RubyGems - devise_jwt_auth - Versions diffs - 0.1.1 → 0.1.6 - Mend

devise_jwt_auth 0.1.1 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (88) hide show

data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth.rb CHANGED

@@ -5,38 +5,38 @@ DeviseJwtAuth.setup do |config|
   # user. To receive new access tokens, you should either reauthenticate or
   # use the HTTP only refresh cookie that is sent during the authentication
   # process and make refresh token requests.
-  # self.send_new_access_token_on_each_request = false
+  # config.send_new_access_token_on_each_request = false
   # By default, refresh token HTTP Only cookies last for 2 weeks. These tokens
   # are used for requesting shorter-lived acccess tokens.
-  # self.refresh_token_lifespan = 2.weeks
+  # config.refresh_token_lifespan = 2.weeks
   # By default, access tokens last for 15 minutes. These tokens are used to
   # access protected resources. When these tokens expire, you need to
   # reauthenticate the user or use a refresh token cookie to get a new access
   # token.
-  # self.access_token_lifespan = 15.minutes
+  # config.access_token_lifespan = 15.minutes
   # This is the name of the HTTP Only cookie that will be sent to the client
   # for the purpose of requesting new access tokens.
-  # self.refresh_token_name = 'refresh-token'
+  # config.refresh_token_name = 'refresh-token'
   # This is the name of the token that will be sent in the JSON responses used
   # for accessing protected resources. NEVER store this token in a cookie or
   # any form of local storage on the client. Save it in memory as a javascript
   # variable or in some kind of context manager like Redux. Send it in your
   # request headers when you want to be authenticated.
-  # self.access_token_name = 'access-token'
+  # config.access_token_name = 'access-token'
   # This is the refresh token encryption key. You should set this in an
   # environment variable or secret key base that isn't store in a repository.
   # Also, its a good idea to NOT use the same key for access tokens.
-  self.refresh_token_encryption_key = 'your-refresh-token-secret-key-here'
+  config.refresh_token_encryption_key = 'your-refresh-token-secret-key-here'
   # This is the refresh token encryption key. You should set this in an
   # environment variable or secret key base that isn't store in a repository.
   # Also, its a good idea to NOT use the same key for access tokens.
-  self.access_token_encryption_key = 'your-access-token-secret-key-here'
+  config.access_token_encryption_key = 'your-access-token-secret-key-here'
   # This route will be the prefix for all oauth2 redirect callbacks. For
   # example, using the default '/omniauth', the github oauth2 provider will
@@ -64,11 +64,10 @@ DeviseJwtAuth.setup do |config|
   # config.send_confirmation_email = true
   # TODO: Document these settings
-  # self.default_confirm_success_url               = nil
-  # self.default_password_reset_url                = nil
-  # self.redirect_whitelist                        = nil
-  # self.update_token_version_after_password_reset = true
-  # self.bypass_sign_in                            = true
-  # self.require_client_password_reset_token       = false
+  # config.default_confirm_success_url               = nil
+  # config.default_password_reset_url                = nil
+  # config.redirect_whitelist                        = nil
+  # config.update_token_version_after_password_reset = true
+  # config.bypass_sign_in                            = true
+  # config.require_client_password_reset_token       = false
 end

data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth_create_users.rb.erb CHANGED

