devise_token_auth 1.0.0 → 1.2.1

data/config/locales/ro.yml

@@ -14,6 +14,8 @@ ro:
       account_with_uid_destroyed: "Contul cu UID '%{uid}' a fost șters."
       account_to_destroy_not_found: "Nu se poate localiza contul pentru ștergere."
       user_not_found: "Utilizatorul nu a fost găsit."
+    omniauth:
+      not_allowed_redirect_url: "Redirecționarea către '%{redirect_url}' nu este permisă."
     passwords:
       missing_email: "Trebuie să introduci o adresă de e-mail."
       missing_redirect_url: "URL-ul pentru redirecționare lipsește."

data/config/locales/ru.yml

@@ -14,6 +14,8 @@ ru:
       account_with_uid_destroyed: "Учетная запись с uid '%{uid}' удалена."
       account_to_destroy_not_found: "Не удается найти учетную запись для удаления."
       user_not_found: "Пользователь не найден."
+    omniauth:
+      not_allowed_redirect_url: "Переадресация на '%{redirect_url}' не разрешена."
     passwords:
       missing_email: "Вы должны указать адрес электронной почты."
       missing_redirect_url: "Отсутствует адрес переадресации."

data/config/locales/sq.yml

@@ -14,6 +14,8 @@ sq:
       account_with_uid_destroyed: "Llogaria me UID-në '%{uid}' është fshirë."
       account_to_destroy_not_found: "Nuk u gjet llogaria për fshirje."
       user_not_found: "Përdoruesi nuk u gjet."
+    omniauth:
+      not_allowed_redirect_url: "Nuk lejohet shkuarja tek URL-ja '%{redirect_url}'."
     passwords:
       missing_email: "Ju duhet të jepni një email adresë."
       missing_redirect_url: "Mungon URL-ja për ridërgim."

data/config/locales/sv.yml

@@ -14,6 +14,8 @@ sv:
       account_with_uid_destroyed: "Kontot med UID '%{uid}' har tagits bort."
       account_to_destroy_not_found: "Kunde inte hitta kontot för borttagning."
       user_not_found: "Användaren hittades ej."
+    omniauth:
+      not_allowed_redirect_url: "Omdirigering till '%{redirect_url}' ej tillåten."
     passwords:
       missing_email: "Du måste ange en emailadress."
       missing_redirect_url: "Saknar en omdirigerings-URL."

data/config/locales/uk.yml

@@ -14,6 +14,8 @@ uk:
       account_with_uid_destroyed: "Акаунт з UID '%{uid}' було видалено."
       account_to_destroy_not_found: "Неможливо знайти акаунт для видалення."
       user_not_found: "Користувача не знайдено"
+    omniauth:
+      not_allowed_redirect_url: "Перенаправлення до '%{redirect_url}' не дозволено."
     passwords:
       missing_email: "Ви маєте ввести email адресу."
       missing_redirect_url: "Немає URL для перенаправлення."

data/config/locales/vi.yml

@@ -14,6 +14,8 @@ vi:
       account_with_uid_destroyed: "Tài khoản với UID '%{uid}' vừa bị phá hủy."
       account_to_destroy_not_found: "Không thể xác định tài khoản cho việc phá hủy."
       user_not_found: "Người dùng không tìm thấy."
+    omniauth:
+      not_allowed_redirect_url: "Chuyển hướng tới '%{redirect_url}' không được phép."
     passwords:
       missing_email: "Bạn cần cung cấp địa chỉ email."
       missing_redirect_url: "Thiếu đường đẫn URL."

data/config/locales/zh-CN.yml

@@ -14,6 +14,8 @@ zh-CN:
       account_with_uid_destroyed: "账号 '%{uid}' 已被移除。"
       account_to_destroy_not_found: "无法找到目标帐号。"
       user_not_found: "找不到帐号。"
+    omniauth:
+      not_allowed_redirect_url: "不支持转向到 '%{redirect_url}'"
     passwords:
       missing_email: "必需提供邮箱。"
       missing_redirect_url: "欠缺 redirect URL."

