devise-token_authenticatable 0.4.6 → 0.4.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1a68ab4f5e9ea350298a644299de878c50077a96
4
- data.tar.gz: c110e22709365cd6f0861b8703b224f0db7857a4
3
+ metadata.gz: 33ae1c06a79b20b7e886cdbc7795b776b78fc767
4
+ data.tar.gz: 175c959f673397ff325234ac4a23d673d6824f7f
5
5
  SHA512:
6
- metadata.gz: dbb469bf9f93baa80bc069d2417c1cdca7d2d5ca975085d6b3a963d52cdcb7b99f3edb0b9e7ab8eb7e32e595b86024a23720a518469664023a12fa5f78e9b6e7
7
- data.tar.gz: af936ee72ce7019d43cb86f70eeed9c6d11ff0b11cd8a4c825d3ade79112033230a1580039530dbaa23900cbf6c5938c5a2697992f3f295e25976397f32b5bc5
6
+ metadata.gz: be522497669564ea1abc605303c6df1e76a8cb84daeb9bf6366bdbbce48deb0dc669ec76370bc7c5365b13371974eae14094155e85bab4bb9445f5038eeb4176
7
+ data.tar.gz: e9404d5a0f635763fff3159df5e40cdf6cd7c716d9adcc8d8b4b4caee2ee905a68e150ddf40ee1e1d332c41f819ee148ec88240b95dce24cccfa0cfde644c79f
@@ -1,16 +1,11 @@
1
1
  language: ruby
2
2
  rvm:
3
- - 1.9.3
4
3
  - 2.0.0
5
- - 2.1.2
6
- - 2.2.0
7
- - jruby-19mode
4
+ - 2.1.9
5
+ - 2.2.5
6
+ - 2.3.1
8
7
 
9
8
  before_install:
10
9
  - gem install bundler -v 1.11
11
10
 
12
- env:
13
- global:
14
- - "JRUBY_OPTS=-Xcext.enabled=true"
15
-
16
11
  script: bundle exec rspec
data/README.md CHANGED
@@ -27,8 +27,8 @@ Or install it yourself as:
27
27
  `~> 0.1` | `~> 3.2.0`
28
28
  `~> 0.2` | `~> 3.3.0`
29
29
  `~> 0.3` | `~> 3.4.0`
30
- `~> 0.4` | `~> 3.5.0`
31
- `~> 0.4.6` | `~> 3.5.2`
30
+ `~> 0.4.0`, `< 0.4.9` | `~> 3.5.0`, `< 3.5.2`
31
+ `~> 0.4.9` | `~> 3.5.2`
32
32
 
33
33
  ## Usage
34
34
 
@@ -46,10 +46,9 @@ This gem can be configured as shown in the following:
46
46
 
47
47
  ```ruby
48
48
  Devise::TokenAuthenticatable.setup do |config|
49
- # enables the expiration of a token after a session timeout,
50
- # only useful in connection with the devise timeoutable module,
51
- # defaults to false
52
- config.expire_auth_token_on_timeout = true
49
+ # enables the expiration of a token after a specified amount of time,
50
+ # defaults to nil
51
+ config.token_expires_in = 1.day
53
52
 
54
53
  # set the authentication key name used by this module,
55
54
  # defaults to :auth_token
@@ -3,17 +3,14 @@ require "devise/token_authenticatable/strategy"
3
3
  module Devise
4
4
  module TokenAuthenticatable
5
5
 
6
- # Authentication token expiration on timeout
7
- #
8
- # This option is only used if your model uses the Devise
9
- # :timeoutable module.
