devise_token_auth 0.1.28.beta6 → 0.1.28.beta7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +75 -20
- data/app/controllers/devise_token_auth/application_controller.rb +12 -0
- data/app/controllers/devise_token_auth/auth_controller.rb +1 -2
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +26 -10
- data/app/controllers/devise_token_auth/confirmations_controller.rb +1 -3
- data/app/controllers/devise_token_auth/passwords_controller.rb +11 -15
- data/app/controllers/devise_token_auth/registrations_controller.rb +16 -14
- data/app/controllers/devise_token_auth/sessions_controller.rb +2 -6
- data/app/models/devise_token_auth/concerns/user.rb +49 -1
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/config/initializers/devise.rb +9 -0
- data/lib/devise_token_auth.rb +2 -0
- data/lib/devise_token_auth/controllers/helpers.rb +129 -0
- data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
- data/lib/devise_token_auth/engine.rb +4 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/test/controllers/demo_group_controller_test.rb +126 -0
- data/test/controllers/{demo_controller_test.rb → demo_mang_controller_test.rb} +32 -59
- data/test/controllers/demo_user_controller_test.rb +262 -0
- data/test/controllers/devise_token_auth/auth_controller_test.rb +1 -1
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +19 -6
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +35 -7
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +61 -8
- data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +12 -0
- data/test/dummy/config/routes.rb +6 -5
- data/test/dummy/db/development.sqlite3 +0 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
- data/test/dummy/db/schema.rb +2 -3
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/development.log +3977 -0
- data/test/dummy/log/test.log +165539 -0
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +8 -0
- data/test/dummy/tmp/generators/app/models/user.rb +0 -4
- data/test/dummy/tmp/generators/db/migrate/{20140916215707_devise_token_auth_create_users.rb → 20140922164332_devise_token_auth_create_users.rb} +0 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +2 -2
- data/test/models/user_test.rb +0 -12
- data/test/test_helper.rb +9 -9
- metadata +22 -8
- data/test/dummy/app/controllers/demo_controller.rb +0 -16
@@ -2,4 +2,4 @@
|
|
2
2
|
|
3
3
|
<p>You can confirm your account email through the link below:</p>
|
4
4
|
|
5
|
-
<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>
|
5
|
+
<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']) %></p>
|
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
<p>Someone has requested a link to change your password. You can do this through the link below.</p>
|
4
4
|
|
5
|
-
<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token, redirect_url:
|
5
|
+
<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s) %></p>
|
6
6
|
|
7
7
|
<p>If you didn't request this, please ignore this email.</p>
|
8
8
|
<p>Your password won't change until you access the link above and create a new one.</p>
|
data/lib/devise_token_auth.rb
CHANGED
@@ -0,0 +1,129 @@
|
|
1
|
+
module DeviseTokenAuth
|
2
|
+
module Controllers
|
3
|
+
module Helpers
|
4
|
+
extend ActiveSupport::Concern
|
5
|
+
|
6
|
+
module ClassMethods
|
7
|
+
# Define authentication filters and accessor helpers for a group of mappings.
|
8
|
+
# These methods are useful when you are working with multiple mappings that
|
9
|
+
# share some functionality. They are pretty much the same as the ones
|
10
|
+
# defined for normal mappings.
|
11
|
+
#
|
12
|
+
# Example:
|
13
|
+
#
|
14
|
+
# inside BlogsController (or any other controller, it doesn't matter which):
|
15
|
+
# devise_group :blogger, contains: [:user, :admin]
|
16
|
+
#
|
17
|
+
# Generated methods:
|
18
|
+
# authenticate_blogger! # Redirects unless user or admin are signed in
|
19
|
+
# blogger_signed_in? # Checks whether there is either a user or an admin signed in
|
20
|
+
# current_blogger # Currently signed in user or admin
|
21
|
+
# current_bloggers # Currently signed in user and admin
|
22
|
+
#
|
23
|
+
# Use:
|
24
|
+
# before_filter :authenticate_blogger! # Redirects unless either a user or an admin are authenticated
|
25
|
+
# before_filter ->{ authenticate_blogger! :admin } # Redirects to the admin login page
|
26
|
+
# current_blogger :user # Preferably returns a User if one is signed in
|
27
|
+
#
|
28
|
+
def devise_token_auth_group(group_name, opts={})
|
29
|
+
mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]"
|
30
|
+
|
31
|
+
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
32
|
+
def authenticate_#{group_name}!(favourite=nil, opts={})
|
33
|
+
unless #{group_name}_signed_in?
