RubyGems - devise_jwt_auth - Versions diffs - 0.1.1 → 0.1.6 - Mend

devise_jwt_auth 0.1.1 → 0.1.6

Files changed (88) hide show

data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth.rb CHANGED

@@ -5,38 +5,38 @@ DeviseJwtAuth.setup do |config|
   # user. To receive new access tokens, you should either reauthenticate or
   # use the HTTP only refresh cookie that is sent during the authentication
   # process and make refresh token requests.
-  # self.send_new_access_token_on_each_request = false
+  # config.send_new_access_token_on_each_request = false
   # By default, refresh token HTTP Only cookies last for 2 weeks. These tokens
   # are used for requesting shorter-lived acccess tokens.
-  # self.refresh_token_lifespan = 2.weeks
+  # config.refresh_token_lifespan = 2.weeks
   # By default, access tokens last for 15 minutes. These tokens are used to
   # access protected resources. When these tokens expire, you need to
   # reauthenticate the user or use a refresh token cookie to get a new access
   # token.
-  # self.access_token_lifespan = 15.minutes
+  # config.access_token_lifespan = 15.minutes
   # This is the name of the HTTP Only cookie that will be sent to the client
   # for the purpose of requesting new access tokens.
-  # self.refresh_token_name = 'refresh-token'
+  # config.refresh_token_name = 'refresh-token'
   # This is the name of the token that will be sent in the JSON responses used
   # for accessing protected resources. NEVER store this token in a cookie or
   # any form of local storage on the client. Save it in memory as a javascript
   # variable or in some kind of context manager like Redux. Send it in your
   # request headers when you want to be authenticated.
-  # self.access_token_name = 'access-token'
+  # config.access_token_name = 'access-token'
   # This is the refresh token encryption key. You should set this in an
   # environment variable or secret key base that isn't store in a repository.
   # Also, its a good idea to NOT use the same key for access tokens.
-  self.refresh_token_encryption_key = 'your-refresh-token-secret-key-here'
+  config.refresh_token_encryption_key = 'your-refresh-token-secret-key-here'
   # This is the refresh token encryption key. You should set this in an
   # environment variable or secret key base that isn't store in a repository.
   # Also, its a good idea to NOT use the same key for access tokens.
-  self.access_token_encryption_key = 'your-access-token-secret-key-here'
+  config.access_token_encryption_key = 'your-access-token-secret-key-here'
   # This route will be the prefix for all oauth2 redirect callbacks. For
   # example, using the default '/omniauth', the github oauth2 provider will
@@ -64,11 +64,10 @@ DeviseJwtAuth.setup do |config|
   # config.send_confirmation_email = true
   # TODO: Document these settings
-  # self.default_confirm_success_url               = nil
-  # self.default_password_reset_url                = nil
-  # self.redirect_whitelist                        = nil
-  # self.update_token_version_after_password_reset = true
-  # self.bypass_sign_in                            = true
-  # self.require_client_password_reset_token       = false
+  # config.default_confirm_success_url               = nil
+  # config.default_password_reset_url                = nil
+  # config.redirect_whitelist                        = nil
+  # config.update_token_version_after_password_reset = true
+  # config.bypass_sign_in                            = true
+  # config.require_client_password_reset_token       = false
 end

data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth_create_users.rb.erb CHANGED

