devise_token 0.1.1

data/app/controllers/devise_token/token_validations_controller.rb

@@ -0,0 +1,29 @@
+module DeviseToken
+  class TokenValidationsController < DeviseToken::ApplicationController
+    skip_before_action :assert_is_devise_resource!, :only => [:validate_token]
+  
+
+    def validate_token
+      # @resource will have been set by set_user_token concern
+      if @resource
+        yield @resource if block_given?
+        render_validate_token_success
+      else
+        render_validate_token_error
+      end
+    end
+
+    protected
+
+    def render_validate_token_success
+      render json: {
+        success: true,
+        data: resource_data(resource_json: @resource.token_validation_response)
+      }
+    end
+
+    def render_validate_token_error
+      render_error(401, I18n.t("devise_token.token_validations.invalid"))
+    end
+  end
+end

data/app/helpers/devise_token/application_helper.rb

@@ -0,0 +1,4 @@
+module DeviseToken
+  module ApplicationHelper
+  end
+end

data/app/jobs/devise_token/application_job.rb

@@ -0,0 +1,4 @@
+module DeviseToken
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/devise_token/application_mailer.rb

@@ -0,0 +1,6 @@
+module DeviseToken
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/devise_token/application_record.rb

@@ -0,0 +1,5 @@
+module DeviseToken
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/devise_token/concerns/user.rb

@@ -0,0 +1,98 @@
+
+module DeviseToken::Concerns::User
+  extend ActiveSupport::Concern
+
+  included do
+    # Hack to check if devise is already enabled
+    unless self.method_defined?(:devise_modules)
+      devise :database_authenticatable, :registerable,
+          :recoverable, :trackable, :validatable, :confirmable
+    end
+
+    # don't use default devise email validation
+    def email_required?
+      false
+    end
+
+    def email_changed?
+      false
+    end
+
+    def will_save_change_to_email?
+      false
+    end
+
+    def password_required?
+      return false unless provider == 'email'
+      super
+    end
+
+    # override devise method to include additional info as opts hash
+    def send_confirmation_instructions(opts=nil)
+      unless @raw_confirmation_token
+        generate_confirmation_token!
+      end
+
+      opts ||= {}
+
+      if pending_reconfirmation?
+        opts[:to] = unconfirmed_email
+      end
+      opts[:redirect_url] ||= DeviseToken.default_confirm_success_url
+
+      send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)
+    end
+
+    # override devise method to include additional info as opts hash
+    def send_reset_password_instructions(opts=nil)
+      token = set_reset_password_token
+
+      opts ||= {}
+      send_devise_notification(:reset_password_instructions, token, opts)
+
+      token
+    end
+
+    # override devise method to include additional info as opts hash
+    def send_unlock_instructions(opts=nil)
+      raw, enc = Devise.token_generator.generate(self.class, :unlock_token)
+      self.unlock_token = enc
+      save(validate: false)
+
+      opts ||= {}
+
+      send_devise_notification(:unlock_instructions, raw, opts)
+      raw
+    end
+  end
+
+  module ClassMethods
+    protected
+
+    def database_exists?
+      ActiveRecord::Base.connection_pool.with_connection { |con| con.active? } rescue false
+    end
+  end
+
+
+
+  # this must be done from the controller so that additional params
+  # can be passed on from the client
+  def send_confirmation_notification?
+    false
+  end
+
+
+
+  def confirmed?
+    self.devise_modules.exclude?(:confirmable) || super
+  end
+
+
+  def token_lifespan
+    DeviseToken.token_lifespan
+  end
+
+
+
+end

data/app/models/devise_token/json_web_token.rb

@@ -0,0 +1,80 @@
+require "jwt"
+module DeviseToken
+  class JsonWebToken
+
+    attr_reader :token
+    attr_reader :payload
+
+    def initialize payload: {}, token: nil, verify_options: {}
+      if token.present?
+        @payload, _ = JWT.decode token.to_s, decode_key, true, options.merge(verify_options)
+        @token = token
+      else
+        @payload = claims.merge(payload)
+        @token = JWT.encode @payload,
+          secret_key,
+          DeviseToken.token_signature_algorithm
+      end
+    end
+
+    def current_resource resource_class
+      if resource_class.respond_to? :auth_payload
+        resource_class.auth_payload @payload
+      else
+        resource_class.find @payload['sub']
+      end
+    end
+
+    def to_json options = {}
+      {jwt: @token}.to_json
+    end
+
+
+    private
+     def secret_key
+       DeviseToken.token_secret_signature_key.call
+     end
+
+     def decode_key
+       DeviseToken.token_public_key || secret_key
+     end
+
+     def options
+      verify_claims.merge({
+        algorithm: DeviseToken.token_signature_algorithm
+      })
+    end
+
+    def claims
+      _claims = {}
+      _claims[:exp] = token_lifetime if verify_lifetime?
+      _claims[:aud] = token_audience if verify_audience?
+      _claims
+    end
+
+    def token_lifetime
+      DeviseToken.token_lifespan.from_now.to_i if verify_lifetime?
+    end
+
+    def verify_lifetime?
+      !DeviseToken.token_lifespan.nil?
+    end
+
+    def verify_claims
+      {
+        aud: token_audience,
+        verify_aud: verify_audience?,
+        verify_expiration: verify_lifetime?
+      }
+    end
+
+    def token_audience
+      verify_audience? && DeviseToken.token_audience.call
+    end
+
+    def verify_audience?
+      DeviseToken.token_audience.present?
+    end
+
+  end
+end

