

@@ -1 +1 @@
-0.17.2
+0.18.0

data/app/models/tokens/api.rb

@@ -0,0 +1,13 @@
+# :namespace
+module Tokens
+
+# API tokens can be used to issue API calls on behalf of an account.
+class Api < Tokens::Base
+  # NOTE: If we ever implement OAuth tokens, they should hang off of API
+  #       tokens.
+
+  # For now, we allow exactly one API token for each user.
+  validates :user, uniqueness: { scope: :type }
+end
+
+end  # namespace Tokens

data/app/models/tokens/base.rb

@@ -27,8 +27,9 @@ class Base < ::Credential
   # Returns the authenticated User instance, or a symbol indicating the reason
   # why the (potentially valid) token code was rejected.
   def self.authenticate(code)
-    credential = self.with_code(code).first
-    credential ? credential.authenticate : :invalid
+    return :invalid unless token = self.with_code(code).first
+    return :invalid unless token.kind_of?(self)
+    token.authenticate
   end
 
   # Scope that uses a secret code.

data/authpwn_rails.gemspec

@@ -2,16 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: authpwn_rails 0.17.2 ruby lib
+# stub: authpwn_rails 0.18.0 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "authpwn_rails"
-  s.version = "0.17.2"
+  s.version = "0.18.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
   s.authors = ["Victor Costan"]
-  s.date = "2015-01-11"
+  s.date = "2015-06-17"
   s.description = "Works with Facebook."
   s.email = "victor@costan.us"
   s.extra_rdoc_files = [
@@ -35,6 +35,7 @@ Gem::Specification.new do |s|
     "app/models/credentials/email.rb",
     "app/models/credentials/omni_auth_uid.rb",
     "app/models/credentials/password.rb",
+    "app/models/tokens/api.rb",
     "app/models/tokens/base.rb",
     "app/models/tokens/email_verification.rb",
     "app/models/tokens/one_time.rb",
@@ -72,16 +73,19 @@ Gem::Specification.new do |s|
     "lib/authpwn_rails/generators/templates/user.rb",
     "lib/authpwn_rails/generators/templates/users.yml",
     "lib/authpwn_rails/http_basic.rb",
+    "lib/authpwn_rails/http_token.rb",
     "lib/authpwn_rails/routes.rb",
     "lib/authpwn_rails/session.rb",
     "lib/authpwn_rails/session_controller.rb",
     "lib/authpwn_rails/session_mailer.rb",
     "lib/authpwn_rails/session_model.rb",
     "lib/authpwn_rails/test_extensions.rb",
+    "lib/authpwn_rails/user_extensions/api_token_field.rb",
     "lib/authpwn_rails/user_extensions/email_field.rb",
     "lib/authpwn_rails/user_extensions/password_field.rb",
     "lib/authpwn_rails/user_model.rb",
     "test/cookie_controller_test.rb",
+    "test/credentials/api_token_test.rb",
     "test/credentials/email_credential_test.rb",
     "test/credentials/email_verification_token_test.rb",
     "test/credentials/omni_auth_uid_credential_test.rb",
@@ -108,6 +112,7 @@ Gem::Specification.new do |s|
     "test/helpers/test_order.rb",
     "test/helpers/view_helpers.rb",
     "test/http_basic_controller_test.rb",
+    "test/http_token_controller_test.rb",
     "test/initializer_test.rb",
     "test/routes_test.rb",
     "test/session_controller_api_test.rb",
@@ -117,54 +122,55 @@ Gem::Specification.new do |s|
     "test/session_test.rb",
     "test/test_extensions_test.rb",
     "test/test_helper.rb",
+    "test/user_extensions/api_token_field_test.rb",
     "test/user_extensions/email_field_test.rb",
     "test/user_extensions/password_field_test.rb",
     "test/user_test.rb"
   ]
   s.homepage = "http://github.com/pwnall/authpwn_rails"
   s.licenses = ["MIT"]
-  s.rubygems_version = "2.2.2"
+  s.rubygems_version = "2.4.6"
   s.summary = "User authentication for Rails 4 applications."
 
