devise_token_auth 0.1.21.alpha1 → 0.1.21.alpha2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cceda7b13b2df7fdd541d948992dbc48b7dfd3a1
-  data.tar.gz: 8fd2c90a8d52644a61a38e4e6509c5c089858661
+  metadata.gz: 2a480547b2d43a6475cd6e9a0182ceb204f2fd8d
+  data.tar.gz: 8b690b9d3390f156bfa02427bc6d2af282187b53
 SHA512:
-  metadata.gz: 3ef99d9eb62eecc7cfca98cd68ae981e1411e48ddf9da3a1a1c0315dfea9e53e141cb4a2a0e9dcd23f0ab8f4184243cfde9a24e202d5fde5c1532ea094c3bb4b
-  data.tar.gz: 9219e6c4029c2fa29ff17b78078814295327794e322f8228ddcf03ed1795235040a29297100882da3c6b66152ef063c304bae34f597e48d6d7d2f94555cf86af
+  metadata.gz: 932fc776673a4114055e7403f8d17e44575630743d6ac69dd7ae86d2089effcafcfd86b8b19007953bb084c4d09c34d23ddf522673c93edd9b669bf80aa3181b
+  data.tar.gz: 80448a5ea78f8e2c9a211b51de8fad7cbeb5b135092cecfe5b89230f75487f1a63cf8f9edf233bea918be0614091f21ba81ec34f509a133c912c39f1c74dd093

data/README.md

@@ -1,8 +1,9 @@
 # Devise Token Auth
 
-![build](https://travis-ci.org/lynndylanhurley/devise_token_auth.svg)
+[![Build Status](https://travis-ci.org/lynndylanhurley/devise_token_auth.svg?branch=master)](https://travis-ci.org/lynndylanhurley/devise_token_auth)
 [![Code Climate](https://codeclimate.com/github/lynndylanhurley/devise_token_auth.png)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth)
 [![Test Coverage](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/coverage.png)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth)
+[![Dependency Status](https://gemnasium.com/lynndylanhurley/devise_token_auth.svg)](https://gemnasium.com/lynndylanhurley/devise_token_auth)
 
 This gem provides simple, secure token based authentication.
 
