devise-token_authenticatable 0.4.6 → 0.4.9

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1a68ab4f5e9ea350298a644299de878c50077a96
4
- data.tar.gz: c110e22709365cd6f0861b8703b224f0db7857a4
3
+ metadata.gz: 33ae1c06a79b20b7e886cdbc7795b776b78fc767
4
+ data.tar.gz: 175c959f673397ff325234ac4a23d673d6824f7f
5
5
  SHA512:
6
- metadata.gz: dbb469bf9f93baa80bc069d2417c1cdca7d2d5ca975085d6b3a963d52cdcb7b99f3edb0b9e7ab8eb7e32e595b86024a23720a518469664023a12fa5f78e9b6e7
7
- data.tar.gz: af936ee72ce7019d43cb86f70eeed9c6d11ff0b11cd8a4c825d3ade79112033230a1580039530dbaa23900cbf6c5938c5a2697992f3f295e25976397f32b5bc5
6
+ metadata.gz: be522497669564ea1abc605303c6df1e76a8cb84daeb9bf6366bdbbce48deb0dc669ec76370bc7c5365b13371974eae14094155e85bab4bb9445f5038eeb4176
7
+ data.tar.gz: e9404d5a0f635763fff3159df5e40cdf6cd7c716d9adcc8d8b4b4caee2ee905a68e150ddf40ee1e1d332c41f819ee148ec88240b95dce24cccfa0cfde644c79f
@@ -1,16 +1,11 @@
1
1
  language: ruby
2
2
  rvm:
3
- - 1.9.3
4
3
  - 2.0.0
5
- - 2.1.2
6
- - 2.2.0
7
- - jruby-19mode
4
+ - 2.1.9
5
+ - 2.2.5
6
+ - 2.3.1
8
7
 
9
8
  before_install:
10
9
  - gem install bundler -v 1.11
11
10
 
12
- env:
13
- global:
14
- - "JRUBY_OPTS=-Xcext.enabled=true"
15
-
16
11
  script: bundle exec rspec
data/README.md CHANGED
@@ -27,8 +27,8 @@ Or install it yourself as:
27
27
  `~> 0.1` | `~> 3.2.0`
28
28
  `~> 0.2` | `~> 3.3.0`
29
29
  `~> 0.3` | `~> 3.4.0`
30
- `~> 0.4` | `~> 3.5.0`
31
- `~> 0.4.6` | `~> 3.5.2`
30
+ `~> 0.4.0`, `< 0.4.9` | `~> 3.5.0`, `< 3.5.2`
31
+ `~> 0.4.9` | `~> 3.5.2`
32
32
 
33
33
  ## Usage
34
34
 
@@ -46,10 +46,9 @@ This gem can be configured as shown in the following:
46
46
 
47
47
  ```ruby
48
48
  Devise::TokenAuthenticatable.setup do |config|
49
- # enables the expiration of a token after a session timeout,
50
- # only useful in connection with the devise timeoutable module,
51
- # defaults to false
52
- config.expire_auth_token_on_timeout = true
49
+ # enables the expiration of a token after a specified amount of time,
50
+ # defaults to nil
51
+ config.token_expires_in = 1.day
53
52
 
54
53
  # set the authentication key name used by this module,
55
54
  # defaults to :auth_token
@@ -3,17 +3,14 @@ require "devise/token_authenticatable/strategy"
3
3
  module Devise
4
4
  module TokenAuthenticatable
5
5
 
6
- # Authentication token expiration on timeout
7
- #
8
- # This option is only used if your model uses the Devise
9
- # :timeoutable module.
