RubyGems - devise_token_auth - Versions diffs - 0.1.28.beta6 → 0.1.28.beta7 - Mend

devise_token_auth 0.1.28.beta6 → 0.1.28.beta7

Files changed (43) hide show

data/app/views/devise/mailer/confirmation_instructions.html.erb CHANGED Viewed

@@ -2,4 +2,4 @@
 <p>You can confirm your account email through the link below:</p>
-<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']) %></p>

data/app/views/devise/mailer/reset_password_instructions.html.erb CHANGED Viewed

@@ -2,7 +2,7 @@
 <p>Someone has requested a link to change your password. You can do this through the link below.</p>
-<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token, redirect_url: @resource.reset_password_redirect_url) %></p>
+<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s) %></p>
 <p>If you didn't request this, please ignore this email.</p>
 <p>Your password won't change until you access the link above and create a new one.</p>

data/config/initializers/devise.rb CHANGED Viewed

@@ -201,3 +201,12 @@ Devise.setup do |config|
     end
   end
 end
+#module Devise::Mailers::Helpers
+  #protected
+  #def headers_for
+  #end
+#end

data/lib/devise_token_auth.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 require "devise"
 require "devise_token_auth/engine"
+require "devise_token_auth/controllers/helpers"
+require "devise_token_auth/controllers/url_helpers"
 module DeviseTokenAuth
 end

data/lib/devise_token_auth/controllers/helpers.rb ADDED Viewed

@@ -0,0 +1,129 @@
+module DeviseTokenAuth
+  module Controllers
+    module Helpers
+      extend ActiveSupport::Concern
+      module ClassMethods
+        # Define authentication filters and accessor helpers for a group of mappings.
+        # These methods are useful when you are working with multiple mappings that
+        # share some functionality. They are pretty much the same as the ones
+        # defined for normal mappings.
+        #
+        # Example:
+        #
+        #   inside BlogsController (or any other controller, it doesn't matter which):
+        #     devise_group :blogger, contains: [:user, :admin]
+        #
+        #   Generated methods:
+        #     authenticate_blogger!  # Redirects unless user or admin are signed in
+        #     blogger_signed_in?     # Checks whether there is either a user or an admin signed in
+        #     current_blogger        # Currently signed in user or admin
+        #     current_bloggers       # Currently signed in user and admin
+        #
+        #   Use:
+        #     before_filter :authenticate_blogger!              # Redirects unless either a user or an admin are authenticated
+        #     before_filter ->{ authenticate_blogger! :admin }  # Redirects to the admin login page
+        #     current_blogger :user                             # Preferably returns a User if one is signed in
+        #
+        def devise_token_auth_group(group_name, opts={})
+          mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]"
+          class_eval <<-METHODS, __FILE__, __LINE__ + 1
+            def authenticate_#{group_name}!(favourite=nil, opts={})
+              unless #{group_name}_signed_in?
+                mappings = #{mappings}
+                mappings.unshift mappings.delete(favourite.to_sym) if favourite
+                mappings.each do |mapping|
+                  set_user_by_token(mapping)
+                end
+              end
+            end
+            def #{group_name}_signed_in?
+              #{mappings}.any? do |mapping|
+                set_user_by_token(mapping)
+              end
+            end
+            def current_#{group_name}(favourite=nil)
+              mappings = #{mappings}
+              mappings.unshift mappings.delete(favourite.to_sym) if favourite
+              mappings.each do |mapping|
+                current = set_user_by_token(mapping)
+                return current if current
+              end
+              nil
+            end
+            def current_#{group_name.to_s.pluralize}
+              #{mappings}.map do |mapping|
+                set_user_by_token(mapping)
+              end.compact
+            end
+            helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?"
+          METHODS
+        end
+        def log_process_action(payload)
+          payload[:status] ||= 401 unless payload[:exception]
+          super
+        end
+      end
+      # Define authentication filters and accessor helpers based on mappings.
+      # These filters should be used inside the controllers as before_filters,
+      # so you can control the scope of the user who should be signed in to
+      # access that specific controller/action.
+      # Example:
+      #
+      #   Roles:
+      #     User
+      #     Admin
+      #
+      #   Generated methods:
+      #     authenticate_user!  # Signs user in or 401
+      #     authenticate_admin! # Signs admin in or 401
+      #     user_signed_in?     # Checks whether there is a user signed in or not
+      #     admin_signed_in?    # Checks whether there is an admin signed in or not
+      #     current_user        # Current signed in user
+      #     current_admin       # Current signed in admin
+      #     user_session        # Session data available only to the user scope
+      #     admin_session       # Session data available only to the admin scope
+      #
+      #   Use:
+      #     before_filter :authenticate_user!  # Tell devise to use :user map
+      #     before_filter :authenticate_admin! # Tell devise to use :admin map
+      #
+      def self.define_helpers(mapping) #:nodoc:
+        mapping = mapping.name
+        class_eval <<-METHODS, __FILE__, __LINE__ + 1
+          def authenticate_#{mapping}!
+            unless current_#{mapping}
+              return render json: {
+                errors: ["Authorized users only."]
+              }, status: 401
+            end
+          end
+          def #{mapping}_signed_in?
+            !!current_#{mapping}
+          end
+          def current_#{mapping}
+            @current_#{mapping} ||= set_user_by_token(:#{mapping})
+          end
+          def #{mapping}_session
+            current_#{mapping} && warden.session(:#{mapping})
+          end
+        METHODS
+        ActiveSupport.on_load(:action_controller) do
+          helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session"
+        end
+      end
+    end
+  end
+end