@@ -35,7 +36,7 @@ bundle install
 
 # Configuration TLDR;
 
-You will need to create a user model, define routes, and you may want to alter some of the default settings for this gem. Run the following to append the routes and generate the model, migration, and initializer files:
+You will need to create a [user model](#model-concerns), [define routes](#mounting-routes), [include concerns](#controller-concerns), and you may want to alter some of the [default settings](#initializer-settings) for this gem. Run the following to append the routes and generate the model, migration, and initializer files:
 
 ~~~bash
 rails g devise_token_auth:install [USER_CLASS] [MOUNT_PATH]
@@ -50,18 +51,26 @@ This generator accepts the following optional arguments:
 
 The following events will take place when using the install generator:
 
-* An initializer will be created at `config/initializers/devise_token_auth.rb`. [Read more](#initializer-settings). 
+* An initializer will be created at `config/initializers/devise_token_auth.rb`. [Read more](#initializer-settings).
 
 * A model will be created in the `app/models` directory. If the model already exists, a concern will be included at the top of the file. [Read more](#model-concerns).
 
 * Routes will be appended to file at `config/routes.rb`. [Read more](#mounting-routes).
 
+* A concern will be included by your application controller at `app/controllers/application_controller.rb`. [Read more](#controller-concerns).
+
 * A migration file will be created in the `db/migrate` directory. Inspect the migrations file, add additional columns if necessary, and then run the migration:
 
   ~~~bash
   rake db:migrate
   ~~~
 
+You will also need to configure the following features that are external to this gem:
+
+* [Omniauth providers](#omniauth-authentication) for 3rd party oauth2 authentication.
+* [Cross Origin Request Settings](#cors) when using cross-domain clients.
+* [Email](#email-authentication) for email registration.
+
 [Jump here](#configuration-cont) for more configuration information.
 
 # Usage TLDR;

data/lib/devise_token_auth/version.rb

@@ -1,3 +1,3 @@
 module DeviseTokenAuth
-  VERSION = "0.1.21.alpha1"
+  VERSION = "0.1.21.alpha2"
 end

data/lib/generators/devise_token_auth/USAGE

@@ -22,6 +22,10 @@ Example:
   after the class definition:
       include DeviseTokenAuth::Concerns::User
 
+  The following line will be inserted into your application controller at
+  app/controllers/application_controller.rb:
+      include DeviseTokenAuth::Concerns::SetUserByToken
+
   The following line will be inserted at the top of 'config/routes.rb' if it
   does not already exist:
       mount_devise_token_auth_for "User", at: '/auth'

data/lib/generators/devise_token_auth/install_generator.rb

@@ -37,6 +37,20 @@ module DeviseTokenAuth
       end
     end
 
+    def include_controller_concerns
+      fname = "app/controllers/application_controller.rb"
+      line  = "include DeviseTokenAuth::Concerns::SetUserByToken"
+
+      if parse_file_for_line(fname, line)
+        say_status("skipped", "Concern is already included in the application controller.")
+      else
+        inject_into_file fname, after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
+  include DeviseTokenAuth::Concerns::SetUserByToken
+        RUBY
+        end
+      end
+    end
+
     def add_route_mount
       f    = "config/routes.rb"
       str  = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"

data/test/controllers/demo_controller_test.rb

@@ -7,175 +7,94 @@ require 'test_helper'
 #  was the appropriate message delivered in the json payload?
 
 class DemoControllerTest < ActionController::TestCase
-  describe DemoController, "Token access" do
-    before do
-      @user = users(:confirmed_email_user)
-      @user.skip_confirmation!
-      @user.save!
-
-      @auth_header = @user.create_new_auth_token
-
-      @token     = @auth_header[/token=(.*?) /,1]
-      @client_id = @auth_header[/client=(.*?) /,1]
-      @expiry    = @auth_header[/expiry=(.*?) /,1]
-    end
-
-    describe 'successful request' do
+  describe DemoController do
+    describe "Token access" do
       before do
-        # ensure that request is not treated as batch request
-        age_token(@user, @client_id)
+        @user = users(:confirmed_email_user)
+        @user.skip_confirmation!
+        @user.save!
 
-        request.headers['Authorization'] = @auth_header
-        xhr :get, :members_only
+        @auth_header = @user.create_new_auth_token
 
-        @resp_auth_header = response.headers['Authorization']
-        @resp_token       = @resp_auth_header[/token=(.*?) /,1]
-        @resp_client_id   = @resp_auth_header[/client=(.*?) /,1]
-        @resp_expiry      = @resp_auth_header[/expiry=(.*?) /,1]
-        @resp_uid         = @resp_auth_header[/uid=(.*?)$/,1]
+        @token     = @auth_header[/token=(.*?) /,1]
+        @client_id = @auth_header[/client=(.*?) /,1]
+        @expiry    = @auth_header[/expiry=(.*?) /,1]
       end
 
-      it 'should return success status' do
-        assert_equal 200, response.status
-      end
-
-      it 'should receive new token after successful request' do
-        refute_equal @token, @resp_token
-      end
-
-      it 'should preserve the client id from the first request' do
-        assert_equal @client_id, @resp_client_id
-      end
-
-      it "should return the user's uid in the auth header" do
-        assert_equal @user.uid, @resp_uid
-      end
-
-      it 'should not treat this request as a batch request' do
-        refute assigns(:is_batch_request)
-      end
-
-      describe 'succesive requests' do
+      describe 'successful request' do
         before do
-          @user.reload
           # ensure that request is not treated as batch request
           age_token(@user, @client_id)
 
-          request.headers['Authorization'] = @resp_auth_header
-