10
- mattr_accessor :expire_auth_token_on_timeout
11
- @@expire_auth_token_on_timeout = false
12
-
13
6
  # Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
14
7
  mattr_accessor :token_authentication_key
15
8
  @@token_authentication_key = :auth_token
16
9
 
10
+ # Token expiration period. E.g. 1.day
11
+ mattr_accessor :token_expires_in
12
+ @@token_expires_in = nil
13
+
17
14
  # Defines if the authentication token is reset before the model is saved.
18
15
  mattr_accessor :should_reset_authentication_token
19
16
  @@should_reset_authentication_token = false
@@ -1,5 +1,3 @@
1
- require 'devise/token_authenticatable/hooks/timeoutable'
2
-
3
1
  module Devise
4
2
  module Models
5
3
  # The +TokenAuthenticatable+ module is responsible for generating an authentication token and
@@ -30,7 +28,7 @@ module Devise
30
28
  before_save :reset_authentication_token_before_save
31
29
  before_save :ensure_authentication_token_before_save
32
30
 
33
- attr_writer :expire_auth_token_on_timeout
31
+ attr_writer :token_expires_in
34
32
  end
35
33
 
36
34
  module ClassMethods
@@ -55,12 +53,13 @@ module Devise
55
53
  end
56
54
 
57
55
  def self.required_fields(klass)
58
- [:authentication_token]
56
+ [:authentication_token, :authentication_token_created_at]
59
57
  end
60
58
 
61
59
  # Generate new authentication token (a.k.a. "single access token").
62
60
  def reset_authentication_token
63
61
  self.authentication_token = self.class.authentication_token
62
+ self.authentication_token_created_at = Time.now
64
63
  end
65
64
 
66
65
  # Generate new authentication token and save the record.
@@ -83,12 +82,8 @@ module Devise
83
82
  def after_token_authentication
84
83
  end
85
84
 
86
- def expire_auth_token_on_timeout
87
- if @expire_auth_token_on_timeout
88
- @expire_auth_token_on_timeout
89
- else
90
- Devise::TokenAuthenticatable.expire_auth_token_on_timeout
91
- end
85
+ def token_expires_in
86
+ Devise::TokenAuthenticatable.token_expires_in
92
87
  end
93
88
 
94
89
  private
@@ -36,6 +36,12 @@ module Devise
36
36
  resource = mapping.to.find_for_token_authentication(authentication_hash)
37
37
  return fail(:invalid_token) unless resource
38
38
 
39
+ unless token_expires_in.blank?
40
+ if Time.now > (resource.authentication_token_created_at + token_expires_in.to_i)
41
+ return fail(:expired_token)
42
+ end
43
+ end
44
+
39
45
  if validate(resource)
40
46
  resource.after_token_authentication
41
47
  success!(resource)
@@ -88,6 +94,10 @@ module Devise
88
94
  def authentication_keys
89
95
  @authentication_keys ||= [Devise::TokenAuthenticatable.token_authentication_key]
90
96
  end
97
+
98
+ def token_expires_in
99
+ @token_expires_in ||= Devise::TokenAuthenticatable.token_expires_in
100
+ end
91
101
  end
92
102
  end
93
103
  end
@@ -1,5 +1,5 @@
1
1
  module Devise
2
2
  module TokenAuthenticatable
3
- VERSION = "0.4.6".freeze
3
+ VERSION = '0.4.9'.freeze
4
4
  end
5
5
  end
@@ -21,6 +21,12 @@ FactoryGirl.define do
21
21
 
22
22
  trait :with_authentication_token do
23
23
  authentication_token { SecureRandom.hex }
24
+ authentication_token_created_at { Time.now }
25
+ end
26
+
27
+ trait :with_day_old_token do
28
+ authentication_token { SecureRandom.hex }
29
+ authentication_token_created_at { Time.now - 1.day }
24
30
  end
25
31
  end
26
32
  end
@@ -8,72 +8,56 @@ require 'spec_helper'
