devise_rails_api_authentication 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2f30aa2cc6ab1eef2fe5de23b8a632288ee98203
+  data.tar.gz: 408e1da7a2c029e66a2d5a3c3a1976413335feb2
+SHA512:
+  metadata.gz: 4d45f3df76cd214c3c7ba5047a19a0cbd6a97963c55fbe41ac949327725d94935f6ce22f4e5ee586db735d634c63bf77ba72e16a071504291dbbf91c52e87df2
+  data.tar.gz: 480198af4ea432fa8b2299988436d5d30345921a65c60e770614d894f2e9faf29fc0426bec65f5d7104a7778a2aa637272bbb72febd28c647a8e0ca9f66fe5cf

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/.rubocop.yml

@@ -0,0 +1,12 @@
+AllCops:
+  Exclude:
+    - Gemfile
+    - Guardfile
+    - devise_rails_api_authentication.gemspec
+    - spec/**/*
+Style/MultilineBlockChain:
+  Enabled: false
+Style/MultilineOperationIndentation:
+  Enabled: false
+Documentation:
+  Enabled: false

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.2

data/Dockerfile

@@ -0,0 +1,8 @@
+FROM ruby:2.2
+
+WORKDIR /app
+ADD Gemfile /app/Gemfile
+ADD devise_rails_api_authentication.gemspec /app/devise_rails_api_authentication.gemspec
+ADD lib/devise_rails_api_authentication/version.rb /app/lib/devise_rails_api_authentication/version.rb
+RUN bundle install --jobs 4
+ADD . /app

data/Gemfile

@@ -0,0 +1,10 @@
+source 'https://rubygems.org'
+
+gemspec
+
+group :test do
+  gem 'rails-api'
+  gem 'rspec-rails', '~> 3.0'
+  gem 'sqlite3', '~> 1.3.0'
+  gem 'activerecord', '~> 4.1.0'
+end

data/Guardfile

@@ -0,0 +1,19 @@
+guard :rspec, cmd: "bundle exec rspec" do
+  require "guard/rspec/dsl"
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end
+
+guard :rubocop do
+  watch(%r{.+\.rb$})
+  watch(%r{(?:.+/)?\.rubocop\.yml$}) { |m| File.dirname(m[0]) }
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Altmetric LLP
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,78 @@
+# DeviseRailsApiAuthentication [![Build Status](https://travis-ci.org/altmetric/devise-rails-api-authentication.svg?branch=master)](https://travis-ci.org/altmetric/devise-rails-api-authentication)
+
+Token-based rails-api authentication with Devise.
+
+Devise does not support [token-based authentication anymore](https://github.com/plataformatec/devise/issues/2739)
+and [devise_token_auth](https://github.com/lynndylanhurley/devise_token_auth) does not work with rails-api.
+
+It's basically [this gist](https://gist.github.com/josevalim/fb706b1e933ef01e4fb6) wrapped as a gem with specs.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'devise_rails_api_authentication'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install devise_rails_api_authentication
+
+## Usage
+
+First of all make sure you have a model class with `authentication_token` and `email` fields.
+Otherwise create a migration, here's an example for a `User` model and ActiveRecord:
+
+```ruby
+class AddDeviseToUsers < ActiveRecord::Migration
+  def self.change
+    add_column :users, :email, :text, null: false, default: ''
+    add_index :users, :email, unique: true
+    add_column :users, :authentication_token, :text, null: false, default: ''
+    add_index :users, :authentication_token, unique: true
+  end
+end
+```
+
+Next add the following lines to ApplicationController - see [source](https://github.com/altmetric/devise-rails-api-authentication/blob/master/lib/devise_rails_api_authentication/context.rb):
+
+```ruby
+class ApplicationController
+  include DeviseRailsApiAuthentication::Context
+
+  private def user
+    User.where(email: user_email).first
+  end
+end
+```
+
+and the following line to your model class - see [source](https://github.com/altmetric/devise-rails-api-authentication/blob/master/lib/devise_rails_api_authentication/authenticatable.rb):
+
+```ruby
+class YourUserModel
+  include DeviseRailsApiAuthentication::Authenticatable
+end
+```
+
+Once you run the migration, create a new user, and boot up your app, just do:
+
+```shell
+curl -H "X_USER_EMAIL: <email>" -H "X_USER_TOKEN: <token>" http://<where-your-app-lives>
+```
+
+## Contributing
+
+1. Fork it ( https://github.com/altmetric/devise_rails_api_authentication/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+## License
+
+This project is released under the [MIT license](https://github.com/altmetric/devise-rails-api-authentication/blob/master/LICENSE.txt).