data/config/locales/zh-HK.yml

@@ -16,6 +16,8 @@ zh-TW:
       account_with_uid_destroyed: "帳號 '%{uid}' 已被移除。"
       account_to_destroy_not_found: "無法找到目標帳號。"
       user_not_found: "找不到帳號。"
+    omniauth:
+      not_allowed_redirect_url: "不支援轉向到 '%{redirect_url}'"
     passwords:
       missing_email: "必需提供電郵。"
       missing_redirect_url: "欠缺 redirect URL."

data/config/locales/zh-TW.yml

@@ -16,6 +16,8 @@ zh-TW:
       account_with_uid_destroyed: "帳號 '%{uid}' 已被移除。"
       account_to_destroy_not_found: "無法找到目標帳號。"
       user_not_found: "找不到帳號。"
+    omniauth:
+      not_allowed_redirect_url: "不支援轉向到 '%{redirect_url}'"
     passwords:
       missing_email: "必需提供電郵。"
       missing_redirect_url: "欠缺 redirect URL."

data/lib/devise_token_auth/blacklist.rb

@@ -0,0 +1,6 @@
+# don't serialize tokens
+if defined? Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION
+  Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION << :tokens
+else
+  Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION << :tokens
+end

data/lib/devise_token_auth/controllers/helpers.rb

@@ -34,12 +34,6 @@ module DeviseTokenAuth
           class_eval <<-METHODS, __FILE__, __LINE__ + 1
             def authenticate_#{group_name}!(favourite=nil, opts={})
               unless #{group_name}_signed_in?
-                mappings = #{mappings}
-                mappings.unshift mappings.delete(favourite.to_sym) if favourite
-                mappings.each do |mapping|
-                  set_user_by_token(mapping)
-                end
-
                 unless current_#{group_name}
                   render_authenticate_error
                 end
@@ -47,12 +41,14 @@ module DeviseTokenAuth
             end
 
             def #{group_name}_signed_in?
-              #{mappings}.any? do |mapping|
-                set_user_by_token(mapping)
-              end
+              !!current_#{group_name}
             end
 
             def current_#{group_name}(favourite=nil)
+              @current_#{group_name} ||= set_group_user_by_token(favourite)
+            end
+            
+            def set_group_user_by_token(favourite)
               mappings = #{mappings}
               mappings.unshift mappings.delete(favourite.to_sym) if favourite
               mappings.each do |mapping|

data/lib/devise_token_auth/engine.rb

@@ -14,6 +14,7 @@ module DeviseTokenAuth
   mattr_accessor :change_headers_on_each_request,
                  :max_number_of_devices,
                  :token_lifespan,
+                 :token_cost,
                  :batch_request_buffer_throttle,
                  :omniauth_prefix,
                  :default_confirm_success_url,
@@ -24,11 +25,18 @@ module DeviseTokenAuth
                  :remove_tokens_after_password_reset,
                  :default_callbacks,
                  :headers_names,
-                 :bypass_sign_in
+                 :cookie_enabled,
+                 :cookie_name,
+                 :cookie_attributes,
+                 :bypass_sign_in,
+                 :send_confirmation_email,
+                 :require_client_password_reset_token,
+                 :other_uid
 
   self.change_headers_on_each_request       = true
   self.max_number_of_devices                = 10
   self.token_lifespan                       = 2.weeks
+  self.token_cost                           = 10
   self.batch_request_buffer_throttle        = 5.seconds
   self.omniauth_prefix                      = '/omniauth'
   self.default_confirm_success_url          = nil
@@ -38,12 +46,19 @@ module DeviseTokenAuth
   self.enable_standard_devise_support       = false
   self.remove_tokens_after_password_reset   = false
   self.default_callbacks                    = true
-  self.headers_names                        = { 'access-token': 'access-token',
+  self.headers_names                        = { 'authorization': 'Authorization',
+                                                'access-token': 'access-token',
                                                 'client': 'client',
                                                 'expiry': 'expiry',
                                                 'uid': 'uid',
                                                 'token-type': 'token-type' }
+  self.cookie_enabled                       = false
+  self.cookie_name                          = 'auth_cookie'
+  self.cookie_attributes                    = {}
   self.bypass_sign_in                       = true
+  self.send_confirmation_email              = false
+  self.require_client_password_reset_token  = false
+  self.other_uid                            = nil
 
   def self.setup(&block)
     yield self

data/lib/devise_token_auth/rails/routes.rb

@@ -8,26 +8,31 @@ module ActionDispatch::Routing
       opts[:skip]        ||= []
 
