devise-doorkeeper 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.ruby-version +1 -0
- data/README.md +10 -0
- data/lib/devise/doorkeeper/version.rb +1 -1
- data/lib/devise/strategies/doorkeeper.rb +16 -0
- data/spec/dummy/config/initializers/devise.rb +1 -0
- data/spec/requests/oauth/bearer_tokens_spec.rb +3 -0
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 86671a2c38cb4de8ee35adcc31882b88fc3b4c24
|
|
4
|
+
data.tar.gz: d6e06702ab8a1b5c9cca0db54b163a05f39f1dad
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a0532a3a220ce25b987e937a49198e1035448647b2a85f870a39a99555e8ef88c7f919a839501755c1f2fc7ef358cad018985f8925cce4cc44989cd6336ad074
|
|
7
|
+
data.tar.gz: ce9de5eb268a458ce419bae539c0d7a2640bdde424feccb0c7704e72aa35f2f4db78f3483349998a92072615c0ec9f2b91384aa17c8394d59ac886f371cae90f
|
data/.ruby-version
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
2.1.5
|
data/README.md
CHANGED
|
@@ -60,6 +60,16 @@ class CommentsController < ApplicationController
|
|
|
60
60
|
end
|
|
61
61
|
```
|
|
62
62
|
|
|
63
|
+
#### (optional) Disable session storage
|
|
64
|
+
Most API's should not create sessions for each API request.
|
|
65
|
+
This can be configured via the Devise `skip_session_storage` setting.
|
|
66
|
+
|
|
67
|
+
```ruby
|
|
68
|
+
# config/initializers/devise.rb
|
|
69
|
+
config.skip_session_storage = [:http_auth] # this is the default devise config
|
|
70
|
+
config.skip_session_storage << :doorkeeper # disable session storage for oauth requests
|
|
71
|
+
```
|
|
72
|
+
|
|
63
73
|
## [ Contributing ](CONTRIBUTING.md)
|
|
64
74
|
|
|
65
75
|
1. Fork it ( https://github.com/betterup/devise-doorkeeper/fork )
|
|
@@ -20,6 +20,22 @@ module Devise
|
|
|
20
20
|
end
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
+
# override base class implementation
|
|
24
|
+
# allow for Rails application to configure
|
|
25
|
+
# skipping session storage for doorkeeper requests
|
|
26
|
+
# see Devise skip_session_storage configuration
|
|
27
|
+
def authentication_type
|
|
28
|
+
:doorkeeper
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# override base class implementation
|
|
32
|
+
# API requests should *not* reset the user's
|
|
33
|
+
# CSRF token which triggers rails to set the
|
|
34
|
+
# session_id key and send cookies to users
|
|
35
|
+
def clean_up_csrf?
|
|
36
|
+
false
|
|
37
|
+
end
|
|
38
|
+
|
|
23
39
|
private
|
|
24
40
|
|
|
25
41
|
def resource_from_token
|
|
@@ -78,6 +78,7 @@ Devise.setup do |config|
|
|
|
78
78
|
# may want to disable generating routes to Devise's sessions controller by
|
|
79
79
|
# passing skip: :sessions to `devise_for` in your config/routes.rb
|
|
80
80
|
config.skip_session_storage = [:http_auth]
|
|
81
|
+
config.skip_session_storage << :doorkeeper
|
|
81
82
|
|
|
82
83
|
# By default, Devise cleans up the CSRF token on authentication to
|
|
83
84
|
# avoid CSRF token fixation attacks. This means that, when using AJAX
|
|
@@ -14,6 +14,9 @@ RSpec.describe 'OAuth bearer token requests', type: :request do
|
|
|
14
14
|
get request_path, params, headers
|
|
15
15
|
end
|
|
16
16
|
it { expect(response.status).to eq 200 }
|
|
17
|
+
it 'does not send Set-Cookie headers' do
|
|
18
|
+
expect(response.headers).to_not include 'Set-Cookie'
|
|
19
|
+
end
|
|
17
20
|
end
|
|
18
21
|
context 'with expired access token' do
|
|
19
22
|
with :access_token, expires_in: 0
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-doorkeeper
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Sonnek
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-03-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -201,6 +201,7 @@ extensions: []
|
|
|
201
201
|
extra_rdoc_files: []
|
|
202
202
|
files:
|
|
203
203
|
- ".gitignore"
|
|
204
|
+
- ".ruby-version"
|
|
204
205
|
- ".travis.yml"
|
|
205
206
|
- Gemfile
|
|
206
207
|
- LICENSE.txt
|
|
@@ -294,7 +295,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
294
295
|
version: '0'
|
|
295
296
|
requirements: []
|
|
296
297
|
rubyforge_project:
|
|
297
|
-
rubygems_version: 2.
|
|
298
|
+
rubygems_version: 2.2.2
|
|
298
299
|
signing_key:
|
|
299
300
|
specification_version: 4
|
|
300
301
|
summary: Integrate Doorkeeper OAuth2 tokens into Devise applications
|