   if s.respond_to? :specification_version then
     s.specification_version = 4
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<rails>, [">= 4.0.9"])
-      s.add_development_dependency(%q<bundler>, [">= 1.7.3"])
+      s.add_runtime_dependency(%q<rails>, [">= 4.0.13"])
+      s.add_development_dependency(%q<bundler>, [">= 1.6.6"])
       s.add_development_dependency(%q<mocha>, [">= 0.14.0"])
       s.add_development_dependency(%q<jeweler>, [">= 2.0.1"])
       s.add_development_dependency(%q<simplecov>, [">= 0"])
-      s.add_development_dependency(%q<mysql2>, [">= 0.3.16"])
+      s.add_development_dependency(%q<mysql2>, [">= 0.3.18"])
       s.add_development_dependency(%q<omniauth>, [">= 1.2.2"])
-      s.add_development_dependency(%q<pg>, [">= 0.17.1"])
+      s.add_development_dependency(%q<pg>, [">= 0.18.2"])
       s.add_development_dependency(%q<sqlite3>, [">= 1.3.9"])
       s.add_development_dependency(%q<rubysl>, [">= 0"])
       s.add_development_dependency(%q<rubysl-bundler>, [">= 0"])
       s.add_development_dependency(%q<rubysl-rake>, [">= 0"])
     else
-      s.add_dependency(%q<rails>, [">= 4.0.9"])
-      s.add_dependency(%q<bundler>, [">= 1.7.3"])
+      s.add_dependency(%q<rails>, [">= 4.0.13"])
+      s.add_dependency(%q<bundler>, [">= 1.6.6"])
       s.add_dependency(%q<mocha>, [">= 0.14.0"])
       s.add_dependency(%q<jeweler>, [">= 2.0.1"])
       s.add_dependency(%q<simplecov>, [">= 0"])
-      s.add_dependency(%q<mysql2>, [">= 0.3.16"])
+      s.add_dependency(%q<mysql2>, [">= 0.3.18"])
       s.add_dependency(%q<omniauth>, [">= 1.2.2"])
-      s.add_dependency(%q<pg>, [">= 0.17.1"])
+      s.add_dependency(%q<pg>, [">= 0.18.2"])
       s.add_dependency(%q<sqlite3>, [">= 1.3.9"])
       s.add_dependency(%q<rubysl>, [">= 0"])
       s.add_dependency(%q<rubysl-bundler>, [">= 0"])
       s.add_dependency(%q<rubysl-rake>, [">= 0"])
     end
   else
-    s.add_dependency(%q<rails>, [">= 4.0.9"])
-    s.add_dependency(%q<bundler>, [">= 1.7.3"])
+    s.add_dependency(%q<rails>, [">= 4.0.13"])
+    s.add_dependency(%q<bundler>, [">= 1.6.6"])
     s.add_dependency(%q<mocha>, [">= 0.14.0"])
     s.add_dependency(%q<jeweler>, [">= 2.0.1"])
     s.add_dependency(%q<simplecov>, [">= 0"])
-    s.add_dependency(%q<mysql2>, [">= 0.3.16"])
+    s.add_dependency(%q<mysql2>, [">= 0.3.18"])
     s.add_dependency(%q<omniauth>, [">= 1.2.2"])
-    s.add_dependency(%q<pg>, [">= 0.17.1"])
+    s.add_dependency(%q<pg>, [">= 0.18.2"])
     s.add_dependency(%q<sqlite3>, [">= 1.3.9"])
     s.add_dependency(%q<rubysl>, [">= 0"])
     s.add_dependency(%q<rubysl-bundler>, [">= 0"])

data/lib/authpwn_rails/generators/templates/credentials.yml

@@ -69,3 +69,7 @@ jane_omniauth_developer:
   name: developer,jane@gmail.com
   key: "1"
 
+john_api_token:
+  user: john
+  type: Tokens::Api
+  name: WViSwbTAEMe0dzB_IHXyNG3UJ4VgDW3_6nKM_FLrc6w

data/lib/authpwn_rails/generators/templates/user.rb

@@ -6,6 +6,8 @@ class User < ActiveRecord::Base
   # include Authpwn::UserExtensions::EmailField
   # Virtual password attribute, with confirmation validation.
   # include Authpwn::UserExtensions::PasswordField
+  # Virtual API token attribute.
+  # include Authpwn::UserExtensions::ApiTokenField
 
