devise_token_auth 0.1.21.alpha1 → 0.1.21.alpha2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +12 -3
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/USAGE +4 -0
- data/lib/generators/devise_token_auth/install_generator.rb +14 -0
- data/test/controllers/demo_controller_test.rb +170 -168
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +60 -58
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +147 -146
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +145 -143
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +81 -79
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/test.log +9354 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2a480547b2d43a6475cd6e9a0182ceb204f2fd8d
|
4
|
+
data.tar.gz: 8b690b9d3390f156bfa02427bc6d2af282187b53
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 932fc776673a4114055e7403f8d17e44575630743d6ac69dd7ae86d2089effcafcfd86b8b19007953bb084c4d09c34d23ddf522673c93edd9b669bf80aa3181b
|
7
|
+
data.tar.gz: 80448a5ea78f8e2c9a211b51de8fad7cbeb5b135092cecfe5b89230f75487f1a63cf8f9edf233bea918be0614091f21ba81ec34f509a133c912c39f1c74dd093
|
data/README.md
CHANGED
@@ -1,8 +1,9 @@
|
|
1
1
|
# Devise Token Auth
|
2
2
|
|
3
|
-
![
|
3
|
+
[![Build Status](https://travis-ci.org/lynndylanhurley/devise_token_auth.svg?branch=master)](https://travis-ci.org/lynndylanhurley/devise_token_auth)
|
4
4
|
[![Code Climate](https://codeclimate.com/github/lynndylanhurley/devise_token_auth.png)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth)
|
5
5
|
[![Test Coverage](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/coverage.png)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth)
|
6
|
+
[![Dependency Status](https://gemnasium.com/lynndylanhurley/devise_token_auth.svg)](https://gemnasium.com/lynndylanhurley/devise_token_auth)
|
6
7
|
|
7
8
|
This gem provides simple, secure token based authentication.
|
8
9
|
|
@@ -35,7 +36,7 @@ bundle install
|
|
35
36
|
|
36
37
|
# Configuration TLDR;
|
37
38
|
|
38
|
-
You will need to create a user model, define routes, and you may want to alter some of the default settings for this gem. Run the following to append the routes and generate the model, migration, and initializer files:
|
39
|
+
You will need to create a [user model](#model-concerns), [define routes](#mounting-routes), [include concerns](#controller-concerns), and you may want to alter some of the [default settings](#initializer-settings) for this gem. Run the following to append the routes and generate the model, migration, and initializer files:
|
39
40
|
|
40
41
|
~~~bash
|
41
42
|
rails g devise_token_auth:install [USER_CLASS] [MOUNT_PATH]
|
@@ -50,18 +51,26 @@ This generator accepts the following optional arguments:
|
|
50
51
|
|
51
52
|
The following events will take place when using the install generator:
|
52
53
|
|
53
|
-
* An initializer will be created at `config/initializers/devise_token_auth.rb`. [Read more](#initializer-settings).
|
54
|
+
* An initializer will be created at `config/initializers/devise_token_auth.rb`. [Read more](#initializer-settings).
|
54
55
|
|
55
56
|
* A model will be created in the `app/models` directory. If the model already exists, a concern will be included at the top of the file. [Read more](#model-concerns).
|
56
57
|
|
57
58
|
* Routes will be appended to file at `config/routes.rb`. [Read more](#mounting-routes).
|
58
59
|
|
60
|
+
* A concern will be included by your application controller at `app/controllers/application_controller.rb`. [Read more](#controller-concerns).
|
61
|
+
|
59
62
|
* A migration file will be created in the `db/migrate` directory. Inspect the migrations file, add additional columns if necessary, and then run the migration:
|
60
63
|
|
61
64
|
~~~bash
|
62
65
|
rake db:migrate
|
63
66
|
~~~
|
64
67
|
|
68
|
+
You will also need to configure the following features that are external to this gem:
|
69
|
+
|
70
|
+
* [Omniauth providers](#omniauth-authentication) for 3rd party oauth2 authentication.
|
71
|
+
* [Cross Origin Request Settings](#cors) when using cross-domain clients.
|
72
|
+
* [Email](#email-authentication) for email registration.
|
73
|
+
|
65
74
|
[Jump here](#configuration-cont) for more configuration information.
|
66
75
|
|
67
76
|
# Usage TLDR;
|
@@ -22,6 +22,10 @@ Example:
|
|
22
22
|
after the class definition:
|
23
23
|
include DeviseTokenAuth::Concerns::User
|
24
24
|
|
25
|
+
The following line will be inserted into your application controller at
|
26
|
+
app/controllers/application_controller.rb:
|
27
|
+
include DeviseTokenAuth::Concerns::SetUserByToken
|
28
|
+
|
25
29
|
The following line will be inserted at the top of 'config/routes.rb' if it
|
26
30
|
does not already exist:
|
27
31
|
mount_devise_token_auth_for "User", at: '/auth'
|
@@ -37,6 +37,20 @@ module DeviseTokenAuth
|
|
37
37
|
end
|
38
38
|
end
|
39
39
|
|
40
|
+
def include_controller_concerns
|
41
|
+
fname = "app/controllers/application_controller.rb"
|
42
|
+
line = "include DeviseTokenAuth::Concerns::SetUserByToken"
|
43
|
+
|
44
|
+
if parse_file_for_line(fname, line)
|
45
|
+
say_status("skipped", "Concern is already included in the application controller.")