8
8
  # See spec/factories/user.rb for an example.
9
9
  #
10
10
  shared_examples "token authenticatable" do
11
-
12
11
  context "instance methods" do
13
-
14
12
  describe "#reset_authentication_token" do
15
13
  let(:entity) { create(described_class.name.underscore.to_sym, :with_authentication_token) }
16
14
 
15
+ subject { entity.reset_authentication_token }
16
+
17
17
  it "should reset authentication token" do
18
- expect { entity.reset_authentication_token }.to change { entity.authentication_token }
18
+ expect { subject }.to change { entity.authentication_token }
19
+ end
20
+
21
+ it "should reset token created at" do
22
+ expect { subject }.to change { entity.authentication_token_created_at }
19
23
  end
20
24
  end
21
25
 
22
26
  describe "#ensure_authentication_token" do
27
+ subject { entity.ensure_authentication_token }
23
28
 
24
29
  context "with existing authentication token" do
25
30
  let(:entity) { create(described_class.name.underscore.to_sym, :with_authentication_token) }
26
31
 
27
32
  it "should not change the authentication token" do
28
- expect { entity.ensure_authentication_token }.to_not change { entity.authentication_token }
33
+ expect { subject }.to_not change { entity.authentication_token }
29
34
  end
30
- end
31
-
32
- context "without existing authentication token" do
33
- let(:entity) { create(described_class.name.underscore.to_sym) }
34
35
 
35
- it "should create an authentication token" do
36
- entity.authentication_token = nil
37
- expect { entity.ensure_authentication_token }.to change { entity.authentication_token }
36
+ it "should not change the authentication token created at" do
37
+ expect { subject }.to_not change { entity.authentication_token_created_at }
38
38
  end
39
39
  end
40
- end
41
-
42
- describe "#expire_auth_token_on_timeout" do
43
- let(:entity) { create(described_class.name.underscore.to_sym) }
44
40
 
45
- context "enabling expire_auth_token_on_timeout first" do
41
+ context "without existing authentication token and authentication token created at" do
42
+ let(:entity) { create(described_class.name.underscore.to_sym) }
46
43
 
47
44
  before :each do
48
- entity.expire_auth_token_on_timeout = true
45
+ entity.authentication_token = nil
46
+ entity.authentication_token_created_at = nil
49
47
  end
50
48
 
51
- it "should be true" do
52
- expect(entity.expire_auth_token_on_timeout).to eq true
49
+ it "should set an authentication token" do
50
+ expect { subject }.to change { entity.authentication_token }
53
51
  end
54
52
 
55
- it "should not use the default" do
56
- expect(Devise::TokenAuthenticatable).to_not receive(:expire_auth_token_on_timeout)
57
-
58
- entity.expire_auth_token_on_timeout
53
+ it "should set authentication token created at" do
54
+ expect { subject }.to change { entity.authentication_token_created_at }
59
55
  end
60
-
61
- end
62
-
63
- context "not enabling expire_auth_token_on_timeout" do
64
-
65
- it "should use the default" do
66
- expect(Devise::TokenAuthenticatable).to receive(:expire_auth_token_on_timeout)
67
-
68
- entity.expire_auth_token_on_timeout
69
- end
70
-
71
56
  end
72
57
  end
73
58
  end
74
59
 
75
60
  context "class methods" do
76
-
77
61
  describe "#find_for_authentication_token" do
78
62
  let(:entity) { create(described_class.name.underscore.to_sym, :with_authentication_token) }
79
63
 
@@ -97,7 +81,7 @@ shared_examples "token authenticatable" do
97
81
  end
98
82
 
99
83
  it "should not be subject to injection" do
100
- entity2 = create(described_class.name.underscore.to_sym, :with_authentication_token)
84
+ create(described_class.name.underscore.to_sym, :with_authentication_token)
101
85
 
102
86
  authenticated_entity = described_class.find_for_token_authentication(auth_token: { '$ne' => entity.authentication_token })
103
87
  expect(authenticated_entity).to be_nil
@@ -105,23 +89,19 @@ shared_examples "token authenticatable" do
105
89
  end
106
90
 
107
91
  describe "#required_fields" do
108
-
109