data/lib/devise_token_auth/controllers/url_helpers.rb ADDED Viewed

@@ -0,0 +1,8 @@
+module DeviseTokenAuth
+  module Controllers
+    module UrlHelpers
+      def self.define_helpers(mapping)
+      end
+    end
+  end
+end

data/lib/devise_token_auth/engine.rb CHANGED Viewed

@@ -3,6 +3,10 @@ require 'devise_token_auth/rails/routes'
 module DeviseTokenAuth
   class Engine < ::Rails::Engine
     isolate_namespace DeviseTokenAuth
+    initializer "devise_token_auth.url_helpers" do
+      Devise.helpers << DeviseTokenAuth::Controllers::Helpers
+    end
   end
   mattr_accessor :change_headers_on_each_request,

data/lib/devise_token_auth/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module DeviseTokenAuth
-  VERSION = "0.1.28.beta6"
+  VERSION = "0.1.28.beta7"
 end

data/test/controllers/demo_group_controller_test.rb ADDED Viewed

@@ -0,0 +1,126 @@
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class DemoGroupControllerTest < ActionDispatch::IntegrationTest
+  describe DemoGroupController do
+    describe "Token access" do
+      before do
+        # user
+        @user = users(:confirmed_email_user)
+        @user.skip_confirmation!
+        @user.save!
+        @user_auth_headers = @user.create_new_auth_token
+        @user_token     = @user_auth_headers['access-token']
+        @user_client_id = @user_auth_headers['client']
+        @user_expiry    = @user_auth_headers['expiry']
+        # mang
+        @mang = mangs(:confirmed_email_user)
+        @mang.skip_confirmation!
+        @mang.save!
+        @mang_auth_headers = @mang.create_new_auth_token
+        @mang_token     = @mang_auth_headers['access-token']
+        @mang_client_id = @mang_auth_headers['client']
+        @mang_expiry    = @mang_auth_headers['expiry']
+      end
+      describe 'user access' do
+        before do
+          # ensure that request is not treated as batch request
+          age_token(@user, @user_client_id)
+          get '/demo/members_only_group', {}, @user_auth_headers
+          @resp_token       = response.headers['access-token']
+          @resp_client_id   = response.headers['client']
+          @resp_expiry      = response.headers['expiry']
+          @resp_uid         = response.headers['uid']
+        end
+        test 'request is successful' do
+          assert_equal 200, response.status
+        end
+        describe 'devise mappings' do
+          it 'should define current_user' do
+            assert_equal @user, @controller.current_user
+          end
+          it 'should define user_signed_in?' do
+            assert @controller.user_signed_in?
+          end
+          it 'should not define current_mang' do
+            refute_equal @user, @controller.current_mang
+          end
+          it 'should define current_member' do
+            assert_equal @user, @controller.current_member
+          end
+          it 'should define current_members' do
+            assert @controller.current_members.include? @user
+          end
+          it 'should define member_signed_in?' do
+            assert @controller.current_members.include? @user
+          end
+        end
+      end
+      describe 'mang access' do
+        before do
+          # ensure that request is not treated as batch request
+          age_token(@mang, @mang_client_id)
+          get '/demo/members_only_group', {}, @mang_auth_headers
+          @resp_token       = response.headers['access-token']
+          @resp_client_id   = response.headers['client']
+          @resp_expiry      = response.headers['expiry']
+          @resp_uid         = response.headers['uid']
+        end
+        test 'request is successful' do
+          assert_equal 200, response.status
+        end
+        describe 'devise mappings' do
+          it 'should define current_mang' do
+            assert_equal @mang, @controller.current_mang
+          end
+          it 'should define mang_signed_in?' do
+            assert @controller.mang_signed_in?
+          end
+          it 'should not define current_mang' do
+            refute_equal @mang, @controller.current_user
+          end
+          it 'should define current_member' do
+            assert_equal @mang, @controller.current_member
+          end
+          it 'should define current_members' do
+            assert @controller.current_members.include? @mang
+          end
+          it 'should define member_signed_in?' do
+            assert @controller.current_members.include? @mang
+          end
+        end
+      end
+    end
+  end
+end

data/test/controllers/{demo_controller_test.rb → demo_mang_controller_test.rb} RENAMED Viewed