10
- mattr_accessor :expire_auth_token_on_timeout
11
- @@expire_auth_token_on_timeout = false
12
-
13
6
  # Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
14
7
  mattr_accessor :token_authentication_key
15
8
  @@token_authentication_key = :auth_token
16
9
 
10
+ # Token expiration period. E.g. 1.day
11
+ mattr_accessor :token_expires_in
12
+ @@token_expires_in = nil
13
+
17
14
  # Defines if the authentication token is reset before the model is saved.
18
15
  mattr_accessor :should_reset_authentication_token
19
16
  @@should_reset_authentication_token = false
@@ -1,5 +1,3 @@
1
- require 'devise/token_authenticatable/hooks/timeoutable'
2
-
3
1
  module Devise
4
2
  module Models
5
3
  # The +TokenAuthenticatable+ module is responsible for generating an authentication token and
@@ -30,7 +28,7 @@ module Devise
30
28
  before_save :reset_authentication_token_before_save
31
29
  before_save :ensure_authentication_token_before_save
32
30
 
33
- attr_writer :expire_auth_token_on_timeout
31
+ attr_writer :token_expires_in
34
32
  end
35
33
 
36
34
  module ClassMethods
@@ -55,12 +53,13 @@ module Devise
55
53
  end
56
54
 
57
55
  def self.required_fields(klass)
58
- [:authentication_token]
56
+ [:authentication_token, :authentication_token_created_at]
59
57
  end
60
58
 
61
59
  # Generate new authentication token (a.k.a. "single access token").
62
60
  def reset_authentication_token
63
61
  self.authentication_token = self.class.authentication_token
62
+ self.authentication_token_created_at = Time.now
64
63
  end
65
64
 
66
65
  # Generate new authentication token and save the record.
@@ -83,12 +82,8 @@ module Devise
83
82
  def after_token_authentication
84
83
  end
85
84
 
86
- def expire_auth_token_on_timeout
87
- if @expire_auth_token_on_timeout
88
- @expire_auth_token_on_timeout
89
- else
90
- Devise::TokenAuthenticatable.expire_auth_token_on_timeout
91
- end
85
+ def token_expires_in
86
+ Devise::TokenAuthenticatable.token_expires_in
92
87
  end
93
88
 
94
89
  private
@@ -36,6 +36,12 @@ module Devise
36
36
  resource = mapping.to.find_for_token_authentication(authentication_hash)
37
37
  return fail(:invalid_token) unless resource
38
38
 
39
+ unless token_expires_in.blank?
40
+ if Time.now > (resource.authentication_token_created_at + token_expires_in.to_i)
41
+ return fail(:expired_token)
42
+ end
43
+ end
44
+
39
45
  if validate(resource)
40
46
  resource.after_token_authentication
41
47
  success!(resource)
@@ -88,6 +94,10 @@ module Devise
88
94
  def authentication_keys
89
95
  @authentication_keys ||= [Devise::TokenAuthenticatable.token_authentication_key]
90
96
  end
97
+
98
+ def token_expires_in
99
+ @token_expires_in ||= Devise::TokenAuthenticatable.token_expires_in
100
+ end
91
101
  end
92
102
  end
93
103
  end
@@ -1,5 +1,5 @@
1
1
  module Devise
2
2
  module TokenAuthenticatable
3
- VERSION = "0.4.6".freeze
3
+ VERSION = '0.4.9'.freeze
4
4
  end
5
5
  end
@@ -21,6 +21,12 @@ FactoryGirl.define do
21
21
 
22
22
  trait :with_authentication_token do
23
23
  authentication_token { SecureRandom.hex }
24
+ authentication_token_created_at { Time.now }
25
+ end
26
+
27
+ trait :with_day_old_token do
28
+ authentication_token { SecureRandom.hex }
29
+ authentication_token_created_at { Time.now - 1.day }
24
30
  end
25
31
  end
26
32
  end
@@ -8,72 +8,56 @@ require 'spec_helper'
