devise-token_authenticatable 0.1.0.beta1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. data/.gitignore +21 -0
  2. data/Gemfile +4 -0
  3. data/LICENSE +20 -0
  4. data/README.md +31 -0
  5. data/Rakefile +1 -0
  6. data/devise-token_authenticatable.gemspec +36 -0
  7. data/lib/devise-token_authenticatable.rb +1 -0
  8. data/lib/devise/token_authenticatable.rb +27 -0
  9. data/lib/devise/token_authenticatable/model.rb +90 -0
  10. data/lib/devise/token_authenticatable/strategy.rb +102 -0
  11. data/lib/devise/token_authenticatable/version.rb +5 -0
  12. data/spec/factories/admin.rb +24 -0
  13. data/spec/factories/user.rb +25 -0
  14. data/spec/models/devise/token_authenticatable/model_spec.rb +79 -0
  15. data/spec/requests/devise/token_authenticatable/strategy_spec.rb +340 -0
  16. data/spec/spec_helper.rb +42 -0
  17. data/spec/support/helpers.rb +33 -0
  18. data/spec/support/integration.rb +8 -0
  19. data/spec/support/rails_app.rb +19 -0
  20. data/spec/support/rails_app/Rakefile +6 -0
  21. data/spec/support/rails_app/app/controllers/admins/sessions_controller.rb +6 -0
  22. data/spec/support/rails_app/app/controllers/admins_controller.rb +11 -0
  23. data/spec/support/rails_app/app/controllers/application_controller.rb +9 -0
  24. data/spec/support/rails_app/app/controllers/home_controller.rb +25 -0
  25. data/spec/support/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
  26. data/spec/support/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
  27. data/spec/support/rails_app/app/controllers/users_controller.rb +31 -0
  28. data/spec/support/rails_app/app/mailers/users/mailer.rb +12 -0
  29. data/spec/support/rails_app/app/models/admin.rb +9 -0
  30. data/spec/support/rails_app/app/models/user.rb +25 -0
  31. data/spec/support/rails_app/app/views/users/index.html.erb +1 -0
  32. data/spec/support/rails_app/config.ru +4 -0
  33. data/spec/support/rails_app/config/database.yml +11 -0
  34. data/spec/support/rails_app/config/initializers/backtrace_silencers.rb +7 -0
  35. data/spec/support/rails_app/config/initializers/devise.rb +173 -0
  36. data/spec/support/rails_app/config/initializers/inflections.rb +2 -0
  37. data/spec/support/rails_app/config/initializers/secret_token.rb +4 -0
  38. data/spec/support/rails_app/config/routes.rb +104 -0
  39. data/spec/support/rails_app/db/migrate/20100401102949_create_tables.rb +74 -0
  40. data/spec/support/rails_app/db/schema.rb +52 -0
  41. data/spec/support/rails_app/public/404.html +26 -0
  42. data/spec/support/rails_app/public/422.html +26 -0
  43. data/spec/support/rails_app/public/500.html +26 -0
  44. data/spec/support/rails_app/public/favicon.ico +0 -0
  45. data/spec/support/session_helper.rb +27 -0
  46. metadata +289 -0
@@ -0,0 +1,6 @@
1
+ class Admins::SessionsController < Devise::SessionsController
2
+ def new
3
+ flash[:special] = "Welcome to #{controller_path.inspect} controller!"
4
+ super
5
+ end
6
+ end
@@ -0,0 +1,11 @@
1
+ class AdminsController < ApplicationController
2
+ before_filter :authenticate_admin!
3
+
4
+ def index
5
+ end
6
+
7
+ def expire
8
+ admin_session['last_request_at'] = 31.minutes.ago.utc
9
+ render :text => 'Admin will be expired on next request'
10
+ end
11
+ end
@@ -0,0 +1,9 @@
1
+ # Filters added to this controller apply to all controllers in the application.
2
+ # Likewise, all the methods added will be available for all controllers.
3
+
4
+ class ApplicationController < ActionController::Base
5
+ protect_from_forgery
6
+ before_filter :current_user, :unless => :devise_controller?
7
+ before_filter :authenticate_user!, :if => :devise_controller?
