devise_token 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9ad1e97c17af8e19492051f2a5c76db00e591f06
+  data.tar.gz: 1ee7490041ba11f1b6537f9a7ac54e1585fb1cf0
+SHA512:
+  metadata.gz: eab33efbe9beea3f593908abd137dd3e6a769ff3844262809b33ba7baa0534fac73cb69ddf1f65da1bbe67765021525d951c762ab753601ef752bf63b2b46415
+  data.tar.gz: a340fdae974d327ba22725b0acf12ab95e0ec463ab7e7625e6908595ad716cb25fb5e7e442c1929a286d8bff7adcfca10ec4907276fd9cfbc9b4668e4f4bdaca

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2017 Samuel Akrah
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,69 @@
+# DeviseToken
+A lightweight authentication gem based on devise and jwt gems.
+
+## Description
+DeviseToken is a stripped down version of devise_token_auth, which removes the  oauth and token implementation  in devise_token_auth and replaces them with jwt for authentication.
+
+### What are JSON Web Tokens?
+
+[![JWT](http://jwt.io/assets/badge.svg)](http://jwt.io/)
+
+
+## Usage
+
+Include the `DeviseToken::Concerns::AuthenticateToken` module in your base controller, ie  `ApplicationController` if it is not included by default.
+
+```ruby
+class ApplicationController < ActionController::API
+  include DeviseToken::Concerns::AuthenticateToken
+end
+```
+This will help you scope your resources by calling `authenticate_user!` as a before_action
+inside your controllers:
+```ruby
+class TasksController < ApplicationController
+  before_action :authenticate_user!
+
+end
+```
+
+This will make available available methods such us `current_user` in your controller actions.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'devise_token'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install devise_token
+```
+
+Finally, run the install generator:
+
+```bash
+$ rails g devise_token:install User auth
+
+This generator accepts the following optional arguments:
+
+| Argument | Default | Description |
+|---|---|---|
+| USER_CLASS | `User` | The name of the class to use for user authentication. |
+| MOUNT_PATH | `auth` | The path at which to mount the authentication routes.
+
+This will create the following:
+
+* An initializer will be created at `config/initializers/devise_token.rb`
+
+* A model will be created in the `app/models` directory. If the model already exists, a concern will be included at the top of the file.
+## Contributing
+Contribution directions go here.
+
+## License

data/Rakefile

@@ -0,0 +1,36 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'DeviseToken'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/app/assets/config/devise_token_manifest.js

@@ -0,0 +1,2 @@
+//= link_directory ../javascripts/devise_token .js
+//= link_directory ../stylesheets/devise_token .css

data/app/assets/javascripts/devise_token/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file. JavaScript code in this file should be added after the last require_* statement.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/app/assets/stylesheets/devise_token/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/devise_token/application_controller.rb

@@ -0,0 +1,77 @@
+module DeviseToken
+  class ApplicationController < DeviseController
+    include ::DeviseToken::Concerns::AuthenticateToken
+
+    before_action :set_default_format
+
+
+    def resource_data(opts={})
+      response_data = opts[:resource_json] || @resource.as_json
+      response_data
+    end
+
+    def resource_errors
+      return @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
+    end
+
+    protected
+
+
+      def params_for_resource(resource)
+        devise_parameter_sanitizer.instance_values['permitted'][resource].each do |type|
+          params[type.to_s] ||= request.headers[type.to_s] unless request.headers[type.to_s].nil?
+        end
+        devise_parameter_sanitizer.instance_values['permitted'][resource]
+      end
+
+      def resource_class(m=nil)
+        if m
+          mapping = Devise.mappings[m]
+        else
+          mapping = Devise.mappings[resource_name] || Devise.mappings.values.first
+        end
+
+        mapping.to
+      end
+
+      def recoverable_enabled?
+        resource_class.devise_modules.include?(:recoverable)
+      end
+
+      def confirmable_enabled?
+        resource_class.devise_modules.include?(:confirmable)
+      end
+
+      def render_error(status, message, data = nil)
+        response = {
+          success: false,
+          errors: [message]
+        }
+        response = response.merge(data) if data
+        render json: response, status: status
+      end
+
+
+      def set_default_format
+        request.format = :json
+      end
+
+      def auth_token
+       if resource.respond_to? :auth_response_token
+         DeviseToken::JsonWebToken.new payload: resource.auth_response_token
+       else
+         DeviseToken::JsonWebToken.new payload: { sub: resource.id }
+       end
+      end
+
+      def resource
+       @resource ||=
+         if resource_class.respond_to? :auth_request_payload
+           resource_class.auth_request_payload request
+         else
+           resource_class.find_by email: resource_params[:email]
+         end
+      end
+
+  end
+end