8
8
  # See spec/factories/user.rb for an example.
9
9
  #
10
10
  shared_examples "token authenticatable" do
11
-
12
11
  context "instance methods" do
13
-
14
12
  describe "#reset_authentication_token" do
15
13
  let(:entity) { create(described_class.name.underscore.to_sym, :with_authentication_token) }
16
14
 
15
+ subject { entity.reset_authentication_token }
16
+
17
17
  it "should reset authentication token" do
18
- expect { entity.reset_authentication_token }.to change { entity.authentication_token }
18
+ expect { subject }.to change { entity.authentication_token }
19
+ end
20
+
21
+ it "should reset token created at" do
22
+ expect { subject }.to change { entity.authentication_token_created_at }
19
23
  end
20
24
  end
21
25
 
22
26
  describe "#ensure_authentication_token" do
27
+ subject { entity.ensure_authentication_token }
23
28
 
24
29
  context "with existing authentication token" do
25
30
  let(:entity) { create(described_class.name.underscore.to_sym, :with_authentication_token) }
26
31
 
27
32
  it "should not change the authentication token" do
28
- expect { entity.ensure_authentication_token }.to_not change { entity.authentication_token }
33
+ expect { subject }.to_not change { entity.authentication_token }
29
34
  end
30
- end
31
-
32
- context "without existing authentication token" do
33
- let(:entity) { create(described_class.name.underscore.to_sym) }
34
35
 
35
- it "should create an authentication token" do
36
- entity.authentication_token = nil
37
- expect { entity.ensure_authentication_token }.to change { entity.authentication_token }
36
+ it "should not change the authentication token created at" do
37
+ expect { subject }.to_not change { entity.authentication_token_created_at }
38
38
  end
39
39
  end
40
- end
41
-
42
- describe "#expire_auth_token_on_timeout" do
43
- let(:entity) { create(described_class.name.underscore.to_sym) }
44
40
 
45
- context "enabling expire_auth_token_on_timeout first" do
41
+ context "without existing authentication token and authentication token created at" do
42
+ let(:entity) { create(described_class.name.underscore.to_sym) }
46
43
 
47
44
  before :each do
48
- entity.expire_auth_token_on_timeout = true
45
+ entity.authentication_token = nil
46
+ entity.authentication_token_created_at = nil
49
47
  end
50
48
 
51
- it "should be true" do
52
- expect(entity.expire_auth_token_on_timeout).to eq true
49
+ it "should set an authentication token" do
50
+ expect { subject }.to change { entity.authentication_token }
53
51
  end
54
52
 
55
- it "should not use the default" do
56
- expect(Devise::TokenAuthenticatable).to_not receive(:expire_auth_token_on_timeout)
57
-
58
- entity.expire_auth_token_on_timeout
53
+ it "should set authentication token created at" do
54
+ expect { subject }.to change { entity.authentication_token_created_at }
59
55
  end
60
-
61
- end
62
-
63
- context "not enabling expire_auth_token_on_timeout" do
64
-
65
- it "should use the default" do
66
- expect(Devise::TokenAuthenticatable).to receive(:expire_auth_token_on_timeout)
67
-
68
- entity.expire_auth_token_on_timeout
69
- end
70
-
71
56
  end
72
57
  end
73
58
  end
74
59
 
75
60
  context "class methods" do
76
-
77
61
  describe "#find_for_authentication_token" do
78
62
  let(:entity) { create(described_class.name.underscore.to_sym, :with_authentication_token) }
79
63
 
@@ -97,7 +81,7 @@ shared_examples "token authenticatable" do
97
81
  end
98
82
 
99
83
  it "should not be subject to injection" do
100
- entity2 = create(described_class.name.underscore.to_sym, :with_authentication_token)
84
+ create(described_class.name.underscore.to_sym, :with_authentication_token)
101
85
 
102
86
  authenticated_entity = described_class.find_for_token_authentication(auth_token: { '$ne' => entity.authentication_token })
103
87
  expect(authenticated_entity).to be_nil
@@ -105,23 +89,19 @@ shared_examples "token authenticatable" do
105
89
  end
106
90
 
107
91
  describe "#required_fields" do
108
-
109
92