92
  it "should contain the fields that Devise uses" do
110
93
  expect(Devise::Models::TokenAuthenticatable.required_fields(described_class)).to eq([
111
- :authentication_token
94
+ :authentication_token, :authentication_token_created_at
112
95
  ])
113
96
  end
114
-
115
97
  end
116
98
 
117
99
  end
118
100
 
119
101
  context "before_save" do
120
-
121
102
  let(:entity) { create(described_class.name.underscore.to_sym, :with_authentication_token) }
122
103
 
123
104
  context "when the authentication token should be reset" do
124
-
125
105
  before :each do
126
106
  Devise::TokenAuthenticatable.setup do |config|
127
107
  config.should_reset_authentication_token = true
@@ -139,21 +119,17 @@ shared_examples "token authenticatable" do
139
119
 
140
120
  entity.update_attributes(created_at: Time.now)
141
121
  end
142
-
143
122
  end
144
123
 
145
124
  context "when the authentication token should not be reset" do
146
-
147
125
  it "does not reset the authentication token" do
148
126
  expect(entity).to_not receive(:reset_authentication_token)
149
127
 
150
128
  entity.update_attributes(created_at: Time.now)
151
129
  end
152
-
153
130
  end
154
131
 
155
132
  context "when the authentication token should be ensured" do
156
-
157
133
  before :each do
158
134
  Devise::TokenAuthenticatable.setup do |config|
159
135
  config.should_ensure_authentication_token = true
@@ -171,21 +147,16 @@ shared_examples "token authenticatable" do
171
147
 
172
148
  entity.update_attributes(created_at: Time.now)
173
149
  end
174
-
175
150
  end
176
151
 
177
152
  context "when the authentication token should not be ensured" do
178
-
179
153
  it "does not set the authentication token" do
180
154
  expect(entity).to_not receive(:ensure_authentication_token)
181
155
 
182
156
  entity.update_attributes(created_at: Time.now)
183
157
  end
184
-
185
158
  end
186
-
187
159
  end
188
-
189
160
  end
190
161
 
191
162
  describe User do
@@ -1,11 +1,8 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Devise::Strategies::TokenAuthenticatable do
4
-
5
4
  context "with valid authentication token key and value" do
6
-
7
5
  context "through params" do
8
-
9
6
  it "should be a success" do
10
7
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
11
8
  sign_in_as_new_user_with_token
@@ -59,7 +56,6 @@ describe Devise::Strategies::TokenAuthenticatable do
59
56
  end
60
57
 
61
58
  context "when request is stateless" do
62
-
63
59
  it 'should authenticate the user with use of authentication token' do
64
60
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
65
61
  swap Devise, skip_session_storage: [:token_auth] do
@@ -92,13 +88,10 @@ describe Devise::Strategies::TokenAuthenticatable do
92
88
  end
93
89
  end
94
90
  end
95
-
96
91
  end
97
92
 
98
93
  context "when request is stateless and timeoutable" do
99
-
100
94
  context "on sign in" do
101
-
102
95
  it 'should authenticate the user' do
103
96
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
104
97
  swap Devise, skip_session_storage: [:token_auth], timeout_in: (0.1).second do
@@ -107,11 +100,9 @@ describe Devise::Strategies::TokenAuthenticatable do
107
100
  end
108
101
  end
109
102
  end
110
-
111
103
  end
112
104
 
113
105
  context "on delayed access" do
114
-
115
106
  it 'should authenticate the user' do
116
107
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
117
108
  swap Devise, skip_session_storage: [:token_auth], timeout_in: (0.1).second do
@@ -127,59 +118,10 @@ describe Devise::Strategies::TokenAuthenticatable do
127
118
  end
128
119
  end
129
120
  end
130
-
131
- end
132
-
133
- end
134
-
135
- context "when expire_auth_token_on_timeout is set to true, timeoutable is enabled and we have a timed out session" do
136
-
137
- context "on sign in" do
138
-
139
- it 'should authenticate the user' do
140
- swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token, expire_auth_token_on_timeout: true do
141
- swap Devise, timeout_in: (-1).minute do