       # check for ctrl overrides, fall back to defaults
-      sessions_ctrl          = opts[:controllers][:sessions] || 'devise_token_auth/sessions'
-      registrations_ctrl     = opts[:controllers][:registrations] || 'devise_token_auth/registrations'
-      passwords_ctrl         = opts[:controllers][:passwords] || 'devise_token_auth/passwords'
-      confirmations_ctrl     = opts[:controllers][:confirmations] || 'devise_token_auth/confirmations'
-      token_validations_ctrl = opts[:controllers][:token_validations] || 'devise_token_auth/token_validations'
-      omniauth_ctrl          = opts[:controllers][:omniauth_callbacks] || 'devise_token_auth/omniauth_callbacks'
-      unlocks_ctrl           = opts[:controllers][:unlocks] || 'devise_token_auth/unlocks'
+      sessions_ctrl          = opts[:controllers].delete(:sessions) || 'devise_token_auth/sessions'
+      registrations_ctrl     = opts[:controllers].delete(:registrations) || 'devise_token_auth/registrations'
+      passwords_ctrl         = opts[:controllers].delete(:passwords) || 'devise_token_auth/passwords'
+      confirmations_ctrl     = opts[:controllers].delete(:confirmations) || 'devise_token_auth/confirmations'
+      token_validations_ctrl = opts[:controllers].delete(:token_validations) || 'devise_token_auth/token_validations'
+      omniauth_ctrl          = opts[:controllers].delete(:omniauth_callbacks) || 'devise_token_auth/omniauth_callbacks'
+      unlocks_ctrl           = opts[:controllers].delete(:unlocks) || 'devise_token_auth/unlocks'
+
+      # check for resource override
+      route                  = opts[:as] || resource.pluralize.underscore.gsub('/', '_')
 
       # define devise controller mappings
-      controllers = { sessions: sessions_ctrl,
+      controllers = opts[:controllers].merge(
+                      sessions: sessions_ctrl,
                       registrations: registrations_ctrl,
                       passwords: passwords_ctrl,
-                      confirmations: confirmations_ctrl }
+                      confirmations: confirmations_ctrl
+                    )
 
       controllers[:unlocks] = unlocks_ctrl if unlocks_ctrl
 
       # remove any unwanted devise modules
       opts[:skip].each{ |item| controllers.delete(item) }
 
-      devise_for resource.pluralize.underscore.gsub('/', '_').to_sym,
+      devise_for route.to_sym,
                  class_name: resource,
                  module: :devise,
                  path: opts[:at].to_s,
@@ -56,7 +61,7 @@ module ActionDispatch::Routing
 
         devise_scope mapping_name.to_sym do
           # path to verify token validity
-          get "#{full_path}/validate_token", controller: token_validations_ctrl.to_s, action: 'validate_token'
+          get "#{full_path}/validate_token", controller: token_validations_ctrl.to_s, action: 'validate_token' if !opts[:skip].include?(:token_validations)
 
           # omniauth routes. only define if omniauth is installed and not skipped.
           if defined?(::OmniAuth) && !opts[:skip].include?(:omniauth_callbacks)
@@ -68,7 +73,7 @@ module ActionDispatch::Routing
 
             # preserve the resource class thru oauth authentication by setting name of
             # resource as "resource_class" param
-            match "#{full_path}/:provider", to: redirect{ |params, request|
+            match "#{full_path}/:provider", to: redirect(status: 307) { |params, request|
               # get the current querystring
               qs = CGI::parse(request.env['QUERY_STRING'])
 
