RubyGems - devise_token_auth - Versions diffs - 0.1.28.beta6 → 0.1.28.beta7 - Mend

devise_token_auth 0.1.28.beta6 → 0.1.28.beta7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

data/app/views/devise/mailer/confirmation_instructions.html.erb CHANGED Viewed

@@ -2,4 +2,4 @@
 <p>You can confirm your account email through the link below:</p>
-<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']) %></p>

data/app/views/devise/mailer/reset_password_instructions.html.erb CHANGED Viewed

@@ -2,7 +2,7 @@
 <p>Someone has requested a link to change your password. You can do this through the link below.</p>
-<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token, redirect_url: @resource.reset_password_redirect_url) %></p>
+<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s) %></p>
 <p>If you didn't request this, please ignore this email.</p>
 <p>Your password won't change until you access the link above and create a new one.</p>

data/config/initializers/devise.rb CHANGED Viewed

@@ -201,3 +201,12 @@ Devise.setup do |config|
     end
   end
 end
+#module Devise::Mailers::Helpers
+  #protected
+  #def headers_for
+  #end
+#end

data/lib/devise_token_auth.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 require "devise"
 require "devise_token_auth/engine"
+require "devise_token_auth/controllers/helpers"
+require "devise_token_auth/controllers/url_helpers"
 module DeviseTokenAuth
 end

data/lib/devise_token_auth/controllers/helpers.rb ADDED Viewed

@@ -0,0 +1,129 @@
+module DeviseTokenAuth
+  module Controllers
+    module Helpers
+      extend ActiveSupport::Concern
+      module ClassMethods
+        # Define authentication filters and accessor helpers for a group of mappings.
+        # These methods are useful when you are working with multiple mappings that
+        # share some functionality. They are pretty much the same as the ones
+        # defined for normal mappings.
+        #
+        # Example:
+        #
+        #   inside BlogsController (or any other controller, it doesn't matter which):
+        #     devise_group :blogger, contains: [:user, :admin]
+        #
+        #   Generated methods:
+        #     authenticate_blogger!  # Redirects unless user or admin are signed in
+        #     blogger_signed_in?     # Checks whether there is either a user or an admin signed in
+        #     current_blogger        # Currently signed in user or admin
+        #     current_bloggers       # Currently signed in user and admin
+        #
+        #   Use:
+        #     before_filter :authenticate_blogger!              # Redirects unless either a user or an admin are authenticated
+        #     before_filter ->{ authenticate_blogger! :admin }  # Redirects to the admin login page
+        #     current_blogger :user                             # Preferably returns a User if one is signed in
+        #
+        def devise_token_auth_group(group_name, opts={})
+          mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]"
+          class_eval <<-METHODS, __FILE__, __LINE__ + 1
+            def authenticate_#{group_name}!(favourite=nil, opts={})
+              unless #{group_name}_signed_in?
+                mappings = #{mappings}
+                mappings.unshift mappings.delete(favourite.to_sym) if favourite
+                mappings.each do |mapping|
+                  set_user_by_token(mapping)
+                end
+              end
+            end
+            def #{group_name}_signed_in?
+              #{mappings}.any? do |mapping|
+                set_user_by_token(mapping)
+              end
+            end
+            def current_#{group_name}(favourite=nil)
+              mappings = #{mappings}
+              mappings.unshift mappings.delete(favourite.to_sym) if favourite
+              mappings.each do |mapping|
+                current = set_user_by_token(mapping)
+                return current if current
+              end
+              nil
+            end
+            def current_#{group_name.to_s.pluralize}
+              #{mappings}.map do |mapping|
+                set_user_by_token(mapping)
+              end.compact
+            end
+            helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?"
+          METHODS
+        end
+        def log_process_action(payload)
+          payload[:status] ||= 401 unless payload[:exception]
+          super
+        end
+      end
+      # Define authentication filters and accessor helpers based on mappings.
+      # These filters should be used inside the controllers as before_filters,
+      # so you can control the scope of the user who should be signed in to
+      # access that specific controller/action.
+      # Example:
+      #
+      #   Roles:
+      #     User
+      #     Admin
+      #
+      #   Generated methods:
+      #     authenticate_user!  # Signs user in or 401
+      #     authenticate_admin! # Signs admin in or 401
+      #     user_signed_in?     # Checks whether there is a user signed in or not
+      #     admin_signed_in?    # Checks whether there is an admin signed in or not
+      #     current_user        # Current signed in user
+      #     current_admin       # Current signed in admin
+      #     user_session        # Session data available only to the user scope
+      #     admin_session       # Session data available only to the admin scope
+      #
+      #   Use:
+      #     before_filter :authenticate_user!  # Tell devise to use :user map
+      #     before_filter :authenticate_admin! # Tell devise to use :admin map
+      #
+      def self.define_helpers(mapping) #:nodoc:
+        mapping = mapping.name
+        class_eval <<-METHODS, __FILE__, __LINE__ + 1
+          def authenticate_#{mapping}!
+            unless current_#{mapping}
+              return render json: {
+                errors: ["Authorized users only."]
+              }, status: 401
+            end
+          end
+          def #{mapping}_signed_in?
+            !!current_#{mapping}
+          end
+          def current_#{mapping}
+            @current_#{mapping} ||= set_user_by_token(:#{mapping})
+          end
+          def #{mapping}_session
+            current_#{mapping} && warden.session(:#{mapping})
+          end
+        METHODS
+        ActiveSupport.on_load(:action_controller) do
+          helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session"
+        end
+      end
+    end
+  end
+end