|
46
|
+
else
|
47
|
+
inject_into_file fname, after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
|
48
|
+
include DeviseTokenAuth::Concerns::SetUserByToken
|
49
|
+
RUBY
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
40
54
|
def add_route_mount
|
41
55
|
f = "config/routes.rb"
|
42
56
|
str = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
|
@@ -7,175 +7,94 @@ require 'test_helper'
|
|
7
7
|
# was the appropriate message delivered in the json payload?
|
8
8
|
|
9
9
|
class DemoControllerTest < ActionController::TestCase
|
10
|
-
describe DemoController
|
11
|
-
|
12
|
-
@user = users(:confirmed_email_user)
|
13
|
-
@user.skip_confirmation!
|
14
|
-
@user.save!
|
15
|
-
|
16
|
-
@auth_header = @user.create_new_auth_token
|
17
|
-
|
18
|
-
@token = @auth_header[/token=(.*?) /,1]
|
19
|
-
@client_id = @auth_header[/client=(.*?) /,1]
|
20
|
-
@expiry = @auth_header[/expiry=(.*?) /,1]
|
21
|
-
end
|
22
|
-
|
23
|
-
describe 'successful request' do
|
10
|
+
describe DemoController do
|
11
|
+
describe "Token access" do
|
24
12
|
before do
|
25
|
-
|
26
|
-
|
13
|
+
@user = users(:confirmed_email_user)
|
14
|
+
@user.skip_confirmation!
|
15
|
+
@user.save!
|
27
16
|
|
28
|
-
|
29
|
-
xhr :get, :members_only
|
17
|
+
@auth_header = @user.create_new_auth_token
|
30
18
|
|
31
|
-
@
|
32
|
-
@
|
33
|
-
@
|
34
|
-
@resp_expiry = @resp_auth_header[/expiry=(.*?) /,1]
|
35
|
-
@resp_uid = @resp_auth_header[/uid=(.*?)$/,1]
|
19
|
+
@token = @auth_header[/token=(.*?) /,1]
|
20
|
+
@client_id = @auth_header[/client=(.*?) /,1]
|
21
|
+
@expiry = @auth_header[/expiry=(.*?) /,1]
|
36
22
|
end
|
37
23
|
|
38
|
-
|
39
|
-
assert_equal 200, response.status
|
40
|
-
end
|
41
|
-
|
42
|
-
it 'should receive new token after successful request' do
|
43
|
-
refute_equal @token, @resp_token
|
44
|
-
end
|
45
|
-
|
46
|
-
it 'should preserve the client id from the first request' do
|
47
|
-
assert_equal @client_id, @resp_client_id
|
48
|
-
end
|
49
|
-
|
50
|
-
it "should return the user's uid in the auth header" do
|
51
|
-
assert_equal @user.uid, @resp_uid
|
52
|
-
end
|
53
|
-
|
54
|
-
it 'should not treat this request as a batch request' do
|
55
|
-
refute assigns(:is_batch_request)
|
56
|
-
end
|
57
|
-
|
58
|
-
describe 'succesive requests' do
|
24
|
+
describe 'successful request' do
|
59
25
|
before do
|
60
|
-
@user.reload
|
61
26
|
# ensure that request is not treated as batch request
|
62
27
|
age_token(@user, @client_id)
|
63
28
|
|
64
|
-
request.headers['Authorization'] = @
|
65
|
-
|
29
|
+
request.headers['Authorization'] = @auth_header
|
66
30
|
xhr :get, :members_only
|
67
|
-
end
|
68
31
|
|
69
|
-
|
70
|
-
|
32
|
+
@resp_auth_header = response.headers['Authorization']
|
33
|
+
@resp_token = @resp_auth_header[/token=(.*?) /,1]
|
34
|
+
@resp_client_id = @resp_auth_header[/client=(.*?) /,1]
|
35
|
+
@resp_expiry = @resp_auth_header[/expiry=(.*?) /,1]
|
36
|
+
@resp_uid = @resp_auth_header[/uid=(.*?)$/,1]
|
71
37
|
end
|
72
38
|
|
73
|
-
it
|
39
|
+
it 'should return success status' do
|
74
40
|
assert_equal 200, response.status
|
75
41
|
end
|
76
|
-
end
|
77
|
-
end
|
78
|
-
|
79
|
-
describe 'failed request' do
|
80
|
-
before do
|
81
|
-
request.headers['Authorization'] = "token=bogus client=#{@client_id} uid=#{@user.uid}"
|
82
|
-
xhr :get, :members_only
|
83
|
-
end
|
84
|
-
|
85
|
-
it 'should not return any auth headers' do
|
86
|
-
refute response.headers['Authorization']
|
87
|
-
end
|
88
|
-
|
89
|
-
it 'should return error: unauthorized status' do
|
90
|
-
assert_equal 401, response.status
|
91
|
-
end
|
92
|
-
end
|
93
|
-
|
94
|
-
describe 'disable change_headers_on_each_request' do
|
95