data/app/controllers/devise_token/authentications_controller.rb

@@ -0,0 +1,87 @@
+module DeviseToken
+  class AuthenticationsController < DeviseToken::ApplicationController
+
+    def new
+      render_new_error
+    end
+
+    def create
+      # Check
+      field = (resource_params.keys.map(&:to_sym) & resource_class.authentication_keys).first
+
+      @resource = nil
+      if field
+        q_value = get_case_insensitive_field_from_resource_params(field)
+
+        @resource = find_resource(field, q_value)
+      end
+
+      if @resource && valid_params?(field, q_value) && (!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
+        valid_password = @resource.valid_password?(resource_params[:password])
+        if (@resource.respond_to?(:valid_for_authentication?) && !@resource.valid_for_authentication? { valid_password }) || !valid_password
+          render_create_error_bad_credentials
+          return
+        end
+
+        @resource.save
+
+        sign_in(:user, @resource, store: false, bypass: false)
+
+        yield @resource if block_given?
+
+        render_create_success
+
+      elsif @resource && !(!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
+        render_create_error_not_confirmed
+      else
+        render_create_error_bad_credentials
+      end
+    end
+
+
+
+    protected
+
+    def valid_params?(key, val)
+      resource_params[:password] && key && val
+    end
+
+
+    def render_new_error
+      render_error(405, I18n.t("devise_token.sessions.not_supported"))
+    end
+
+    def render_create_success
+      render json: {
+        status: 'success',
+        header: auth_token,
+        data: resource_data
+      }
+    end
+
+    def render_create_error_not_confirmed
+      render_error(401, I18n.t("devise_token.sessions.not_confirmed", email: @resource.email))
+    end
+
+    def render_create_error_bad_credentials
+      render_error(401, I18n.t("devise_token.sessions.bad_credentials"))
+    end
+
+    def render_destroy_success
+      render json: {
+        success:true
+      }, status: 200
+    end
+
+    def render_destroy_error
+      render_error(404, I18n.t("devise_token.sessions.user_not_found"))
+    end
+
+    private
+
+    def resource_params
+      params.permit(*params_for_resource(:sign_in))
+    end
+
+  end
+end

data/app/controllers/devise_token/concerns/authenticate_token.rb

@@ -0,0 +1,71 @@
+module DeviseToken::Concerns::AuthenticateToken
+  extend ActiveSupport::Concern
+  include DeviseToken::Controllers::Helpers
+  include DeviseToken::Authenticable
+
+
+
+  def get_case_insensitive_field_from_resource_params(field)
+    # honor Devise configuration for case_insensitive keys
+    q_value = resource_params[field.to_sym]
+
+    if resource_class.case_insensitive_keys.include?(field.to_sym)
+      q_value.downcase!
+    end
+    q_value
+  end
+
+  def find_resource(field, value)
+    # fix for mysql default case insensitivity
+    q = "#{field.to_s} = ? AND provider='#{provider.to_s}'"
+    if ActiveRecord::Base.connection.adapter_name.downcase.starts_with? 'mysql'
+      q = "BINARY " + q
+    end
+
+    @resource = resource_class.where(q, value).first
+  end
+
+  def resource_class(m=nil)
+    if m
+      mapping = Devise.mappings[m]
+    else
+      mapping = Devise.mappings[resource_name] || Devise.mappings.values.first
+    end
+
+    mapping.to
+  end
+
+  def provider
+    'email'
+  end
+
+
+  protected
+
+
+  # user auth
+  def authenticate_token(mapping=nil)
+    # determine target authentication class
+    rc = resource_class(mapping)
+    @token = token
+
+    return false unless @token
+    # no default user defined
+    return unless rc
+    @resource =  authenticate_auth(rc)
+    # user has already been found and authenticated
+    return @resource if @resource && @resource.is_a?(rc)
+
+  end
+
+  def resource_class(m=nil)
+    if m
+      mapping = Devise.mappings[m]
+    else
+      mapping = Devise.mappings[resource_name] || Devise.mappings.values.first
+    end
+
+    mapping.to
+  end
+
+end

data/app/controllers/devise_token/confirmations_controller.rb

@@ -0,0 +1,18 @@
+module DeviseToken
+  class ConfirmationsController < DeviseToken::ApplicationController
+    def show
+      @resource = resource_class.confirm_by_token(params[:confirmation_token])
+
+      if @resource && @resource.id
+
+        sign_in(@resource)
+        @resource.save!
+
+        yield @resource if block_given?
+
+      else
+        raise ActionController::RoutingError.new('Not Found')
+      end
+    end
+  end
+end