@@ -94,7 +99,7 @@ module ActionDispatch::Routing
 
               # re-construct the path for omniauth
               "#{::OmniAuth.config.path_prefix}/#{params[:provider]}?#{redirect_params.to_param}"
-            }, via: [:get]
+            }, via: [:get, :post]
           end
         end
       end

data/lib/devise_token_auth/token_factory.rb

@@ -0,0 +1,126 @@
+require 'bcrypt'
+
+module DeviseTokenAuth
+  # A token management factory which allow generate token objects and check them.
+  module TokenFactory
+    # For BCrypt::Password class see:
+    # https://github.com/codahale/bcrypt-ruby/blob/master/lib/bcrypt/password.rb
+
+    # Creates a token instance. Takes an optional client, lifespan and cost options.
+    # Example:
+    #   DeviseTokenAuth::TokenFactory.create
+    #   => #<struct DeviseTokenAuth::TokenFactory::Token client="tElcgkdZ7f9XEa0unZhrYQ", token="rAMcWOs0-mGHFMnIgJD2cA", token_hash="$2a$10$wrsdlHVRGlYW11wfImxU..jr0Ux3bHo/qbXcSfgp8zmvVUNHosita", expiry=1518982690>
+    #
+    #   DeviseTokenAuth::TokenFactory.create(lifespan: 10, cost: 4)
+    #   => #<struct DeviseTokenAuth::TokenFactory::Token client="5qleT7_t9JPVcX9xmxkVYA", token="RBXX43u4xXNSO-fr2N_4pA", token_hash="$2a$04$9gpCaoFbu2dUKxU3qiTgluHX7jj9UzS.jq1QW0EkQmoaxARo1WxTy", expiry=1517773268>
+    def self.create(client: nil, lifespan: nil, cost: nil)
+      # obj_client  = client.nil? ? client() : client
+      obj_client  = client || client()
+      obj_token      = token
+      obj_token_hash = token_hash(obj_token, cost)
+      obj_expiry     = expiry(lifespan)
+
+      Token.new(obj_client, obj_token, obj_token_hash, obj_expiry)
+    end
+
+    # Generates a random URL-safe client.
+    # Example:
+    #   DeviseTokenAuth::TokenFactory.client
+    #   => "zNf0pNP5iGfuBItZJGCseQ"
+    def self.client
+      secure_string
+    end
+
+    # Generates a random URL-safe token.
+    # Example:
+    #   DeviseTokenAuth::TokenFactory.token
+    #   => "6Bqs4K9x8ChLmZogvruF3A"
+    def self.token
+      secure_string
+    end
+
+    # Returns token hash for a token with given cost. If no cost value is specified,
+    # the default value is used. The possible cost value is within range from 4 to 31.
+    # It is recommended to not use a value more than 10.
+    # Example:
+    #   DeviseTokenAuth::TokenFactory.token_hash("_qxAxmc-biQLiYRHsmwd5Q")
+    #   => "$2a$10$6/cTAtQ3CBLfpkeHW7dlt.PD2aVCbFRN5vDDJUUhGsZ6pzYFlh4Me"
+    #
+    #   DeviseTokenAuth::TokenFactory.token_hash("_qxAxmc-biQLiYRHsmwd5Q", 4)
+    #   => "$2a$04$RkIrosbdRtuet2eUk3si8eS4ufeNpiPc/rSSsfpniRK8ogM5YFOWS"
+    def self.token_hash(token, cost = nil)
+      cost ||= DeviseTokenAuth.token_cost
+      BCrypt::Password.create(token, cost: cost)
+    end
+
+    # Returns the value of time as an integer number of seconds. Takes one argument.
+    # Example:
+    #   DeviseTokenAuth::TokenFactory.expiry
+    #   => 1518983359
+    #   DeviseTokenAuth::TokenFactory.expiry(10)
+    #   => 1517773781
+    def self.expiry(lifespan = nil)
+      lifespan ||= DeviseTokenAuth.token_lifespan
+      (Time.zone.now + lifespan).to_i
+    end
+
+    # Generates a random URL-safe string.
+    # Example:
+    #   DeviseTokenAuth::TokenFactory.secure_string
+    #   => "ADBoIaqXsEDnxIpOuumrTA"
+    def self.secure_string
+      # https://ruby-doc.org/stdlib-2.5.0/libdoc/securerandom/rdoc/Random/Formatter.html#method-i-urlsafe_base64
+      SecureRandom.urlsafe_base64
+    end
+
+    # Returns true if token hash is a valid token hash.
+    # Example:
+    #   token_hash = "$2a$10$ArjX0tskRIa5Z/Tmapy59OCiAXLStfhrCiaDz.8fCb6hnX1gJ0p/2"
+    #   DeviseTokenAuth::TokenFactory.valid_token_hash?(token_hash)
+    #   => true
+    def self.valid_token_hash?(token_hash)
+      !!BCrypt::Password.valid_hash?(token_hash)
+    end
+
+    # Compares a potential token against the token hash. Returns true if the token is the original token, false otherwise.
+    # Example:
+    #   token = "4wZ9gcc900rMQD1McpcSNA"
+    #   token_hash = "$2a$10$ArjX0tskRIa5Z/Tmapy59OCiAXLStfhrCiaDz.8fCb6hnX1gJ0p/2"
+    #   DeviseTokenAuth::TokenFactory.token_hash_is_token?(token_hash, token)
+    #   => true
+    def self.token_hash_is_token?(token_hash, token)
+      BCrypt::Password.new(token_hash).is_password?(token)
+    rescue StandardError
+      false
+    end
+
+    # Creates a token instance with instance variables equal nil.
+    # Example:
+    #   DeviseTokenAuth::TokenFactory.new
+    #   => #<struct DeviseTokenAuth::TokenFactory::Token client=nil, token=nil, token_hash=nil, expiry=nil>
+    def self.new
+      Token.new
+    end
+
+    Token = Struct.new(:client, :token, :token_hash, :expiry) do
+      # Sets all instance variables of the token to nil. It is faster than creating new empty token.
+      # Example:
+      #   token.clear!
+      #   => true
+      #   token
+      #   => #<struct DeviseTokenAuth::TokenFactory::Token client=nil, token=nil, token_hash=nil, expiry=nil>
+      def clear!
+        size.times { |i| self[i] = nil }
+        true
+      end
+
+      # Checks token attribute presence
+      # Example:
+      #   token.present?
+      #   => true
+      def present?
+        token.present?
+      end
+    end
+  end
+end

