RubyGems - devise-api - Versions diffs - 0.1.1 → 0.1.3 - Mend

devise-api 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/README.md +45 -1
data/app/controllers/devise/api/tokens_controller.rb +34 -3
data/app/services/devise/api/tokens_service/create.rb +1 -1
data/app/services/devise/api/tokens_service/refresh.rb +1 -1
data/config/locales/en.yml +1 -0
data/lib/devise/api/configuration.rb +4 -0
data/lib/devise/api/controllers/helpers.rb +7 -10
data/lib/devise/api/generators/install_generator.rb +0 -16
data/lib/devise/api/generators/templates/migration.rb.erb +15 -2
data/lib/devise/api/responses/error_response.rb +2 -0
data/lib/devise/api/token.rb +2 -2
data/lib/devise/api/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e7b573587b480d33fc2b6615142cdc7ca1c0215497fc3d3755d6a88b303a1788
-  data.tar.gz: 4151e896ab7a40573a92bffa88383758dd96c4af22998ebc61a6167a82b9cfe1
+  metadata.gz: 7d47e2be72c7d15e0c0de4535943a208d8d37e7d2b801de167ccf5f5c8e3d08e
+  data.tar.gz: 87d42ee2c7784370789032608d0caa634f5a703c7c4cbb15139c82d34ca26664
 SHA512:
-  metadata.gz: f5d4f26d865ea6d3341726017a82f66c911d088f518ca55fb4af10e4a01b5ed783cbee87aae6f5bca1e4fe6207d7db3404626ac6528fe1cf7b647d9e5b637bea
-  data.tar.gz: 5789da3efd48c951b8199663f02a2bba978664b5a38a5c58c1fc752db5fb6eafdabb41af67d48241ff4bd7823a00b3b680a53e58f32ddb521164e05e858c5d83
+  metadata.gz: 6b6045dbf6c5906a5ef70de320d39df12f79b1c7599ce91851c98e61be2449959b0f7e263ad3a795d21070d56b9a84944d4799e1a5156fee8ae90039f8c9642e
+  data.tar.gz: b92e03c4fdb2d18eb3d3cf1ca690782e9f9149362b27b4535ccae3c739dbae3e14550b9e5d4535da6a3aa7658ee25936b59e49c937a3093b90b88d9477ca0f13

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    devise-api (0.0.0)
+    devise-api (0.1.3)
       devise (>= 4.7.2)
       dry-configurable (~> 1.0, >= 1.0.1)
       dry-initializer (>= 3.1.1)

data/README.md CHANGED Viewed

@@ -69,6 +69,8 @@ Your user model is now ready to use `devise-api` gem. It will draw routes for to
 | sign_in_user_tokens | POST | /users/tokens/sign_in | devise/api/tokens#sign_in |
 | info_user_tokens | GET | /users/tokens/info | devise/api/tokens#info |
+### You can look up the [example requests](#example-api-requests).
 ## Configuration
 `devise-api` is a full configurable gem. You can configure it to your needs. Here is a basic usage example:
@@ -89,6 +91,8 @@ Devise.setup do |config|
     api.refresh_token.generator = ->(_resource_owner) { Devise.friendly_token(60) }
     api.refresh_token.expires_in_infinite = ->(_resource_owner) { false }
+    # Sign up
+    api.sign_up.enabled = true
     # Authorization
     api.authorization.key = 'Authorization'
@@ -226,9 +230,49 @@ class Api::V1::TokensController < YourBaseController
 end
 ```
+## Example API requests
+### Sign in
+```curl
+curl --location --request POST 'http://127.0.0.1:3000/users/tokens/sign_in' \
+--header 'Content-Type: application/json' \
+--data-raw '{
+    "email": "test@development.com",
+    "password": "123456"
+}'
+```
+### Sign up
+```curl
+curl --location --request POST 'http://127.0.0.1:3000/users/tokens/sign_up' \
+--header 'Content-Type: application/json' \
+--data-raw '{
+    "email": "test@development.com",
+    "password": "123456"
+}'
+```
+### Refresh token
+```curl
+curl --location --request POST 'http://127.0.0.1:3000/users/tokens/refresh' \
+--header 'Authorization: Bearer <refresh_token>'
+```
+### Revoke
+```curl
+curl --location --request POST 'http://127.0.0.1:3000/users/tokens/revoke' \
+--header 'Authorization: Bearer <access_token>'
+```
+### Info
+```curl
+curl --location --request GET 'http://127.0.0.1:3000/users/tokens/info' \
+--header 'Authorization: Bearer <access_token>'
+```
 ## Development
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake rspec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).