   # Change this to customize user lookup in the e-mail/password signin process.
   #

data/lib/authpwn_rails/http_basic.rb

@@ -5,8 +5,8 @@ class ActionController::Base
   # Keeps track of the currently authenticated user via the session.
   #
   # Assumes the existence of a User model. A bare ActiveModel model will do the
-  # trick. Model instances must implement id, and the model class must implement
-  # find_by_id.
+  # trick. Model instances must implement id, and the model class must
+  # implement find_by_id.
   def self.authenticates_using_http_basic(options = {})
     include Authpwn::HttpBasicControllerInstanceMethods
     before_filter :authenticate_using_http_basic, options

data/lib/authpwn_rails/http_token.rb

@@ -0,0 +1,67 @@
+require 'action_controller'
+
+# :nodoc: adds authenticates_using_http_token
+class ActionController::Base
+  # Keeps track of the currently authenticated user via the session.
+  #
+  # Assumes the existence of a User model. A bare ActiveModel model will do the
+  # trick. Model instances must implement id, and the model class must implement
+  # find_by_id.
+  def self.authenticates_using_http_token(options = {})
+    include Authpwn::HttpTokenControllerInstanceMethods
+    before_action :authenticate_using_http_token, options
+  end
+end
+
+# :nodoc: namespace
+module Authpwn
+
+# Included in controllers that call authenticates_using_http_token.
+module HttpTokenControllerInstanceMethods
+  include Authpwn::CurrentUser
+
+  # The before_action that implements authenticates_using_http_token.
+  #
+  # If your ApplicationController contains authenticates_using_http_token, you
+  # can opt out in individual controllers using skip_before_action.
+  #
+  #     skip_before_action :authenticate_using_http_filter
+  def authenticate_using_http_token
+    return if current_user
+    authenticate_with_http_token do |token_code, options|
+      auth = Tokens::Api.authenticate token_code
+
+      # NOTE: Setting the instance variable directly bypasses the session
+      #       setup. Tokens are generally used in API contexts, so the session
+      #       cookie would get ignored anyway.
+      @current_user = auth unless auth.kind_of? Symbol
+    end
+  end
+  private :authenticate_using_http_token
+
+  # Inform the user that their request is forbidden.
+  #
+  # If a user is logged on, this renders the session/forbidden view with a HTTP
+  # 403 code.
+  #
+  # If no user is logged in, a HTTP 403 code is returned, together with an
+  # HTTP Authentication header causing the user-agent (browser) to initiate
+  # http token authentication.
+  def bounce_to_http_token()
+    unless current_user
+      request_http_token_authentication
+      return
+    end
+
+    respond_to do |format|
+      format.html do
+        render 'session/forbidden', status: :forbidden
+      end
+      format.json do
+        render json: { error: "You're not allowed to access that" }
+      end
+    end
+  end
+end  # module Authpwn::HttpTokenControllerInstanceMethods
+
+end  # namespace Authpwn

data/lib/authpwn_rails/session_controller.rb

@@ -127,6 +127,8 @@ module SessionController
 
   # GET /session/token/token-code
   def token
+    # NOTE: This repeats the code in Token::Base.authenticate, because we need
+    #       the token.
     if token = Tokens::Base.with_code(params[:code]).first
       auth = token.authenticate
     else

data/lib/authpwn_rails/test_extensions.rb

@@ -59,7 +59,7 @@ module ControllerTestExtensions
     Tokens::Base.with_code(suid).first!.user
   end
 
