devise_token_auth 0.1.20 → 0.1.21.alpha1

data/app/controllers/devise_token_auth/auth_controller.rb

@@ -19,8 +19,11 @@ module DeviseTokenAuth
     end
 
     def omniauth_success
+      # pull resource class from omniauth return
+      resource = request.env['omniauth.params']['resource_class'].constantize
+
       # find or create user by provider and provider uid
-      @user = User.where({
+      @user = resource.where({
         uid:      auth_hash['uid'],
         provider: auth_hash['provider']
       }).first_or_initialize

data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb

@@ -6,7 +6,6 @@ module DeviseTokenAuth::Concerns::SetUserByToken
     after_action :update_auth_header
   end
 
-
   # user auth
   def set_user_by_token
     auth_header = request.headers["Authorization"]
@@ -14,6 +13,9 @@ module DeviseTokenAuth::Concerns::SetUserByToken
     # missing auth token
     return false unless auth_header
 
+    # no default user defined
+    return false unless resource_class
+
     # parse header for values necessary for authentication
     uid        = auth_header[/uid=(.*?)$/,1]
     @token     = auth_header[/token=(.*?) /,1]
@@ -23,7 +25,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
     @client_id ||= 'default'
 
     # mitigate timing attacks by finding by uid instead of auth token
-    @user = @current_user = uid && User.find_by_uid(uid)
+    @user = @current_user = uid && resource_class.find_by_uid(uid)
 
     if @user && @user.valid_token?(@token, @client_id)
       sign_in(:user, @user, store: false, bypass: true)
@@ -61,6 +63,10 @@ module DeviseTokenAuth::Concerns::SetUserByToken
     response.headers["Authorization"] = auth_header if auth_header
   end
 
+  def resource_class
+    mapping = request.env['devise.mapping'] || Devise.mappings.values.first
+    mapping.to
+  end
 
   private
 

data/app/controllers/devise_token_auth/confirmations_controller.rb

@@ -3,7 +3,7 @@ module DeviseTokenAuth
     include Devise::Controllers::Helpers
 
     def show
-      @user = User.confirm_by_token(params[:confirmation_token])
+      @user = resource_class.confirm_by_token(params[:confirmation_token])
 
       if @user and @user.id
         # create client id

data/app/controllers/devise_token_auth/passwords_controller.rb

@@ -23,7 +23,7 @@ module DeviseTokenAuth
         }, status: 401
       end
 
-      @user = User.where({
+      @user = resource_class.where({
         email: resource_params[:email],
         provider: 'email'
       }).first
@@ -35,7 +35,7 @@ module DeviseTokenAuth
           reset_password_redirect_url: resource_params[:redirect_url]
         })
 
-        @user = User.send_reset_password_instructions({
+        @user = resource_class.send_reset_password_instructions({
           email: resource_params[:email],
           provider: 'email'
         })
@@ -64,7 +64,7 @@ module DeviseTokenAuth
 
     # this is where users arrive after visiting the email confirmation link
     def edit
-      @user = User.reset_password_by_token({
+      @user = resource_class.reset_password_by_token({
         reset_password_token: resource_params[:reset_password_token]
       })
 

data/app/controllers/devise_token_auth/registrations_controller.rb

@@ -7,7 +7,7 @@ module DeviseTokenAuth
     respond_to :json
 
     def create
-      @resource            = User.new(resource_params)
+      @resource            = resource_class.new(resource_params)
       @resource.uid        = resource_params[:email]
       @resource.provider   = "email"
 

data/app/controllers/devise_token_auth/sessions_controller.rb

@@ -8,7 +8,7 @@ module DeviseTokenAuth
     respond_to :json
 
     def create
-      @user = User.find_by_email(resource_params[:email])
+      @user = resource_class.find_by_email(resource_params[:email])
 
       if @user and valid_params? and @user.valid_password?(resource_params[:password]) and @user.confirmed?
         # create client id

data/app/models/{user.rb → devise_token_auth/concerns/user.rb}

@@ -1,21 +1,26 @@
-class User < ActiveRecord::Base
-  # Include default devise modules. Others available are:
-  # :confirmable, :lockable, :timeoutable and :omniauthable
-  devise :database_authenticatable, :registerable,
-        :recoverable, :rememberable, :trackable, :validatable,
-        :confirmable
+module DeviseTokenAuth::Concerns::User
+  extend ActiveSupport::Concern
 