data/app/controllers/devise/api/tokens_controller.rb CHANGED Viewed

@@ -1,15 +1,23 @@
 # frozen_string_literal: true
+# rubocop:disable Metrics/ClassLength
 module Devise
   module Api
     class TokensController < Devise.api.config.base_controller.constantize
       skip_before_action :verify_authenticity_token, raise: false
-      before_action :authenticate_devise_api_token!, only: %i[info refresh]
+      before_action :authenticate_devise_api_token!, only: %i[info]
       respond_to :json
       # rubocop:disable Metrics/AbcSize
       def sign_up
+        unless Devise.api.config.sign_up.enabled
+          error_response = Devise::Api::Responses::ErrorResponse.new(request, error: :sign_up_disabled,
+                                                                              resource_class: resource_class)
+          return render json: error_response.body, status: error_response.status
+        end
         Devise.api.config.before_sign_up.call(sign_up_params, request, resource_class)
         service = Devise::Api::ResourceOwnerService::SignUp.new(params: sign_up_params,
@@ -103,9 +111,23 @@ module Devise
           return render json: error_response.body, status: error_response.status
         end
-        Devise.api.config.before_refresh.call(current_devise_api_token, request)
+        if current_devise_api_refresh_token.blank?
+          error_response = Devise::Api::Responses::ErrorResponse.new(request, error: :invalid_token,
+                                                                              resource_class: resource_class)
+          return render json: error_response.body, status: error_response.status
+        end
+        if current_devise_api_refresh_token.revoked?
+          error_response = Devise::Api::Responses::ErrorResponse.new(request, error: :revoked_token,
+                                                                              resource_class: resource_class)
+          render json: error_response.body, status: error_response.status
+        end
+        Devise.api.config.before_refresh.call(current_devise_api_refresh_token, request)
-        service = Devise::Api::TokensService::Refresh.new(devise_api_token: current_devise_api_token).call
+        service = Devise::Api::TokensService::Refresh.new(devise_api_token: current_devise_api_refresh_token).call
         if service.success?
           token_response = Devise::Api::Responses::TokenResponse.new(request, token: service.success,
@@ -141,6 +163,15 @@ module Devise
         resource_owner.update_tracked_fields!(request)
       end
+      def current_devise_api_refresh_token
+        return @current_devise_api_refresh_token if @current_devise_api_refresh_token
+        token = find_devise_api_token
+        devise_api_token_model = Devise.api.config.base_token_model.constantize
+        @current_devise_api_refresh_token = devise_api_token_model.find_by(refresh_token: token)
+      end
     end
   end
 end
+# rubocop:enable Metrics/ClassLength

data/app/services/devise/api/tokens_service/create.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Devise
         option :previous_refresh_token, type: Types::String | Types::Nil, default: proc { nil }
         def call
-          return Failure(:invalid_resource_owner) unless resource_owner.respond_to?(:access_tokens)
+          return Failure(error: :invalid_resource_owner) unless resource_owner.respond_to?(:access_tokens)
           devise_api_token = yield create_devise_api_token

data/app/services/devise/api/tokens_service/refresh.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Devise
         option :resource_owner, default: proc { devise_api_token.resource_owner }
         def call
-          return Failure(:expired_refresh_token) if devise_api_token.refresh_token_expired?
+          return Failure(error: :expired_refresh_token) if devise_api_token.refresh_token_expired?