-  # Sets the HTTP Authentication header.
+  # Sets the HTTP Authentication header for Basic authentication.
   #
   # If no password is provided, the user's password is set to "password". This
   # change is normally reverted at the end of the test, as long as
@@ -95,6 +95,34 @@ module ControllerTestExtensions
         "Basic #{::Base64.strict_encode64("#{email}:#{password}")}"
     self
   end
+
+  # Sets the HTTP Authentication header for Token authentication.
+  #
+  # If the user doesn't have an API token, one is generated automatically. This
+  # change is normally reverted at the end of the test, as long as
+  # transactional fixtures are not disabled.
+  #
+  # If a token code is provided, the user's API token's code is forced to the
+  # given value.
+  #
+  # Tests that need to disable transactional fixures should delete the user's
+  # API token after completion.
+  def set_http_token_user(user, token_code = nil)
+    if user.nil?
+      request.env.delete 'HTTP_AUTHORIZATION'
+      return self
+    end
+
+    credential = Tokens::Api.where(user_id: user.id).first
+    credential ||= Tokens::Api.random_for(user)
+    unless token_code.nil?
+      credential.code = token_code
+      credential.save!
+    end
+
+    request.env['HTTP_AUTHORIZATION'] = "Token #{credential.code}"
+    self
+  end
 end  # module Authpwn::ControllerTestExtensions
 
 end  # namespace Authpwn

data/lib/authpwn_rails/user_extensions/api_token_field.rb

@@ -0,0 +1,30 @@
+require 'active_model'
+require 'active_support'
+
+# :nodoc: namespace
+module Authpwn
+
+# :nodoc: namespace
+module UserExtensions
+
+# Augments the User model with a password virtual attribute.
+module ApiTokenField
+  extend ActiveSupport::Concern
+
+  # Credentials::Password instance associated with this user.
+  def api_token_credential
+    credentials.find { |c| c.instance_of?(Tokens::Api) }
+  end
+
+  # The code from the user's API token credential.
+  #
+  # Creates an API token if the user doesn't already have one.
+  def api_token
+    credential = self.api_token_credential || Tokens::Api.random_for(self)
+    credential.code
+  end
+end  # module Authpwn::UserExtensions::ApiTokenField
+
+end  # module Authpwn::UserExtensions
+
+end  # module Authpwn

data/lib/authpwn_rails/user_extensions/password_field.rb

@@ -16,14 +16,6 @@ module PasswordField
                          confirmation: { allow_nil: true }
   end
 
-  module ClassMethods
-    # The user who has a certain e-mail, or nil if the e-mail is unclaimed.
-    def with_email(email)
-      credential = Credentials::Email.where(name: email).includes(:user).first
-      credential && credential.user
-    end
-  end
-
   # Credentials::Password instance associated with this user.
   def password_credential
     credentials.find { |c| c.instance_of?(Credentials::Password) }

data/lib/authpwn_rails.rb

@@ -14,12 +14,14 @@ module Authpwn
 
   # Contains extensions to the User model.
   module UserExtensions
+    autoload :ApiTokenField, 'authpwn_rails/user_extensions/api_token_field.rb'
     autoload :EmailField, 'authpwn_rails/user_extensions/email_field.rb'
     autoload :PasswordField, 'authpwn_rails/user_extensions/password_field.rb'
   end
 end
 
 require 'authpwn_rails/http_basic.rb'
+require 'authpwn_rails/http_token.rb'
 require 'authpwn_rails/routes.rb'
 require 'authpwn_rails/session.rb'
 require 'authpwn_rails/test_extensions.rb'
@@ -27,7 +29,7 @@ require 'authpwn_rails/test_extensions.rb'
 if defined?(Rails)
   require 'authpwn_rails/engine.rb'
 
-  # HACK(costan): this works around a known Rails bug
+  # HACK(pwnall): this works around a known Rails bug
   #     https://rails.lighthouseapp.com/projects/8994/tickets/1905-apphelpers-within-plugin-not-being-mixed-in
   require File.expand_path('../../app/helpers/session_helper.rb', __FILE__)
   ActionController::Base.helper SessionHelper