data/Rakefile

@@ -0,0 +1,5 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/devise_rails_api_authentication.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'devise_rails_api_authentication/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'devise_rails_api_authentication'
+  spec.version = DeviseRailsApiAuthentication::VERSION
+  spec.authors = ['Jakub Pawlowicz', 'Matthew MacLeod', 'Paul Mucur']
+  spec.email = %w(jakub@altmetric.com matt@matt-m.co.uk paul@altmetric.com)
+  spec.summary = %q{Token-based rails-api authentication with Devise}
+  spec.homepage = 'https://github.com/altmetric/devise-rails-api-authentication'
+  spec.license = 'MIT'
+
+  spec.files = `git ls-files -z`.split("\x0")
+  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'actionpack', '~> 4.1.0'
+  spec.add_dependency 'devise', '~> 3.4.0'
+
+  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rubocop', '~> 0.28.0'
+  spec.add_development_dependency 'guard-rubocop'
+  spec.add_development_dependency 'guard-rspec'
+end

data/docker-compose.yml

@@ -0,0 +1,7 @@
+dev:
+  build: .
+  volumes:
+    - lib:/app/lib
+    - spec:/app/spec
+    - Gemfile:/app/Gemfile
+    - Guardfile:/app/Guardfile

data/lib/devise_rails_api_authentication.rb

@@ -0,0 +1,6 @@
+require 'devise_rails_api_authentication/version'
+require 'devise_rails_api_authentication/authenticatable'
+require 'devise_rails_api_authentication/context'
+
+module DeviseRailsApiAuthentication
+end

data/lib/devise_rails_api_authentication/authenticatable.rb

@@ -0,0 +1,25 @@
+require 'devise'
+
+module DeviseRailsApiAuthentication
+  module Authenticatable
+    extend ActiveSupport::Concern
+
+    included do
+      devise :database_authenticatable, :trackable
+      before_save :ensure_authentication_token
+    end
+
+    def ensure_authentication_token
+      return unless authentication_token.blank?
+
+      self.authentication_token = generate_authentication_token
+    end
+
+    def generate_authentication_token
+      loop do
+        token = Devise.friendly_token
+        break token if self.class.where(authentication_token: token).count == 0
+      end
+    end
+  end
+end

data/lib/devise_rails_api_authentication/context.rb

@@ -0,0 +1,40 @@
+require 'devise'
+
+module DeviseRailsApiAuthentication
+  module Context
+    extend ActiveSupport::Concern
+
+    included do
+      include Devise::Controllers::Helpers
+      include ActionController::MimeResponds
+      before_action :authenticate_user_from_token!
+    end
+
+    def authenticate_user_from_token!
+      return if Rails.env.development?
+
+      if user && Devise.secure_compare(user.authentication_token, user_token)
+        warden.set_user(user, scope: :user, store: false)
+      else
+        not_authenticated_error
+      end
+    end
+
+    def user_email
+      request.headers['HTTP_X_USER_EMAIL']
+    end
+
+    def user_token
+      request.headers['HTTP_X_USER_TOKEN']
+    end
+
+    def not_authenticated_error
+      response.headers['WWW-Authenticate'] = 'Token'
+      head status: 401
+    end
+
+    def user
+      fail NotImplementedError
+    end
+  end
+end

data/lib/devise_rails_api_authentication/version.rb

@@ -0,0 +1,3 @@
+module DeviseRailsApiAuthentication
+  VERSION = '0.0.1'
+end

data/spec/devise_rails_api_authentication/authenticatable_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+
+RSpec.describe DeviseRailsApiAuthentication::Authenticatable do
+  subject(:user) { User.new }
+
+  describe '#ensure_authentication_token' do
+    it 'generates a token if not given' do
+      expect { user.save }.to change { user.authentication_token }.from(nil)
+    end
+
+    it 'does not generate a token if given' do
+      user.authentication_token = 'test'
+      expect { user.save }.not_to change { user.authentication_token }
+    end
+
+    it 'generates a new token if one is taken' do
+      expect(Devise).to receive(:friendly_token).and_return('1', '2')
+
+      another_user = User.create(authentication_token: '1')
+      expect { user.save }.to change { user.authentication_token }.to('2')
+    end
+  end
+end
+