  it "should contain the fields that Devise uses" do
110
93
  expect(Devise::Models::TokenAuthenticatable.required_fields(described_class)).to eq([
111
- :authentication_token
94
+ :authentication_token, :authentication_token_created_at
112
95
  ])
113
96
  end
114
-
115
97
  end
116
98
 
117
99
  end
118
100
 
119
101
  context "before_save" do
120
-
121
102
  let(:entity) { create(described_class.name.underscore.to_sym, :with_authentication_token) }
122
103
 
123
104
  context "when the authentication token should be reset" do
124
-
125
105
  before :each do
126
106
  Devise::TokenAuthenticatable.setup do |config|
127
107
  config.should_reset_authentication_token = true
@@ -139,21 +119,17 @@ shared_examples "token authenticatable" do
139
119
 
140
120
  entity.update_attributes(created_at: Time.now)
141
121
  end
142
-
143
122
  end
144
123
 
145
124
  context "when the authentication token should not be reset" do
146
-
147
125
  it "does not reset the authentication token" do
148
126
  expect(entity).to_not receive(:reset_authentication_token)
149
127
 
150
128
  entity.update_attributes(created_at: Time.now)
151
129
  end
152
-
153
130
  end
154
131
 
155
132
  context "when the authentication token should be ensured" do
156
-
157
133
  before :each do
158
134
  Devise::TokenAuthenticatable.setup do |config|
159
135
  config.should_ensure_authentication_token = true
@@ -171,21 +147,16 @@ shared_examples "token authenticatable" do
171
147
 
172
148
  entity.update_attributes(created_at: Time.now)
173
149
  end
174
-
175
150
  end
176
151
 
177
152
  context "when the authentication token should not be ensured" do
178
-
179
153
  it "does not set the authentication token" do
180
154
  expect(entity).to_not receive(:ensure_authentication_token)
181
155
 
182
156
  entity.update_attributes(created_at: Time.now)
183
157
  end
184
-
185
158
  end
186
-
187
159
  end
188
-
189
160
  end
190
161
 
191
162
  describe User do
@@ -1,11 +1,8 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Devise::Strategies::TokenAuthenticatable do
4
-
5
4
  context "with valid authentication token key and value" do
6
-
7
5
  context "through params" do
8
-
9
6
  it "should be a success" do
10
7
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
11
8
  sign_in_as_new_user_with_token
@@ -59,7 +56,6 @@ describe Devise::Strategies::TokenAuthenticatable do
59
56
  end
60
57
 
61
58
  context "when request is stateless" do
62
-
63
59
  it 'should authenticate the user with use of authentication token' do
64
60
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
65
61
  swap Devise, skip_session_storage: [:token_auth] do
@@ -92,13 +88,10 @@ describe Devise::Strategies::TokenAuthenticatable do
92
88
  end
93
89
  end
94
90
  end
95
-
96
91
  end
97
92
 
98
93
  context "when request is stateless and timeoutable" do
99
-
100
94
  context "on sign in" do
101
-
102
95
  it 'should authenticate the user' do
103
96
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
104
97
  swap Devise, skip_session_storage: [:token_auth], timeout_in: (0.1).second do
@@ -107,11 +100,9 @@ describe Devise::Strategies::TokenAuthenticatable do
107
100
  end
108
101
  end
109
102
  end
110
-
111
103
  end
112
104
 
113
105
  context "on delayed access" do
114
-
115
106
  it 'should authenticate the user' do
116
107
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
117
108
  swap Devise, skip_session_storage: [:token_auth], timeout_in: (0.1).second do
@@ -127,59 +118,10 @@ describe Devise::Strategies::TokenAuthenticatable do
127
118
  end
128
119
  end
129
120
  end
130
-
131
- end
132
-
133
- end
134
-
135
- context "when expire_auth_token_on_timeout is set to true, timeoutable is enabled and we have a timed out session" do
136
-
137
- context "on sign in" do
138
-
139
- it 'should authenticate the user' do
140
- swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token, expire_auth_token_on_timeout: true do
141
- swap Devise, timeout_in: (-1).minute do
142