142
- sign_in_as_new_user_with_token
143
- expect(warden).to be_authenticated(:user)
144
- end
145
- end
146
- end
147
-
148
- end
149
-
150
- context "on re-sign in" do
151
-
152
- it 'should not authenticate the user' do
153
- swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token, expire_auth_token_on_timeout: true do
154
- swap Devise, timeout_in: (-1).minute do
155
- user = sign_in_as_new_user_with_token
156
- token = user.authentication_token
157
-
158
- sign_in_as_new_user_with_token(user: user)
159
- expect(warden).to_not be_authenticated(:user)
160
- end
161
- end
162
- end
163
-
164
- it 'should reset the authentication token' do
165
- swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token, expire_auth_token_on_timeout: true do
166
- swap Devise, timeout_in: (-1).minute do
167
- user = sign_in_as_new_user_with_token
168
- token = user.authentication_token
169
-
170
- sign_in_as_new_user_with_token(user: user)
171
- user.reload
172
- expect(token).to_not eq(user.authentication_token)
173
- end
174
- end
175
- end
176
-
177
121
  end
178
-
179
122
  end
180
123
 
181
124
  context "when not configured" do
182
-
183
125
  it "should redirect to sign in page" do
184
126
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
185
127
  swap Devise, params_authenticatable: [:database] do
@@ -203,7 +145,6 @@ describe Devise::Strategies::TokenAuthenticatable do
203
145
  end
204
146
 
205
147
  context "through http" do
206
-
207
148
  it "should be a success" do
208
149
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
209
150
  swap Devise, http_authenticatable: true do
@@ -225,7 +166,6 @@ describe Devise::Strategies::TokenAuthenticatable do
225
166
  end
226
167
 
227
168
  context "when not configured" do
228
-
229
169
  it "should be an unauthorized" do
230
170
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
231
171
  swap Devise, http_authenticatable: [:database] do
@@ -249,7 +189,6 @@ describe Devise::Strategies::TokenAuthenticatable do
249
189
  end
250
190
 
251
191
  context "through http header" do
252
-
253
192
  it "should redirect to root path" do
254
193
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
255
194
  swap Devise, http_authenticatable: true do
@@ -325,7 +264,6 @@ describe Devise::Strategies::TokenAuthenticatable do
325
264
  end
326
265
 
327
266
  context "with denied token authorization" do
328
-
329
267
  it "should be an unauthorized" do
330
268
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
331
269
  swap Devise, http_authenticatable: false do
@@ -345,14 +283,11 @@ describe Devise::Strategies::TokenAuthenticatable do
345
283
  end
346
284
  end
347
285
  end
348
-
349
286
  end
350
-
351
287
  end
352
288
  end
353
289
 
354
290
  context "with improper authentication token key" do
355
-
356
291
  it "should redirect to the sign in page" do
357
292
  swap Devise::TokenAuthenticatable, token_authentication_key: :donald_duck_token do
358
293
  sign_in_as_new_user_with_token(auth_token_key: :secret_token)
@@ -372,19 +307,16 @@ describe Devise::Strategies::TokenAuthenticatable do
372
307
  it "should not be subject to injection" do
373
308
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
374
309
  user1 = create(:user, :with_authentication_token)
375
- user2 = create(:user, :with_authentication_token)
310
+ create(:user, :with_authentication_token)
376
311
 
377
312
  get users_path(Devise::TokenAuthenticatable.token_authentication_key.to_s + '[$ne]' => user1.authentication_token)
378
313
  expect(warden).to_not be_authenticated(:user)
379
314
  end
380
315
  end
381
-
382
316
  end
383
317
 
384
318
  context "with improper authentication token value" do
385
-
386
319
  context "through params" do
387
-
388
320
  before { sign_in_as_new_user_with_token(auth_token: '*** INVALID TOKEN ***') }
389
321
 
390
322
  it "should redirect to the sign in page" do
@@ -397,7 +329,6 @@ describe Devise::Strategies::TokenAuthenticatable do
397
329
  end
398