@@ -2,12 +2,18 @@
 class DeviseJwtAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRecord::Migration<%= "[#{Rails::VERSION::STRING[0..2]}]" if Rails::VERSION::MAJOR > 4 %>
   def change
-    <% table_name = @user_class.pluralize.gsub("::","").underscore %>
-    create_table(:<%= table_name %><%= primary_key_type %>) do |t|
+    <% table_name = @user_class.pluralize.gsub("::","").underscore -%>
+create_table(:<%= table_name %><%= primary_key_type %>) do |t|
       ## Required
       t.string :provider, null: false, default: 'email'
       t.string :uid, null: false, default: ''
+      ## User Info
+      t.string :name
+      t.string :nickname
+      t.string :image
+      t.string :email
       ## Database authenticatable
       t.string :encrypted_password, null: false, default: ''
@@ -19,6 +25,13 @@ class DeviseJwtAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRecor
       ## Rememberable
       t.datetime :remember_created_at
+      ## Trackable
+      # t.integer  :sign_in_count, default: 0, null: false
+      # t.datetime :current_sign_in_at
+      # t.datetime :last_sign_in_at
+      # t.<%= ip_column %> :current_sign_in_ip
+      # t.<%= ip_column %> :last_sign_in_ip
       ## Confirmable
       t.string   :confirmation_token
       t.datetime :confirmed_at
@@ -30,15 +43,6 @@ class DeviseJwtAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRecor
       # t.string   :unlock_token # Only if unlock strategy is :email or :both
       # t.datetime :locked_at
-      ## User Info
-      t.string :name
-      t.string :nickname
-      t.string :image
-      t.string :email
-      ## Tokens
-      <%= json_supported_database? ? 't.json :tokens' : 't.text :tokens' %>
       t.timestamps
     end

data/lib/generators/devise_jwt_auth/templates/user.rb.erb CHANGED

@@ -2,8 +2,8 @@
 class <%= user_class %> < ActiveRecord::Base
   # Include default devise modules. Others available are:
-  # :confirmable, :lockable, :timeoutable and :omniauthable
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
   devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable
+         :recoverable, :rememberable, :validatable
   include DeviseJwtAuth::Concerns::User
 end

data/test/controllers/custom/custom_confirmations_controller_test.rb CHANGED

@@ -10,8 +10,8 @@ class Custom::ConfirmationsControllerTest < ActionController::TestCase
       @redirect_url = Faker::Internet.url
       @new_user = create(:user)
       @new_user.send_confirmation_instructions(redirect_url: @redirect_url)
-      @mail          = ActionMailer::Base.deliveries.last
-      @token         = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
+      @mail = ActionMailer::Base.deliveries.last
+      @token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
       @client_config = @mail.body.match(/config=([^&]*)&/)[1]
       get :show,

data/test/controllers/custom/custom_passwords_controller_test.rb CHANGED

@@ -13,7 +13,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
     test 'yield resource to block on create success' do
       post :create,
-           params: { email:  @resource.email,
+           params: { email: @resource.email,
                      redirect_url: @redirect_url }
       @mail = ActionMailer::Base.deliveries.last
@@ -21,7 +21,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
       @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
       @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
-      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)\"/)[1]
+      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)"/)[1]
       assert @controller.create_block_called?,
              'create failed to yield resource to provided block'
@@ -32,7 +32,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
       @redirect_url = 'http://ng-token-auth.dev'
       post :create,
-           params: { email:  @resource.email,
+           params: { email: @resource.email,
                      redirect_url: @redirect_url },
            xhr: true
@@ -41,7 +41,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
       @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
       @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
-      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)\"/)[1]
+      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)"/)[1]
       get :edit,
           params: { reset_password_token: @mail_reset_token,

data/test/controllers/custom/custom_refresh_token_controller_test.rb CHANGED

@@ -9,8 +9,7 @@ class Custom::RefreshTokenControllerTest < ActionDispatch::IntegrationTest
     before do
       @resource = create(:user, :confirmed)
       @auth_headers = get_cookie_header(DeviseJwtAuth.refresh_token_name,
-                                        @resource.create_refresh_token
-      )
+                                        @resource.create_refresh_token)
     end
     test 'yield resource to block on refresh_token success' do
@@ -33,4 +32,4 @@ class Custom::RefreshTokenControllerTest < ActionDispatch::IntegrationTest
       assert_equal @data['custom'], 'foo'
     end
   end
-end
+end

data/test/controllers/custom/custom_registrations_controller_test.rb CHANGED

@@ -8,8 +8,8 @@ class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
     before do
       @create_params = attributes_for(:user,
-        confirm_success_url: Faker::Internet.url,
-        unpermitted_param: '(x_x)')
+                                      confirm_success_url: Faker::Internet.url,
+                                      unpermitted_param: '(x_x)')
       @existing_user = create(:user, :confirmed)
       @auth_headers = @existing_user.create_named_token_pair