data/app/controllers/devise_token/registrations_controller.rb

@@ -0,0 +1,189 @@
+module DeviseToken
+  class RegistrationsController < DeviseToken::ApplicationController
+    before_action :validate_sign_up_params, :only => :create
+    before_action :validate_account_update_params, :only => :update
+
+   def create
+     @resource            = resource_class.new(sign_up_params.except(:confirm_success_url))
+     @resource.provider   = provider
+
+
+     if resource_class.case_insensitive_keys.include?(:email)
+       @resource.email = sign_up_params[:email].try :downcase
+     else
+       @resource.email = sign_up_params[:email]
+     end
+
+
+     @redirect_url = sign_up_params[:confirm_success_url]
+
+
+     @redirect_url ||= DeviseToken.default_confirm_success_url
+
+
+     if confirmable_enabled? && !@redirect_url
+       return render_create_error_missing_confirm_success_url
+     end
+
+
+     if DeviseToken.redirect_whitelist
+       unless DeviseToken::Url.whitelisted?(@redirect_url)
+         return render_create_error_redirect_url_not_allowed
+       end
+     end
+
+     begin
+       # override email confirmation, must be sent manually from ctrl
+       resource_class.set_callback("create", :after, :send_on_create_confirmation_instructions)
+       resource_class.skip_callback("create", :after, :send_on_create_confirmation_instructions)
+       if @resource.respond_to? :skip_confirmation_notification!
+         # Fix duplicate e-mails by disabling Devise confirmation e-mail
+         @resource.skip_confirmation_notification!
+       end
+       if @resource.save
+         yield @resource if block_given?
+
+         unless @resource.confirmed?
+           # user will require email authentication
+           @resource.send_confirmation_instructions({
+             redirect_url: @redirect_url
+           })
+
+         else
+
+           @resource.save!
+
+
+         end
+         render_create_success
+       else
+         clean_up_passwords @resource
+         render_create_error
+       end
+     rescue ActiveRecord::RecordNotUnique
+       clean_up_passwords @resource
+       render_create_error_email_already_exists
+     end
+   end
+
+
+   def destroy
+     if @resource
+       @resource.destroy
+       yield @resource if block_given?
+
+       render_destroy_success
+     else
+       render_destroy_error
+     end
+   end
+
+   def sign_up_params
+     params.permit([*params_for_resource(:sign_up), :confirm_success_url])
+   end
+
+   def account_update_params
+     params.permit(*params_for_resource(:account_update))
+   end
+
+   protected
+
+     def render_create_error_missing_confirm_success_url
+       response = {
+         status: 'error',
+         data:   resource_data
+       }
+       message = I18n.t("devise_token_auth.registrations.missing_confirm_success_url")
+       render_error(422, message, response)
+     end
+
+     def render_create_error_redirect_url_not_allowed
+       response = {
+         status: 'error',
+         data:   resource_data
+       }
+       message = I18n.t("devise_token_auth.registrations.redirect_url_not_allowed", redirect_url: @redirect_url)
+       render_error(422, message, response)
+     end
+
+     def render_create_success
+       render json: {
+         status: 'success',
+         header: auth_token,
+         data:   resource_data
+       }
+     end
+
+     def render_create_error
+       render json: {
+         status: 'error',
+         data:   resource_data,
+         errors: resource_errors
+       }, status: 422
+     end
+
+     def render_create_error_email_already_exists
+       response = {
+         status: 'error',
+         data:   resource_data
+       }
+       message = I18n.t("devise_token_auth.registrations.email_already_exists", email: @resource.email)
+       render_error(422, message, response)
+     end
+
+     def render_update_success
+       render json: {
+         status: 'success',
+         data:   resource_data
+       }
+     end
+
+     def render_update_error
+       render json: {
+         status: 'error',
+         errors: resource_errors
+       }, status: 422
+     end
+
+     def render_update_error_user_not_found
+       render_error(404, I18n.t("devise_token_auth.registrations.user_not_found"), { status: 'error' })
+     end
+
+     def render_destroy_success
+       render json: {
+         status: 'success',
+         message: I18n.t("devise_token_auth.registrations.account_with_uid_destroyed", uid: @resource.uid)
+       }
+     end
+
+     def render_destroy_error
+       render_error(404, I18n.t("devise_token_auth.registrations.account_to_destroy_not_found"), { status: 'error' })
+     end
+
+    private
+
+     def resource_update_method
+       if DeviseToken.check_current_password_before_update == :attributes
+         "update_with_password"
+       elsif DeviseToken.check_current_password_before_update == :password && account_update_params.has_key?(:password)
+         "update_with_password"
+       elsif account_update_params.has_key?(:current_password)
+         "update_with_password"
+       else
+         "update_attributes"
+       end
+     end
+
+     def validate_sign_up_params
+       validate_post_data sign_up_params, I18n.t("errors.messages.validate_sign_up_params")
+     end
+
+     def validate_account_update_params
+       validate_post_data account_update_params, I18n.t("errors.messages.validate_account_update_params")
+     end
+
+     def validate_post_data which, message
+       render_error(:unprocessable_entity, message, { status: 'error' }) if which.empty?
+     end
+  end
+end