8
+ respond_to *Mime::SET.map(&:to_sym)
9
+ end
@@ -0,0 +1,25 @@
1
+ class HomeController < ApplicationController
2
+ def index
3
+ end
4
+
5
+ def private
6
+ end
7
+
8
+ def user_dashboard
9
+ end
10
+
11
+ def admin_dashboard
12
+ end
13
+
14
+ def join
15
+ end
16
+
17
+ def set
18
+ session["devise.foo_bar"] = "something"
19
+ head :ok
20
+ end
21
+
22
+ def unauthenticated
23
+ render :text => "unauthenticated", :status => :unauthorized
24
+ end
25
+ end
@@ -0,0 +1,2 @@
1
+ class Publisher::RegistrationsController < ApplicationController
2
+ end
@@ -0,0 +1,2 @@
1
+ class Publisher::SessionsController < ApplicationController
2
+ end
@@ -0,0 +1,31 @@
1
+ class UsersController < ApplicationController
2
+ prepend_before_filter :current_user, :only => :exhibit
3
+ before_filter :authenticate_user!, :except => [:accept, :exhibit]
4
+ respond_to :html, :xml
5
+
6
+ def index
7
+ user_session[:cart] = "Cart"
8
+ respond_with(current_user)
9
+ end
10
+
11
+ def edit_form
12
+ user_session['last_request_at'] = 31.minutes.ago.utc
13
+ end
14
+
15
+ def update_form
16
+ render :text => 'Update'
17
+ end
18
+
19
+ def accept
20
+ @current_user = current_user
21
+ end
22
+
23
+ def exhibit
24
+ render :text => current_user ? "User is authenticated" : "User is not authenticated"
25
+ end
26
+
27
+ def expire
28
+ user_session['last_request_at'] = 31.minutes.ago.utc
29
+ render :text => 'User will be expired on next request'
30
+ end
31
+ end
@@ -0,0 +1,12 @@
1
+ class Users::Mailer < Devise::Mailer
2
+ default :from => 'custom@example.com'
3
+ end
4
+
5
+ class Users::ReplyToMailer < Devise::Mailer
6
+ default :from => 'custom@example.com'
7
+ default :reply_to => 'custom_reply_to@example.com'
8
+ end
9
+
10
+ class Users::FromProcMailer < Devise::Mailer
11
+ default :from => proc { 'custom@example.com' }
12
+ end
@@ -0,0 +1,9 @@
1
+ class Admin < ActiveRecord::Base
2
+ devise :database_authenticatable, :registerable,
3
+ :timeoutable, :recoverable, :lockable, :confirmable,
4
+ :unlock_strategy => :time, :lock_strategy => :none,
5
+ :allow_unconfirmed_access_for => 2.weeks, :reconfirmable => true
6
+
7
+ validates_length_of :reset_password_token, :minimum => 3, :allow_blank => true
8
+ validates_uniqueness_of :email, :allow_blank => true, :if => :email_changed?
9
+ end
@@ -0,0 +1,25 @@
1
+ class User < ActiveRecord::Base
2
+ devise :database_authenticatable, :confirmable, :lockable, :recoverable,
3
+ :registerable, :rememberable, :timeoutable, :token_authenticatable,
4
+ :trackable, :validatable
5
+
6
+ attr_accessor :other_key
7
+
8
+ def raw_confirmation_token
9
+ @raw_confirmation_token
10
+ end
11
+
12
+ module ExtendMethods
13
+ def new_with_session(params, session)
14
+ super.tap do |user|
15
+ if data = session["devise.facebook_data"]
16
+ user.email = data["email"]
17
+ user.confirmed_at = Time.now
18
+ end
19
+ end
20
+ end
21
+ end
22
+
23
+ # They need to be included after Devise is called.
24
+ extend ExtendMethods
25
+ end
@@ -0,0 +1 @@
1
+ Welcome User #<%= current_user.id %>!
@@ -0,0 +1,4 @@
1
+ # This file is used by Rack-based servers to start the application.
2
+
3
+ require ::File.expand_path('../config/environment', __FILE__)
4
+ run RailsApp::Application
@@ -0,0 +1,11 @@
1
+ # SQLite version 3.x
2
+ # gem install sqlite3-ruby (not necessary on OS X Leopard)
3
+ development:
4
+ adapter: sqlite3
5
+ database: db/development.sqlite3
6
+ pool: 5
7
+ timeout: 5000
8
+
9
+ test:
10
+ adapter: sqlite3
11
+ database: ":memory:"
@@ -0,0 +1,7 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
4
+ # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
5
+
6
+ # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
7
+ Rails.backtrace_cleaner.remove_silencers!