data/lib/devise_token_auth/url.rb

@@ -11,6 +11,9 @@ module DeviseTokenAuth::Url
     query = [uri.query, params.to_query].reject(&:blank?).join('&')
     res += "?#{query}"
     res += "##{uri.fragment}" if uri.fragment
+    # repeat any query params after the fragment to deal with Angular eating any pre fragment query params, used
+    # in the reset password redirect url
+    res += "?#{query}" if uri.fragment
 
     res
   end

data/lib/devise_token_auth/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module DeviseTokenAuth
-  VERSION = '1.0.0'.freeze
+  VERSION = '1.2.1'.freeze
 end

data/lib/devise_token_auth.rb

@@ -1,11 +1,14 @@
 # frozen_string_literal: true
 
 require 'devise'
+
+module DeviseTokenAuth
+end
+
 require 'devise_token_auth/engine'
 require 'devise_token_auth/controllers/helpers'
 require 'devise_token_auth/controllers/url_helpers'
 require 'devise_token_auth/url'
 require 'devise_token_auth/errors'
-
-module DeviseTokenAuth
-end
+require 'devise_token_auth/blacklist'
+require 'devise_token_auth/token_factory'

data/lib/generators/devise_token_auth/USAGE

@@ -8,7 +8,7 @@ Arguments:
              # 'User'
   MOUNT_PATH # The path at which to mount the authentication routes. Default is
              # 'auth'. More detail documentation is here:
-             # https://github.com/lynndylanhurley/devise_token_auth#usage-tldr
+             # https://devise-token-auth.gitbook.io/devise-token-auth/usage
 