data/test/controllers/demo_mang_controller_test.rb CHANGED

@@ -39,61 +39,59 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
           it 'should define current_mang' do
             assert_equal @resource, @controller.current_mang
           end
           it 'should define mang_signed_in?' do
             assert @controller.mang_signed_in?
           end
           it 'should not define current_user' do
             refute_equal @resource, @controller.current_user
           end
           it 'should define render_authenticate_error' do
             assert @controller.methods.include?(:render_authenticate_error)
           end
         end
         it 'should return success status' do
           assert_equal 200, response.status
         end
-=begin
-        it 'should receive new token after successful request' do
-          refute_equal @token, @resp_token
-        end
-        it 'should preserve the client id from the first request' do
-          assert_equal @client_id, @resp_client_id
-        end
-        it "should return the user's uid in the auth header" do
-          assert_equal @resource.uid, @resp_uid
-        end
-        it 'should not treat this request as a batch request' do
-          refute assigns(:is_batch_request)
-        end
-        describe 'subsequent requests' do
-          before do
-            @resource.reload
-            # ensure that request is not treated as batch request
-            # age_token(@resource, @client_id)
-            get '/demo/members_only_mang',
-            params: {},
-            headers: @auth_headers.merge('access-token' => @resp_token)
-          end
-          it 'should not treat this request as a batch request' do
-            refute assigns(:is_batch_request)
-          end
-          it 'should allow a new request to be made using new token' do
-            assert_equal 200, response.status
-          end
-        end
-=end
+        #         it 'should receive new token after successful request' do
+        #           refute_equal @token, @resp_token
+        #         end
+        #
+        #         it 'should preserve the client id from the first request' do
+        #           assert_equal @client_id, @resp_client_id
+        #         end
+        #
+        #         it "should return the user's uid in the auth header" do
+        #           assert_equal @resource.uid, @resp_uid
+        #         end
+        #
+        #         it 'should not treat this request as a batch request' do
+        #           refute assigns(:is_batch_request)
+        #         end
+        #
+        #         describe 'subsequent requests' do
+        #           before do
+        #             @resource.reload
+        #             # ensure that request is not treated as batch request
+        #             # age_token(@resource, @client_id)
+        #
+        #             get '/demo/members_only_mang',
+        #             params: {},
+        #             headers: @auth_headers.merge('access-token' => @resp_token)
+        #           end
+        #
+        #           it 'should not treat this request as a batch request' do
+        #             refute assigns(:is_batch_request)
+        #           end
+        #
+        #           it 'should allow a new request to be made using new token' do
+        #             assert_equal 200, response.status
+        #           end
+        #         end
       end
       describe 'failed request' do
@@ -112,175 +110,173 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
         end
       end
-=begin
-      describe 'disable change_headers_on_each_request' do
-        before do
-          DeviseJwtAuth.change_headers_on_each_request = false
-          @resource.reload
-          # age_token(@resource, @client_id)
-          get '/demo/members_only_mang',
-              params: {},
-              headers: @auth_headers
-          @first_is_batch_request = assigns(:is_batch_request)
-          @first_user = assigns(:resource).dup
-          @first_access_token = response.headers['access-token']
-          @first_response_status = response.status
-          @resource.reload
-          # age_token(@resource, @client_id)
-          # use expired auth header
-          get '/demo/members_only_mang',
-              params: {},
-              headers: @auth_headers
-          @second_is_batch_request = assigns(:is_batch_request)
-          @second_user = assigns(:resource).dup
-          @second_access_token = response.headers['access-token']
-          @second_response_status = response.status
-        end
-        after do
-          DeviseJwtAuth.change_headers_on_each_request = true
-        end
-        it 'should allow the first request through' do
-          assert_equal 200, @first_response_status
-        end
-        it 'should allow the second request through' do
-          assert_equal 200, @second_response_status
-        end
-        it 'should return auth headers from the first request' do
-          assert @first_access_token
-        end
-        it 'should not treat either requests as batch requests' do
-          refute @first_is_batch_request
-          refute @second_is_batch_request
-        end