@@ -2,12 +2,18 @@
 class DeviseJwtAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRecord::Migration<%= "[#{Rails::VERSION::STRING[0..2]}]" if Rails::VERSION::MAJOR > 4 %>
   def change
-    <% table_name = @user_class.pluralize.gsub("::","").underscore %>
-    create_table(:<%= table_name %><%= primary_key_type %>) do |t|
+    <% table_name = @user_class.pluralize.gsub("::","").underscore -%>
+create_table(:<%= table_name %><%= primary_key_type %>) do |t|
       ## Required
       t.string :provider, null: false, default: 'email'
       t.string :uid, null: false, default: ''
+      ## User Info
+      t.string :name
+      t.string :nickname
+      t.string :image
+      t.string :email
       ## Database authenticatable
       t.string :encrypted_password, null: false, default: ''
@@ -19,6 +25,13 @@ class DeviseJwtAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRecor
       ## Rememberable
       t.datetime :remember_created_at
+      ## Trackable
+      # t.integer  :sign_in_count, default: 0, null: false
+      # t.datetime :current_sign_in_at
+      # t.datetime :last_sign_in_at
+      # t.<%= ip_column %> :current_sign_in_ip
+      # t.<%= ip_column %> :last_sign_in_ip
       ## Confirmable
       t.string   :confirmation_token
       t.datetime :confirmed_at
@@ -30,15 +43,6 @@ class DeviseJwtAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRecor
       # t.string   :unlock_token # Only if unlock strategy is :email or :both
       # t.datetime :locked_at
-      ## User Info
-      t.string :name
-      t.string :nickname
-      t.string :image
-      t.string :email
-      ## Tokens
-      <%= json_supported_database? ? 't.json :tokens' : 't.text :tokens' %>
       t.timestamps
     end

data/lib/generators/devise_jwt_auth/templates/user.rb.erb CHANGED

@@ -2,8 +2,8 @@
 class <%= user_class %> < ActiveRecord::Base
   # Include default devise modules. Others available are:
-  # :confirmable, :lockable, :timeoutable and :omniauthable
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
   devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable
+         :recoverable, :rememberable, :validatable
   include DeviseJwtAuth::Concerns::User
 end

data/test/controllers/custom/custom_confirmations_controller_test.rb CHANGED

@@ -10,8 +10,8 @@ class Custom::ConfirmationsControllerTest < ActionController::TestCase
       @redirect_url = Faker::Internet.url
       @new_user = create(:user)
       @new_user.send_confirmation_instructions(redirect_url: @redirect_url)
-      @mail          = ActionMailer::Base.deliveries.last
-      @token         = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
+      @mail = ActionMailer::Base.deliveries.last
+      @token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
       @client_config = @mail.body.match(/config=([^&]*)&/)[1]
       get :show,

data/test/controllers/custom/custom_passwords_controller_test.rb CHANGED

@@ -13,7 +13,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
     test 'yield resource to block on create success' do
       post :create,
-           params: { email:  @resource.email,
+           params: { email: @resource.email,
                      redirect_url: @redirect_url }
       @mail = ActionMailer::Base.deliveries.last
@@ -21,7 +21,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
       @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
       @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
-      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)\"/)[1]
+      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)"/)[1]
       assert @controller.create_block_called?,
              'create failed to yield resource to provided block'
@@ -32,7 +32,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
       @redirect_url = 'http://ng-token-auth.dev'
       post :create,
-           params: { email:  @resource.email,
+           params: { email: @resource.email,
                      redirect_url: @redirect_url },
            xhr: true
@@ -41,7 +41,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
       @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
       @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
-      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)\"/)[1]
+      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)"/)[1]
       get :edit,
           params: { reset_password_token: @mail_reset_token,

data/test/controllers/custom/custom_refresh_token_controller_test.rb CHANGED

@@ -9,8 +9,7 @@ class Custom::RefreshTokenControllerTest < ActionDispatch::IntegrationTest
     before do
       @resource = create(:user, :confirmed)
       @auth_headers = get_cookie_header(DeviseJwtAuth.refresh_token_name,
-                                        @resource.create_refresh_token
-      )
+                                        @resource.create_refresh_token)
     end
     test 'yield resource to block on refresh_token success' do
@@ -33,4 +32,4 @@ class Custom::RefreshTokenControllerTest < ActionDispatch::IntegrationTest
       assert_equal @data['custom'], 'foo'
     end
   end
-end
+end

data/test/controllers/custom/custom_registrations_controller_test.rb CHANGED

@@ -8,8 +8,8 @@ class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
     before do
       @create_params = attributes_for(:user,
-        confirm_success_url: Faker::Internet.url,
-        unpermitted_param: '(x_x)')
+                                      confirm_success_url: Faker::Internet.url,
+                                      unpermitted_param: '(x_x)')
       @existing_user = create(:user, :confirmed)
       @auth_headers = @existing_user.create_named_token_pair