+          request.headers['Authorization'] = @auth_header
           xhr :get, :members_only
-        end
 
-        it 'should not treat this request as a batch request' do
-          refute assigns(:is_batch_request)
+          @resp_auth_header = response.headers['Authorization']
+          @resp_token       = @resp_auth_header[/token=(.*?) /,1]
+          @resp_client_id   = @resp_auth_header[/client=(.*?) /,1]
+          @resp_expiry      = @resp_auth_header[/expiry=(.*?) /,1]
+          @resp_uid         = @resp_auth_header[/uid=(.*?)$/,1]
         end
 
-        it "should allow a new request to be made using new token" do
+        it 'should return success status' do
           assert_equal 200, response.status
         end
-      end
-    end
-
-    describe 'failed request' do
-      before do
-        request.headers['Authorization'] = "token=bogus client=#{@client_id} uid=#{@user.uid}"
-        xhr :get, :members_only
-      end
-
-      it 'should not return any auth headers' do
-        refute response.headers['Authorization']
-      end
-
-      it 'should return error: unauthorized status' do
-        assert_equal 401, response.status
-      end
-    end
-
-    describe 'disable change_headers_on_each_request' do
-      before do
-        DeviseTokenAuth.change_headers_on_each_request = false
-        @user.reload
-        age_token(@user, @client_id)
-
-        request.headers['Authorization'] = @auth_header
-        xhr :get, :members_only
-
-        @first_is_batch_request = assigns(:is_batch_request)
-        @first_user = assigns(:user).dup
-        @first_auth_headers = response.headers['Authorization'].clone
-        @first_response_status = response.status
-
-        @user.reload
-        age_token(@user, @client_id)
 
-        # use expired auth header
-        request.headers['Authorization'] = @auth_header
-        xhr :get, :members_only
+        it 'should receive new token after successful request' do
+          refute_equal @token, @resp_token
+        end
 
-        @second_is_batch_request = assigns(:is_batch_request)
-        @second_user = assigns(:user)
-        @second_auth_headers = response.headers['Authorization']
-        @second_response_status = response.status
-      end
+        it 'should preserve the client id from the first request' do
+          assert_equal @client_id, @resp_client_id
+        end
 
-      after do
-        DeviseTokenAuth.change_headers_on_each_request = true
-      end
+        it "should return the user's uid in the auth header" do
+          assert_equal @user.uid, @resp_uid
+        end
 
-      it 'should allow the first request through' do
-        assert_equal 200, @first_response_status
-      end
+        it 'should not treat this request as a batch request' do
+          refute assigns(:is_batch_request)
+        end
 
-      it 'should allow the second request through' do
-        assert_equal 200, @second_response_status
-      end
+        describe 'succesive requests' do
+          before do
+            @user.reload
+            # ensure that request is not treated as batch request
+            age_token(@user, @client_id)
 
-      it 'should return auth headers from the first request' do
-        assert @first_auth_headers
-      end
+            request.headers['Authorization'] = @resp_auth_header
 
-      it 'should return auth headers from the second request' do
-        assert @second_auth_headers
-      end
+            xhr :get, :members_only
+          end
 
-      it 'should define user during first request' do
-        assert @first_user
-      end
+          it 'should not treat this request as a batch request' do
+            refute assigns(:is_batch_request)
+          end
 
-      it 'should define user during second request' do
-        assert @second_user
+          it "should allow a new request to be made using new token" do
+            assert_equal 200, response.status
+          end
+        end
       end
-    end
 
-    describe 'batch requests' do
-      describe 'success' do
+      describe 'failed request' do
         before do
-          request.headers['Authorization'] = @auth_header
+          request.headers['Authorization'] = "token=bogus client=#{@client_id} uid=#{@user.uid}"
           xhr :get, :members_only
-
-          @first_is_batch_request = assigns(:is_batch_request)
-          @first_user = assigns(:user)
-          @first_auth_headers = response.headers['Authorization']
-
-          request.headers['Authorization'] = @auth_header
-          xhr :get, :members_only
-
-          @second_is_batch_request = assigns(:is_batch_request)
-          @second_user = assigns(:user)
-          @second_auth_headers = response.headers['Authorization']
         end
 
-        it 'should allow both requests through' do
-          assert_equal 200, response.status
+        it 'should not return any auth headers' do
+          refute response.headers['Authorization']
         end
 
-        it 'should return the same auth headers for both requests' do
-          assert_equal @first_auth_headers, @second_auth_headers
+        it 'should return error: unauthorized status' do
+          assert_equal 401, response.status
         end
       end
 
-      describe 'time out' do
+      describe 'disable change_headers_on_each_request' do
         before do
+          DeviseTokenAuth.change_headers_on_each_request = false
           @user.reload
           age_token(@user, @client_id)
 
@@ -200,69 +119,152 @@ class DemoControllerTest < ActionController::TestCase
           @second_response_status = response.status
         end
 
+        after do
+          DeviseTokenAuth.change_headers_on_each_request = true
+        end
+
         it 'should allow the first request through' do
           assert_equal 200, @first_response_status
         end
 
-        it 'should not allow the second request through' do