 Example:
   rails generate devise_token_auth:install User auth

data/lib/generators/devise_token_auth/install_generator.rb

@@ -1,20 +1,14 @@
 # frozen_string_literal: true
 
+require_relative 'install_generator_helpers'
+
 module DeviseTokenAuth
   class InstallGenerator < Rails::Generators::Base
     include Rails::Generators::Migration
+    include DeviseTokenAuth::InstallGeneratorHelpers
 
     class_option :primary_key_type, type: :string, desc: 'The type for primary key'
 
-    source_root File.expand_path('templates', __dir__)
-
-    argument :user_class, type: :string, default: 'User'
-    argument :mount_path, type: :string, default: 'auth'
-
-    def create_initializer_file
-      copy_file('devise_token_auth.rb', 'config/initializers/devise_token_auth.rb')
-    end
-
     def copy_migrations
       if self.class.migration_exists?('db/migrate', "devise_token_auth_create_#{user_class.pluralize.gsub('::','').underscore}")
         say_status('skipped', "Migration 'devise_token_auth_create_#{user_class.pluralize.gsub('::','').underscore}' already exists")
@@ -32,7 +26,7 @@ module DeviseTokenAuth
         inclusion = 'include DeviseTokenAuth::Concerns::User'
         unless parse_file_for_line(fname, inclusion)
 
-          active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
+          active_record_needle = (Rails::VERSION::MAJOR >= 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
           inject_into_file fname, after: "class #{user_class} < #{active_record_needle}\n" do <<-'RUBY'
             # Include default devise modules.
             devise :database_authenticatable, :registerable,
@@ -47,90 +41,12 @@ module DeviseTokenAuth
       end
     end
 
-    def include_controller_concerns
-      fname = 'app/controllers/application_controller.rb'
-      line  = 'include DeviseTokenAuth::Concerns::SetUserByToken'
-
-      if File.exist?(File.join(destination_root, fname))
-        if parse_file_for_line(fname, line)
-          say_status('skipped', 'Concern is already included in the application controller.')
-        elsif is_rails_api?
-          inject_into_file fname, after: "class ApplicationController < ActionController::API\n" do <<-'RUBY'
-  include DeviseTokenAuth::Concerns::SetUserByToken
-          RUBY
-          end
-        else
-          inject_into_file fname, after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
-  include DeviseTokenAuth::Concerns::SetUserByToken
-          RUBY
-          end
-        end
-      else
-        say_status('skipped', "app/controllers/application_controller.rb not found. Add 'include DeviseTokenAuth::Concerns::SetUserByToken' to any controllers that require authentication.")
-      end
-    end
-
-    def add_route_mount
-      f    = 'config/routes.rb'
-      str  = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
-
-      if File.exist?(File.join(destination_root, f))
-        line = parse_file_for_line(f, 'mount_devise_token_auth_for')
-
-        if line
-          existing_user_class = true
-        else
-          line = 'Rails.application.routes.draw do'
-          existing_user_class = false
-        end
-
-        if parse_file_for_line(f, str)
-          say_status('skipped', "Routes already exist for #{user_class} at #{mount_path}")
-        else
-          insert_after_line(f, line, str)
-
-          if existing_user_class
-            scoped_routes = ''\
-              "as :#{user_class.underscore} do\n"\
-              "    # Define routes for #{user_class} within this block.\n"\
-              "  end\n"
-            insert_after_line(f, str, scoped_routes)
-          end
-        end
-      else
-        say_status('skipped', "config/routes.rb not found. Add \"mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'\" to your routes file.")
-      end
-    end
-
     private
 
     def self.next_migration_number(path)
       Time.zone.now.utc.strftime('%Y%m%d%H%M%S')
     end
 