-  serialize :tokens, JSON
+  included do
+    # Include default devise modules. Others available are:
+    # :confirmable, :lockable, :timeoutable and :omniauthable
+    devise :database_authenticatable, :registerable,
+          :recoverable, :rememberable, :trackable, :validatable,
+          :confirmable
 
-  validates_presence_of :email, if: Proc.new { |u| u.provider == 'email' }
-  validates_presence_of :confirm_success_url, if: Proc.new {|u| u.provider == 'email'}
+    serialize :tokens, JSON
 
-  # only validate unique emails among email registration users
-  validate :unique_email_user, on: :create
+    validates_presence_of :email, if: Proc.new { |u| u.provider == 'email' }
+    validates_presence_of :confirm_success_url, if: Proc.new {|u| u.provider == 'email'}
+
+    # only validate unique emails among email registration users
+    validate :unique_email_user, on: :create
+
+    # can't set default on text fields in mysql, simulate here instead.
+    after_save :set_empty_token_hash
+    after_initialize :set_empty_token_hash
+  end
 
-  # can't set default on text fields in mysql, simulate here instead.
-  after_save :set_empty_token_hash
-  after_initialize :set_empty_token_hash
 
   def valid_token?(token, client_id='default')
     client_id ||= 'default'
@@ -94,13 +99,6 @@ class User < ActiveRecord::Base
   end
 
 
-  def generate_url(url, params = {})
-    uri = URI(url)
-    uri.query = params.to_query
-    uri.to_s
-  end
-
-
   def extend_batch_buffer(token, client_id)
     self.tokens[client_id]['updated_at'] = Time.now
     self.save!
@@ -109,7 +107,14 @@ class User < ActiveRecord::Base
   end
 
 
-  private
+  protected
+
+
+  def generate_url(url, params = {})
+    uri = URI(url)
+    uri.query = params.to_query
+    uri.to_s
+  end
 
 
   def serializable_hash(options={})
@@ -126,7 +131,7 @@ class User < ActiveRecord::Base
 
 
   def unique_email_user
-    if provider == 'email' and User.where(provider: 'email', email: email).count > 0
+    if provider == 'email' and self.class.where(provider: 'email', email: email).count > 0
       errors.add(:email, "This email address is already in use")
     end
   end

data/config/initializers/devise.rb

@@ -188,71 +188,11 @@ Devise.setup do |config|
   # change their passwords.
   config.reset_password_within = 6.hours
 
-  # ==> Configuration for :encryptable
-  # Allow you to use another encryption algorithm besides bcrypt (default). You can use
-  # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
-  # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
-  # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
-  # REST_AUTH_SITE_KEY to pepper).
-  #
-  # Require the `devise-encryptable` gem when using anything other than bcrypt
-  # config.encryptor = :sha512
-
-  # ==> Scopes configuration
-  # Turn scoped views on. Before rendering "sessions/new", it will first check for
-  # "users/sessions/new". It's turned off by default because it's slower if you
-  # are using only default views.
-  # config.scoped_views = false
-
-  # Configure the default scope given to Warden. By default it's the first
-  # devise role declared in your routes (usually :user).
-  # config.default_scope = :user
-
-  # Set this configuration to false if you want /users/sign_out to sign out
-  # only the current scope. By default, Devise signs out all scopes.
-  # config.sign_out_all_scopes = true
-
-  # ==> Navigation configuration
-  # Lists the formats that should be treated as navigational. Formats like
-  # :html, should redirect to the sign in page when the user does not have
-  # access, but formats like :xml or :json, should return 401.
-  #
-  # If you have any extra navigational formats, like :iphone or :mobile, you
-  # should add them to the navigational formats lists.
-  #
-  # The "*/*" below is required to match Internet Explorer requests.
-  # config.navigational_formats = ['*/*', :html]
-
   # The default HTTP method used to sign out a resource. Default is :delete.
   config.sign_out_via = :delete
 
