devise_token_auth 0.1.43 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +42 -895
- data/Rakefile +11 -4
- data/app/controllers/devise_token_auth/application_controller.rb +19 -8
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +26 -12
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +106 -85
- data/app/controllers/devise_token_auth/confirmations_controller.rb +73 -17
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +95 -51
- data/app/controllers/devise_token_auth/passwords_controller.rb +65 -57
- data/app/controllers/devise_token_auth/registrations_controller.rb +61 -61
- data/app/controllers/devise_token_auth/sessions_controller.rb +22 -18
- data/app/controllers/devise_token_auth/token_validations_controller.rb +5 -3
- data/app/controllers/devise_token_auth/unlocks_controller.rb +20 -16
- data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +92 -100
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +8 -3
- data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +5 -3
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/da-DK.yml +11 -9
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +10 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +4 -2
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +52 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth/blacklist.rb +6 -0
- data/lib/devise_token_auth/controllers/helpers.rb +21 -13
- data/lib/devise_token_auth/controllers/url_helpers.rb +2 -0
- data/lib/devise_token_auth/engine.rb +26 -14
- data/lib/devise_token_auth/errors.rb +8 -0
- data/lib/devise_token_auth/rails/routes.rb +37 -30
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +11 -4
- data/lib/devise_token_auth/version.rb +3 -1
- data/lib/devise_token_auth.rb +11 -5
- data/lib/generators/devise_token_auth/USAGE +2 -2
- data/lib/generators/devise_token_auth/install_generator.rb +36 -105
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/install_views_generator.rb +7 -5
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +12 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +8 -14
- data/lib/generators/devise_token_auth/templates/user.rb.erb +9 -0
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/lib/tasks/devise_token_auth_tasks.rake +2 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +5 -1
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +4 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +6 -2
- data/test/controllers/custom/custom_registrations_controller_test.rb +17 -8
- data/test/controllers/custom/custom_sessions_controller_test.rb +7 -5
- data/test/controllers/custom/custom_token_validations_controller_test.rb +5 -3
- data/test/controllers/demo_group_controller_test.rb +4 -6
- data/test/controllers/demo_mang_controller_test.rb +3 -3
- data/test/controllers/demo_user_controller_test.rb +53 -25
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +159 -25
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +117 -47
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +309 -126
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +65 -23
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +93 -61
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +18 -6
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +24 -5
- data/test/controllers/overrides/confirmations_controller_test.rb +6 -2
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +5 -1
- data/test/controllers/overrides/passwords_controller_test.rb +27 -29
- data/test/controllers/overrides/registrations_controller_test.rb +33 -27
- data/test/controllers/overrides/sessions_controller_test.rb +6 -4
- data/test/controllers/overrides/token_validations_controller_test.rb +5 -3
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/{models → active_record}/lockable_user.rb +2 -0
- data/test/dummy/app/{models → active_record}/mang.rb +2 -0
- data/test/dummy/app/{models → active_record}/only_email_user.rb +2 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +4 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +3 -2
- data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/application_controller.rb +2 -0
- data/test/dummy/app/controllers/auth_origin_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +2 -2
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/passwords_controller.rb +3 -4
- data/test/dummy/app/controllers/custom/registrations_controller.rb +3 -3
- data/test/dummy/app/controllers/custom/sessions_controller.rb +3 -3
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +3 -3
- data/test/dummy/app/controllers/demo_group_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +8 -6
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +5 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +10 -8