data/test/controllers/demo_mang_controller_test.rb CHANGED

@@ -39,61 +39,59 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
           it 'should define current_mang' do
             assert_equal @resource, @controller.current_mang
           end
           it 'should define mang_signed_in?' do
             assert @controller.mang_signed_in?
           end
           it 'should not define current_user' do
             refute_equal @resource, @controller.current_user
           end
           it 'should define render_authenticate_error' do
             assert @controller.methods.include?(:render_authenticate_error)
           end
         end
         it 'should return success status' do
           assert_equal 200, response.status
         end
-=begin
-        it 'should receive new token after successful request' do
-          refute_equal @token, @resp_token
-        end
-        it 'should preserve the client id from the first request' do
-          assert_equal @client_id, @resp_client_id
-        end
-        it "should return the user's uid in the auth header" do
-          assert_equal @resource.uid, @resp_uid
-        end
-        it 'should not treat this request as a batch request' do
-          refute assigns(:is_batch_request)
-        end
-        describe 'subsequent requests' do
-          before do
-            @resource.reload
-            # ensure that request is not treated as batch request
-            # age_token(@resource, @client_id)
-            get '/demo/members_only_mang',
-            params: {},
-            headers: @auth_headers.merge('access-token' => @resp_token)
-          end
-          it 'should not treat this request as a batch request' do
-            refute assigns(:is_batch_request)
-          end
-          it 'should allow a new request to be made using new token' do
-            assert_equal 200, response.status
-          end
-        end
-=end
+        #         it 'should receive new token after successful request' do
+        #           refute_equal @token, @resp_token
+        #         end
+        #
+        #         it 'should preserve the client id from the first request' do
+        #           assert_equal @client_id, @resp_client_id
+        #         end
+        #
+        #         it "should return the user's uid in the auth header" do
+        #           assert_equal @resource.uid, @resp_uid
+        #         end
+        #
+        #         it 'should not treat this request as a batch request' do
+        #           refute assigns(:is_batch_request)
+        #         end
+        #
+        #         describe 'subsequent requests' do
+        #           before do
+        #             @resource.reload
+        #             # ensure that request is not treated as batch request
+        #             # age_token(@resource, @client_id)
+        #
+        #             get '/demo/members_only_mang',
+        #             params: {},
+        #             headers: @auth_headers.merge('access-token' => @resp_token)
+        #           end
+        #
+        #           it 'should not treat this request as a batch request' do
+        #             refute assigns(:is_batch_request)
+        #           end
+        #
+        #           it 'should allow a new request to be made using new token' do
+        #             assert_equal 200, response.status
+        #           end
+        #         end
       end
       describe 'failed request' do
@@ -112,175 +110,173 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
         end
       end
-=begin
-      describe 'disable change_headers_on_each_request' do
-        before do
-          DeviseJwtAuth.change_headers_on_each_request = false
-          @resource.reload
-          # age_token(@resource, @client_id)
-          get '/demo/members_only_mang',
-              params: {},
-              headers: @auth_headers
-          @first_is_batch_request = assigns(:is_batch_request)
-          @first_user = assigns(:resource).dup
-          @first_access_token = response.headers['access-token']
-          @first_response_status = response.status
-          @resource.reload
-          # age_token(@resource, @client_id)
-          # use expired auth header
-          get '/demo/members_only_mang',
-              params: {},
-              headers: @auth_headers
-          @second_is_batch_request = assigns(:is_batch_request)
-          @second_user = assigns(:resource).dup
-          @second_access_token = response.headers['access-token']
-          @second_response_status = response.status
-        end
-        after do
-          DeviseJwtAuth.change_headers_on_each_request = true
-        end
-        it 'should allow the first request through' do
-          assert_equal 200, @first_response_status
-        end
-        it 'should allow the second request through' do
-          assert_equal 200, @second_response_status
-        end
-        it 'should return auth headers from the first request' do
-          assert @first_access_token
-        end
-        it 'should not treat either requests as batch requests' do
-          refute @first_is_batch_request
-          refute @second_is_batch_request
-        end