330
 
399
331
  context "through http header" do
400
-
401
332
  before { sign_in_as_new_user_with_token(token_auth: true, auth_token: '*** INVALID TOKEN ***') }
402
333
 
403
334
  it "should be an unauthorized" do
@@ -409,4 +340,46 @@ describe Devise::Strategies::TokenAuthenticatable do
409
340
  end
410
341
  end
411
342
  end
343
+
344
+ context "with expired authentication token value" do
345
+ context "through params" do
346
+ it "should redirect to the sign in page" do
347
+ swap Devise::TokenAuthenticatable, token_expires_in: 1.hour do
348
+ sign_in_as_new_user_with_token(use: :with_day_old_token)
349
+
350
+ expect(response).to redirect_to new_user_session_path
351
+ end
352
+ end
353
+
354
+ it "should not authenticate user" do
355
+ swap Devise::TokenAuthenticatable, token_expires_in: 1.hour do
356
+ sign_in_as_new_user_with_token(use: :with_day_old_token)
357
+
358
+ expect(warden).to_not be_authenticated(:user)
359
+ end
360
+ end
361
+
362
+ context "through http header" do
363
+ it "should redirect to the sign in page" do
364
+ swap Devise::TokenAuthenticatable, token_expires_in: 1.hour do
365
+ swap Devise, http_authenticatable: true do
366
+ sign_in_as_new_user_with_token(http_auth: true, use: :with_day_old_token)
367
+
368
+ expect(response.status).to eq(401)
369
+ end
370
+ end
371
+ end
372
+
373
+ it "does not authenticate with expired authentication token value in header" do
374
+ swap Devise::TokenAuthenticatable, token_expires_in: 1.hour do
375
+ swap Devise, http_authenticatable: true do
376
+ sign_in_as_new_user_with_token(http_auth: true, use: :with_day_old_token)
377
+
378
+ expect(warden).to_not be_authenticated(:user)
379
+ end
380
+ end
381
+ end
382
+ end
383
+ end
384
+ end
412
385
  end
@@ -5,8 +5,8 @@ class CreateTables < ActiveRecord::Migration
5
5
  t.string :facebook_token
6
6
 
7
7
  ## Database authenticatable
8
- t.string :email, :null => false, :default => ""
9
- t.string :encrypted_password, :null => false, :default => ""
8
+ t.string :email, null: false, default: ""
9
+ t.string :encrypted_password, null: false, default: ""
10
10
 
11
11
  ## Recoverable
12
12
  t.string :reset_password_token
@@ -16,7 +16,7 @@ class CreateTables < ActiveRecord::Migration
16
16
  t.datetime :remember_created_at
17
17
 
18
18
  ## Trackable
19
- t.integer :sign_in_count, :default => 0
19
+ t.integer :sign_in_count, default: 0
20
20
  t.datetime :current_sign_in_at
21
21
  t.datetime :last_sign_in_at
22
22
  t.string :current_sign_in_ip
@@ -29,20 +29,21 @@ class CreateTables < ActiveRecord::Migration
29
29
  # t.string :unconfirmed_email # Only if using reconfirmable
30
30
 
31
31
  ## Lockable
32
- t.integer :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts
32
+ t.integer :failed_attempts, default: 0 # Only if lock strategy is :failed_attempts
33
33
  t.string :unlock_token # Only if unlock strategy is :email or :both
34
34
  t.datetime :locked_at
35
35
 
36
36
  ## Token authenticatable
37
37
  t.string :authentication_token
38
+ t.datetime :authentication_token_created_at, null: true
38
39
 
39
40
  t.timestamps
40
41
  end
41
42
 
42
43
  create_table :admins do |t|
43
44
  ## Database authenticatable
44
- t.string :email, :null => true
45
- t.string :encrypted_password, :null => true
45
+ t.string :email, null: true
46
+ t.string :encrypted_password, null: true
46
47
 
47
48
  ## Recoverable
48
49
  t.string :reset_password_token
@@ -61,7 +62,7 @@ class CreateTables < ActiveRecord::Migration
61
62
  t.datetime :locked_at
62
63
 
63
64
  ## Attribute for testing route blocks
64
- t.boolean :active, :default => false
65
+ t.boolean :active, default: false
65
66
 
66
67
  t.timestamps
67
68
  end
@@ -45,6 +45,7 @@ ActiveRecord::Schema.define(:version => 20100401102949) do
45
45
  t.string "unlock_token"
46
46
  t.datetime "locked_at"
47
47
  t.string "authentication_token"
48
+ t.datetime "authentication_token_created_at"
48
49
  t.datetime "created_at"
49
50
  t.datetime "updated_at"