data/spec/devise_rails_api_authentication/context_spec.rb

@@ -0,0 +1,67 @@
+require 'spec_helper'
+require 'ostruct'
+
+class TestController
+  def self.before_action(*_); end
+  def self.helper_method(*_); end
+
+  include DeviseRailsApiAuthentication::Context
+
+  def request
+    @_request ||= OpenStruct.new(headers: {})
+  end
+
+  def response
+    @_response ||= OpenStruct.new(headers: {}, status: 200)
+  end
+
+  def head(opts)
+    opts.each { |k, v| response.send("#{k}=", v) }
+  end
+
+  def index
+    authenticate_user_from_token!
+    response
+  end
+
+  private
+
+  def user
+    User.where(email: user_email).first
+  end
+end
+
+RSpec.describe TestController do
+  let(:user) { User.create(email: 'test@altmetric.com') }
+  let(:warden) { double(Warden::Proxy) }
+  subject(:context) { described_class.new }
+  subject(:response) { context.index }
+
+  context 'no auth token' do
+    it 'should get 401 Unauthorized' do
+      expect(response.status).to eq(401)
+    end
+
+    it 'should unauthorized header' do
+      expect(response.headers).to eq('WWW-Authenticate' => 'Token')
+    end
+  end
+
+  context 'with auth token' do
+    before do
+      context.request.headers['HTTP_X_USER_EMAIL'] = user.email
+      context.request.headers['HTTP_X_USER_TOKEN'] = user.authentication_token
+      allow(context)
+        .to receive(:warden)
+        .and_return(warden)
+      allow(warden)
+        .to receive(:set_user)
+        .with(kind_of(User), hash_including(store: false))
+        .and_return(true)
+    end
+
+    it 'should get 200 OK' do
+      expect(response.status).to eq(200)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,22 @@
+ENV['RACK_ENV'] = 'test'
+require 'rails-api'
+require 'rspec/rails'
+
+require_relative '../lib/devise_rails_api_authentication'
+
+require 'active_record'
+require 'sqlite3'
+
+ActiveRecord::Base.establish_connection(adapter: 'sqlite3', database: ':memory:')
+ActiveRecord::Base.connection.execute <<-SQL
+  CREATE TABLE users (
+    id INTEGER,
+    email TEXT,
+    authentication_token TEXT
+  )
+SQL
+ActiveRecord::Base.extend Devise::Models
+
+class User < ActiveRecord::Base
+  include DeviseRailsApiAuthentication::Authenticatable
+end

metadata

@@ -0,0 +1,167 @@
+--- !ruby/object:Gem::Specification
+name: devise_rails_api_authentication
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Jakub Pawlowicz
+- Matthew MacLeod
+- Paul Mucur
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-07-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.1.0
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.4.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.4.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.28.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.28.0
+- !ruby/object:Gem::Dependency
+  name: guard-rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- jakub@altmetric.com
+- matt@matt-m.co.uk
+- paul@altmetric.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rubocop.yml
+- .travis.yml
+- Dockerfile
+- Gemfile
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- devise_rails_api_authentication.gemspec
+- docker-compose.yml
+- lib/devise_rails_api_authentication.rb
+- lib/devise_rails_api_authentication/authenticatable.rb
+- lib/devise_rails_api_authentication/context.rb
+- lib/devise_rails_api_authentication/version.rb
+- spec/devise_rails_api_authentication/authenticatable_spec.rb
+- spec/devise_rails_api_authentication/context_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/altmetric/devise-rails-api-authentication
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.14
+signing_key: 
+specification_version: 4
+summary: Token-based rails-api authentication with Devise
+test_files:
+- spec/devise_rails_api_authentication/authenticatable_spec.rb
+- spec/devise_rails_api_authentication/context_spec.rb
+- spec/spec_helper.rb