devise-token_authenticatable 0.4.0 → 0.4.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ae71266ed6ad6f67ffed537f164c3e8624195f49
-  data.tar.gz: 0bf264921879b3bba8a5a09e9aaa5a000c45e5fe
+  metadata.gz: 1a68ab4f5e9ea350298a644299de878c50077a96
+  data.tar.gz: c110e22709365cd6f0861b8703b224f0db7857a4
 SHA512:
-  metadata.gz: 2874526da3ca18522105bb9d23e324445fa3e934e0957c1e62c4329dc8f66e5562c1889b37f627f654564d8f6f14f3aa43cc17b08ce658ccf28715d026871b5d
-  data.tar.gz: 6f1b13a7988f65e044ee58c9e51b3908358f55ea210762879fa2f37708cd37bab5b2aa46435db34ad8080a58e597dbc0ad9897e2a45540b81b5caf4cbd7843b1
+  metadata.gz: dbb469bf9f93baa80bc069d2417c1cdca7d2d5ca975085d6b3a963d52cdcb7b99f3edb0b9e7ab8eb7e32e595b86024a23720a518469664023a12fa5f78e9b6e7
+  data.tar.gz: af936ee72ce7019d43cb86f70eeed9c6d11ff0b11cd8a4c825d3ade79112033230a1580039530dbaa23900cbf6c5938c5a2697992f3f295e25976397f32b5bc5

data/.travis.yml

@@ -6,6 +6,9 @@ rvm:
   - 2.2.0
   - jruby-19mode
 
+before_install:
+  - gem install bundler -v 1.11
+
 env:
   global:
     - "JRUBY_OPTS=-Xcext.enabled=true"

data/README.md

@@ -28,32 +28,42 @@ Or install it yourself as:
 `~> 0.2`                        | `~> 3.3.0`
 `~> 0.3`                        | `~> 3.4.0`
 `~> 0.4`                        | `~> 3.5.0`
+`~> 0.4.6`                      | `~> 3.5.2`
 
 ## Usage
 
 Add `:token_authenticatable` to your devise model:
 
-    class User < ActiveRecord::Base
-      devise :database_authenticatable, :token_authenticatable
-    end
+```ruby
+class User < ActiveRecord::Base
+  devise :database_authenticatable, :token_authenticatable
+end
+```
 
 ## Configuration
 
 This gem can be configured as shown in the following:
 
-    Devise::TokenAuthenticatable.setup do |config|
-      # set the authentication key name used by this module,
-      # defaults to :auth_token
-      config.token_authentication_key = :other_key_name
-
-      # enable reset of the authentication token before the model is saved,
-      # defaults to false
-      config.should_reset_authentication_token = true
-
-      # enables the setting of the authentication token - if not already - before the model is saved,
-      # defaults to false
-      config.should_ensure_authentication_token = true
-    end
+```ruby
+Devise::TokenAuthenticatable.setup do |config|
+  # enables the expiration of a token after a session timeout,
+  # only useful in connection with the devise timeoutable module,
+  # defaults to false
+  config.expire_auth_token_on_timeout = true
+
+  # set the authentication key name used by this module,
+  # defaults to :auth_token
+  config.token_authentication_key = :other_key_name
+
+  # enable reset of the authentication token before the model is saved,
+  # defaults to false
+  config.should_reset_authentication_token = true
+
+  # enables the setting of the authentication token - if not already - before the model is saved,
+  # defaults to false
+  config.should_ensure_authentication_token = true
+end
+```
 
 ## Documentation
 

data/devise-token_authenticatable.gemspec

@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
   spec.version       = Devise::TokenAuthenticatable::VERSION.dup
   spec.platform      = Gem::Platform::RUBY
   spec.authors       = ["Sebastian Oelke"]
-  spec.email         = ["dev@sohleeatsworld.de"]
+  spec.email         = ["dev@soelke.de"]
   spec.description   = %q{This gem provides the extracted Token Authenticatable module of devise.
                           It enables the user to sign in via an authentication token. This token
                           can be given via a query string or HTTP Basic Authentication.}
@@ -22,14 +22,14 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
 
-  spec.add_dependency "devise",                         "~> 3.5.0"
+  spec.add_dependency "devise",                         ">= 3.5.2", "< 4.0.0"
 