data/test/credentials/api_token_test.rb

@@ -0,0 +1,65 @@
+require File.expand_path('../../test_helper', __FILE__)
+
+class ApiTokenTest < ActiveSupport::TestCase
+  def setup
+    @credential = Tokens::Api.new
+    @credential.code = 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo'
+    @credential.user = users(:bill)
+  end
+
+  test 'setup' do
+    assert @credential.valid?
+  end
+
+  test 'code required' do
+    @credential.code = nil
+    assert !@credential.valid?
+  end
+
+  test 'code uniqueness' do
+    @credential.code = credentials(:jane_token).code
+    assert !@credential.valid?
+  end
+
+  test 'user required' do
+    @credential.user = nil
+    assert !@credential.valid?
+  end
+
+  test 'user uniqueness' do
+    @credential.user = credentials(:john_api_token).user
+    assert !@credential.valid?
+  end
+
+  test 'spend does nothing' do
+    credential = credentials(:john_api_token)
+    assert_equal Tokens::Api, credential.class, 'bad setup'
+
+    assert_no_difference 'Credential.count' do
+      credential.spend
+    end
+  end
+
+  test 'expired?' do
+    @credential.updated_at = Time.now - 1.year
+    assert_equal false, @credential.expired?
+  end
+
+  test 'spend does not update old token' do
+    old_updated_at = @credential.updated_at = Time.now - 1.year
+    @credential.spend
+    assert_equal old_updated_at, @credential.updated_at
+  end
+
+  test 'random_for' do
+    user = users(:jane)
+    credential = nil
+    assert_difference 'Credential.count', 1 do
+      credential = Tokens::Api.random_for user
+    end
+    saved_credential = Tokens::Base.with_code(credential.code).first
+    assert saved_credential, 'token was not saved'
+    assert_equal saved_credential, credential, 'wrong token returned'
+    assert_equal user, saved_credential.user
+  end
+end

data/test/credentials/one_time_token_credential_test.rb

@@ -21,7 +21,7 @@ class OneTimeTokenCredentialTest < ActiveSupport::TestCase
     assert !@credential.valid?
   end
 
-  test 'user presence' do
+  test 'user required' do
     @credential.user = nil
     assert !@credential.valid?
   end

data/test/credentials/token_crendential_test.rb

@@ -21,7 +21,7 @@ class TokenCredentialTest < ActiveSupport::TestCase
     assert !@credential.valid?
   end
 
-  test 'user presence' do
+  test 'user required' do
     @credential.user = nil
     assert !@credential.valid?
   end
@@ -46,7 +46,7 @@ class TokenCredentialTest < ActiveSupport::TestCase
 
   test 'with_code' do
     john = 'YZ-Fo8HX6_NyU6lVZXYi6cMDLV5eAgt35UTF5l8bD6A'
-    john2 = 'bDSU4tzfjuob79e3R0ykLcOGTBBYvuBWWJ9V06tQrCE'
+    john_email = 'bDSU4tzfjuob79e3R0ykLcOGTBBYvuBWWJ9V06tQrCE'
     jane = '6TXe1vv7BgOw0BkJ1hzUKO6G08fLk4sVfJ3wPDZHS-c'
     bogus = 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo'
     assert_equal credentials(:john_token),
@@ -54,7 +54,7 @@ class TokenCredentialTest < ActiveSupport::TestCase
     assert_equal credentials(:jane_token),
                  Tokens::Base.with_code(jane).first!
     assert_equal credentials(:john_email_token),
-                 Tokens::Base.with_code(john2).first
+                 Tokens::Base.with_code(john_email).first
     assert_nil Tokens::Base.with_code(bogus).first
     assert_raise ActiveRecord::RecordNotFound do
       Tokens::Base.with_code('john@gmail.com').first!
@@ -77,13 +77,27 @@ class TokenCredentialTest < ActiveSupport::TestCase
 
   test 'class authenticate' do
     john = 'YZ-Fo8HX6_NyU6lVZXYi6cMDLV5eAgt35UTF5l8bD6A'
+    john_email = 'bDSU4tzfjuob79e3R0ykLcOGTBBYvuBWWJ9V06tQrCE'
     jane = '6TXe1vv7BgOw0BkJ1hzUKO6G08fLk4sVfJ3wPDZHS-c'
     bogus = 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo'
+
     assert_equal users(:john), Tokens::Base.authenticate(john)
+    assert_equal users(:john), Tokens::Base.authenticate(john_email)
     assert_equal users(:jane), Tokens::Base.authenticate(jane)
     assert_equal :invalid, Tokens::Base.authenticate(bogus)
   end
 