|
34
|
+
mappings = #{mappings}
|
35
|
+
mappings.unshift mappings.delete(favourite.to_sym) if favourite
|
36
|
+
mappings.each do |mapping|
|
37
|
+
set_user_by_token(mapping)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def #{group_name}_signed_in?
|
43
|
+
#{mappings}.any? do |mapping|
|
44
|
+
set_user_by_token(mapping)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
def current_#{group_name}(favourite=nil)
|
49
|
+
mappings = #{mappings}
|
50
|
+
mappings.unshift mappings.delete(favourite.to_sym) if favourite
|
51
|
+
mappings.each do |mapping|
|
52
|
+
current = set_user_by_token(mapping)
|
53
|
+
return current if current
|
54
|
+
end
|
55
|
+
nil
|
56
|
+
end
|
57
|
+
|
58
|
+
def current_#{group_name.to_s.pluralize}
|
59
|
+
#{mappings}.map do |mapping|
|
60
|
+
set_user_by_token(mapping)
|
61
|
+
end.compact
|
62
|
+
end
|
63
|
+
|
64
|
+
helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?"
|
65
|
+
METHODS
|
66
|
+
end
|
67
|
+
|
68
|
+
def log_process_action(payload)
|
69
|
+
payload[:status] ||= 401 unless payload[:exception]
|
70
|
+
super
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
# Define authentication filters and accessor helpers based on mappings.
|
75
|
+
# These filters should be used inside the controllers as before_filters,
|
76
|
+
# so you can control the scope of the user who should be signed in to
|
77
|
+
# access that specific controller/action.
|
78
|
+
# Example:
|
79
|
+
#
|
80
|
+
# Roles:
|
81
|
+
# User
|
82
|
+
# Admin
|
83
|
+
#
|
84
|
+
# Generated methods:
|
85
|
+
# authenticate_user! # Signs user in or 401
|
86
|
+
# authenticate_admin! # Signs admin in or 401
|
87
|
+
# user_signed_in? # Checks whether there is a user signed in or not
|
88
|
+
# admin_signed_in? # Checks whether there is an admin signed in or not
|
89
|
+
# current_user # Current signed in user
|
90
|
+
# current_admin # Current signed in admin
|
91
|
+
# user_session # Session data available only to the user scope
|
92
|
+
# admin_session # Session data available only to the admin scope
|
93
|
+
#
|
94
|
+
# Use:
|
95
|
+
# before_filter :authenticate_user! # Tell devise to use :user map
|
96
|
+
# before_filter :authenticate_admin! # Tell devise to use :admin map
|
97
|
+
#
|
98
|
+
def self.define_helpers(mapping) #:nodoc:
|
99
|
+
mapping = mapping.name
|
100
|
+
|
101
|
+
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
102
|
+
def authenticate_#{mapping}!
|
103
|
+
unless current_#{mapping}
|
104
|
+
return render json: {
|
105
|
+
errors: ["Authorized users only."]
|
106
|
+
}, status: 401
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
110
|
+
def #{mapping}_signed_in?
|
111
|
+
!!current_#{mapping}
|
112
|
+
end
|
113
|
+
|
114
|
+
def current_#{mapping}
|
115
|
+
@current_#{mapping} ||= set_user_by_token(:#{mapping})
|
116
|
+
end
|
117
|
+
|
118
|
+
def #{mapping}_session
|
119
|
+
current_#{mapping} && warden.session(:#{mapping})
|
120
|
+
end
|
121
|
+
METHODS
|
122
|
+
|
123
|
+
ActiveSupport.on_load(:action_controller) do
|
124
|
+
helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session"
|
125
|
+
end
|
126
|
+
end
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
@@ -3,6 +3,10 @@ require 'devise_token_auth/rails/routes'