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +5 -3
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +12 -12
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +5 -5
- data/test/dummy/app/helpers/application_helper.rb +1029 -1036
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +8 -7
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +26 -3
- data/test/dummy/config/boot.rb +8 -2
- data/test/dummy/config/environment.rb +3 -1
- data/test/dummy/config/environments/development.rb +5 -13
- data/test/dummy/config/environments/production.rb +2 -16
- data/test/dummy/config/environments/test.rb +3 -1
- data/test/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +3 -1
- data/test/dummy/config/initializers/devise.rb +287 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +37 -4
- data/test/dummy/config/initializers/figaro.rb +3 -1
- data/test/dummy/config/initializers/filter_parameter_logging.rb +2 -0
- data/test/dummy/config/initializers/inflections.rb +2 -0
- data/test/dummy/config/initializers/mime_types.rb +2 -0
- data/test/dummy/config/initializers/omniauth.rb +5 -2
- data/test/dummy/config/initializers/session_store.rb +2 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/test/dummy/config/routes.rb +14 -29
- data/test/dummy/config/spring.rb +2 -0
- data/test/dummy/config.ru +5 -3
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +9 -14
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +8 -13
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +2 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +2 -0
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +6 -11
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +8 -13
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +8 -13
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +8 -13
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +8 -13
- data/test/dummy/{tmp/generators/db/migrate/20171014052631_devise_token_auth_create_users.rb → db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb} +8 -14
- data/test/dummy/db/schema.rb +11 -71
- data/test/dummy/lib/migration_database_helper.rb +15 -1
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +6 -0
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +56 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +12 -0
- data/test/factories/users.rb +41 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +9 -7
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +67 -37
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +3 -1
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +2 -8
- data/test/models/user_test.rb +18 -79
- data/test/support/controllers/routes.rb +43 -0
- data/test/test_helper.rb +83 -26
- metadata +153 -44
- data/config/initializers/devise.rb +0 -196
- data/lib/generators/devise_token_auth/templates/user.rb +0 -7
- data/test/dummy/app/models/evil_user.rb +0 -3
- data/test/dummy/app/models/nice_user.rb +0 -7
- data/test/dummy/app/models/unregisterable_user.rb +0 -7
- data/test/dummy/config/initializers/assets.rb +0 -8
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +0 -64
- data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +0 -61
- data/test/dummy/tmp/generators/app/models/user.rb +0 -11
- data/test/integration/navigation_test.rb +0 -10
@@ -0,0 +1,126 @@
|
|
1
|
+
require 'bcrypt'
|
2
|
+
|
3
|
+
module DeviseTokenAuth
|
4
|
+
# A token management factory which allow generate token objects and check them.
|
5
|
+
module TokenFactory
|
6
|
+
# For BCrypt::Password class see:
|
7
|
+
# https://github.com/codahale/bcrypt-ruby/blob/master/lib/bcrypt/password.rb
|
8
|
+
|
9
|
+
# Creates a token instance. Takes an optional client, lifespan and cost options.
|
10
|
+
# Example:
|
11
|
+
# DeviseTokenAuth::TokenFactory.create
|
12
|
+
# => #<struct DeviseTokenAuth::TokenFactory::Token client="tElcgkdZ7f9XEa0unZhrYQ", token="rAMcWOs0-mGHFMnIgJD2cA", token_hash="$2a$10$wrsdlHVRGlYW11wfImxU..jr0Ux3bHo/qbXcSfgp8zmvVUNHosita", expiry=1518982690>
|
13
|
+
#
|
14
|
+
# DeviseTokenAuth::TokenFactory.create(lifespan: 10, cost: 4)
|
15
|
+
# => #<struct DeviseTokenAuth::TokenFactory::Token client="5qleT7_t9JPVcX9xmxkVYA", token="RBXX43u4xXNSO-fr2N_4pA", token_hash="$2a$04$9gpCaoFbu2dUKxU3qiTgluHX7jj9UzS.jq1QW0EkQmoaxARo1WxTy", expiry=1517773268>
|
16
|
+
def self.create(client: nil, lifespan: nil, cost: nil)
|
17
|
+
# obj_client = client.nil? ? client() : client
|
18
|
+
obj_client = client || client()
|
19
|
+
obj_token = token
|
20
|
+
obj_token_hash = token_hash(obj_token, cost)
|
21
|
+
obj_expiry = expiry(lifespan)
|
22
|
+
|
23
|
+
Token.new(obj_client, obj_token, obj_token_hash, obj_expiry)