@@ -0,0 +1,173 @@
1
+ # Use this hook to configure devise mailer, warden hooks and so forth. The first
2
+ # four configuration values can also be set straight in your models.
3
+ Devise.setup do |config|
4
+ config.secret_key = "d9eb5171c59a4c817f68b0de27b8c1e340c2341b52cdbc60d3083d4e8958532" \
5
+ "18dcc5f589cafde048faec956b61f864b9b5513ff9ce29bf9e5d58b0f234f8e3b"
6
+
7
+ # ==> Mailer Configuration
8
+ # Configure the e-mail address which will be shown in Devise::Mailer,
9
+ # note that it will be overwritten if you use your own mailer class with default "from" parameter.
10
+ config.mailer_sender = "please-change-me@config-initializers-devise.com"
11
+
12
+ # Configure the class responsible to send e-mails.
13
+ # config.mailer = "Devise::Mailer"
14
+
15
+ # ==> ORM configuration
16
+ # Load and configure the ORM. Supports :active_record (default) and
17
+ # :mongoid (bson_ext recommended) by default. Other ORMs may be
18
+ # available as additional gems.
19
+ require "devise/orm/active_record"
20
+
21
+ # ==> Configuration for any authentication mechanism
22
+ # Configure which keys are used when authenticating a user. By default is
23
+ # just :email. You can configure it to use [:username, :subdomain], so for
24
+ # authenticating a user, both parameters are required. Remember that those
25
+ # parameters are used only when authenticating and not when retrieving from
26
+ # session. If you need permissions, you should implement that in a before filter.
27
+ # You can also supply hash where the value is a boolean expliciting if authentication
28
+ # should be aborted or not if the value is not present. By default is empty.
29
+ # config.authentication_keys = [ :email ]
30
+
31
+ # Configure parameters from the request object used for authentication. Each entry
32
+ # given should be a request method and it will automatically be passed to
33
+ # find_for_authentication method and considered in your model lookup. For instance,
34
+ # if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
35
+ # The same considerations mentioned for authentication_keys also apply to request_keys.
36
+ # config.request_keys = []
37
+
38
+ # Configure which authentication keys should be case-insensitive.
39
+ # These keys will be downcased upon creating or modifying a user and when used
40
+ # to authenticate or find a user. Default is :email.
41
+ config.case_insensitive_keys = [ :email ]
42
+
43
+ # Configure which authentication keys should have whitespace stripped.
44
+ # These keys will have whitespace before and after removed upon creating or
45
+ # modifying a user and when used to authenticate or find a user. Default is :email.
46
+ config.strip_whitespace_keys = [ :email ]
47
+
48
+ # Tell if authentication through request.params is enabled. True by default.
49
+ # config.params_authenticatable = true
50
+
51
+ # Tell if authentication through HTTP Basic Auth is enabled. False by default.
52
+ config.http_authenticatable = true
53
+
54
+ # If http headers should be returned for AJAX requests. True by default.
55
+ # config.http_authenticatable_on_xhr = true
56
+
57
+ # The realm used in Http Basic Authentication. "Application" by default.
58
+ # config.http_authentication_realm = "Application"
59
+
60
+ # ==> Configuration for :database_authenticatable
61
+ # For bcrypt, this is the cost for hashing the password and defaults to 10. If
62
+ # using other encryptors, it sets how many times you want the password re-encrypted.
63
+ config.stretches = Rails.env.test? ? 1 : 10
64
+
65
+ # ==> Configuration for :confirmable
66
+ # The time you want to give your user to confirm his account. During this time
67
+ # he will be able to access your application without confirming. Default is nil.
68
+ # When allow_unconfirmed_access_for is zero, the user won't be able to sign in without confirming.
69
+ # You can use this to let your user access some features of your application
70
+ # without confirming the account, but blocking it after a certain period
71
+ # (ie 2 days).
72
+ # config.allow_unconfirmed_access_for = 2.days
73
+
74
+ # Defines which key will be used when confirming an account
75
+ # config.confirmation_keys = [ :email ]
76
+
77
+ # ==> Configuration for :rememberable
78
+ # The time the user will be remembered without asking for credentials again.
79
+ # config.remember_for = 2.weeks
80
+
81
+ # If true, a valid remember token can be re-used between multiple browsers.
82
+ # config.remember_across_browsers = true
83
+
84
+ # If true, extends the user's remember period when remembered via cookie.
85
+ # config.extend_remember_period = false
86
+
87
+ # ==> Configuration for :validatable
88
+ # Range for password length. Default is 8..128.