-  # ==> OmniAuth
-  # Add a new OmniAuth provider. Check the wiki for more information on setting
-  # up on your models and hooks.
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
-
-  # ==> Warden configuration
-  # If you want to use other strategies, that are not supported by Devise, or
-  # change the failure app, you can configure them inside the config.warden block.
-  #
-  # config.warden do |manager|
-  #   manager.intercept_401 = false
-  #   manager.default_strategies(scope: :user).unshift :some_external_strategy
-  # end
-
-  # ==> Mountable engine configurations
-  # When using Devise inside an engine, let's call it `MyEngine`, and this engine
-  # is mountable, there are some extra configurations to be taken into account.
-  # The following options are available, assuming the engine is mounted as:
-  #
-  #     mount MyEngine, at: '/my_engine'
-  #
-  # The router that invoked `devise_for`, in the example above, would be:
-  config.router_name = :devise_token_auth
-  config.parent_controller = "DeviseTokenAuth::ApplicationController"
-
-  #
-  # When using omniauth, Devise cannot automatically set Omniauth path,
-  # so you need to do it manually. For the users scope, it would be:
-  #config.omniauth_path_prefix = ''
+  # mounted routes will point to this
+  Rails.application.config.after_initialize do
+    ::OmniAuth::config.path_prefix = config.omniauth_path_prefix = DeviseTokenAuth.omniauth_prefix
+  end
 end

data/config/routes.rb

@@ -1,15 +1,3 @@
-DeviseTokenAuth::Engine.routes.draw do
-  devise_for :users,
-    :class_name  => "User",
-    :module      => :devise,
-    :path        => "",
-    :controllers => {:sessions      => "devise_token_auth/sessions",
-                     :registrations => "devise_token_auth/registrations",
-                     :passwords     => "devise_token_auth/passwords",
-                     :confirmations => "devise_token_auth/confirmations"}
-
-  get "validate_token",     to: "auth#validate_token"
-  get "failure",            to: "auth#omniauth_failure"
-  get ":provider/callback",  to: "auth#omniauth_success"
-  post ":provider/callback", to: "auth#omniauth_success"
+Rails.application.routes.draw do
+  get "#{::OmniAuth::config.path_prefix}/:provider/callback", to: 'devise_token_auth/auth#omniauth_success'
 end

data/lib/devise_token_auth/engine.rb

@@ -1,3 +1,5 @@
+require 'devise_token_auth/rails/routes'
+
 module DeviseTokenAuth
   class Engine < ::Rails::Engine
     isolate_namespace DeviseTokenAuth
@@ -5,11 +7,13 @@ module DeviseTokenAuth
 
   mattr_accessor :change_headers_on_each_request,
                  :token_lifespan,
-                 :batch_request_buffer_throttle
+                 :batch_request_buffer_throttle,
+                 :omniauth_prefix
 
   self.change_headers_on_each_request = true
   self.token_lifespan                 = 2.weeks
   self.batch_request_buffer_throttle  = 5.seconds
+  self.omniauth_prefix                = '/omniauth'
 
   def self.setup(&block)
     yield self

data/lib/devise_token_auth/rails/routes.rb

@@ -0,0 +1,36 @@
+module ActionDispatch::Routing
+  class Mapper
+    def mount_devise_token_auth_for(resource, opts)
+      scope opts[:at] do
+        devise_for resource.pluralize.underscore.to_sym,
+          :class_name  => resource,
+          :module      => :devise,
+          :path        => "",
+          :controllers => {:sessions      => "devise_token_auth/sessions",
+                           :registrations => "devise_token_auth/registrations",
+                           :passwords     => "devise_token_auth/passwords",
+                           :confirmations => "devise_token_auth/confirmations"}
+
+        devise_scope resource.underscore.to_sym do
+          get "validate_token",      to: "devise_token_auth/auth#validate_token"
+          get "failure",             to: "devise_token_auth/auth#omniauth_failure"
+          get ":provider/callback",  to: "devise_token_auth/auth#omniauth_success"
+          post ":provider/callback", to: "devise_token_auth/auth#omniauth_success"
+
+          # preserve the resource class thru oauth authentication by setting name of
+          # resource as "resource_class" param
+          match ":provider", to: redirect{|params, request|
+            # get the current querystring
+            qs = CGI::parse(request.env["QUERY_STRING"])
+
+            # append name of current resource
+            qs["resource_class"] = [resource]
+
+            # re-construct the path for omniauth
+            "#{::OmniAuth::config.path_prefix}/#{params[:provider]}?#{{}.tap {|hash| qs.each{|k, v| hash[k] = v.first}}.to_param}"
+          }, via: [:get]
+        end
+      end
+    end
+  end
+end

data/lib/devise_token_auth/version.rb

@@ -1,3 +1,3 @@
 module DeviseTokenAuth
-  VERSION = "0.1.20"
+  VERSION = "0.1.21.alpha1"
 end

data/lib/generators/devise_token_auth/USAGE

@@ -1,9 +1,27 @@
 Description:
-    This generator will install all the necessary configuration and migration files for the devies_token_auth gem
+  This generator will install all the necessary configuration and migration
+  files for the devies_token_auth gem. See
+  https://github.com/lynndylanhurley/devise_token_auth for more information.
+
+Arguments:
+  USER_CLASS # The name of the class to use for user authentication. Default is
+             # 'User'
+  MOUNT_PATH # The path at which to mount the authentication routes. Default is
+             # 'auth'. More detail documentation is here:
+             # https://github.com/lynndylanhurley/devise_token_auth#usage
 