|
24
|
+
end
|
25
|
+
|
26
|
+
# Generates a random URL-safe client.
|
27
|
+
# Example:
|
28
|
+
# DeviseTokenAuth::TokenFactory.client
|
29
|
+
# => "zNf0pNP5iGfuBItZJGCseQ"
|
30
|
+
def self.client
|
31
|
+
secure_string
|
32
|
+
end
|
33
|
+
|
34
|
+
# Generates a random URL-safe token.
|
35
|
+
# Example:
|
36
|
+
# DeviseTokenAuth::TokenFactory.token
|
37
|
+
# => "6Bqs4K9x8ChLmZogvruF3A"
|
38
|
+
def self.token
|
39
|
+
secure_string
|
40
|
+
end
|
41
|
+
|
42
|
+
# Returns token hash for a token with given cost. If no cost value is specified,
|
43
|
+
# the default value is used. The possible cost value is within range from 4 to 31.
|
44
|
+
# It is recommended to not use a value more than 10.
|
45
|
+
# Example:
|
46
|
+
# DeviseTokenAuth::TokenFactory.token_hash("_qxAxmc-biQLiYRHsmwd5Q")
|
47
|
+
# => "$2a$10$6/cTAtQ3CBLfpkeHW7dlt.PD2aVCbFRN5vDDJUUhGsZ6pzYFlh4Me"
|
48
|
+
#
|
49
|
+
# DeviseTokenAuth::TokenFactory.token_hash("_qxAxmc-biQLiYRHsmwd5Q", 4)
|
50
|
+
# => "$2a$04$RkIrosbdRtuet2eUk3si8eS4ufeNpiPc/rSSsfpniRK8ogM5YFOWS"
|
51
|
+
def self.token_hash(token, cost = nil)
|
52
|
+
cost ||= DeviseTokenAuth.token_cost
|
53
|
+
BCrypt::Password.create(token, cost: cost)
|
54
|
+
end
|
55
|
+
|
56
|
+
# Returns the value of time as an integer number of seconds. Takes one argument.
|
57
|
+
# Example:
|
58
|
+
# DeviseTokenAuth::TokenFactory.expiry
|
59
|
+
# => 1518983359
|
60
|
+
# DeviseTokenAuth::TokenFactory.expiry(10)
|
61
|
+
# => 1517773781
|
62
|
+
def self.expiry(lifespan = nil)
|
63
|
+
lifespan ||= DeviseTokenAuth.token_lifespan
|
64
|
+
(Time.zone.now + lifespan).to_i
|
65
|
+
end
|
66
|
+
|
67
|
+
# Generates a random URL-safe string.
|
68
|
+
# Example:
|
69
|
+
# DeviseTokenAuth::TokenFactory.secure_string
|
70
|
+
# => "ADBoIaqXsEDnxIpOuumrTA"
|
71
|
+
def self.secure_string
|
72
|
+
# https://ruby-doc.org/stdlib-2.5.0/libdoc/securerandom/rdoc/Random/Formatter.html#method-i-urlsafe_base64
|
73
|
+
SecureRandom.urlsafe_base64
|
74
|
+
end
|
75
|
+
|
76
|
+
# Returns true if token hash is a valid token hash.
|
77
|
+
# Example:
|
78
|
+
# token_hash = "$2a$10$ArjX0tskRIa5Z/Tmapy59OCiAXLStfhrCiaDz.8fCb6hnX1gJ0p/2"
|
79
|
+
# DeviseTokenAuth::TokenFactory.valid_token_hash?(token_hash)
|
80
|
+
# => true
|
81
|
+
def self.valid_token_hash?(token_hash)
|
82
|
+
!!BCrypt::Password.valid_hash?(token_hash)
|
83
|
+
end
|
84
|
+
|
85
|
+
# Compares a potential token against the token hash. Returns true if the token is the original token, false otherwise.
|
86
|
+
# Example:
|
87
|
+
# token = "4wZ9gcc900rMQD1McpcSNA"
|
88
|
+
# token_hash = "$2a$10$ArjX0tskRIa5Z/Tmapy59OCiAXLStfhrCiaDz.8fCb6hnX1gJ0p/2"
|
89
|
+
# DeviseTokenAuth::TokenFactory.token_hash_is_token?(token_hash, token)
|
90
|
+
# => true
|
91
|
+
def self.token_hash_is_token?(token_hash, token)
|
92
|
+
BCrypt::Password.new(token_hash).is_password?(token)
|
93
|
+
rescue StandardError
|
94
|
+
false
|
95
|
+
end
|
96
|
+
|
97
|
+
# Creates a token instance with instance variables equal nil.
|
98
|
+
# Example:
|
99
|
+
# DeviseTokenAuth::TokenFactory.new
|
100
|
+
# => #<struct DeviseTokenAuth::TokenFactory::Token client=nil, token=nil, token_hash=nil, expiry=nil>
|
101
|
+
def self.new
|
102
|
+
Token.new
|
103
|
+
end
|
104
|
+
|
105
|
+
Token = Struct.new(:client, :token, :token_hash, :expiry) do
|
106
|
+
# Sets all instance variables of the token to nil. It is faster than creating new empty token.
|
107
|
+
# Example:
|
108
|
+
# token.clear!
|
109
|
+
# => true
|
110
|
+
# token
|
111
|
+
# => #<struct DeviseTokenAuth::TokenFactory::Token client=nil, token=nil, token_hash=nil, expiry=nil>
|
112
|
+
def clear!
|
113
|
+
size.times { |i| self[i] = nil }
|
114
|
+
true
|
115
|
+
end
|
116
|
+
|
117
|
+
# Checks token attribute presence
|
118
|
+
# Example:
|
119
|
+
# token.present?
|
120
|
+
# => true
|
121
|
+
def present?
|
122
|
+
token.present?