+  test 'class authenticate with non-base class' do
+    john = 'YZ-Fo8HX6_NyU6lVZXYi6cMDLV5eAgt35UTF5l8bD6A'
+    john_email = 'bDSU4tzfjuob79e3R0ykLcOGTBBYvuBWWJ9V06tQrCE'
+    bogus = 'AyCMIixa5C7BBqU-XFI7l7IaUFJ4zQZPmcK6oNb3FLo'
+
+    assert_equal :invalid, Tokens::EmailVerification.authenticate(john)
+    assert_equal users(:john),
+        Tokens::EmailVerification.authenticate(john_email)
+    assert_equal :invalid, Tokens::EmailVerification.authenticate(bogus)
+  end
+
   test 'class authenticate on expired tokens' do
     john = 'YZ-Fo8HX6_NyU6lVZXYi6cMDLV5eAgt35UTF5l8bD6A'
     jane = '6TXe1vv7BgOw0BkJ1hzUKO6G08fLk4sVfJ3wPDZHS-c'

data/test/helpers/routes.rb

@@ -11,6 +11,9 @@ def setup_authpwn_routes
     resource :http_basic, controller: 'http_basic' do
       collection { get :bouncer }
     end
+    resource :http_token, controller: 'http_token' do
+      collection { get :bouncer }
+    end
 
     authpwn_session controller: 'bare_session', method_names: 'bare_session',
                     omniauth_path_prefix: '/bare_auth'

data/test/http_basic_controller_test.rb

@@ -83,8 +83,8 @@ class HttpBasicControllerTest < ActionController::TestCase
     assert_equal "User: #{jane_id}", response.body
   end
 
-  test "invalid user_pid in session" do
-    get :show, {}, current_user_pid: 'random@user.com'
+  test "invalid authpwn_suid in session" do
+    get :show, {}, authpwn_suid: 'random@user.com'
     assert_response :success
     assert_nil assigns(:current_user)
   end

data/test/http_token_controller_test.rb

@@ -0,0 +1,128 @@
+require File.expand_path('../test_helper', __FILE__)
+
+# Mock controller used for testing session handling.
+class HttpTokenController < ApplicationController
+  authenticates_using_http_token
+
+  def show
+    if current_user
+      render text: "User: #{current_user.id}"
+    else
+      render text: "No user"
+    end
+  end
+
+  def bouncer
+    bounce_to_http_token
+  end
+end
+
+class HttpTokenControllerTest < ActionController::TestCase
+  setup do
+    @user = users(:john)
+  end
+
+  test "no user_id in session cookie or header" do
+    get :show
+    assert_response :success
+    assert_nil assigns(:current_user)
+    assert_equal 'No user', response.body
+  end
+
+  test "valid user_id in session cookie" do
+    set_session_current_user @user
+    get :show
+    assert_response :success
+    assert_nil assigns(:current_user)
+    assert_equal 'No user', response.body
+  end
+
+  test "valid user credentials in header" do
+    set_http_token_user @user
+    get :show
+    assert_equal @user, assigns(:current_user)
+    assert_equal nil, session_current_user,
+        'Token authentication should not update the session'
+
+    john_id = ActiveRecord::FixtureSet.identify :john
+    assert_equal "User: #{john_id}", response.body
+  end
+
+  test "invalid token in header" do
+    set_http_token_user @user
+    Tokens::Api.where(user_id: @user.id).destroy_all
+    get :show
+    assert_nil assigns(:current_user)
+    assert_equal 'No user', response.body
+  end
+
+  test "uses Tokens::Api.authenticate" do
+    Tokens::Api.expects(:authenticate).at_least_once.with('ap1-c0d3').
+        returns @user
+    set_http_token_user @user, 'ap1-c0d3'
+    get :show
+    assert_equal @user, assigns(:current_user)
+    assert_equal nil, session_current_user,
+        'Token authentication should not update the session'
+
+    john_id = ActiveRecord::FixtureSet.identify :john
+    assert_equal "User: #{john_id}", response.body
+  end
+
+  test "reset user credentials in header" do
+    set_http_token_user @user
+    set_http_token_user nil
+    get :show
+    assert_nil assigns(:current_user)
+    assert_equal 'No user', response.body
+  end
+
+  test "newly created API token in header" do
+    user = users(:jane)
+    set_http_token_user user
+    get :show
+    assert_equal user, assigns(:current_user)
+    assert_equal nil, session_current_user,
+        'Token authentication should not update the session'
+
+    jane_id = ActiveRecord::FixtureSet.identify :jane
+    assert_equal "User: #{jane_id}", response.body
+  end
+
+  test "invalid authpwn_suid in session" do
+    get :show, {}, authpwn_suid: 'random@user.com'
+    assert_response :success
+    assert_nil assigns(:current_user)
+  end
+
+  test "valid user bounced to http authentication" do
+    set_http_token_user @user
+    get :bouncer
+    assert_response :forbidden
+    assert_template 'session/forbidden'
+    assert_select 'a[href="/session"][data-method="delete"]', 'sign out'
+  end
+
+  test "valid user bounced in json" do
+    set_http_token_user @user
+    get :bouncer, format: 'json'
+    assert_response :ok
+    data = ActiveSupport::JSON.decode response.body
+    assert_match(/not allowed/i, data['error'])
+  end
+
+  test "no user_id bounced to http authentication" do
+    get :bouncer
+    assert_response :unauthorized
+    assert_equal 'Token realm="Application"',
+                 response.headers['WWW-Authenticate']
+  end
+
+  test "no user_id bounced in json" do
+    get :bouncer, format: 'json'
+    assert_response :unauthorized
+    assert_equal 'Token realm="Application"',
+                 response.headers['WWW-Authenticate']
+  end
+end
+