 Example:
-    rails generate devise_token_auth:install
+  rails generate devise_token_auth:install User auth
+
+  This will create:
+      config/initializers/devise_token_auth.rb
+      db/migrate/<%= Time.now.utc.strftime("%Y%m%d%H%M%S") %>_create_devise_token_auth_create_users.rb
+      app/models/user.rb
+
+  If 'app/models/user.rb' already exists, the following line will be inserted
+  after the class definition:
+      include DeviseTokenAuth::Concerns::User
 
-    This will create:
-        config/initializers/devise_token_auth.rb
-        db/migrate/xxxxxxxx_create_devise_token_auth_user.rb
+  The following line will be inserted at the top of 'config/routes.rb' if it
+  does not already exist:
+      mount_devise_token_auth_for "User", at: '/auth'

data/lib/generators/devise_token_auth/install_generator.rb

@@ -4,17 +4,63 @@ module DeviseTokenAuth
 
     source_root File.expand_path('../templates', __FILE__)
 
-    desc "This generator creates an initializer file at config/initializers/devise_token_auth.rb"
+    argument :user_class, type: :string, default: "User"
+    argument :mount_path, type: :string, default: '/auth'
+
     def create_initializer_file
       copy_file("devise_token_auth.rb", "config/initializers/devise_token_auth.rb")
     end
 
-    desc "This generator creates a user migration file at db/migrate/<%= migration_id %>_devise_token_auth_create_users.rb"
     def copy_migrations
-      if self.class.migration_exists?("db/migrate", "devise_token_auth_create_users")
-        say_status("skipped", "Migration 'devise_token_auth' already exists")
+      if self.class.migration_exists?("db/migrate", "devise_token_auth_create_#{ user_class.underscore }")
+        say_status("skipped", "Migration 'devise_token_auth_create_#{ user_class.underscore }' already exists")
+      else
+        migration_template(
+          "devise_token_auth_create_users.rb.erb",
+          "db/migrate/devise_token_auth_create_#{ user_class.pluralize.underscore }.rb"
+        )
+      end
+    end
+
+    def create_user_model
+      fname = "app/models/#{ user_class.underscore }.rb"
+      unless File.exist?(fname)
+        template("user.rb", fname)
+      else
+        inclusion = "include DeviseTokenAuth::Concerns::User"
+        unless parse_file_for_line(fname, inclusion)
+          inject_into_file fname, after: "class #{user_class} < ActiveRecord::Base\n" do <<-'RUBY'
+  include DeviseTokenAuth::Concerns::User
+          RUBY
+          end
+        end
+      end
+    end
+
+    def add_route_mount
+      f    = "config/routes.rb"
+      str  = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
+      line = parse_file_for_line(f, "mount_devise_token_auth_for")
+
+      unless line
+        line = "Rails.application.routes.draw do"
+        existing_user_class = false
       else
-        migration_template("devise_token_auth_create_users.rb", "db/migrate/devise_token_auth_create_users.rb")
+        existing_user_class = true
+      end
+
+      if parse_file_for_line(f, str)
+        say_status("skipped", "Routes already exist for #{user_class} at #{mount_path}")
+      else
+        insert_after_line(f, line, str)
+
+        if existing_user_class
+          scoped_routes = ""+
+            "as :#{user_class.underscore} do\n"+
+            "    # Define routes for #{user_class} within this block.\n"+
+            "  end\n"
+          insert_after_line(f, str, scoped_routes)
+        end
       end
     end
 
@@ -23,5 +69,23 @@ module DeviseTokenAuth
     def self.next_migration_number(path)
       Time.now.utc.strftime("%Y%m%d%H%M%S")
     end
+
+    def insert_after_line(filename, line, str)
+      gsub_file filename, /(#{Regexp.escape(line)})/mi do |match|
+        "#{match}\n  #{str}"
+      end
+    end
+
+    def parse_file_for_line(filename, str)
+      match = false
+      File.open(filename) do |f|
+        f.each_line do |line|
+          if line =~ /(#{Regexp.escape(str)})/mi
+            match = line
+          end
+        end
+      end
+      match
+    end
   end
 end