-        it 'should return auth headers from the second request' do
-          assert @second_access_token
-        end
-        it 'should define user during first request' do
-          assert @first_user
-        end
-        it 'should define user during second request' do
-          assert @second_user
-        end
-      end
-      describe 'batch requests' do
-        describe 'success' do
-          before do
-            # age_token(@resource, @client_id)
-            get '/demo/members_only_mang',
-                params: {},
-                headers: @auth_headers
-            @first_is_batch_request = assigns(:is_batch_request)
-            @first_user = assigns(:resource)
-            @first_access_token = response.headers['access-token']
-            get '/demo/members_only_mang',
-                params: {},
-                headers: @auth_headers
-            @second_is_batch_request = assigns(:is_batch_request)
-            @second_user = assigns(:resource)
-            @second_access_token = response.headers['access-token']
-          end
-          it 'should allow both requests through' do
-            assert_equal 200, response.status
-          end
-          it 'should not treat the first request as a batch request' do
-            refute @first_is_batch_request
-          end
-          it 'should treat the second request as a batch request' do
-            assert @second_is_batch_request
-          end
-          it 'should return access token for first (non-batch) request' do
-            assert @first_access_token
-          end
-          it 'should not return auth headers for second (batched) requests' do
-            assert_equal ' ', @second_access_token
-          end
-        end
-        describe 'time out' do
-          before do
-            @resource.reload
-            # age_token(@resource, @client_id)
-            get '/demo/members_only_mang',
-                params: {},
-                headers: @auth_headers
-            @first_is_batch_request = assigns(:is_batch_request)
-            @first_user = assigns(:resource).dup
-            @first_access_token = response.headers['access-token']
-            @first_response_status = response.status
-            @resource.reload
-            # age_token(@resource, @client_id)
-            # use expired auth header
-            get '/demo/members_only_mang',
-                params: {},
-                headers: @auth_headers
-            @second_is_batch_request = assigns(:is_batch_request)
-            @second_user = assigns(:resource)
-            @second_access_token = response.headers['access-token']
-            @second_response_status = response.status
-          end
-          it 'should allow the first request through' do
-            assert_equal 200, @first_response_status
-          end
-          it 'should not allow the second request through' do
-            assert_equal 401, @second_response_status
-          end
-          it 'should not treat first request as batch request' do
-            refute @second_is_batch_request
-          end
-          it 'should return auth headers from the first request' do
-            assert @first_access_token
-          end
-          it 'should not treat second request as batch request' do
-            refute @second_is_batch_request
-          end
-          it 'should not return auth headers from the second request' do
-            refute @second_access_token
-          end
-          it 'should define user during first request' do
-            assert @first_user
-          end
-          it 'should not define user during second request' do
-            refute @second_user
-          end
-        end
-      end
-=end
+      #       describe 'disable change_headers_on_each_request' do
+      #         before do
+      #           DeviseJwtAuth.change_headers_on_each_request = false
+      #           @resource.reload
+      #           # age_token(@resource, @client_id)
+      #
+      #           get '/demo/members_only_mang',
+      #               params: {},
+      #               headers: @auth_headers
+      #
+      #           @first_is_batch_request = assigns(:is_batch_request)
+      #           @first_user = assigns(:resource).dup
+      #           @first_access_token = response.headers['access-token']
+      #           @first_response_status = response.status
+      #
+      #           @resource.reload
+      #           # age_token(@resource, @client_id)
+      #
+      #           # use expired auth header
+      #           get '/demo/members_only_mang',
+      #               params: {},
+      #               headers: @auth_headers
+      #
+      #           @second_is_batch_request = assigns(:is_batch_request)
+      #           @second_user = assigns(:resource).dup
+      #           @second_access_token = response.headers['access-token']
+      #           @second_response_status = response.status
+      #         end
+      #
+      #         after do
+      #           DeviseJwtAuth.change_headers_on_each_request = true
+      #         end
+      #
+      #         it 'should allow the first request through' do
+      #           assert_equal 200, @first_response_status