- sign_in_as_new_user_with_token
143
- expect(warden).to be_authenticated(:user)
144
- end
145
- end
146
- end
147
-
148
- end
149
-
150
- context "on re-sign in" do
151
-
152
- it 'should not authenticate the user' do
153
- swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token, expire_auth_token_on_timeout: true do
154
- swap Devise, timeout_in: (-1).minute do
155
- user = sign_in_as_new_user_with_token
156
- token = user.authentication_token
157
-
158
- sign_in_as_new_user_with_token(user: user)
159
- expect(warden).to_not be_authenticated(:user)
160
- end
161
- end
162
- end
163
-
164
- it 'should reset the authentication token' do
165
- swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token, expire_auth_token_on_timeout: true do
166
- swap Devise, timeout_in: (-1).minute do
167
- user = sign_in_as_new_user_with_token
168
- token = user.authentication_token
169
-
170
- sign_in_as_new_user_with_token(user: user)
171
- user.reload
172
- expect(token).to_not eq(user.authentication_token)
173
- end
174
- end
175
- end
176
-
177
121
  end
178
-
179
122
  end
180
123
 
181
124
  context "when not configured" do
182
-
183
125
  it "should redirect to sign in page" do
184
126
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
185
127
  swap Devise, params_authenticatable: [:database] do
@@ -203,7 +145,6 @@ describe Devise::Strategies::TokenAuthenticatable do
203
145
  end
204
146
 
205
147
  context "through http" do
206
-
207
148
  it "should be a success" do
208
149
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
209
150
  swap Devise, http_authenticatable: true do
@@ -225,7 +166,6 @@ describe Devise::Strategies::TokenAuthenticatable do
225
166
  end
226
167
 
227
168
  context "when not configured" do
228
-
229
169
  it "should be an unauthorized" do
230
170
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
231
171
  swap Devise, http_authenticatable: [:database] do
@@ -249,7 +189,6 @@ describe Devise::Strategies::TokenAuthenticatable do
249
189
  end
250
190
 
251
191
  context "through http header" do
252
-
253
192
  it "should redirect to root path" do
254
193
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
255
194
  swap Devise, http_authenticatable: true do
@@ -325,7 +264,6 @@ describe Devise::Strategies::TokenAuthenticatable do
325
264
  end
326
265
 
327
266
  context "with denied token authorization" do
328
-
329
267
  it "should be an unauthorized" do
330
268
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
331
269
  swap Devise, http_authenticatable: false do
@@ -345,14 +283,11 @@ describe Devise::Strategies::TokenAuthenticatable do
345
283
  end
346
284
  end
347
285
  end
348
-
349
286
  end
350
-
351
287
  end
352
288
  end
353
289
 
354
290
  context "with improper authentication token key" do
355
-
356
291
  it "should redirect to the sign in page" do
357
292
  swap Devise::TokenAuthenticatable, token_authentication_key: :donald_duck_token do
358
293
  sign_in_as_new_user_with_token(auth_token_key: :secret_token)
@@ -372,19 +307,16 @@ describe Devise::Strategies::TokenAuthenticatable do
372
307
  it "should not be subject to injection" do
373
308
  swap Devise::TokenAuthenticatable, token_authentication_key: :secret_token do
374
309
  user1 = create(:user, :with_authentication_token)
375
- user2 = create(:user, :with_authentication_token)
310
+ create(:user, :with_authentication_token)
376
311
 
377
312
  get users_path(Devise::TokenAuthenticatable.token_authentication_key.to_s + '[$ne]' => user1.authentication_token)
378
313
  expect(warden).to_not be_authenticated(:user)
379
314
  end
380
315
  end
381
-
382
316
  end
383
317
 
384
318
  context "with improper authentication token value" do
385
-
386
319
  context "through params" do
387
-
388
320
  before { sign_in_as_new_user_with_token(auth_token: '*** INVALID TOKEN ***') }
389
321
 
390
322
  it "should redirect to the sign in page" do
@@ -397,7 +329,6 @@ describe Devise::Strategies::TokenAuthenticatable do
397
329
  end