|
|
3
3
|
module DeviseTokenAuth
|
4
4
|
class Engine < ::Rails::Engine
|
5
5
|
isolate_namespace DeviseTokenAuth
|
6
|
+
|
7
|
+
initializer "devise_token_auth.url_helpers" do
|
8
|
+
Devise.helpers << DeviseTokenAuth::Controllers::Helpers
|
9
|
+
end
|
6
10
|
end
|
7
11
|
|
8
12
|
mattr_accessor :change_headers_on_each_request,
|
@@ -0,0 +1,126 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
# was the web request successful?
|
4
|
+
# was the user redirected to the right page?
|
5
|
+
# was the user successfully authenticated?
|
6
|
+
# was the correct object stored in the response?
|
7
|
+
# was the appropriate message delivered in the json payload?
|
8
|
+
|
9
|
+
class DemoGroupControllerTest < ActionDispatch::IntegrationTest
|
10
|
+
describe DemoGroupController do
|
11
|
+
describe "Token access" do
|
12
|
+
before do
|
13
|
+
# user
|
14
|
+
@user = users(:confirmed_email_user)
|
15
|
+
@user.skip_confirmation!
|
16
|
+
@user.save!
|
17
|
+
|
18
|
+
@user_auth_headers = @user.create_new_auth_token
|
19
|
+
|
20
|
+
@user_token = @user_auth_headers['access-token']
|
21
|
+
@user_client_id = @user_auth_headers['client']
|
22
|
+
@user_expiry = @user_auth_headers['expiry']
|
23
|
+
|
24
|
+
# mang
|
25
|
+
@mang = mangs(:confirmed_email_user)
|
26
|
+
@mang.skip_confirmation!
|
27
|
+
@mang.save!
|
28
|
+
|
29
|
+
@mang_auth_headers = @mang.create_new_auth_token
|
30
|
+
|
31
|
+
@mang_token = @mang_auth_headers['access-token']
|
32
|
+
@mang_client_id = @mang_auth_headers['client']
|
33
|
+
@mang_expiry = @mang_auth_headers['expiry']
|
34
|
+
end
|
35
|
+
|
36
|
+
describe 'user access' do
|
37
|
+
before do
|
38
|
+
# ensure that request is not treated as batch request
|
39
|
+
age_token(@user, @user_client_id)
|
40
|
+
|
41
|
+
get '/demo/members_only_group', {}, @user_auth_headers
|
42
|
+
|
43
|
+
@resp_token = response.headers['access-token']
|
44
|
+
@resp_client_id = response.headers['client']
|
45
|
+
@resp_expiry = response.headers['expiry']
|
46
|
+
@resp_uid = response.headers['uid']
|
47
|
+
end
|
48
|
+
|
49
|
+
test 'request is successful' do
|
50
|
+
assert_equal 200, response.status
|
51
|
+
end
|
52
|
+
|
53
|
+
describe 'devise mappings' do
|
54
|
+
it 'should define current_user' do
|
55
|
+
assert_equal @user, @controller.current_user
|
56
|
+
end
|
57
|
+
|
58
|
+
it 'should define user_signed_in?' do
|
59
|
+
assert @controller.user_signed_in?
|
60
|
+
end
|
61
|
+
|
62
|
+
it 'should not define current_mang' do
|
63
|
+
refute_equal @user, @controller.current_mang
|
64
|
+
end
|
65
|
+
|
66
|
+
it 'should define current_member' do
|
67
|
+
assert_equal @user, @controller.current_member
|
68
|
+
end
|
69
|
+
|
70
|
+
it 'should define current_members' do
|
71
|
+
assert @controller.current_members.include? @user
|
72
|
+
end
|
73
|
+
|
74
|
+
it 'should define member_signed_in?' do
|
75
|
+
assert @controller.current_members.include? @user
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
describe 'mang access' do
|
81
|
+
before do
|
82
|
+
# ensure that request is not treated as batch request
|
83
|
+
age_token(@mang, @mang_client_id)
|
84
|
+
|
85
|
+
get '/demo/members_only_group', {}, @mang_auth_headers
|
86
|
+
|
87
|
+
@resp_token = response.headers['access-token']
|
88
|
+
@resp_client_id = response.headers['client']
|
89
|
+
@resp_expiry = response.headers['expiry']
|
90
|
+
@resp_uid = response.headers['uid']
|
91
|
+
end
|
92
|
+
|
93
|
+
test 'request is successful' do
|
94
|
+
assert_equal 200, response.status
|
95
|
+
end
|
96
|
+
|
97
|
+
describe 'devise mappings' do
|
98
|
+
it 'should define current_mang' do
|
99
|
+
assert_equal @mang, @controller.current_mang
|
100
|
+
end
|
101
|
+
|
102
|
+
it 'should define mang_signed_in?' do
|
103
|
+
assert @controller.mang_signed_in?