data/test/session_controller_test.rb

@@ -1,6 +1,5 @@
 require File.expand_path('../test_helper', __FILE__)
 
-require 'authpwn_rails/generators/templates/session_controller.rb'
-
 # Run the tests in the generator, to make sure they pass.
 require 'authpwn_rails/generators/templates/session_controller_test.rb'
+

data/test/session_mailer_test.rb

@@ -1,6 +1,4 @@
 require File.expand_path('../test_helper', __FILE__)
 
-require 'authpwn_rails/generators/templates/session_mailer.rb'
-
 # Run the tests in the generator, to make sure they pass.
 require 'authpwn_rails/generators/templates/session_mailer_test.rb'

data/test/test_helper.rb

@@ -29,5 +29,9 @@ require 'helpers/test_order.rb'
 # Simulate Rails' initializer loading.
 require 'authpwn_rails/generators/templates/initializer.rb'
 
+# Simulate Rails' autoloading.
+require 'authpwn_rails/generators/templates/session_mailer.rb'
+require 'authpwn_rails/generators/templates/session_controller.rb'
+
 # Rails stubbing is only needed by the initializer, and breaks tests.
 require 'helpers/rails_undo.rb'

data/test/user_extensions/api_token_field_test.rb

@@ -0,0 +1,34 @@
+require File.expand_path('../../test_helper', __FILE__)
+
+class UserWithApiToken < User
+  include Authpwn::UserExtensions::ApiTokenField
+end
+
+class ApiTokenFieldTest < ActiveSupport::TestCase
+  def setup
+    @john = UserWithApiToken.find_by_id users(:john).id
+    @jane = UserWithApiToken.find_by_id users(:jane).id
+    @bill = UserWithApiToken.find_by_id users(:bill).id
+  end
+
+  test 'api_token_credential' do
+    assert_equal credentials(:john_api_token), @john.api_token_credential
+    assert_equal nil, @jane.api_token_credential
+    assert_equal nil, @bill.api_token_credential
+  end
+
+  test 'api_token with existing credential' do
+    assert_equal credentials(:john_api_token).code, @john.api_token
+    assert_equal nil, @jane.api_token_credential
+    assert_equal nil, @bill.api_token_credential
+  end
+
+  test 'api_token without existing credential' do
+    assert_equal nil, @jane.api_token_credential
+    token_code = @jane.api_token
+    assert_not_equal nil, @jane.api_token_credential
+    assert_equal @jane.api_token_credential.code, token_code
+    assert_not_equal credentials(:john_api_token).code, token_code
+    assert_equal nil, @bill.api_token_credential
+  end
+end

data/test/user_extensions/email_field_test.rb

@@ -8,9 +8,9 @@ class EmailFieldTest < ActiveSupport::TestCase
   def setup
     @user = UserWithEmail.new email: 'blah@gmail.com'
 