398
330
 
399
331
  context "through http header" do
400
-
401
332
  before { sign_in_as_new_user_with_token(token_auth: true, auth_token: '*** INVALID TOKEN ***') }
402
333
 
403
334
  it "should be an unauthorized" do
@@ -409,4 +340,46 @@ describe Devise::Strategies::TokenAuthenticatable do
409
340
  end
410
341
  end
411
342
  end
343
+
344
+ context "with expired authentication token value" do
345
+ context "through params" do
346
+ it "should redirect to the sign in page" do
347
+ swap Devise::TokenAuthenticatable, token_expires_in: 1.hour do
348
+ sign_in_as_new_user_with_token(use: :with_day_old_token)
349
+
350
+ expect(response).to redirect_to new_user_session_path
351
+ end
352
+ end
353
+
354
+ it "should not authenticate user" do
355
+ swap Devise::TokenAuthenticatable, token_expires_in: 1.hour do
356
+ sign_in_as_new_user_with_token(use: :with_day_old_token)
357
+
358
+ expect(warden).to_not be_authenticated(:user)
359
+ end
360
+ end
361
+
362
+ context "through http header" do
363
+ it "should redirect to the sign in page" do
364
+ swap Devise::TokenAuthenticatable, token_expires_in: 1.hour do
365
+ swap Devise, http_authenticatable: true do
366
+ sign_in_as_new_user_with_token(http_auth: true, use: :with_day_old_token)
367
+
368
+ expect(response.status).to eq(401)
369
+ end
370
+ end
371
+ end
372
+
373
+ it "does not authenticate with expired authentication token value in header" do
374
+ swap Devise::TokenAuthenticatable, token_expires_in: 1.hour do
375
+ swap Devise, http_authenticatable: true do
376
+ sign_in_as_new_user_with_token(http_auth: true, use: :with_day_old_token)
377
+
378
+ expect(warden).to_not be_authenticated(:user)
379
+ end
380
+ end
381
+ end
382
+ end
383
+ end
384
+ end
412
385
  end
@@ -5,8 +5,8 @@ class CreateTables < ActiveRecord::Migration
5
5
  t.string :facebook_token
6
6
 
7
7
  ## Database authenticatable
8
- t.string :email, :null => false, :default => ""
9
- t.string :encrypted_password, :null => false, :default => ""
8
+ t.string :email, null: false, default: ""
9
+ t.string :encrypted_password, null: false, default: ""
10
10
 
11
11
  ## Recoverable
12
12
  t.string :reset_password_token
@@ -16,7 +16,7 @@ class CreateTables < ActiveRecord::Migration
16
16
  t.datetime :remember_created_at
17
17
 
18
18
  ## Trackable
19
- t.integer :sign_in_count, :default => 0
19
+ t.integer :sign_in_count, default: 0
20
20
  t.datetime :current_sign_in_at
21
21
  t.datetime :last_sign_in_at
22
22
  t.string :current_sign_in_ip
@@ -29,20 +29,21 @@ class CreateTables < ActiveRecord::Migration
29
29
  # t.string :unconfirmed_email # Only if using reconfirmable
30
30
 
31
31
  ## Lockable
32
- t.integer :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts
32
+ t.integer :failed_attempts, default: 0 # Only if lock strategy is :failed_attempts
33
33
  t.string :unlock_token # Only if unlock strategy is :email or :both
34
34
  t.datetime :locked_at
35
35
 
36
36
  ## Token authenticatable
37
37
  t.string :authentication_token
38
+ t.datetime :authentication_token_created_at, null: true
38
39
 
39
40
  t.timestamps
40
41
  end
41
42
 
42
43
  create_table :admins do |t|
43
44
  ## Database authenticatable
44
- t.string :email, :null => true
45
- t.string :encrypted_password, :null => true
45
+ t.string :email, null: true
46
+ t.string :encrypted_password, null: true
46
47
 
47
48
  ## Recoverable
48
49
  t.string :reset_password_token
@@ -61,7 +62,7 @@ class CreateTables < ActiveRecord::Migration
61
62
  t.datetime :locked_at
62
63
 
63
64
  ## Attribute for testing route blocks
64
- t.boolean :active, :default => false
65
+ t.boolean :active, default: false
65
66
 
66
67
  t.timestamps
67
68
  end
@@ -45,6 +45,7 @@ ActiveRecord::Schema.define(:version => 20100401102949) do
45
45
  t.string "unlock_token"
46
46
  t.datetime "locked_at"
47
47
  t.string "authentication_token"
48
+ t.datetime "authentication_token_created_at"
48
49
  t.datetime "created_at"
49
50
  t.datetime "updated_at"