50
51
  end
@@ -7,7 +7,8 @@
7
7
  # a new one is created.
8
8
  #
9
9
  def sign_in_as_new_user_with_token(options = {})
10
- user = options.delete(:user) || create(:user, :with_authentication_token)
10
+ trait = options[:use] ? options[:use] : :with_authentication_token
11
+ user = options.delete(:user) || create(:user, trait)
11
12
 
12
13
  options[:auth_token_key] ||= Devise::TokenAuthenticatable.token_authentication_key
13
14
  options[:auth_token] ||= user.authentication_token
@@ -1,18 +1,15 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Devise::TokenAuthenticatable do
4
-
5
- context "configuring the expire_auth_token_on_timeout" do
6
- let(:expire_auth_token_on_timeout) { true }
4
+ context "configuring the token_expires_in" do
5
+ let(:expire_time) { 1.hour }
7
6
 
8
7
  it "should set the configuration" do
9
8
  expect {
10
9
  Devise::TokenAuthenticatable.setup do |config|
11
- config.expire_auth_token_on_timeout = expire_auth_token_on_timeout
10
+ config.token_expires_in = expire_time
12
11
  end
13
- }.to change {
14
- Devise::TokenAuthenticatable.expire_auth_token_on_timeout
15
- }.from(false).to(expire_auth_token_on_timeout)
12
+ }.to change { Devise::TokenAuthenticatable.token_expires_in }.from(nil).to(expire_time)
16
13
  end
17
14
  end
18
15
 
@@ -51,5 +48,4 @@ describe Devise::TokenAuthenticatable do
51
48
  }.to change { Devise::TokenAuthenticatable.should_ensure_authentication_token }.from(false).to(should_ensure)
52
49
  end
53
50
  end
54
-
55
51
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-token_authenticatable
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.6
4
+ version: 0.4.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sebastian Oelke
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-03-11 00:00:00.000000000 Z
11
+ date: 2016-05-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise
@@ -147,7 +147,6 @@ files:
147
147
  - devise-token_authenticatable.gemspec
148
148
  - lib/devise-token_authenticatable.rb
149
149
  - lib/devise/token_authenticatable.rb
150
- - lib/devise/token_authenticatable/hooks/timeoutable.rb
151
150
  - lib/devise/token_authenticatable/model.rb
152
151
  - lib/devise/token_authenticatable/strategy.rb
153
152
  - lib/devise/token_authenticatable/version.rb
@@ -1,34 +0,0 @@
1
- # Each time a record is set we check whether its session has already timed out
2
- # or not, based on last request time. If so and :expire_auth_token_on_timeout
3
- # is set to true, the record's auth token is reset.
4
-
5
- # This is a backport of the functionality of expire_auth_token_on_timeout that
6
- # has been removed from devise in version 3.5.2.
7
- #
8
- # For the original version cf.
9
- # https://github.com/plataformatec/devise/blob/v3.5.1/lib/devise/hooks/timeoutable.rb.
10
-
11
- Warden::Manager.after_set_user do |record, warden, options|
12
- scope = options[:scope]
13
- env = warden.request.env
14
-
15
- if record && record.respond_to?(:timedout?) &&
16
- warden.authenticated?(scope) &&
17
- options[:store] != false &&
18
- !env['devise.skip_timeoutable']
19
-
20
- last_request_at = warden.session(scope)['last_request_at']
21
-
22
- if last_request_at.is_a? Integer
23
- last_request_at = Time.at(last_request_at).utc
24
- elsif last_request_at.is_a? String
25
- last_request_at = Time.parse(last_request_at)
26
- end
27
-
28
- if record.timedout?(last_request_at) && !env['devise.skip_timeout']
29
- if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout
30
- record.reset_authentication_token!
31
- end
32
- end
33
- end
34
- end