|
104
|
+
end
|
105
|
+
|
106
|
+
it 'should not define current_mang' do
|
107
|
+
refute_equal @mang, @controller.current_user
|
108
|
+
end
|
109
|
+
|
110
|
+
it 'should define current_member' do
|
111
|
+
assert_equal @mang, @controller.current_member
|
112
|
+
end
|
113
|
+
|
114
|
+
it 'should define current_members' do
|
115
|
+
assert @controller.current_members.include? @mang
|
116
|
+
end
|
117
|
+
|
118
|
+
it 'should define member_signed_in?' do
|
119
|
+
assert @controller.current_members.include? @mang
|
120
|
+
end
|
121
|
+
end
|
122
|
+
end
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
@@ -6,11 +6,11 @@ require 'test_helper'
|
|
6
6
|
# was the correct object stored in the response?
|
7
7
|
# was the appropriate message delivered in the json payload?
|
8
8
|
|
9
|
-
class
|
10
|
-
describe
|
9
|
+
class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
10
|
+
describe DemoMangController do
|
11
11
|
describe "Token access" do
|
12
12
|
before do
|
13
|
-
@user =
|
13
|
+
@user = mangs(:confirmed_email_user)
|
14
14
|
@user.skip_confirmation!
|
15
15
|
@user.save!
|
16
16
|
|
@@ -26,8 +26,7 @@ class DemoControllerTest < ActionController::TestCase
|
|
26
26
|
# ensure that request is not treated as batch request
|
27
27
|
age_token(@user, @client_id)
|
28
28
|
|
29
|
-
|
30
|
-
xhr :get, :members_only
|
29
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
31
30
|
|
32
31
|
@resp_token = response.headers['access-token']
|
33
32
|
@resp_client_id = response.headers['client']
|
@@ -35,6 +34,20 @@ class DemoControllerTest < ActionController::TestCase
|
|
35
34
|
@resp_uid = response.headers['uid']
|
36
35
|
end
|
37
36
|
|
37
|
+
describe 'devise mappings' do
|
38
|
+
it 'should define current_mang' do
|
39
|
+
assert_equal @user, @controller.current_mang
|
40
|
+
end
|
41
|
+
|
42
|
+
it 'should define mang_signed_in?' do
|
43
|
+
assert @controller.mang_signed_in?
|
44
|
+
end
|
45
|
+
|
46
|
+
it 'should not define current_user' do
|
47
|
+
refute_equal @user, @controller.current_user
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
38
51
|
it 'should return success status' do
|
39
52
|
assert_equal 200, response.status
|
40
53
|
end
|
@@ -61,9 +74,7 @@ class DemoControllerTest < ActionController::TestCase
|
|
61
74
|
# ensure that request is not treated as batch request
|
62
75
|
age_token(@user, @client_id)
|
63
76
|
|
64
|
-
|
65
|
-
|
66
|
-
xhr :get, :members_only
|
77
|
+
get '/demo/members_only_mang', {}, @auth_headers.merge({'access-token' => @resp_token})
|
67
78
|
end
|
68
79
|
|
69
80
|
it 'should not treat this request as a batch request' do
|
@@ -78,8 +89,7 @@ class DemoControllerTest < ActionController::TestCase
|
|
78
89
|
|
79
90
|
describe 'failed request' do
|
80
91
|
before do
|
81
|
-
|
82
|
-
xhr :get, :members_only
|
92
|
+
get '/demo/members_only_mang', {}, @auth_headers.merge({'access-token' => "bogus"})
|
83
93
|
end
|
84
94
|
|
85
95
|
it 'should not return any auth headers' do
|
@@ -97,8 +107,7 @@ class DemoControllerTest < ActionController::TestCase
|
|
97
107
|
@user.reload
|
98
108
|
age_token(@user, @client_id)
|
99
109
|
|
100
|
-
|
101
|
-
xhr :get, :members_only
|
110
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
102
111
|
|
103
112
|
@first_is_batch_request = assigns(:is_batch_request)
|
104
113
|
@first_user = assigns(:user).dup
|
@@ -109,8 +118,7 @@ class DemoControllerTest < ActionController::TestCase
|
|
109
118
|
age_token(@user, @client_id)
|
110
119
|
|
111
120
|
# use expired auth header
|