@@ -6,11 +6,11 @@ require 'test_helper'
 #  was the correct object stored in the response?
 #  was the appropriate message delivered in the json payload?
-class DemoControllerTest < ActionController::TestCase
-  describe DemoController do
+class DemoMangControllerTest < ActionDispatch::IntegrationTest
+  describe DemoMangController do
     describe "Token access" do
       before do
-        @user = users(:confirmed_email_user)
+        @user = mangs(:confirmed_email_user)
         @user.skip_confirmation!
         @user.save!
@@ -26,8 +26,7 @@ class DemoControllerTest < ActionController::TestCase
           # ensure that request is not treated as batch request
           age_token(@user, @client_id)
-          request.headers.merge!(@auth_headers)
-          xhr :get, :members_only
+          get '/demo/members_only_mang', {}, @auth_headers
           @resp_token       = response.headers['access-token']
           @resp_client_id   = response.headers['client']
@@ -35,6 +34,20 @@ class DemoControllerTest < ActionController::TestCase
           @resp_uid         = response.headers['uid']
         end
+        describe 'devise mappings' do
+          it 'should define current_mang' do
+            assert_equal @user, @controller.current_mang
+          end
+          it 'should define mang_signed_in?' do
+            assert @controller.mang_signed_in?
+          end
+          it 'should not define current_user' do
+            refute_equal @user, @controller.current_user
+          end
+        end
         it 'should return success status' do
           assert_equal 200, response.status
         end
@@ -61,9 +74,7 @@ class DemoControllerTest < ActionController::TestCase
             # ensure that request is not treated as batch request
             age_token(@user, @client_id)
-            request.headers['access-token'] = @resp_token
-            xhr :get, :members_only
+            get '/demo/members_only_mang', {}, @auth_headers.merge({'access-token' => @resp_token})
           end
           it 'should not treat this request as a batch request' do
@@ -78,8 +89,7 @@ class DemoControllerTest < ActionController::TestCase
       describe 'failed request' do
         before do
-          request.headers['access-token'] = "bogus"
-          xhr :get, :members_only
+          get '/demo/members_only_mang', {}, @auth_headers.merge({'access-token' => "bogus"})
         end
         it 'should not return any auth headers' do
@@ -97,8 +107,7 @@ class DemoControllerTest < ActionController::TestCase
           @user.reload
           age_token(@user, @client_id)
-          request.headers.merge!(@auth_headers)
-          xhr :get, :members_only
+          get '/demo/members_only_mang', {}, @auth_headers
           @first_is_batch_request = assigns(:is_batch_request)
           @first_user = assigns(:user).dup
@@ -109,8 +118,7 @@ class DemoControllerTest < ActionController::TestCase
           age_token(@user, @client_id)
           # use expired auth header
-          request.headers.merge!(@auth_headers)
-          xhr :get, :members_only
+          get '/demo/members_only_mang', {}, @auth_headers
           @second_is_batch_request = assigns(:is_batch_request)