data/app/views/devise/mailer/confirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+<p><%= t(:welcome).capitalize + ' ' + @email %>!</p>
+
+<p><%= t '.confirm_link_msg' %> </p>
+
+<p><%= link_to t('.confirm_account_link'), confirmation_url(@resource, {confirmation_token: @token,  redirect_url: message['redirect-url']}).html_safe %></p>

data/app/views/devise/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+<p><%= t(:hello).capitalize %> <%= @resource.email %>!</p>
+
+<p><%= t '.request_reset_link_msg' %></p>
+
+<p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s).html_safe %></p>
+
+<p><%= t '.ignore_mail_msg' %></p>
+<p><%= t '.no_changes_msg' %></p>

data/app/views/devise/mailer/unlock_instructions.html.erb

@@ -0,0 +1,7 @@
+<p><%= t :hello %> <%= @resource.email %>!</p>
+
+<p><%= t '.account_lock_msg' %></p>
+
+<p><%= t '.unlock_link_msg' %></p>
+
+<p><%= link_to t('.unlock_link'), unlock_url(@resource, unlock_token: @token, config: message['client-config'].to_s) %></p>

data/config/locales/en.yml

@@ -0,0 +1,50 @@
+en:
+  devise_token:
+    authentication:
+      not_confirmed: "A confirmation email was sent to your account at '%{email}'. You must follow the instructions in the email before your account can be activated"
+      bad_credentials: "Invalid login credentials. Please try again."
+      not_supported: "Use POST /sign_in to sign in. GET is not supported."
+      user_not_found: "User was not found or was not logged in."
+    token_validations:
+      invalid: "Invalid login credentials"
+    registrations:
+      missing_confirm_success_url: "Missing 'confirm_success_url' parameter."
+      redirect_url_not_allowed: "Redirect to '%{redirect_url}' not allowed."
+      email_already_exists: "An account already exists for '%{email}'"
+      account_with_uid_destroyed: "Account with UID '%{uid}' has been destroyed."
+      account_to_destroy_not_found: "Unable to locate account for destruction."
+      user_not_found: "User not found."
+    passwords:
+      missing_email: "You must provide an email address."
+      missing_redirect_url: "Missing redirect URL."
+      not_allowed_redirect_url: "Redirect to '%{redirect_url}' not allowed."
+      sended: "An email has been sent to '%{email}' containing instructions for resetting your password."
+      user_not_found: "Unable to find user with email '%{email}'."
+      password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."
+      missing_passwords: "You must fill out the fields labeled 'Password' and 'Password confirmation'."
+      successfully_updated: "Your password has been successfully updated."
+    unlocks:
+      missing_email: "You must provide an email address."
+      sended: "An email has been sent to '%{email}' containing instructions for unlocking your account."
+      user_not_found: "Unable to find user with email '%{email}'."
+  errors:
+    messages:
+      validate_sign_up_params: "Please submit proper sign up data in request body."
+      validate_account_update_params: "Please submit proper account update data in request body."
+      not_email: "is not an email"
+  devise:
+    mailer:
+      confirmation_instructions:
+        confirm_link_msg: "You can confirm your account email through the link below:"
+        confirm_account_link: "Confirm my account"
+      reset_password_instructions:
+        request_reset_link_msg: "Someone has requested a link to change your password. You can do this through the link below."
+        password_change_link: "Change my password"
+        ignore_mail_msg: "If you didn't request this, please ignore this email."
+        no_changes_msg: "Your password won't change until you access the link above and create a new one."
+      unlock_instructions:
+        account_lock_msg: "Your account has been locked due to an excessive number of unsuccessful sign in attempts."
+        unlock_link_msg: "Click the link below to unlock your account:"
+        unlock_link: "Unlock my account"
+  hello: "hello"
+  welcome: "welcome"