-    def insert_after_line(filename, line, str)
-      gsub_file filename, /(#{Regexp.escape(line)})/mi do |match|
-        "#{match}\n  #{str}"
-      end
-    end
-
-    def parse_file_for_line(filename, str)
-      match = false
-
-      File.open(File.join(destination_root, filename)) do |f|
-        f.each_line do |line|
-          match = line if line =~ /(#{Regexp.escape(str)})/mi
-        end
-      end
-      match
-    end
-
-    def is_rails_api?
-      fname = 'app/controllers/application_controller.rb'
-      line = 'class ApplicationController < ActionController::API'
-      parse_file_for_line(fname, line)
-    end
-
     def json_supported_database?
       (postgres? && postgres_correct_version?) || (mysql? && mysql_correct_version?)
     end
@@ -159,12 +75,12 @@ module DeviseTokenAuth
       ActiveRecord::Base.connection.select_value('SELECT VERSION()')
     end
 
-    def rails5?
-      Rails.version.start_with? '5'
+    def rails_5_or_newer?
+      Rails::VERSION::MAJOR >= 5
     end
 
     def primary_key_type
-      primary_key_string if rails5?
+      primary_key_string if rails_5_or_newer?
     end
 
     def primary_key_string

data/lib/generators/devise_token_auth/install_generator_helpers.rb

@@ -0,0 +1,98 @@
+module DeviseTokenAuth
+  module InstallGeneratorHelpers
+    class << self
+      def included(mod)
+        mod.class_eval do
+          source_root File.expand_path('templates', __dir__)
+
+          argument :user_class, type: :string, default: 'User'
+          argument :mount_path, type: :string, default: 'auth'
+
+          def create_initializer_file
+            copy_file('devise_token_auth.rb', 'config/initializers/devise_token_auth.rb')
+          end
+
+          def include_controller_concerns
+            fname = 'app/controllers/application_controller.rb'
+            line  = 'include DeviseTokenAuth::Concerns::SetUserByToken'
+
+            if File.exist?(File.join(destination_root, fname))
+              if parse_file_for_line(fname, line)
+                say_status('skipped', 'Concern is already included in the application controller.')
+              elsif is_rails_api?
+                inject_into_file fname, after: "class ApplicationController < ActionController::API\n" do <<-'RUBY'
+        include DeviseTokenAuth::Concerns::SetUserByToken
+                RUBY
+                end
+              else
+                inject_into_file fname, after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
+        include DeviseTokenAuth::Concerns::SetUserByToken
+                RUBY
+                end
+              end
+            else
+              say_status('skipped', "app/controllers/application_controller.rb not found. Add 'include DeviseTokenAuth::Concerns::SetUserByToken' to any controllers that require authentication.")
+            end
+          end
+
+          def add_route_mount
+            f    = 'config/routes.rb'
+            str  = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
+
+            if File.exist?(File.join(destination_root, f))
+              line = parse_file_for_line(f, 'mount_devise_token_auth_for')
+
+              if line
+                existing_user_class = true
+              else
+                line = 'Rails.application.routes.draw do'
+                existing_user_class = false
+              end
+
+              if parse_file_for_line(f, str)
+                say_status('skipped', "Routes already exist for #{user_class} at #{mount_path}")
+              else
+                insert_after_line(f, line, str)
+
+                if existing_user_class
+                  scoped_routes = ''\
+                    "as :#{user_class.underscore} do\n"\
+                    "    # Define routes for #{user_class} within this block.\n"\
+                    "  end\n"
+                  insert_after_line(f, str, scoped_routes)
+                end
+              end
+            else
+              say_status('skipped', "config/routes.rb not found. Add \"mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'\" to your routes file.")
+            end
+          end
+
+          private
+
+          def insert_after_line(filename, line, str)
+            gsub_file filename, /(#{Regexp.escape(line)})/mi do |match|
+              "#{match}\n  #{str}"
+            end
+          end
+
+          def parse_file_for_line(filename, str)
+            match = false
+
+            File.open(File.join(destination_root, filename)) do |f|
+              f.each_line do |line|
+                match = line if line =~ /(#{Regexp.escape(str)})/mi
+              end
+            end
+            match
+          end
+
+          def is_rails_api?
+            fname = 'app/controllers/application_controller.rb'
+            line = 'class ApplicationController < ActionController::API'
+            parse_file_for_line(fname, line)
+          end
+        end
+      end
+    end
+  end
+end