89
+ # config.password_length = 8..128
90
+
91
+ # Regex to use to validate the email address
92
+ # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
93
+
94
+ # ==> Configuration for :timeoutable
95
+ # The time you want to timeout the user session without activity. After this
96
+ # time the user will be asked for credentials again. Default is 30 minutes.
97
+ # config.timeout_in = 30.minutes
98
+
99
+ # ==> Configuration for :lockable
100
+ # Defines which strategy will be used to lock an account.
101
+ # :failed_attempts = Locks an account after a number of failed attempts to sign in.
102
+ # :none = No lock strategy. You should handle locking by yourself.
103
+ # config.lock_strategy = :failed_attempts
104
+
105
+ # Defines which key will be used when locking and unlocking an account
106
+ # config.unlock_keys = [ :email ]
107
+
108
+ # Defines which strategy will be used to unlock an account.
109
+ # :email = Sends an unlock link to the user email
110
+ # :time = Re-enables login after a certain amount of time (see :unlock_in below)
111
+ # :both = Enables both strategies
112
+ # :none = No unlock strategy. You should handle unlocking by yourself.
113
+ # config.unlock_strategy = :both
114
+
115
+ # Number of authentication tries before locking an account if lock_strategy
116
+ # is failed attempts.
117
+ # config.maximum_attempts = 20
118
+
119
+ # Time interval to unlock the account if :time is enabled as unlock_strategy.
120
+ # config.unlock_in = 1.hour
121
+
122
+ # ==> Configuration for :recoverable
123
+ #
124
+ # Defines which key will be used when recovering the password for an account
125
+ # config.reset_password_keys = [ :email ]
126
+
127
+ # Time interval you can reset your password with a reset password key.
128
+ # Don't put a too small interval or your users won't have the time to
129
+ # change their passwords.
130
+ config.reset_password_within = 2.hours
131
+
132
+ # Setup a pepper to generate the encrypted password.
133
+ config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a"
134
+
135
+ # ==> Configuration for :token_authenticatable
136
+ # Defines name of the authentication token params key
137
+ # config.token_authentication_key = :auth_token
138
+
139
+ # ==> Scopes configuration
140
+ # Turn scoped views on. Before rendering "sessions/new", it will first check for
141
+ # "users/sessions/new". It's turned off by default because it's slower if you
142
+ # are using only default views.
143
+ # config.scoped_views = false
144
+
145
+ # Configure the default scope given to Warden. By default it's the first
146
+ # devise role declared in your routes (usually :user).
147
+ # config.default_scope = :user
148
+
149
+ # Configure sign_out behavior.
150
+ # Sign_out action can be scoped (i.e. /users/sign_out affects only :user scope).
151
+ # The default is true, which means any logout action will sign out all active scopes.
152
+ # config.sign_out_all_scopes = true
153
+
154
+ # ==> Navigation configuration
155
+ # Lists the formats that should be treated as navigational. Formats like
156
+ # :html, should redirect to the sign in page when the user does not have
157
+ # access, but formats like :xml or :json, should return 401.
158
+ # If you have any extra navigational formats, like :iphone or :mobile, you
159
+ # should add them to the navigational formats lists. Default is [:html]
160
+ # config.navigational_formats = [:html, :iphone]
161
+
162
+ # The default HTTP method used to sign out a resource. Default is :get.
163
+ # config.sign_out_via = :get
164
+
165
+ # ==> Warden configuration
166
+ # If you want to use other strategies, that are not supported by Devise, or
167
+ # change the failure app, you can configure them inside the config.warden block.