-        it 'should return auth headers from the second request' do
-          assert @second_access_token
-        end
-        it 'should define user during first request' do
-          assert @first_user
-        end
-        it 'should define user during second request' do
-          assert @second_user
-        end
-      end
-      describe 'batch requests' do
-        describe 'success' do
-          before do
-            # age_token(@resource, @client_id)
-            get '/demo/members_only_mang',
-                params: {},
-                headers: @auth_headers
-            @first_is_batch_request = assigns(:is_batch_request)
-            @first_user = assigns(:resource)
-            @first_access_token = response.headers['access-token']
-            get '/demo/members_only_mang',
-                params: {},
-                headers: @auth_headers
-            @second_is_batch_request = assigns(:is_batch_request)
-            @second_user = assigns(:resource)
-            @second_access_token = response.headers['access-token']
-          end
-          it 'should allow both requests through' do
-            assert_equal 200, response.status
-          end
-          it 'should not treat the first request as a batch request' do
-            refute @first_is_batch_request
-          end
-          it 'should treat the second request as a batch request' do
-            assert @second_is_batch_request
-          end
-          it 'should return access token for first (non-batch) request' do
-            assert @first_access_token
-          end
-          it 'should not return auth headers for second (batched) requests' do
-            assert_equal ' ', @second_access_token
-          end
-        end
-        describe 'time out' do
-          before do
-            @resource.reload
-            # age_token(@resource, @client_id)
-            get '/demo/members_only_mang',
-                params: {},
-                headers: @auth_headers
-            @first_is_batch_request = assigns(:is_batch_request)
-            @first_user = assigns(:resource).dup
-            @first_access_token = response.headers['access-token']
-            @first_response_status = response.status
-            @resource.reload
-            # age_token(@resource, @client_id)
-            # use expired auth header
-            get '/demo/members_only_mang',
-                params: {},
-                headers: @auth_headers
-            @second_is_batch_request = assigns(:is_batch_request)
-            @second_user = assigns(:resource)
-            @second_access_token = response.headers['access-token']
-            @second_response_status = response.status
-          end
-          it 'should allow the first request through' do
-            assert_equal 200, @first_response_status
-          end
-          it 'should not allow the second request through' do
-            assert_equal 401, @second_response_status
-          end
-          it 'should not treat first request as batch request' do
-            refute @second_is_batch_request
-          end
-          it 'should return auth headers from the first request' do
-            assert @first_access_token
-          end
-          it 'should not treat second request as batch request' do
-            refute @second_is_batch_request
-          end
-          it 'should not return auth headers from the second request' do
-            refute @second_access_token
-          end
-          it 'should define user during first request' do
-            assert @first_user
-          end
-          it 'should not define user during second request' do
-            refute @second_user
-          end
-        end
-      end
-=end
+      #       describe 'disable change_headers_on_each_request' do
+      #         before do
+      #           DeviseJwtAuth.change_headers_on_each_request = false
+      #           @resource.reload
+      #           # age_token(@resource, @client_id)
+      #
+      #           get '/demo/members_only_mang',
+      #               params: {},
+      #               headers: @auth_headers
+      #
+      #           @first_is_batch_request = assigns(:is_batch_request)
+      #           @first_user = assigns(:resource).dup
+      #           @first_access_token = response.headers['access-token']
+      #           @first_response_status = response.status
+      #
+      #           @resource.reload
+      #           # age_token(@resource, @client_id)
+      #
+      #           # use expired auth header
+      #           get '/demo/members_only_mang',
+      #               params: {},
+      #               headers: @auth_headers
+      #
+      #           @second_is_batch_request = assigns(:is_batch_request)
+      #           @second_user = assigns(:resource).dup
+      #           @second_access_token = response.headers['access-token']
+      #           @second_response_status = response.status
+      #         end
+      #
+      #         after do
+      #           DeviseJwtAuth.change_headers_on_each_request = true
+      #         end
+      #
+      #         it 'should allow the first request through' do
+      #           assert_equal 200, @first_response_status
