devise-doorkeeper 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b32e3b86de27da2f97a03d959bd4bdafc5821b08
-  data.tar.gz: a5b8239896405c7888b4213d0f7903f4fa10d263
+  metadata.gz: 86671a2c38cb4de8ee35adcc31882b88fc3b4c24
+  data.tar.gz: d6e06702ab8a1b5c9cca0db54b163a05f39f1dad
 SHA512:
-  metadata.gz: a0adc93f22dc8297d771c089f50832be2c14efb98a326b38ddc5fc3c1304d671b99ef41f911f356a89f87183fd256ad1c54afc73e3fd8dbaf9c990782b42e681
-  data.tar.gz: 9b4475443e7152d35fe81fa6f89108ac2395c898cdba0fce01e42f62f60ab981d79af1a2e92d01221d4749487a73f0e03214087595a1d0a399dffa50f5240e1d
+  metadata.gz: a0532a3a220ce25b987e937a49198e1035448647b2a85f870a39a99555e8ef88c7f919a839501755c1f2fc7ef358cad018985f8925cce4cc44989cd6336ad074
+  data.tar.gz: ce9de5eb268a458ce419bae539c0d7a2640bdde424feccb0c7704e72aa35f2f4db78f3483349998a92072615c0ec9f2b91384aa17c8394d59ac886f371cae90f

data/.ruby-version

@@ -0,0 +1 @@
+2.1.5

data/README.md

@@ -60,6 +60,16 @@ class CommentsController < ApplicationController
 end
 ```
 
+#### (optional) Disable session storage
+Most API's should not create sessions for each API request.
+This can be configured via the Devise `skip_session_storage` setting.
+
+```ruby
+# config/initializers/devise.rb
+config.skip_session_storage = [:http_auth] # this is the default devise config
+config.skip_session_storage << :doorkeeper # disable session storage for oauth requests
+```
+
 ## [ Contributing ](CONTRIBUTING.md)
 
 1. Fork it ( https://github.com/betterup/devise-doorkeeper/fork )

data/lib/devise/doorkeeper/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module Doorkeeper
-    VERSION = "1.0.0"
+    VERSION = '1.0.1'
   end
 end

data/lib/devise/strategies/doorkeeper.rb

@@ -20,6 +20,22 @@ module Devise
         end
       end
 
+      # override base class implementation
+      # allow for Rails application to configure
+      # skipping session storage for doorkeeper requests
+      # see Devise skip_session_storage configuration
+      def authentication_type
+        :doorkeeper
+      end
+
+      # override base class implementation
+      # API requests should *not* reset the user's
+      # CSRF token which triggers rails to set the
+      # session_id key and send cookies to users
+      def clean_up_csrf?
+        false
+      end
+
       private
 
       def resource_from_token

data/spec/dummy/config/initializers/devise.rb

@@ -78,6 +78,7 @@ Devise.setup do |config|
   # may want to disable generating routes to Devise's sessions controller by
   # passing skip: :sessions to `devise_for` in your config/routes.rb
   config.skip_session_storage = [:http_auth]
+  config.skip_session_storage << :doorkeeper
 
   # By default, Devise cleans up the CSRF token on authentication to
   # avoid CSRF token fixation attacks. This means that, when using AJAX

data/spec/requests/oauth/bearer_tokens_spec.rb

@@ -14,6 +14,9 @@ RSpec.describe 'OAuth bearer token requests', type: :request do
       get request_path, params, headers
     end
     it { expect(response.status).to eq 200 }
+    it 'does not send Set-Cookie headers' do
+      expect(response.headers).to_not include 'Set-Cookie'
+    end
   end
   context 'with expired access token' do
     with :access_token, expires_in: 0

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-doorkeeper
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Ryan Sonnek
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-20 00:00:00.000000000 Z
+date: 2015-03-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -201,6 +201,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".ruby-version"
 - ".travis.yml"
 - Gemfile
 - LICENSE.txt
@@ -294,7 +295,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Integrate Doorkeeper OAuth2 tokens into Devise applications