-  spec.add_development_dependency "rails",              "~> 4.1.0"
-  spec.add_development_dependency "rspec-rails",        "~> 3.0.2"
-  spec.add_development_dependency "pry",                "~> 0.10.0"
-  spec.add_development_dependency "factory_girl_rails", "~> 4.4.0"
-  spec.add_development_dependency "timecop",            "~> 0.7.0"
-  spec.add_development_dependency "bundler",            "~> 1.6"
+  spec.add_development_dependency "rails",              "~> 4.1"
+  spec.add_development_dependency "rspec-rails",        "~> 3.0"
+  spec.add_development_dependency "pry",                "~> 0.10"
+  spec.add_development_dependency "factory_girl_rails", "~> 4.4"
+  spec.add_development_dependency "timecop",            "~> 0.7"
+  spec.add_development_dependency "bundler",            "~> 1.11"
 
   # Fix database connection with sqlite3 and jruby
   if    RUBY_ENGINE == 'ruby'

data/lib/devise/token_authenticatable.rb

@@ -3,6 +3,13 @@ require "devise/token_authenticatable/strategy"
 module Devise
   module TokenAuthenticatable
 
+    # Authentication token expiration on timeout
+    #
+    # This option is only used if your model uses the Devise
+    # :timeoutable module.
+    mattr_accessor :expire_auth_token_on_timeout
+    @@expire_auth_token_on_timeout = false
+
     # Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
     mattr_accessor :token_authentication_key
     @@token_authentication_key = :auth_token

data/lib/devise/token_authenticatable/hooks/timeoutable.rb

@@ -0,0 +1,34 @@
+# Each time a record is set we check whether its session has already timed out
+# or not, based on last request time. If so and :expire_auth_token_on_timeout
+# is set to true, the record's auth token is reset.
+
+# This is a backport of the functionality of expire_auth_token_on_timeout that
+# has been removed from devise in version 3.5.2.
+#
+# For the original version cf.
+# https://github.com/plataformatec/devise/blob/v3.5.1/lib/devise/hooks/timeoutable.rb.
+
+Warden::Manager.after_set_user do |record, warden, options|
+  scope = options[:scope]
+  env   = warden.request.env
+
+  if record && record.respond_to?(:timedout?) &&
+    warden.authenticated?(scope) &&
+    options[:store] != false     &&
+    !env['devise.skip_timeoutable']
+
+    last_request_at = warden.session(scope)['last_request_at']
+
+    if last_request_at.is_a? Integer
+      last_request_at = Time.at(last_request_at).utc
+    elsif last_request_at.is_a? String
+      last_request_at = Time.parse(last_request_at)
+    end
+
+    if record.timedout?(last_request_at) && !env['devise.skip_timeout']
+      if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout
+        record.reset_authentication_token!
+      end
+    end
+  end
+end

data/lib/devise/token_authenticatable/model.rb

@@ -1,3 +1,5 @@
+require 'devise/token_authenticatable/hooks/timeoutable'
+
 module Devise
   module Models
     # The +TokenAuthenticatable+ module is responsible for generating an authentication token and
@@ -27,6 +29,8 @@ module Devise
       included do
         before_save :reset_authentication_token_before_save
         before_save :ensure_authentication_token_before_save
+
+        attr_writer :expire_auth_token_on_timeout
       end
 
       module ClassMethods
@@ -48,8 +52,6 @@ module Devise
           end
         end
 
-        Devise::Models.config(self, :expire_auth_token_on_timeout)
-
       end
 
       def self.required_fields(klass)
@@ -82,7 +84,11 @@ module Devise
       end
 
       def expire_auth_token_on_timeout
-        self.class.expire_auth_token_on_timeout
+        if @expire_auth_token_on_timeout
+          @expire_auth_token_on_timeout
+        else
+          Devise::TokenAuthenticatable.expire_auth_token_on_timeout
+        end
       end
 
       private

data/lib/devise/token_authenticatable/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module TokenAuthenticatable
-    VERSION = "0.4.0".freeze
+    VERSION = "0.4.6".freeze
   end
 end

data/spec/models/devise/token_authenticatable/model_spec.rb

@@ -39,6 +39,37 @@ shared_examples "token authenticatable" do
       end
     end
 