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module DeviseTokenAuth::Url
|
2
4
|
|
3
5
|
def self.generate(url, params = {})
|
@@ -5,19 +7,24 @@ module DeviseTokenAuth::Url
|
|
5
7
|
|
6
8
|
res = "#{uri.scheme}://#{uri.host}"
|
7
9
|
res += ":#{uri.port}" if (uri.port && uri.port != 80 && uri.port != 443)
|
8
|
-
res +=
|
10
|
+
res += uri.path.to_s if uri.path
|
9
11
|
query = [uri.query, params.to_query].reject(&:blank?).join('&')
|
10
12
|
res += "?#{query}"
|
11
13
|
res += "##{uri.fragment}" if uri.fragment
|
14
|
+
# repeat any query params after the fragment to deal with Angular eating any pre fragment query params, used
|
15
|
+
# in the reset password redirect url
|
16
|
+
res += "?#{query}" if uri.fragment
|
12
17
|
|
13
|
-
|
18
|
+
res
|
14
19
|
end
|
15
20
|
|
16
21
|
def self.whitelisted?(url)
|
17
|
-
url.nil? ||
|
22
|
+
url.nil? || \
|
23
|
+
!!DeviseTokenAuth.redirect_whitelist.find do |pattern|
|
24
|
+
!!Wildcat.new(pattern).match(url)
|
25
|
+
end
|
18
26
|
end
|
19
27
|
|
20
|
-
|
21
28
|
# wildcard convenience class
|
22
29
|
class Wildcat
|
23
30
|
def self.parse_to_regex(str)
|
data/lib/devise_token_auth.rb
CHANGED
@@ -1,8 +1,14 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
require "devise_token_auth/controllers/url_helpers"
|
5
|
-
require "devise_token_auth/url"
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'devise'
|
6
4
|
|
7
5
|
module DeviseTokenAuth
|
8
6
|
end
|
7
|
+
|
8
|
+
require 'devise_token_auth/engine'
|
9
|
+
require 'devise_token_auth/controllers/helpers'
|
10
|
+
require 'devise_token_auth/controllers/url_helpers'
|
11
|
+
require 'devise_token_auth/url'
|
12
|
+
require 'devise_token_auth/errors'
|
13
|
+
require 'devise_token_auth/blacklist'
|
14
|
+
require 'devise_token_auth/token_factory'
|
@@ -8,14 +8,14 @@ Arguments:
|
|
8
8
|
# 'User'
|
9
9
|
MOUNT_PATH # The path at which to mount the authentication routes. Default is
|
10
10
|
# 'auth'. More detail documentation is here:
|
11
|
-
# https://
|
11
|
+
# https://devise-token-auth.gitbook.io/devise-token-auth/usage
|
12
12
|
|
13
13
|
Example:
|
14
14
|
rails generate devise_token_auth:install User auth
|
15
15
|
|
16
16
|
This will create:
|
17
17
|
config/initializers/devise_token_auth.rb
|
18
|
-
db/migrate/<%= Time.now.utc.strftime("%Y%m%d%H%M%S") %>_create_devise_token_auth_create_users.rb
|
18
|
+
db/migrate/<%= Time.zone.now.utc.strftime("%Y%m%d%H%M%S") %>_create_devise_token_auth_create_users.rb
|
19
19
|
app/models/user.rb
|
20
20
|
|
21
21
|
If 'app/models/user.rb' already exists, the following line will be inserted
|
@@ -1,132 +1,50 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'install_generator_helpers'
|
4
|
+
|
1
5
|
module DeviseTokenAuth
|
2
6
|
class InstallGenerator < Rails::Generators::Base
|
3
7
|
include Rails::Generators::Migration
|
8
|
+
include DeviseTokenAuth::InstallGeneratorHelpers
|
4
9
|
|
5
|
-
|
6
|
-
|
7
|
-
argument :user_class, type: :string, default: "User"
|
8
|
-
argument :mount_path, type: :string, default: 'auth'
|
9
|
-
|
10
|
-
def create_initializer_file
|
11
|
-
copy_file("devise_token_auth.rb", "config/initializers/devise_token_auth.rb")
|
12
|
-
end
|
10
|
+
class_option :primary_key_type, type: :string, desc: 'The type for primary key'
|
13
11
|
|
14
12
|
def copy_migrations
|
15
|
-
if self.class.migration_exists?(