-    @john = UserWithEmail.find_by_id(users(:john).id)
-    @jane = UserWithEmail.find_by_id(users(:jane).id)
-    @bill = UserWithEmail.find_by_id(users(:bill).id)
+    @john = UserWithEmail.find_by_id users(:john).id
+    @jane = UserWithEmail.find_by_id users(:jane).id
+    @bill = UserWithEmail.find_by_id users(:bill).id
   end
 
   test 'setup' do

data/test/user_extensions/password_field_test.rb

@@ -9,9 +9,9 @@ class PasswordFieldTest < ActiveSupport::TestCase
     @user = UserWithPassword.new password: 'awesome',
                                  password_confirmation: 'awesome'
 
-    @john = UserWithPassword.find_by_id(users(:john).id)
-    @jane = UserWithPassword.find_by_id(users(:jane).id)
-    @bill = UserWithPassword.find_by_id(users(:bill).id)
+    @john = UserWithPassword.find_by_id users(:john).id
+    @jane = UserWithPassword.find_by_id users(:jane).id
+    @bill = UserWithPassword.find_by_id users(:bill).id
   end
 
   test 'setup' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authpwn_rails
 version: !ruby/object:Gem::Version
-  version: 0.17.2
+  version: 0.18.0
 platform: ruby
 authors:
 - Victor Costan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-11 00:00:00.000000000 Z
+date: 2015-06-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.9
+        version: 4.0.13
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.9
+        version: 4.0.13
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.7.3
+        version: 1.6.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.7.3
+        version: 1.6.6
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.3.16
+        version: 0.3.18
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.3.16
+        version: 0.3.18
 - !ruby/object:Gem::Dependency
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.17.1
+        version: 0.18.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.17.1
+        version: 0.18.2
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -202,6 +202,7 @@ files:
 - app/models/credentials/email.rb
 - app/models/credentials/omni_auth_uid.rb
 - app/models/credentials/password.rb
+- app/models/tokens/api.rb
 - app/models/tokens/base.rb
 - app/models/tokens/email_verification.rb
 - app/models/tokens/one_time.rb
@@ -239,16 +240,19 @@ files:
 - lib/authpwn_rails/generators/templates/user.rb
 - lib/authpwn_rails/generators/templates/users.yml
 - lib/authpwn_rails/http_basic.rb
+- lib/authpwn_rails/http_token.rb
 - lib/authpwn_rails/routes.rb
 - lib/authpwn_rails/session.rb
 - lib/authpwn_rails/session_controller.rb
 - lib/authpwn_rails/session_mailer.rb
 - lib/authpwn_rails/session_model.rb
 - lib/authpwn_rails/test_extensions.rb
+- lib/authpwn_rails/user_extensions/api_token_field.rb
 - lib/authpwn_rails/user_extensions/email_field.rb
 - lib/authpwn_rails/user_extensions/password_field.rb
 - lib/authpwn_rails/user_model.rb
 - test/cookie_controller_test.rb
+- test/credentials/api_token_test.rb
 - test/credentials/email_credential_test.rb
 - test/credentials/email_verification_token_test.rb
 - test/credentials/omni_auth_uid_credential_test.rb
@@ -275,6 +279,7 @@ files:
 - test/helpers/test_order.rb
 - test/helpers/view_helpers.rb
 - test/http_basic_controller_test.rb
+- test/http_token_controller_test.rb
 - test/initializer_test.rb
 - test/routes_test.rb
 - test/session_controller_api_test.rb
@@ -284,6 +289,7 @@ files:
 - test/session_test.rb
 - test/test_extensions_test.rb
 - test/test_helper.rb
+- test/user_extensions/api_token_field_test.rb
 - test/user_extensions/email_field_test.rb
 - test/user_extensions/password_field_test.rb
 - test/user_test.rb
@@ -307,7 +313,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.6
 signing_key: 
 specification_version: 4
 summary: User authentication for Rails 4 applications.