data/config/routes.rb

@@ -0,0 +1,2 @@
+DeviseToken::Engine.routes.draw do
+end

data/lib/devise_token.rb

@@ -0,0 +1,8 @@
+require "devise"
+require "devise_token/engine"
+require "devise_token/controllers/helpers"
+require "devise_token/controllers/url_helpers"
+require "devise_token/authenticable"
+module DeviseToken
+  # Your code goes here...
+end

data/lib/devise_token/authenticable.rb

@@ -0,0 +1,23 @@
+module DeviseToken::Authenticable
+
+    def authenticate_auth resource_class
+      if token
+        DeviseToken::JsonWebToken.new(token: token).current_resource(resource_class)
+      end
+    end
+
+    def token
+      params[:auth_token] || auth_token_request
+    end
+
+    def auth_token_request
+      unless request.headers['Authorization'].nil?
+        request.headers.fetch("Authorization", "").split(" ").last
+      end
+    end
+
+    def auth_token_response
+
+    end
+
+end

data/lib/devise_token/controllers/helpers.rb

@@ -0,0 +1,70 @@
+module DeviseToken
+  module Controllers
+    module Helpers
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+
+        def log_process_action(payload)
+          payload[:status] ||= 401 unless payload[:exception]
+          super
+        end
+      end
+
+      # Define authentication filters and accessor helpers based on mappings.
+      # These filters should be used inside the controllers as before_actions,
+      # so you can control the scope of the user who should be signed in to
+      # access that specific controller/action.
+      # Example:
+      #
+      #   Roles:
+      #     User
+      #     Admin
+      #
+      #   Generated methods:
+      #     authenticate_user!                   # Signs user in or 401
+      #     authenticate_admin!                  # Signs admin in or 401
+      #     user_signed_in?                      # Checks whether there is a user signed in or not
+      #     admin_signed_in?                     # Checks whether there is an admin signed in or not
+      #     current_user                         # Current signed in user
+      #     current_admin                        # Current signed in admin
+      #     render_authenticate_error            # Render error unless user or admin is signed in
+      #
+      #   Use:
+      #     before_action :authenticate_user!  # Tell devise to use :user map
+      #     before_action :authenticate_admin! # Tell devise to use :admin map
+      #
+      def self.define_helpers(mapping) #:nodoc:
+        mapping = mapping.name
+
+        class_eval <<-METHODS, __FILE__, __LINE__ + 1
+          def authenticate_#{mapping}!(opts={})
+            unless current_#{mapping}
+              render_authenticate_error
+            end
+          end
+
+          def #{mapping}_signed_in?
+            !!current_#{mapping}
+          end
+
+          def current_#{mapping}
+            @current_#{mapping} ||= authenticate_token(:#{mapping})
+          end
+
+          def render_authenticate_error
+            return render json: {
+              errors: [I18n.t('devise.failure.unauthenticated')]
+            }, status: 401
+          end
+        METHODS
+
+        ActiveSupport.on_load(:action_controller) do
+          if respond_to?(:helper_method)
+            helper_method "current_#{mapping}", "#{mapping}_signed_in?", "render_authenticate_error"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/devise_token/controllers/url_helpers.rb

@@ -0,0 +1,8 @@
+module DeviseToken
+  module Controllers
+    module UrlHelpers
+      def self.define_helpers(mapping)
+      end
+    end
+  end
+end

data/lib/devise_token/engine.rb

@@ -0,0 +1,44 @@
+require "devise_token/rails/routes"
+
+module DeviseToken
+  class Engine < ::Rails::Engine
+    isolate_namespace DeviseToken
+
+    initializer "devise_token.url_helpers" do
+      Devise.helpers << DeviseToken::Controllers::Helpers
+    end
+  end
+
+  mattr_accessor :token_audience,
+                 :change_headers_on_each_request,
+                 :token_lifespan,
+                 :default_confirm_success_url,
+                 :default_password_reset_url,
+                 :redirect_whitelist,
+                 :check_current_password_before_update,
+                 :enable_standard_devise_support,
+                 :remove_tokens_after_password_reset,
+                 :default_callbacks,
+                 :token_secret_signature_key,
+                 :token_signature_algorithm,
+                 :token_public_key
+
+  self.token_audience = nil
+  self.change_headers_on_each_request       = true
+  self.token_lifespan                       = 2.weeks
+  self.default_confirm_success_url          = nil
+  self.default_password_reset_url           = nil
+  self.redirect_whitelist                   = nil
+  self.check_current_password_before_update = false
+  self.enable_standard_devise_support       = false
+  self.remove_tokens_after_password_reset   = false
+  self.default_callbacks                    = true
+  self.token_secret_signature_key           = -> { Rails.application.secrets.secret_key_base }
+  self.token_signature_algorithm            = 'HS256'
+  self.token_public_key                     = nil
+
+
+  def self.setup(&block)
+    yield self
+  end
+end