|
16
|
-
say_status(
|
13
|
+
if self.class.migration_exists?('db/migrate', "devise_token_auth_create_#{user_class.pluralize.gsub('::','').underscore}")
|
14
|
+
say_status('skipped', "Migration 'devise_token_auth_create_#{user_class.pluralize.gsub('::','').underscore}' already exists")
|
17
15
|
else
|
18
16
|
migration_template(
|
19
|
-
|
20
|
-
"db/migrate/devise_token_auth_create_#{
|
17
|
+
'devise_token_auth_create_users.rb.erb',
|
18
|
+
"db/migrate/devise_token_auth_create_#{user_class.pluralize.gsub('::','').underscore}.rb"
|
21
19
|
)
|
22
20
|
end
|
23
21
|
end
|
24
22
|
|
25
23
|
def create_user_model
|
26
|
-
fname = "app/models/#{
|
27
|
-
unless File.exist?(File.join(destination_root, fname))
|
28
|
-
template("user.rb", fname)
|
29
|
-
else
|
30
|
-
inclusion = "include DeviseTokenAuth::Concerns::User"
|
31
|
-
unless parse_file_for_line(fname, inclusion)
|
32
|
-
|
33
|
-
active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
|
34
|
-
inject_into_file fname, after: "class #{user_class} < #{active_record_needle}\n" do <<-'RUBY'
|
35
|
-
# Include default devise modules.
|
36
|
-
devise :database_authenticatable, :registerable,
|
37
|
-
:recoverable, :rememberable, :trackable, :validatable,
|
38
|
-
:confirmable, :omniauthable
|
39
|
-
include DeviseTokenAuth::Concerns::User
|
40
|
-
RUBY
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
def include_controller_concerns
|
47
|
-
fname = "app/controllers/application_controller.rb"
|
48
|
-
line = "include DeviseTokenAuth::Concerns::SetUserByToken"
|
49
|
-
|
24
|
+
fname = "app/models/#{user_class.underscore}.rb"
|
50
25
|
if File.exist?(File.join(destination_root, fname))
|
51
|
-
|
52
|
-
|
53
|
-
elsif is_rails_api?
|
54
|
-
inject_into_file fname, after: "class ApplicationController < ActionController::API\n" do <<-'RUBY'
|
55
|
-
include DeviseTokenAuth::Concerns::SetUserByToken
|
56
|
-
RUBY
|
57
|
-
end
|
58
|
-
else
|
59
|
-
inject_into_file fname, after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
|
60
|
-
include DeviseTokenAuth::Concerns::SetUserByToken
|
61
|
-
RUBY
|
62
|
-
end
|
63
|
-
end
|
64
|
-
else
|
65
|
-
say_status("skipped", "app/controllers/application_controller.rb not found. Add 'include DeviseTokenAuth::Concerns::SetUserByToken' to any controllers that require authentication.")
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
def add_route_mount
|
70
|
-
f = "config/routes.rb"
|
71
|
-
str = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
|
72
|
-
|
73
|
-
if File.exist?(File.join(destination_root, f))
|
74
|
-
line = parse_file_for_line(f, "mount_devise_token_auth_for")
|
75
|
-
|
76
|
-
unless line
|
77
|
-
line = "Rails.application.routes.draw do"
|
78
|
-
existing_user_class = false
|
79
|
-
else
|
80
|
-
existing_user_class = true
|
81
|
-
end
|
26
|
+
inclusion = 'include DeviseTokenAuth::Concerns::User'
|
27
|
+
unless parse_file_for_line(fname, inclusion)
|
82
28
|
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
" # Define routes for #{user_class} within this block.\n"+
|
92
|
-
" end\n"
|
93
|
-
insert_after_line(f, str, scoped_routes)
|
29
|
+
active_record_needle = (Rails::VERSION::MAJOR >= 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
|
30
|
+
inject_into_file fname, after: "class #{user_class} < #{active_record_needle}\n" do <<-'RUBY'