data/lib/devise_token_auth/controllers/url_helpers.rb ADDED Viewed

@@ -0,0 +1,8 @@
+module DeviseTokenAuth
+  module Controllers
+    module UrlHelpers
+      def self.define_helpers(mapping)
+      end
+    end
+  end
+end

data/lib/devise_token_auth/engine.rb CHANGED Viewed

@@ -3,6 +3,10 @@ require 'devise_token_auth/rails/routes'
 module DeviseTokenAuth
   class Engine < ::Rails::Engine
     isolate_namespace DeviseTokenAuth
+    initializer "devise_token_auth.url_helpers" do
+      Devise.helpers << DeviseTokenAuth::Controllers::Helpers
+    end
   end
   mattr_accessor :change_headers_on_each_request,

data/lib/devise_token_auth/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module DeviseTokenAuth
-  VERSION = "0.1.28.beta6"
+  VERSION = "0.1.28.beta7"
 end

data/test/controllers/demo_group_controller_test.rb ADDED Viewed

@@ -0,0 +1,126 @@
+require 'test_helper'
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+class DemoGroupControllerTest < ActionDispatch::IntegrationTest
+  describe DemoGroupController do
+    describe "Token access" do
+      before do
+        # user
+        @user = users(:confirmed_email_user)
+        @user.skip_confirmation!
+        @user.save!
+        @user_auth_headers = @user.create_new_auth_token
+        @user_token     = @user_auth_headers['access-token']
+        @user_client_id = @user_auth_headers['client']
+        @user_expiry    = @user_auth_headers['expiry']
+        # mang
+        @mang = mangs(:confirmed_email_user)
+        @mang.skip_confirmation!
+        @mang.save!
+        @mang_auth_headers = @mang.create_new_auth_token
+        @mang_token     = @mang_auth_headers['access-token']
+        @mang_client_id = @mang_auth_headers['client']
+        @mang_expiry    = @mang_auth_headers['expiry']
+      end
+      describe 'user access' do
+        before do
+          # ensure that request is not treated as batch request
+          age_token(@user, @user_client_id)
+          get '/demo/members_only_group', {}, @user_auth_headers
+          @resp_token       = response.headers['access-token']
+          @resp_client_id   = response.headers['client']
+          @resp_expiry      = response.headers['expiry']
+          @resp_uid         = response.headers['uid']
+        end
+        test 'request is successful' do
+          assert_equal 200, response.status
+        end
+        describe 'devise mappings' do
+          it 'should define current_user' do
+            assert_equal @user, @controller.current_user
+          end
+          it 'should define user_signed_in?' do
+            assert @controller.user_signed_in?
+          end
+          it 'should not define current_mang' do
+            refute_equal @user, @controller.current_mang
+          end
+          it 'should define current_member' do
+            assert_equal @user, @controller.current_member
+          end
+          it 'should define current_members' do
+            assert @controller.current_members.include? @user
+          end
+          it 'should define member_signed_in?' do
+            assert @controller.current_members.include? @user
+          end
+        end
+      end
+      describe 'mang access' do
+        before do
+          # ensure that request is not treated as batch request
+          age_token(@mang, @mang_client_id)
+          get '/demo/members_only_group', {}, @mang_auth_headers
+          @resp_token       = response.headers['access-token']
+          @resp_client_id   = response.headers['client']
+          @resp_expiry      = response.headers['expiry']
+          @resp_uid         = response.headers['uid']
+        end
+        test 'request is successful' do
+          assert_equal 200, response.status
+        end
+        describe 'devise mappings' do
+          it 'should define current_mang' do
+            assert_equal @mang, @controller.current_mang
+          end
+          it 'should define mang_signed_in?' do
+            assert @controller.mang_signed_in?
+          end
+          it 'should not define current_mang' do
+            refute_equal @mang, @controller.current_user
+          end
+          it 'should define current_member' do
+            assert_equal @mang, @controller.current_member
+          end
+          it 'should define current_members' do
+            assert @controller.current_members.include? @mang
+          end
+          it 'should define member_signed_in?' do
+            assert @controller.current_members.include? @mang
+          end
+        end
+      end
+    end
+  end
+end

data/test/controllers/{demo_controller_test.rb → demo_mang_controller_test.rb} RENAMED Viewed