-          assert_equal 401, @second_response_status
+        it 'should allow the second request through' do
+          assert_equal 200, @second_response_status
         end
 
         it 'should return auth headers from the first request' do
           assert @first_auth_headers
         end
 
-        it 'should not return auth headers from the second request' do
-          refute @second_auth_headers
+        it 'should return auth headers from the second request' do
+          assert @second_auth_headers
         end
 
         it 'should define user during first request' do
           assert @first_user
         end
 
-        it 'should not define user during second request' do
-          refute @second_user
+        it 'should define user during second request' do
+          assert @second_user
         end
       end
-    end
-  end
 
-  # test with non-standard user class
-  describe DemoController, "Alternate user class" do
-    setup do
-      @request.env['devise.mapping'] = Devise.mappings[:mang]
-    end
+      describe 'batch requests' do
+        describe 'success' do
+          before do
+            request.headers['Authorization'] = @auth_header
+            xhr :get, :members_only
 
-    teardown do
-      @request.env['devise.mapping'] = Devise.mappings[:user]
-    end
+            @first_is_batch_request = assigns(:is_batch_request)
+            @first_user = assigns(:user)
+            @first_auth_headers = response.headers['Authorization']
+
+            request.headers['Authorization'] = @auth_header
+            xhr :get, :members_only
+
+            @second_is_batch_request = assigns(:is_batch_request)
+            @second_user = assigns(:user)
+            @second_auth_headers = response.headers['Authorization']
+          end
+
+          it 'should allow both requests through' do
+            assert_equal 200, response.status
+          end
+
+          it 'should return the same auth headers for both requests' do
+            assert_equal @first_auth_headers, @second_auth_headers
+          end
+        end
+
+        describe 'time out' do
+          before do
+            @user.reload
+            age_token(@user, @client_id)
+
+            request.headers['Authorization'] = @auth_header
+            xhr :get, :members_only
 
-    before do
-      @user = mangs(:confirmed_email_user)
-      @user.skip_confirmation!
-      @user.save!
+            @first_is_batch_request = assigns(:is_batch_request)
+            @first_user = assigns(:user).dup
+            @first_auth_headers = response.headers['Authorization'].clone
+            @first_response_status = response.status
 
-      @auth_header = @user.create_new_auth_token
+            @user.reload
+            age_token(@user, @client_id)
 
-      @token     = @auth_header[/token=(.*?) /,1]
-      @client_id = @auth_header[/client=(.*?) /,1]
-      @expiry    = @auth_header[/expiry=(.*?) /,1]
+            # use expired auth header
+            request.headers['Authorization'] = @auth_header
+            xhr :get, :members_only
 
-      # ensure that request is not treated as batch request
-      age_token(@user, @client_id)
+            @second_is_batch_request = assigns(:is_batch_request)
+            @second_user = assigns(:user)
+            @second_auth_headers = response.headers['Authorization']
+            @second_response_status = response.status
+          end
 
-      request.headers['Authorization'] = @auth_header
-      xhr :get, :members_only
+          it 'should allow the first request through' do
+            assert_equal 200, @first_response_status
+          end
 
-      @resp_auth_header = response.headers['Authorization']
-      @resp_token       = @resp_auth_header[/token=(.*?) /,1]
-      @resp_client_id   = @resp_auth_header[/client=(.*?) /,1]
-      @resp_expiry      = @resp_auth_header[/expiry=(.*?) /,1]
-      @resp_uid         = @resp_auth_header[/uid=(.*?)$/,1]
+          it 'should not allow the second request through' do
+            assert_equal 401, @second_response_status
+          end
+
+          it 'should return auth headers from the first request' do
+            assert @first_auth_headers
+          end
+
+          it 'should not return auth headers from the second request' do
+            refute @second_auth_headers
+          end
+
+          it 'should define user during first request' do
+            assert @first_user
+          end
+
+          it 'should not define user during second request' do
+            refute @second_user
+          end
+        end
+      end
     end
 
-    it 'should return success status' do
-      assert_equal 200, response.status
+    # test with non-standard user class
+    describe "Alternate user class" do
+      setup do
+        @request.env['devise.mapping'] = Devise.mappings[:mang]
+      end
+
+      teardown do
+        @request.env['devise.mapping'] = Devise.mappings[:user]
+      end
+
+      before do
+        @user = mangs(:confirmed_email_user)
+        @user.skip_confirmation!
+        @user.save!
+
+        @auth_header = @user.create_new_auth_token
+
+        @token     = @auth_header[/token=(.*?) /,1]
+        @client_id = @auth_header[/client=(.*?) /,1]
+        @expiry    = @auth_header[/expiry=(.*?) /,1]
+
+        # ensure that request is not treated as batch request
+        age_token(@user, @client_id)
+
+        request.headers['Authorization'] = @auth_header
+        xhr :get, :members_only
+
+        @resp_auth_header = response.headers['Authorization']
+        @resp_token       = @resp_auth_header[/token=(.*?) /,1]
+        @resp_client_id   = @resp_auth_header[/client=(.*?) /,1]
+        @resp_expiry      = @resp_auth_header[/expiry=(.*?) /,1]
+        @resp_uid         = @resp_auth_header[/uid=(.*?)$/,1]
+      end
+
+      it 'should return success status' do
+        assert_equal 200, response.status
+      end
     end
   end
 end