+      #         end
+      #
+      #         it 'should allow the second request through' do
+      #           assert_equal 200, @second_response_status
+      #         end
+      #
+      #         it 'should return auth headers from the first request' do
+      #           assert @first_access_token
+      #         end
+      #
+      #         it 'should not treat either requests as batch requests' do
+      #           refute @first_is_batch_request
+      #           refute @second_is_batch_request
+      #         end
+      #
+      #         it 'should return auth headers from the second request' do
+      #           assert @second_access_token
+      #         end
+      #
+      #         it 'should define user during first request' do
+      #           assert @first_user
+      #         end
+      #
+      #         it 'should define user during second request' do
+      #           assert @second_user
+      #         end
+      #       end
+      #
+      #       describe 'batch requests' do
+      #         describe 'success' do
+      #           before do
+      #             # age_token(@resource, @client_id)
+      #
+      #             get '/demo/members_only_mang',
+      #                 params: {},
+      #                 headers: @auth_headers
+      #
+      #             @first_is_batch_request = assigns(:is_batch_request)
+      #             @first_user = assigns(:resource)
+      #             @first_access_token = response.headers['access-token']
+      #
+      #             get '/demo/members_only_mang',
+      #                 params: {},
+      #                 headers: @auth_headers
+      #
+      #             @second_is_batch_request = assigns(:is_batch_request)
+      #             @second_user = assigns(:resource)
+      #             @second_access_token = response.headers['access-token']
+      #           end
+      #
+      #           it 'should allow both requests through' do
+      #             assert_equal 200, response.status
+      #           end
+      #
+      #           it 'should not treat the first request as a batch request' do
+      #             refute @first_is_batch_request
+      #           end
+      #
+      #           it 'should treat the second request as a batch request' do
+      #             assert @second_is_batch_request
+      #           end
+      #
+      #           it 'should return access token for first (non-batch) request' do
+      #             assert @first_access_token
+      #           end
+      #
+      #           it 'should not return auth headers for second (batched) requests' do
+      #             assert_equal ' ', @second_access_token
+      #           end
+      #         end
+      #
+      #         describe 'time out' do
+      #           before do
+      #             @resource.reload
+      #             # age_token(@resource, @client_id)
+      #
+      #             get '/demo/members_only_mang',
+      #                 params: {},
+      #                 headers: @auth_headers
+      #
+      #             @first_is_batch_request = assigns(:is_batch_request)
+      #             @first_user = assigns(:resource).dup
+      #             @first_access_token = response.headers['access-token']
+      #             @first_response_status = response.status
+      #
+      #             @resource.reload
+      #             # age_token(@resource, @client_id)
+      #
+      #             # use expired auth header
+      #             get '/demo/members_only_mang',
+      #                 params: {},
+      #                 headers: @auth_headers
+      #
+      #             @second_is_batch_request = assigns(:is_batch_request)
+      #             @second_user = assigns(:resource)
+      #             @second_access_token = response.headers['access-token']
+      #             @second_response_status = response.status
+      #           end
+      #
+      #           it 'should allow the first request through' do
+      #             assert_equal 200, @first_response_status
+      #           end
+      #
+      #           it 'should not allow the second request through' do
+      #             assert_equal 401, @second_response_status
+      #           end
+      #
+      #           it 'should not treat first request as batch request' do
+      #             refute @second_is_batch_request
+      #           end
+      #
+      #           it 'should return auth headers from the first request' do
+      #             assert @first_access_token
+      #           end
+      #
+      #           it 'should not treat second request as batch request' do
+      #             refute @second_is_batch_request
+      #           end
+      #
+      #           it 'should not return auth headers from the second request' do
+      #             refute @second_access_token
+      #           end
+      #
+      #           it 'should define user during first request' do
+      #             assert @first_user
+      #           end
+      #
+      #           it 'should not define user during second request' do
+      #             refute @second_user
+      #           end
+      #         end
+      #       end
     end
   end
 end