@@ -6,11 +6,11 @@ require 'test_helper'
 #  was the correct object stored in the response?
 #  was the appropriate message delivered in the json payload?
-class DemoControllerTest < ActionController::TestCase
-  describe DemoController do
+class DemoMangControllerTest < ActionDispatch::IntegrationTest
+  describe DemoMangController do
     describe "Token access" do
       before do
-        @user = users(:confirmed_email_user)
+        @user = mangs(:confirmed_email_user)
         @user.skip_confirmation!
         @user.save!
@@ -26,8 +26,7 @@ class DemoControllerTest < ActionController::TestCase
           # ensure that request is not treated as batch request
           age_token(@user, @client_id)
-          request.headers.merge!(@auth_headers)
-          xhr :get, :members_only
+          get '/demo/members_only_mang', {}, @auth_headers
           @resp_token       = response.headers['access-token']
           @resp_client_id   = response.headers['client']
@@ -35,6 +34,20 @@ class DemoControllerTest < ActionController::TestCase
           @resp_uid         = response.headers['uid']
         end
+        describe 'devise mappings' do
+          it 'should define current_mang' do
+            assert_equal @user, @controller.current_mang
+          end
+          it 'should define mang_signed_in?' do
+            assert @controller.mang_signed_in?
+          end
+          it 'should not define current_user' do
+            refute_equal @user, @controller.current_user
+          end
+        end
         it 'should return success status' do
           assert_equal 200, response.status
         end
@@ -61,9 +74,7 @@ class DemoControllerTest < ActionController::TestCase
             # ensure that request is not treated as batch request
             age_token(@user, @client_id)
-            request.headers['access-token'] = @resp_token
-            xhr :get, :members_only
+            get '/demo/members_only_mang', {}, @auth_headers.merge({'access-token' => @resp_token})
           end
           it 'should not treat this request as a batch request' do
@@ -78,8 +89,7 @@ class DemoControllerTest < ActionController::TestCase
       describe 'failed request' do
         before do
-          request.headers['access-token'] = "bogus"
-          xhr :get, :members_only
+          get '/demo/members_only_mang', {}, @auth_headers.merge({'access-token' => "bogus"})
         end
         it 'should not return any auth headers' do
@@ -97,8 +107,7 @@ class DemoControllerTest < ActionController::TestCase
           @user.reload
           age_token(@user, @client_id)
-          request.headers.merge!(@auth_headers)
-          xhr :get, :members_only
+          get '/demo/members_only_mang', {}, @auth_headers
           @first_is_batch_request = assigns(:is_batch_request)
           @first_user = assigns(:user).dup
@@ -109,8 +118,7 @@ class DemoControllerTest < ActionController::TestCase
           age_token(@user, @client_id)
           # use expired auth header
-          request.headers.merge!(@auth_headers)
-          xhr :get, :members_only
+          get '/demo/members_only_mang', {}, @auth_headers
           @second_is_batch_request = assigns(:is_batch_request)