+      #         end
+      #
+      #         it 'should allow the second request through' do
+      #           assert_equal 200, @second_response_status
+      #         end
+      #
+      #         it 'should return auth headers from the first request' do
+      #           assert @first_access_token
+      #         end
+      #
+      #         it 'should not treat either requests as batch requests' do
+      #           refute @first_is_batch_request
+      #           refute @second_is_batch_request
+      #         end
+      #
+      #         it 'should return auth headers from the second request' do
+      #           assert @second_access_token
+      #         end
+      #
+      #         it 'should define user during first request' do
+      #           assert @first_user
+      #         end
+      #
+      #         it 'should define user during second request' do
+      #           assert @second_user
+      #         end
+      #       end
+      #
+      #       describe 'batch requests' do
+      #         describe 'success' do
+      #           before do
+      #             # age_token(@resource, @client_id)
+      #
+      #             get '/demo/members_only_mang',
+      #                 params: {},
+      #                 headers: @auth_headers
+      #
+      #             @first_is_batch_request = assigns(:is_batch_request)
+      #             @first_user = assigns(:resource)
+      #             @first_access_token = response.headers['access-token']
+      #
+      #             get '/demo/members_only_mang',
+      #                 params: {},
+      #                 headers: @auth_headers
+      #
+      #             @second_is_batch_request = assigns(:is_batch_request)
+      #             @second_user = assigns(:resource)
+      #             @second_access_token = response.headers['access-token']
+      #           end
+      #
+      #           it 'should allow both requests through' do
+      #             assert_equal 200, response.status
+      #           end
+      #
+      #           it 'should not treat the first request as a batch request' do
+      #             refute @first_is_batch_request
+      #           end
+      #
+      #           it 'should treat the second request as a batch request' do
+      #             assert @second_is_batch_request
+      #           end
+      #
+      #           it 'should return access token for first (non-batch) request' do
+      #             assert @first_access_token
+      #           end
+      #
+      #           it 'should not return auth headers for second (batched) requests' do
+      #             assert_equal ' ', @second_access_token
+      #           end
+      #         end
+      #
+      #         describe 'time out' do
+      #           before do
+      #             @resource.reload
+      #             # age_token(@resource, @client_id)
+      #
+      #             get '/demo/members_only_mang',
+      #                 params: {},
+      #                 headers: @auth_headers
+      #
+      #             @first_is_batch_request = assigns(:is_batch_request)
+      #             @first_user = assigns(:resource).dup
+      #             @first_access_token = response.headers['access-token']
+      #             @first_response_status = response.status
+      #
+      #             @resource.reload
+      #             # age_token(@resource, @client_id)
+      #
+      #             # use expired auth header
+      #             get '/demo/members_only_mang',
+      #                 params: {},
+      #                 headers: @auth_headers
+      #
+      #             @second_is_batch_request = assigns(:is_batch_request)
+      #             @second_user = assigns(:resource)
+      #             @second_access_token = response.headers['access-token']
+      #             @second_response_status = response.status
+      #           end
+      #
+      #           it 'should allow the first request through' do
+      #             assert_equal 200, @first_response_status
+      #           end
+      #
+      #           it 'should not allow the second request through' do
+      #             assert_equal 401, @second_response_status
+      #           end
+      #
+      #           it 'should not treat first request as batch request' do
+      #             refute @second_is_batch_request
+      #           end
+      #
+      #           it 'should return auth headers from the first request' do
+      #             assert @first_access_token
+      #           end
+      #
+      #           it 'should not treat second request as batch request' do
+      #             refute @second_is_batch_request
+      #           end
+      #
+      #           it 'should not return auth headers from the second request' do
+      #             refute @second_access_token
+      #           end
+      #
+      #           it 'should define user during first request' do
+      #             assert @first_user
+      #           end
+      #
+      #           it 'should not define user during second request' do
+      #             refute @second_user
+      #           end
+      #         end
+      #       end
     end
   end
 end