112
|
-
|
113
|
-
xhr :get, :members_only
|
121
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
114
122
|
|
115
123
|
@second_is_batch_request = assigns(:is_batch_request)
|
116
124
|
@second_user = assigns(:user).dup
|
@@ -156,15 +164,15 @@ class DemoControllerTest < ActionController::TestCase
|
|
156
164
|
describe 'success' do
|
157
165
|
before do
|
158
166
|
age_token(@user, @client_id)
|
167
|
+
#request.headers.merge!(@auth_headers)
|
159
168
|
|
160
|
-
|
161
|
-
xhr :get, :members_only
|
169
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
162
170
|
|
163
171
|
@first_is_batch_request = assigns(:is_batch_request)
|
164
172
|
@first_user = assigns(:user)
|
165
173
|
@first_access_token = response.headers['access-token']
|
166
174
|
|
167
|
-
|
175
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
168
176
|
|
169
177
|
@second_is_batch_request = assigns(:is_batch_request)
|
170
178
|
@second_user = assigns(:user)
|
@@ -179,6 +187,10 @@ class DemoControllerTest < ActionController::TestCase
|
|
179
187
|
refute @first_is_batch_request
|
180
188
|
end
|
181
189
|
|
190
|
+
it 'should treat the second request as a batch request' do
|
191
|
+
assert @second_is_batch_request
|
192
|
+
end
|
193
|
+
|
182
194
|
it 'should return access token for first (non-batch) request' do
|
183
195
|
assert @first_access_token
|
184
196
|
end
|
@@ -193,8 +205,7 @@ class DemoControllerTest < ActionController::TestCase
|
|
193
205
|
@user.reload
|
194
206
|
age_token(@user, @client_id)
|
195
207
|
|
196
|
-
|
197
|
-
xhr :get, :members_only
|
208
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
198
209
|
|
199
210
|
@first_is_batch_request = assigns(:is_batch_request)
|
200
211
|
@first_user = assigns(:user).dup
|
@@ -205,8 +216,7 @@ class DemoControllerTest < ActionController::TestCase
|
|
205
216
|
age_token(@user, @client_id)
|
206
217
|
|
207
218
|
# use expired auth header
|
208
|
-
|
209
|
-
xhr :get, :members_only
|
219
|
+
get '/demo/members_only_mang', {}, @auth_headers
|
210
220
|
|
211
221
|
@second_is_batch_request = assigns(:is_batch_request)
|
212
222
|
@second_user = assigns(:user)
|
@@ -248,43 +258,6 @@ class DemoControllerTest < ActionController::TestCase
|
|
248
258
|
end
|
249
259
|
end
|
250
260
|
end
|
251
|
-
|
252
|
-
# test with non-standard user class
|
253
|
-
describe "Alternate user class" do
|
254
|
-
setup do
|
255
|
-
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
256
|
-
end
|
257
|
-
|
258
|
-
teardown do
|
259
|
-
@request.env['devise.mapping'] = Devise.mappings[:user]
|
260
|
-
end
|
261
|
-
|
262
|
-
before do
|
263
|
-
@user = mangs(:confirmed_email_user)
|
264
|
-
@user.skip_confirmation!
|
265
|
-
@user.save!
|
266
|
-
|
267
|
-
@auth_headers = @user.create_new_auth_token
|
268
|
-
|
269
|
-
@token = @auth_headers['access-token']
|
270
|
-
@client_id = @auth_headers['client']
|
271
|
-
@expiry = @auth_headers['expiry']
|
272
|
-
|
273
|
-
# ensure that request is not treated as batch request
|
274
|
-
age_token(@user, @client_id)
|
275
|
-
|
276
|
-
request.headers.merge!(@auth_headers)
|
277
|
-
xhr :get, :members_only
|
278
|
-
|
279
|
-
@resp_token = response.headers['access-token']
|
280
|
-
@resp_client_id = response.headers['client']
|
281
|
-
@resp_expiry = response.headers['expiry']
|
282
|
-
@resp_uid = response.headers['uid']
|
283
|
-
end
|
284
|
-
|
285
|
-
it 'should return success status' do
|
286
|
-
assert_equal 200, response.status
|
287
|
-
end
|
288
|
-
end
|
289
261
|
end
|
290
262
|
end
|
263
|
+
|