           @second_user = assigns(:user).dup
@@ -156,15 +164,15 @@ class DemoControllerTest < ActionController::TestCase
         describe 'success' do
           before do
             age_token(@user, @client_id)
+            #request.headers.merge!(@auth_headers)
-            request.headers.merge!(@auth_headers)
-            xhr :get, :members_only
+            get '/demo/members_only_mang', {}, @auth_headers
             @first_is_batch_request = assigns(:is_batch_request)
             @first_user = assigns(:user)
             @first_access_token = response.headers['access-token']
-            xhr :get, :members_only
+            get '/demo/members_only_mang', {}, @auth_headers
             @second_is_batch_request = assigns(:is_batch_request)
             @second_user = assigns(:user)
@@ -179,6 +187,10 @@ class DemoControllerTest < ActionController::TestCase
             refute @first_is_batch_request
           end
+          it 'should treat the second request as a batch request' do
+            assert @second_is_batch_request
+          end
           it 'should return access token for first (non-batch) request' do
             assert @first_access_token
           end
@@ -193,8 +205,7 @@ class DemoControllerTest < ActionController::TestCase
             @user.reload
             age_token(@user, @client_id)
-            request.headers.merge!(@auth_headers)
-            xhr :get, :members_only
+            get '/demo/members_only_mang', {}, @auth_headers
             @first_is_batch_request = assigns(:is_batch_request)
             @first_user = assigns(:user).dup
@@ -205,8 +216,7 @@ class DemoControllerTest < ActionController::TestCase
             age_token(@user, @client_id)
             # use expired auth header
-            request.headers.merge!(@auth_headers)
-            xhr :get, :members_only
+            get '/demo/members_only_mang', {}, @auth_headers
             @second_is_batch_request = assigns(:is_batch_request)
             @second_user = assigns(:user)
@@ -248,43 +258,6 @@ class DemoControllerTest < ActionController::TestCase
         end
       end
     end
-    # test with non-standard user class
-    describe "Alternate user class" do
-      setup do
-        @request.env['devise.mapping'] = Devise.mappings[:mang]
-      end
-      teardown do
-        @request.env['devise.mapping'] = Devise.mappings[:user]
-      end
-      before do
-        @user = mangs(:confirmed_email_user)
-        @user.skip_confirmation!
-        @user.save!
-        @auth_headers = @user.create_new_auth_token
-        @token     = @auth_headers['access-token']
-        @client_id = @auth_headers['client']
-        @expiry    = @auth_headers['expiry']
-        # ensure that request is not treated as batch request
-        age_token(@user, @client_id)
-        request.headers.merge!(@auth_headers)
-        xhr :get, :members_only
-        @resp_token       = response.headers['access-token']
-        @resp_client_id   = response.headers['client']
-        @resp_expiry      = response.headers['expiry']
-        @resp_uid         = response.headers['uid']
-      end
-      it 'should return success status' do
-        assert_equal 200, response.status
-      end
-    end
   end
 end