devise_sessionable 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a95a21c555e179b7fb4a070da9b5216559f6d4f9
+  data.tar.gz: 338c6fa0ded927243c6494ed48845832e9948b78
+SHA512:
+  metadata.gz: 24ddfc4566e7085fddc548a50de36d199f970a706ef791862250b5bc5c5b2a008382af2bed4af91d4ec0afb7f2e5df1d74ff3de60ed21c67a821bae85d53a643
+  data.tar.gz: 72bd573b72411fa926c10239cf695e3a058245dcf5d94ede9b53d51925d407baa989e66279a833bea2fa1bdb3f2877e7dc24e8b0e37983cc0e4e697892d382e0

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2017 Isaac Norman
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,109 @@
+# DeviseSessionable
+Devise Sessionable extends the  [Simple Token Authentication](https://github.com/gonzalo-bulnes/simple_token_authentication) gem into a `Session` object to allow for easier and more secure token authentication.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'devise_sessionable'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install devise_sessionable
+```
+
+## Getting Started
+
+First things first, run the installer:
+
+```bash 
+rails generate devise_sessionable:install
+```
+
+This will generate a migration for the session object.
+
+**NOTE:** This gem is setup to work with UUIDs as default. If you are _NOT_ using uuids you will need to update the migration to reflect this correctly. 
+
+Then simply run:
+
+```bash 
+rails db:migrate
+```
+
+## Adding Session Authentication on a Model
+
+simply add `acts_as_sessionable` to the devise enabled model that you wish to be session authable.
+
+```ruby
+class User < ApplicationRecord
+  acts_as_sessionable
+
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable, :validatable
+```
+
+## Enabling Session Authentication in the Controller
+
+Once you have a model with session authentication enabled on a model, you can start using it in your controller with just a few simple steps. 
+
+First, you need to put your controllers behind a layer of token authentication:
+
+```ruby 
+module Api
+  module V1
+    class ApiController < ApplicationController
+      acts_as_token_authentication_handler_for DeviseSessionable::Session,
+                                               as: :session,
+                                               fallback: :exception
+    end
+  end
+end
+```
+
+Secondly, because we are using the `Session` to authenticate, but are actually authenticating a `User`, we need to define the `current_authable` scope in our `ApiController`
+
+```ruby
+private 
+
+def current_authable
+  current_user
+end
+```
+
+Finally, we need to setup our Simple Token Authentication to refer to the sessions `id` when authenticating
+
+```ruby 
+# config/initializers/simple_token_authentication.rb
+
+SimpleTokenAuthentication.configure do |config|
+  config.identifiers = { session: 'id' }
+end
+```
+
+_(This is something that we plan to integrate into the gem itself in a future release)_
+
+## Using Sessions for Authentication
+
+Now that we have everything in place, we can authenticate using our new session objects. How you want to handle the creation, deletion and expiration of sessions is up to you, all the gem cares about is that a valid session is passed through to authenticate.
+
+Underneath the gem we are still using the Simple Token Authentication gem to handle authentication, the usage is essentially the same, and you can refer to their documentation [here](https://github.com/gonzalo-bulnes/simple_token_authentication#usage)
+
+Default Header Keys:
+
+```ruby  
+  'X-Session-Id' => session.id,
+  'X-Session-Token' => session.authentication_token
+```
+
+These can be overidden in the `SimpleTokenAuthentication` initializer, using the same methods the base gem uses.
+
+## License
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,26 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'DeviseSessionable'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/test_app/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+require 'bundler/gem_tasks'
+

data/app/assets/config/devise_sessionable_manifest.js

@@ -0,0 +1,2 @@
+//= link_directory ../javascripts/devise_sessionable .js
+//= link_directory ../stylesheets/devise_sessionable .css

data/app/assets/javascripts/devise_sessionable/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file. JavaScript code in this file should be added after the last require_* statement.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/app/assets/stylesheets/devise_sessionable/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/devise_sessionable/application_controller.rb

@@ -0,0 +1,5 @@
+module DeviseSessionable
+  class ApplicationController < ActionController::Base
+    protect_from_forgery with: :exception
+  end
+end

data/app/helpers/devise_sessionable/application_helper.rb

@@ -0,0 +1,4 @@
+module DeviseSessionable
+  module ApplicationHelper
+  end
+end

data/app/jobs/devise_sessionable/application_job.rb

@@ -0,0 +1,4 @@
+module DeviseSessionable
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/devise_sessionable/application_mailer.rb

@@ -0,0 +1,6 @@
+module DeviseSessionable
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/devise_sessionable/application_record.rb

@@ -0,0 +1,5 @@
+module DeviseSessionable
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/devise_sessionable/session.rb

@@ -0,0 +1,11 @@
+require 'simple_token_authentication'
+
+module DeviseSessionable
+  class Session < ApplicationRecord
+    acts_as_token_authenticatable
+
+    belongs_to :authable, polymorphic: true, touch: true
+
+    validates :authable, presence: true
+  end
+end

data/app/views/layouts/devise_sessionable/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Devise sessionable</title>
+  <%= stylesheet_link_tag    "devise_sessionable/application", media: "all" %>
+  <%= javascript_include_tag "devise_sessionable/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/initializers/simple_token_authentication.rb