           devise_api_token = yield create_devise_api_token
           Success(devise_api_token)

data/config/locales/en.yml CHANGED Viewed

@@ -8,6 +8,7 @@ en:
         expired_refresh_token: "Refresh token has expired"
         revoked_token: "Token has been revoked"
         refresh_token_disabled: "Refresh token is disabled for this application"
+        sign_up_disabled: "Sign up is disabled for this application"
         invalid_refresh_token: "Refresh token is invalid"
         invalid_email: "Email is invalid"
         invalid_resource_owner: "Resource owner is invalid"

data/lib/devise/api/configuration.rb CHANGED Viewed

@@ -20,6 +20,10 @@ module Devise
         setting :expires_in_infinite, default: proc { |_resource_owner| false }, reader: true
       end
+      setting :sign_up, reader: true do
+        setting :enabled, default: true, reader: true
+      end
       setting :authorization, reader: true do
         setting :key, default: 'Authorization', reader: true
         setting :scheme, default: 'Bearer', reader: true

data/lib/devise/api/controllers/helpers.rb CHANGED Viewed

@@ -38,18 +38,11 @@ module Devise
         end
         def current_devise_api_token
-          token = find_devise_api_token
+          return @current_devise_api_token if @current_devise_api_token
+          token = find_devise_api_token
           devise_api_token_model = Devise.api.config.base_token_model.constantize
-          if Devise.api.config.refresh_token.enabled
-            return devise_api_token_model
-                   .where(access_token: token)
-                   .or(devise_api_token_model.where(refresh_token: token))
-                     &.first
-          end
-          devise_api_token_model.find_by(access_token: token)
+          @current_devise_api_token = devise_api_token_model.find_by(access_token: token)
         end
         def current_devise_api_user
@@ -58,6 +51,10 @@ module Devise
         private
+        def resource_class
+          current_devise_api_user&.class
+        end
         def extract_devise_api_token_from_params
           params[Devise.api.config.authorization.params_key]
         end

data/lib/devise/api/generators/install_generator.rb CHANGED Viewed

@@ -40,22 +40,6 @@ module Devise
         def migration_version
           "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
         end
-        def primary_key_type
-          fallback = :integer
-          begin
-            ActiveRecord::Base.connection.supports_pgcrypto_uuid? ? :uuid : fallback
-          rescue StandardError
-            fallback
-          end
-        end
-        def table_defaults_for_primary_key_type
-          return ', type: :uuid' if primary_key_type == :uuid
-          ''
-        end
       end
     end
   end

data/lib/devise/api/generators/templates/migration.rb.erb CHANGED Viewed

@@ -2,8 +2,11 @@
 class CreateDeviseApiTables < ActiveRecord::Migration<%= migration_version %>
   def change
-    create_table :devise_api_tokens<%= table_defaults_for_primary_key_type %>  do |t|
-      t.belongs_to :resource_owner, null: false<%= table_defaults_for_primary_key_type %>, polymorphic: true, index: true
+    # Use Active Record's configured type for primary and foreign keys
+    primary_key_type, foreign_key_type = primary_and_foreign_key_types
+    create_table :devise_api_tokens, id: primary_key_type  do |t|
+      t.belongs_to :resource_owner, null: false, polymorphic: true, index: true, type: foreign_key_type
       t.string :access_token, null: false, index: true
       t.string :refresh_token, null: true, index: true
       t.integer :expires_in, null: false
@@ -13,4 +16,14 @@ class CreateDeviseApiTables < ActiveRecord::Migration<%= migration_version %>
       t.timestamps
     end
   end
+  private
+  def primary_and_foreign_key_types
+    config = Rails.configuration.generators
+    setting = config.options[config.orm][:primary_key_type]
+    primary_key_type = setting || :primary_key
+    foreign_key_type = setting || :bigint
+    [primary_key_type, foreign_key_type]
+  end
 end

data/lib/devise/api/responses/error_response.rb CHANGED Viewed

@@ -12,6 +12,7 @@ module Devise
           expired_refresh_token
           revoked_token
           refresh_token_disabled
+          sign_up_disabled
           invalid_refresh_token
           invalid_email
           invalid_resource_owner
@@ -112,6 +113,7 @@ module Devise
           invalid_email_error? ||
             invalid_refresh_token_error? ||
             refresh_token_disabled_error? ||
+            sign_up_disabled_error? ||
             invalid_resource_owner_error?
         end
       end

data/lib/devise/api/token.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Devise
       end
       def inactive?
-        revoked? && expired?
+        revoked? || expired?
       end
       def expired?
@@ -51,7 +51,7 @@ module Devise
       end
       def refresh_token_expired?
-        return false unless Devise.api.config.refresh_token.expires_in_infinite.call(resource_owner)
+        return false if Devise.api.config.refresh_token.expires_in_infinite.call(resource_owner)
         Time.now.utc > refresh_token_expires_at
       end

data/lib/devise/api/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Devise
   module Api
-    VERSION = '0.1.1'
+    VERSION = '0.1.3'
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-api
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.3
 platform: ruby
 authors:
 - nejdetkadir
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-01-14 00:00:00.000000000 Z
+date: 2023-08-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -166,7 +166,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.3
+rubygems_version: 3.4.12
 signing_key:
 specification_version: 4
 summary: The devise-api gem is a convenient way to add authentication to your Ruby