50
51
  end
@@ -7,7 +7,8 @@
7
7
  # a new one is created.
8
8
  #
9
9
  def sign_in_as_new_user_with_token(options = {})
10
- user = options.delete(:user) || create(:user, :with_authentication_token)
10
+ trait = options[:use] ? options[:use] : :with_authentication_token
11
+ user = options.delete(:user) || create(:user, trait)
11
12
 
12
13
  options[:auth_token_key] ||= Devise::TokenAuthenticatable.token_authentication_key
13
14
  options[:auth_token] ||= user.authentication_token
@@ -1,18 +1,15 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Devise::TokenAuthenticatable do
4
-
5
- context "configuring the expire_auth_token_on_timeout" do
6
- let(:expire_auth_token_on_timeout) { true }
4
+ context "configuring the token_expires_in" do
5
+ let(:expire_time) { 1.hour }
7
6
 
8
7
  it "should set the configuration" do
9
8
  expect {
10
9
  Devise::TokenAuthenticatable.setup do |config|
11
- config.expire_auth_token_on_timeout = expire_auth_token_on_timeout
10
+ config.token_expires_in = expire_time
12
11
  end
13
- }.to change {
14
- Devise::TokenAuthenticatable.expire_auth_token_on_timeout
15
- }.from(false).to(expire_auth_token_on_timeout)
12
+ }.to change { Devise::TokenAuthenticatable.token_expires_in }.from(nil).to(expire_time)
16
13
  end
17
14
  end
18
15
 
@@ -51,5 +48,4 @@ describe Devise::TokenAuthenticatable do
51
48
  }.to change { Devise::TokenAuthenticatable.should_ensure_authentication_token }.from(false).to(should_ensure)
52
49
  end
53
50
  end
54
-
55
51
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-token_authenticatable
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.6
4
+ version: 0.4.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sebastian Oelke
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-03-11 00:00:00.000000000 Z
11
+ date: 2016-05-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise
@@ -147,7 +147,6 @@ files:
147
147
  - devise-token_authenticatable.gemspec
148
148
  - lib/devise-token_authenticatable.rb
149
149
  - lib/devise/token_authenticatable.rb
150
- - lib/devise/token_authenticatable/hooks/timeoutable.rb
151
150
  - lib/devise/token_authenticatable/model.rb
152
151
  - lib/devise/token_authenticatable/strategy.rb
153
152
  - lib/devise/token_authenticatable/version.rb
@@ -1,34 +0,0 @@
1
- # Each time a record is set we check whether its session has already timed out
2
- # or not, based on last request time. If so and :expire_auth_token_on_timeout
3
- # is set to true, the record's auth token is reset.
4
-
5
- # This is a backport of the functionality of expire_auth_token_on_timeout that
6
- # has been removed from devise in version 3.5.2.
7
- #
8
- # For the original version cf.
9
- # https://github.com/plataformatec/devise/blob/v3.5.1/lib/devise/hooks/timeoutable.rb.
10
-
11
- Warden::Manager.after_set_user do |record, warden, options|
12
- scope = options[:scope]
13
- env = warden.request.env
14
-
15
- if record && record.respond_to?(:timedout?) &&
16
- warden.authenticated?(scope) &&
17
- options[:store] != false &&
18
- !env['devise.skip_timeoutable']
19
-
20
- last_request_at = warden.session(scope)['last_request_at']
21
-
22
- if last_request_at.is_a? Integer
23
- last_request_at = Time.at(last_request_at).utc
24
- elsif last_request_at.is_a? String
25
- last_request_at = Time.parse(last_request_at)
26
- end
27
-
28
- if record.timedout?(last_request_at) && !env['devise.skip_timeout']
29
- if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout
30
- record.reset_authentication_token!
31
- end
32
- end
33
- end
34
- end