@@ -0,0 +1,31 @@
+SimpleTokenAuthentication::ExceptionFallbackHandler.module_eval do
+  def fallback!(controller, entity)
+    return unless controller.send(:current_authable).nil?
+
+    throw(:warden, scope: entity.name_underscore.to_sym)
+  end
+end
+
+# Overrides
+SimpleTokenAuthentication::TokenAuthenticationHandler.module_eval do
+  # All the token authentication actually happens on the session object,
+  # However we want to `sign_in!` method to be passed the user.
+  # So we override it here.
+  def authenticate_entity_from_token!(entity)
+    record = find_record_from_identifier(entity)
+
+    return unless token_correct?(record, entity, token_comparator)
+    perform_sign_in!(record.authable, sign_in_handler)
+  end
+
+  def find_record_from_identifier(entity)
+    identifier_param_value = entity.get_identifier_from_params_or_headers(self)
+                                   .presence
+
+    # The finder method should be compatible with all the model adapters,
+    # namely ActiveRecord and Mongoid in all their supported versions.
+    identifier_param_value && entity.model.find_by(
+      entity.identifier => identifier_param_value
+    )
+  end
+end

data/config/routes.rb

@@ -0,0 +1,3 @@
+DeviseSessionable::Engine.routes.draw do
+
+end

data/lib/devise_sessionable.rb

@@ -0,0 +1,15 @@
+require 'simple_token_authentication'
+require "devise_sessionable/engine"
+
+module DeviseSessionable
+  extend ActiveSupport::Autoload
+
+  autoload :ActsAsSessionable, 'devise_sessionable/acts_as_sessionable'
+end
+
+module ActiveRecord
+  class Base
+    include DeviseSessionable::ActsAsSessionable
+  end
+end
+

data/lib/devise_sessionable/acts_as_sessionable.rb

@@ -0,0 +1,17 @@
+module DeviseSessionable
+  module ActsAsSessionable
+    extend ActiveSupport::Concern
+
+    included do
+    end
+
+    module ClassMethods
+      def acts_as_sessionable(_options = {})
+        has_many :sessions,
+                 as: :authable,
+                 class_name: 'DeviseSessionable::Session',
+                 dependent: :destroy
+      end
+    end
+  end
+end

data/lib/devise_sessionable/engine.rb

@@ -0,0 +1,12 @@
+module DeviseSessionable
+  class Engine < ::Rails::Engine
+    isolate_namespace DeviseSessionable
+
+    config.generators do |g|
+      g.test_framework :rspec, :fixture => false
+      g.fixture_replacement :factory_girl, :dir => 'spec/factories'
+      g.assets false
+      g.helper false
+    end
+  end
+end

data/lib/devise_sessionable/version.rb

@@ -0,0 +1,3 @@
+module DeviseSessionable
+  VERSION = '0.1.0'
+end

data/lib/generators/devise_sessionable/install/install_generator.rb

@@ -0,0 +1,24 @@
+require 'rails/generators/active_record'
+
+module DeviseSessionable
+  class InstallGenerator < Rails::Generators::Base
+    include Rails::Generators::Migration
+
+    source_root File.expand_path('../templates', __FILE__)
+
+    def copy_migration
+      migration_template 'migration.rb',
+                         'db/migrate/devise_sessionable_create_sessions.rb'
+    end
+
+    # Implement the required interface for Rails::Generators::Migration.
+    def self.next_migration_number(dirname)
+      next_migration_number = current_migration_number(dirname) + 1
+      if ActiveRecord::Base.timestamped_migrations
+        [Time.now.utc.strftime('%Y%m%d%H%M%S'), '%.14d' % next_migration_number].max
+      else
+        '%.3d' % next_migration_number
+      end
+    end
+  end
+end

data/lib/generators/devise_sessionable/install/templates/migration.rb

@@ -0,0 +1,16 @@
+class DeviseSessionableCreateSessions < ActiveRecord::Migration
+  def change
+    create_table :devise_sessionable_sessions, id: :uuid do |t|
+      t.string :authentication_token
+      t.uuid :authable_id, null: false
+      t.string :authable_type, null: false
+
+      t.timestamps
+    end
+
+    add_index :devise_sessionable_sessions,
+              [:authable_id, :authable_type],
+              name: 'index_devise_sessionable_sessions_on_authable'
+    add_index :devise_sessionable_sessions, :authentication_token
+  end
+end

data/lib/tasks/devise_sessionable_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :devise_sessionable do
+#   # Task goes here
+# end

data/spec/factories/sessions.rb

@@ -0,0 +1,5 @@
+FactoryGirl.define do
+  factory :session, class: 'DeviseSessionable::Session' do
+    association :authable, factory: :user
+  end
+end

data/spec/factories/users.rb

@@ -0,0 +1,4 @@
+FactoryGirl.define do
+  factory :user do
+  end
+end

data/spec/models/session_spec.rb

@@ -0,0 +1,18 @@
+require 'rails_helper'
+
+module DeviseSessionable
+  RSpec.describe Session, type: :model do
+    it { is_expected.to belong_to(:authable) }
+    it { is_expected.to validate_presence_of(:authable) }
+
+    describe 'Simple token auth' do
+      it 'sets the authentication_token automatically' do
+        session = build(:session, authentication_token: nil)
+
+        expect do
+          session.save
+        end.to change(session, :authentication_token).from nil
+      end
+    end
+  end
+end