           @second_user = assigns(:user).dup
@@ -156,15 +164,15 @@ class DemoControllerTest < ActionController::TestCase
         describe 'success' do
           before do
             age_token(@user, @client_id)
+            #request.headers.merge!(@auth_headers)
-            request.headers.merge!(@auth_headers)
-            xhr :get, :members_only
+            get '/demo/members_only_mang', {}, @auth_headers
             @first_is_batch_request = assigns(:is_batch_request)
             @first_user = assigns(:user)
             @first_access_token = response.headers['access-token']
-            xhr :get, :members_only
+            get '/demo/members_only_mang', {}, @auth_headers
             @second_is_batch_request = assigns(:is_batch_request)
             @second_user = assigns(:user)
@@ -179,6 +187,10 @@ class DemoControllerTest < ActionController::TestCase
             refute @first_is_batch_request
           end
+          it 'should treat the second request as a batch request' do
+            assert @second_is_batch_request
+          end
           it 'should return access token for first (non-batch) request' do
             assert @first_access_token
           end
@@ -193,8 +205,7 @@ class DemoControllerTest < ActionController::TestCase
             @user.reload
             age_token(@user, @client_id)
-            request.headers.merge!(@auth_headers)
-            xhr :get, :members_only
+            get '/demo/members_only_mang', {}, @auth_headers
             @first_is_batch_request = assigns(:is_batch_request)
             @first_user = assigns(:user).dup
@@ -205,8 +216,7 @@ class DemoControllerTest < ActionController::TestCase
             age_token(@user, @client_id)
             # use expired auth header
-            request.headers.merge!(@auth_headers)
-            xhr :get, :members_only
+            get '/demo/members_only_mang', {}, @auth_headers
             @second_is_batch_request = assigns(:is_batch_request)
             @second_user = assigns(:user)
@@ -248,43 +258,6 @@ class DemoControllerTest < ActionController::TestCase
         end
       end
     end
-    # test with non-standard user class
-    describe "Alternate user class" do
-      setup do
-        @request.env['devise.mapping'] = Devise.mappings[:mang]
-      end
-      teardown do
-        @request.env['devise.mapping'] = Devise.mappings[:user]
-      end
-      before do
-        @user = mangs(:confirmed_email_user)
-        @user.skip_confirmation!
-        @user.save!
-        @auth_headers = @user.create_new_auth_token
-        @token     = @auth_headers['access-token']
-        @client_id = @auth_headers['client']
-        @expiry    = @auth_headers['expiry']
-        # ensure that request is not treated as batch request
-        age_token(@user, @client_id)
-        request.headers.merge!(@auth_headers)
-        xhr :get, :members_only
-        @resp_token       = response.headers['access-token']
-        @resp_client_id   = response.headers['client']
-        @resp_expiry      = response.headers['expiry']
-        @resp_uid         = response.headers['uid']
-      end
-      it 'should return success status' do
-        assert_equal 200, response.status
-      end
-    end
   end
 end