+    describe "#expire_auth_token_on_timeout" do
+      let(:entity) { create(described_class.name.underscore.to_sym) }
+
+      context "enabling expire_auth_token_on_timeout first" do
+
+        before :each do
+          entity.expire_auth_token_on_timeout = true
+        end
+
+        it "should be true" do
+          expect(entity.expire_auth_token_on_timeout).to eq true
+        end
+
+        it "should not use the default" do
+          expect(Devise::TokenAuthenticatable).to_not receive(:expire_auth_token_on_timeout)
+          
+          entity.expire_auth_token_on_timeout
+        end
+
+      end
+
+      context "not enabling expire_auth_token_on_timeout" do
+
+        it "should use the default" do
+          expect(Devise::TokenAuthenticatable).to receive(:expire_auth_token_on_timeout)
+          
+          entity.expire_auth_token_on_timeout
+        end
+
+      end
+    end
   end
 
   context "class methods" do

data/spec/requests/devise/token_authenticatable/strategy_spec.rb

@@ -137,8 +137,8 @@ describe Devise::Strategies::TokenAuthenticatable do
         context "on sign in" do
 
           it 'should authenticate the user' do
-            swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
-              swap Devise, expire_auth_token_on_timeout: true, timeout_in: (-1).minute do
+            swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token, expire_auth_token_on_timeout: true do
+              swap Devise, timeout_in: (-1).minute do
                 sign_in_as_new_user_with_token
                 expect(warden).to be_authenticated(:user)
               end
@@ -150,8 +150,8 @@ describe Devise::Strategies::TokenAuthenticatable do
         context "on re-sign in" do
 
           it 'should not authenticate the user' do
-            swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
-              swap Devise, expire_auth_token_on_timeout: true, timeout_in: (-1).minute do
+            swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token, expire_auth_token_on_timeout: true do
+              swap Devise, timeout_in: (-1).minute do
                 user  = sign_in_as_new_user_with_token
                 token = user.authentication_token
 
@@ -162,8 +162,8 @@ describe Devise::Strategies::TokenAuthenticatable do
           end
 
           it 'should reset the authentication token' do
-            swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
-              swap Devise, expire_auth_token_on_timeout: true, timeout_in: (-1).minute do
+            swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token, expire_auth_token_on_timeout: true do
+              swap Devise, timeout_in: (-1).minute do
                 user  = sign_in_as_new_user_with_token
                 token = user.authentication_token
 

data/spec/token_authenticatable_spec.rb

@@ -2,6 +2,20 @@ require 'spec_helper'
 
 describe Devise::TokenAuthenticatable do
 
+  context "configuring the expire_auth_token_on_timeout" do
+    let(:expire_auth_token_on_timeout) { true }
+
+    it "should set the configuration" do
+      expect {
+        Devise::TokenAuthenticatable.setup do |config|
+          config.expire_auth_token_on_timeout = expire_auth_token_on_timeout
+        end
+      }.to change {
+        Devise::TokenAuthenticatable.expire_auth_token_on_timeout
+      }.from(false).to(expire_auth_token_on_timeout)
+    end
+  end
+
   context "configuring the token_authentication_key" do
     let(:new_key) { :other_key }
 

metadata

@@ -1,113 +1,119 @@
 --- !ruby/object:Gem::Specification
 name: devise-token_authenticatable
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.6
 platform: ruby
 authors:
 - Sebastian Oelke
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-05 00:00:00.000000000 Z
+date: 2016-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.5.2
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 3.5.0
+        version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.5.2
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 3.5.0
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.1.0
+        version: '4.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.1.0
+        version: '4.1'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.2
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.2
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.10.0
+        version: '0.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.10.0
+        version: '0.10'
 - !ruby/object:Gem::Dependency
   name: factory_girl_rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.4.0
+        version: '4.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.4.0
+        version: '4.4'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: '0.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: '0.7'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.11'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -127,7 +133,7 @@ description: |-
                             It enables the user to sign in via an authentication token. This token
                             can be given via a query string or HTTP Basic Authentication.
 email:
-- dev@sohleeatsworld.de
+- dev@soelke.de
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -141,6 +147,7 @@ files:
 - devise-token_authenticatable.gemspec
 - lib/devise-token_authenticatable.rb
 - lib/devise/token_authenticatable.rb
+- lib/devise/token_authenticatable/hooks/timeoutable.rb
 - lib/devise/token_authenticatable/model.rb
 - lib/devise/token_authenticatable/strategy.rb
 - lib/devise/token_authenticatable/version.rb