168
+ #
169
+ # config.warden do |manager|
170
+ # manager.failure_app = AnotherApp
171
+ # manager.default_strategies(:scope => :user).unshift :some_external_strategy
172
+ # end
173
+ end
@@ -0,0 +1,2 @@
1
+ ActiveSupport::Inflector.inflections do |inflect|
2
+ end
@@ -0,0 +1,4 @@
1
+ config = Rails.application.config
2
+
3
+ config.secret_token = 'ea942c41850d502f2c8283e26bdc57829f471bb18224ddff0a192c4f32cdf6cb5aa0d82b3a7a7adbeb640c4b06f3aa1cd5f098162d8240f669b39d6b49680571'
4
+ config.session_store :cookie_store, :key => "_my_app"
@@ -0,0 +1,104 @@
1
+ Rails.application.routes.draw do
2
+ # Resources for testing
3
+ resources :users, :only => [:index] do
4
+ member do
5
+ get :expire
6
+ get :accept
7
+ get :edit_form
8
+ put :update_form
9
+ end
10
+
11
+ authenticate do
12
+ post :exhibit, :on => :member
13
+ end
14
+ end
15
+
16
+ resources :admins, :only => [:index] do
17
+ get :expire, :on => :member
18
+ end
19
+
20
+ # Users scope
21
+ devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
22
+
23
+ as :user do
24
+ get "/as/sign_in", :to => "devise/sessions#new"
25
+ end
26
+
27
+ get "/sign_in", :to => "devise/sessions#new"
28
+
29
+ # Admin scope
30
+ devise_for :admin, :path => "admin_area", :controllers => { :sessions => :"admins/sessions" }, :skip => :passwords
31
+
32
+ get "/admin_area/home", :to => "admins#index", :as => :admin_root
33
+ get "/anywhere", :to => "foo#bar", :as => :new_admin_password
34
+
35
+ authenticate(:admin) do
36
+ get "/private", :to => "home#private", :as => :private
37
+ end
38
+
39
+ authenticate(:admin, lambda { |admin| admin.active? }) do
40
+ get "/private/active", :to => "home#private", :as => :private_active
41
+ end
42
+
43
+ authenticated :admin do
44
+ get "/dashboard", :to => "home#admin_dashboard"
45
+ end
46
+
47
+ authenticated :admin, lambda { |admin| admin.active? } do
48
+ get "/dashboard/active", :to => "home#admin_dashboard"
49
+ end
50
+
51
+ authenticated do
52
+ get "/dashboard", :to => "home#user_dashboard"
53
+ end
54
+
55
+ unauthenticated do
56
+ get "/join", :to => "home#join"
57
+ end
58
+
59
+ # Routes for constraints testing
60
+ devise_for :headquarters_admin, :class_name => "Admin", :path => "headquarters", :constraints => {:host => /192\.168\.1\.\d\d\d/}
61
+
62
+ constraints(:host => /192\.168\.1\.\d\d\d/) do
63
+ devise_for :homebase_admin, :class_name => "Admin", :path => "homebase"
64
+ end
65
+
66
+ devise_for :skip_admin, :class_name => "Admin", :skip => :all
67
+
68
+ # Routes for format=false testing
69
+ devise_for :htmlonly_admin, :class_name => "Admin", :skip => [:confirmations, :unlocks], :path => "htmlonly_admin", :format => false, :skip_helpers => [:confirmations, :unlocks]
70
+ devise_for :htmlonly_users, :class_name => "User", :only => [:confirmations, :unlocks], :path => "htmlonly_users", :format => false, :skip_helpers => true
71
+
72
+ # Other routes for routing_test.rb
73
+ devise_for :reader, :class_name => "User", :only => :passwords
74
+
75
+ scope :host => "sub.example.com" do
76
+ devise_for :sub_admin, :class_name => "Admin"
77
+ end
78
+
79
+ namespace :publisher, :path_names => { :sign_in => "i_dont_care", :sign_out => "get_out" } do
80
+ devise_for :accounts, :class_name => "Admin", :path_names => { :sign_in => "get_in" }
81
+ end
82
+
83
+ scope ":locale", :module => :invalid do
84
+ devise_for :accounts, :singular => "manager", :class_name => "Admin",
85
+ :path_names => {
86
+ :sign_in => "login", :sign_out => "logout",
87
+ :password => "secret", :confirmation => "verification",
88
+ :unlock => "unblock", :sign_up => "register",
89
+ :registration => "management", :cancel => "giveup"
90
+ }, :failure_app => lambda { |env| [404, {"Content-Type" => "text/plain"}, ["Oops, not found"]] }, :module => :devise
91
+ end
92
+
93
+ namespace :sign_out_via, :module => "devise" do
94
+ devise_for :deletes, :sign_out_via => :delete, :class_name => "Admin"
95
+ devise_for :posts, :sign_out_via => :post, :class_name => "Admin"
96
+ devise_for :delete_or_posts, :sign_out_via => [:delete, :post], :class_name => "Admin"
97
+ end
98
+
99
+ get "/set", :to => "home#set"
100
+ get "/unauthenticated", :to => "home#unauthenticated"
101
+ get "/custom_strategy/new"
102
+
103
+ root :to => "home#index", :via => [:get, :post]
104
+ end