|
31
|
+
# Include default devise modules.
|
32
|
+
devise :database_authenticatable, :registerable,
|
33
|
+
:recoverable, :rememberable, :trackable, :validatable,
|
34
|
+
:confirmable, :omniauthable
|
35
|
+
include DeviseTokenAuth::Concerns::User
|
36
|
+
RUBY
|
94
37
|
end
|
95
38
|
end
|
96
39
|
else
|
97
|
-
|
40
|
+
template('user.rb.erb', fname)
|
98
41
|
end
|
99
42
|
end
|
100
43
|
|
101
44
|
private
|
102
45
|
|
103
46
|
def self.next_migration_number(path)
|
104
|
-
Time.now.utc.strftime(
|
105
|
-
end
|
106
|
-
|
107
|
-
def insert_after_line(filename, line, str)
|
108
|
-
gsub_file filename, /(#{Regexp.escape(line)})/mi do |match|
|
109
|
-
"#{match}\n #{str}"
|
110
|
-
end
|
111
|
-
end
|
112
|
-
|
113
|
-
def parse_file_for_line(filename, str)
|
114
|
-
match = false
|
115
|
-
|
116
|
-
File.open(File.join(destination_root, filename)) do |f|
|
117
|
-
f.each_line do |line|
|
118
|
-
if line =~ /(#{Regexp.escape(str)})/mi
|
119
|
-
match = line
|
120
|
-
end
|
121
|
-
end
|
122
|
-
end
|
123
|
-
match
|
124
|
-
end
|
125
|
-
|
126
|
-
def is_rails_api?
|
127
|
-
fname = "app/controllers/application_controller.rb"
|
128
|
-
line = "class ApplicationController < ActionController::API"
|
129
|
-
parse_file_for_line(fname, line)
|
47
|
+
Time.zone.now.utc.strftime('%Y%m%d%H%M%S')
|
130
48
|
end
|
131
49
|
|
132
50
|
def json_supported_database?
|
@@ -156,5 +74,18 @@ module DeviseTokenAuth
|
|
156
74
|
def database_version
|
157
75
|
ActiveRecord::Base.connection.select_value('SELECT VERSION()')
|
158
76
|
end
|
77
|
+
|
78
|
+
def rails_5_or_newer?
|
79
|
+
Rails::VERSION::MAJOR >= 5
|
80
|
+
end
|
81
|
+
|
82
|
+
def primary_key_type
|
83
|
+
primary_key_string if rails_5_or_newer?
|
84
|
+
end
|
85
|
+
|
86
|
+
def primary_key_string
|
87
|
+
key_string = options[:primary_key_type]
|
88
|
+
", id: :#{key_string}" if key_string
|
89
|
+
end
|
159
90
|
end
|
160
91
|
end
|
@@ -0,0 +1,98 @@
|
|
1
|
+
module DeviseTokenAuth
|
2
|
+
module InstallGeneratorHelpers
|
3
|
+
class << self
|
4
|
+
def included(mod)
|
5
|
+
mod.class_eval do
|
6
|
+
source_root File.expand_path('templates', __dir__)
|
7
|
+
|
8
|
+
argument :user_class, type: :string, default: 'User'
|
9
|
+
argument :mount_path, type: :string, default: 'auth'
|
10
|
+
|
11
|
+
def create_initializer_file
|
12
|
+
copy_file('devise_token_auth.rb', 'config/initializers/devise_token_auth.rb')
|
13
|
+
end
|
14
|
+
|
15
|
+
def include_controller_concerns
|
16
|
+
fname = 'app/controllers/application_controller.rb'
|
17
|
+
line = 'include DeviseTokenAuth::Concerns::SetUserByToken'
|
18
|
+
|
19
|
+
if File.exist?(File.join(destination_root, fname))
|
20
|
+
if parse_file_for_line(fname, line)
|
21
|
+
say_status('skipped', 'Concern is already included in the application controller.')
|
22
|
+
elsif is_rails_api?
|
23
|
+
inject_into_file fname, after: "class ApplicationController < ActionController::API\n" do <<-'RUBY'
|
24
|
+
include DeviseTokenAuth::Concerns::SetUserByToken
|
25
|
+
RUBY
|
26
|
+
end
|
27
|
+
else
|
28
|
+
inject_into_file fname, after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
|
29
|
+
include DeviseTokenAuth::Concerns::SetUserByToken
|
30
|
+
RUBY
|
31
|
+
end
|
32
|
+
end
|
33
|
+
else
|
34
|
+
say_status('skipped', "app/controllers/application_controller.rb not found. Add 'include DeviseTokenAuth::Concerns::SetUserByToken' to any controllers that require authentication.")
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
def add_route_mount
|
39
|
+
f = 'config/routes.rb'
|
40
|
+
str = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
|
41
|
+
|
42
|
+
if File.exist?(File.join(destination_root, f))
|
43
|
+
line = parse_file_for_line(f, 'mount_devise_token_auth_for')
|
44
|
+
|
45
|
+
if line
|
46
|
+
existing_user_class = true
|
47
|
+
else
|
48
|
+
line = 'Rails.application.routes.draw do'
|
49
|
+
existing_user_class = false
|
50
|
+
end
|
51
|
+
|
52
|
+
if parse_file_for_line(f, str)
|
53
|
+
say_status('skipped', "Routes already exist for #{user_class} at #{mount_path}")
|
54
|
+
else
|
55
|
+
insert_after_line(f, line, str)
|
56
|
+
|
57
|
+
if existing_user_class
|
58
|
+
scoped_routes = ''\
|
59
|
+
"as :#{user_class.underscore} do\n"\
|
60
|
+
" # Define routes for #{user_class} within this block.\n"\
|
61
|
+
" end\n"
|
62
|
+
insert_after_line(f, str, scoped_routes)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
else
|
66
|
+
say_status('skipped', "config/routes.rb not found. Add \"mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'\" to your routes file.")
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
private
|
71
|
+
|
72
|
+
def insert_after_line(filename, line, str)
|
73
|
+
gsub_file filename, /(#{Regexp.escape(line)})/mi do |match|
|
74
|
+
"#{match}\n #{str}"
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
def parse_file_for_line(filename, str)
|
79
|
+
match = false
|
80
|
+
|
81
|
+
File.open(File.join(destination_root, filename)) do |f|
|
82
|
+
f.each_line do |line|
|
83
|
+
match = line if line =~ /(#{Regexp.escape(str)})/mi
|
84
|
+
end
|
85
|
+
end
|
86
|
+
match
|
87
|
+
end
|
88
|
+
|
89
|
+
def is_rails_api?
|
90
|
+
fname = 'app/controllers/application_controller.rb'
|
91
|
+
line = 'class ApplicationController < ActionController::API'
|
92
|
+
parse_file_for_line(fname, line)
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'install_generator_helpers'
|
4
|
+
|
5
|
+
module DeviseTokenAuth
|
6
|
+
class InstallMongoidGenerator < Rails::Generators::Base
|
7
|
+
include DeviseTokenAuth::InstallGeneratorHelpers
|
8
|
+
|
9
|
+
def create_user_model
|
10
|
+
fname = "app/models/#{user_class.underscore}.rb"
|
11
|
+
if File.exist?(File.join(destination_root, fname))
|
12
|
+
inclusion = 'include DeviseTokenAuth::Concerns::User'
|
13
|
+
unless parse_file_for_line(fname, inclusion)
|
14
|
+
inject_into_file fname, before: /end\s\z/ do <<-'RUBY'
|
15
|
+
|
16
|
+
include Mongoid::Locker
|
17
|
+
|
18
|
+
field :locker_locked_at, type: Time
|
19
|
+
field :locker_locked_until, type: Time
|
20
|
+
|
21
|
+
locker locked_at_field: :locker_locked_at,
|
22
|
+
locked_until_field: :locker_locked_until
|
23
|
+
|
24
|
+
## Required
|
25
|
+
field :provider, type: String
|
26
|
+
field :uid, type: String, default: ''
|
27
|
+
|
28
|
+
## Tokens
|
29
|
+
field :tokens, type: Hash, default: {}
|
30
|
+
|
31
|
+
# Include default devise modules. Others available are:
|
32
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
33
|
+
devise :database_authenticatable, :registerable,
|
34
|
+
:recoverable, :rememberable, :validatable
|
35
|
+
include DeviseTokenAuth::Concerns::User
|
36
|
+
|
37
|
+
index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
|
38
|
+
RUBY
|
39
|
+
end
|
40
|
+
end
|
41
|
+
else
|
42
|
+
template('user_mongoid.rb.erb', fname)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -1,15 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module DeviseTokenAuth
|
2
4
|
class InstallViewsGenerator < Rails::Generators::Base
|
3
|
-
source_root File.expand_path('
|
5
|
+
source_root File.expand_path('../../../app/views/devise/mailer', __dir__)
|
4
6
|
|
5
7
|
def copy_mailer_templates
|
6
8
|
copy_file(
|
7
|
-
|
8
|
-
|
9
|
+
'confirmation_instructions.html.erb',
|
10
|
+
'app/views/devise/mailer/confirmation_instructions.html.erb'
|
9
11
|
)
|
10
12
|
copy_file(
|
11
|
-
|
12
|
-
|
13
|
+
'reset_password_instructions.html.erb',
|
14
|
+
'app/views/devise/mailer/reset_password_instructions.html.erb'
|
13
15
|
)
|
14
16
|
end
|
15
17
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
DeviseTokenAuth.setup do |config|
|
2
4
|
# By default the authorization headers will change after each request. The
|
3
5
|
# client is responsible for keeping track of the changing tokens. Change
|
@@ -9,6 +11,11 @@ DeviseTokenAuth.setup do |config|
|
|
9
11
|
# determines how long tokens will remain valid after they are issued.
|
10
12
|
# config.token_lifespan = 2.weeks
|
11
13
|
|
14
|
+
# Limiting the token_cost to just 4 in testing will increase the performance of
|
15
|
+
# your test suite dramatically. The possible cost value is within range from 4
|
16
|
+
# to 31. It is recommended to not use a value more than 10 in other environments.
|
17
|
+
config.token_cost = Rails.env.test? ? 4 : 10
|
18
|
+
|
12
19
|
# Sets the max number of concurrent devices per user, which is 10 by default.
|
13
20
|
# After this limit is reached, the oldest tokens will be removed.
|
14
21
|
# config.max_number_of_devices = 10
|
@@ -45,4 +52,9 @@ DeviseTokenAuth.setup do |config|
|
|
45
52
|
# If, however, you wish to integrate with legacy Devise authentication, you can
|
46
53
|
# do so by enabling this flag. NOTE: This feature is highly experimental!
|
47
54
|
# config.enable_standard_devise_support = false
|
55
|
+
|
56
|
+
# By default DeviseTokenAuth will not send confirmation email, even when including
|
57
|
+
# devise confirmable module. If you want to use devise confirmable module and
|
58
|
+
# send email, set it to true. (This is a setting for compatibility)
|
59
|
+
# config.send_confirmation_email = true
|
48
60
|
end
|
@@ -1,6 +1,7 @@
|
|
1
|
-
class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration<%= "[#{Rails::VERSION::STRING[0..2]}]" if Rails::VERSION::MAJOR > 4 %>
|
1
|
+
class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRecord::Migration<%= "[#{Rails::VERSION::STRING[0..2]}]" if Rails::VERSION::MAJOR > 4 %>
|
2
2
|
def change
|
3
|
-
|
3
|
+
<% table_name = @user_class.pluralize.gsub("::","").underscore %>
|
4
|
+
create_table(:<%= table_name %><%= primary_key_type %>) do |t|
|
4
5
|
## Required
|
5
6
|
t.string :provider, :null => false, :default => "email"
|
6
7
|
t.string :uid, :null => false, :default => ""
|
@@ -16,13 +17,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
|
|
16
17
|
## Rememberable
|
17
18
|
t.datetime :remember_created_at
|
18
19
|
|
19
|
-
## Trackable
|
20
|
-
t.integer :sign_in_count, :default => 0, :null => false
|
21
|
-
t.datetime :current_sign_in_at
|
22
|
-
t.datetime :last_sign_in_at
|
23
|
-
t.string :current_sign_in_ip
|
24
|
-
t.string :last_sign_in_ip
|
25
|
-
|
26
20
|
## Confirmable
|
27
21
|
t.string :confirmation_token
|
28
22
|
t.datetime :confirmed_at
|
@@ -46,10 +40,10 @@ class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
|
|
46
40
|
t.timestamps
|
47
41
|
end
|
48
42
|
|
49
|
-
add_index :<%=
|
50
|
-
add_index :<%=
|
51
|
-
add_index :<%=
|
52
|
-
add_index :<%=
|
53
|
-
# add_index :<%=
|
43
|
+
add_index :<%= table_name %>, :email, unique: true
|
44
|
+
add_index :<%= table_name %>, [:uid, :provider], unique: true
|
45
|
+
add_index :<%= table_name %>, :reset_password_token, unique: true
|
46
|
+
add_index :<%= table_name %>, :confirmation_token, unique: true
|
47
|
+
# add_index :<%= table_name %>, :unlock_token, unique: true
|
54
48
|
end
|
55
49
|
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= user_class %> < ActiveRecord::Base
|
4
|
+
# Include default devise modules. Others available are:
|
5
|
+
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
|
6
|
+
devise :database_authenticatable, :registerable,
|
7
|
+
:recoverable, :rememberable, :validatable
|
8
|
+
include DeviseTokenAuth::Concerns::User
|
9
|
+
end
|