|
-
before do
|
96
|
-
DeviseTokenAuth.change_headers_on_each_request = false
|
97
|
-
@user.reload
|
98
|
-
age_token(@user, @client_id)
|
99
|
-
|
100
|
-
request.headers['Authorization'] = @auth_header
|
101
|
-
xhr :get, :members_only
|
102
|
-
|
103
|
-
@first_is_batch_request = assigns(:is_batch_request)
|
104
|
-
@first_user = assigns(:user).dup
|
105
|
-
@first_auth_headers = response.headers['Authorization'].clone
|
106
|
-
@first_response_status = response.status
|
107
|
-
|
108
|
-
@user.reload
|
109
|
-
age_token(@user, @client_id)
|
110
42
|
|
111
|
-
|
112
|
-
|
113
|
-
|
43
|
+
it 'should receive new token after successful request' do
|
44
|
+
refute_equal @token, @resp_token
|
45
|
+
end
|
114
46
|
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
@second_response_status = response.status
|
119
|
-
end
|
47
|
+
it 'should preserve the client id from the first request' do
|
48
|
+
assert_equal @client_id, @resp_client_id
|
49
|
+
end
|
120
50
|
|
121
|
-
|
122
|
-
|
123
|
-
|
51
|
+
it "should return the user's uid in the auth header" do
|
52
|
+
assert_equal @user.uid, @resp_uid
|
53
|
+
end
|
124
54
|
|
125
|
-
|
126
|
-
|
127
|
-
|
55
|
+
it 'should not treat this request as a batch request' do
|
56
|
+
refute assigns(:is_batch_request)
|
57
|
+
end
|
128
58
|
|
129
|
-
|
130
|
-
|
131
|
-
|
59
|
+
describe 'succesive requests' do
|
60
|
+
before do
|
61
|
+
@user.reload
|
62
|
+
# ensure that request is not treated as batch request
|
63
|
+
age_token(@user, @client_id)
|
132
64
|
|
133
|
-
|
134
|
-
assert @first_auth_headers
|
135
|
-
end
|
65
|
+
request.headers['Authorization'] = @resp_auth_header
|
136
66
|
|
137
|
-
|
138
|
-
|
139
|
-
end
|
67
|
+
xhr :get, :members_only
|
68
|
+
end
|
140
69
|
|
141
|
-
|
142
|
-
|
143
|
-
|
70
|
+
it 'should not treat this request as a batch request' do
|
71
|
+
refute assigns(:is_batch_request)
|
72
|
+
end
|
144
73
|
|
145
|
-
|
146
|
-
|
74
|
+
it "should allow a new request to be made using new token" do
|
75
|
+
assert_equal 200, response.status
|
76
|
+
end
|
77
|
+
end
|
147
78
|
end
|
148
|
-
end
|
149
79
|
|
150
|
-
|
151
|
-
describe 'success' do
|
80
|
+
describe 'failed request' do
|
152
81
|
before do
|
153
|
-
request.headers['Authorization'] = @
|
82
|
+
request.headers['Authorization'] = "token=bogus client=#{@client_id} uid=#{@user.uid}"
|
154
83
|
xhr :get, :members_only
|
155
|
-
|
156
|
-
@first_is_batch_request = assigns(:is_batch_request)
|
157
|
-
@first_user = assigns(:user)
|
158
|
-
@first_auth_headers = response.headers['Authorization']
|
159
|
-
|
160
|
-
request.headers['Authorization'] = @auth_header
|
161
|
-
xhr :get, :members_only
|
162
|
-
|
163
|
-
@second_is_batch_request = assigns(:is_batch_request)
|
164
|
-
@second_user = assigns(:user)
|
165
|
-
@second_auth_headers = response.headers['Authorization']
|
166
84
|
end
|
167
85
|
|
168
|
-
it 'should
|
169
|
-
|
86
|
+
it 'should not return any auth headers' do
|
87
|
+
refute response.headers['Authorization']
|
170
88
|
end
|
171
89
|
|
172
|
-
it 'should return
|
173
|
-
assert_equal
|
90
|
+
it 'should return error: unauthorized status' do
|
91
|
+
assert_equal 401, response.status
|
174
92
|
end
|
175
93
|
end
|
176
94
|
|
177
|
-
describe '
|
95
|
+
describe 'disable change_headers_on_each_request' do
|
178
96
|
before do
|
97
|
+
DeviseTokenAuth.change_headers_on_each_request = false
|
179
98
|
@user.reload
|
180
99
|
age_token(@user, @client_id)
|
181
100
|
|
@@ -200,69 +119,152 @@ class DemoControllerTest < ActionController::TestCase
|
|
200
119
|
@second_response_status = response.status
|
201
120
|
end
|
202
121
|
|
122
|
+
after do
|
123
|
+
DeviseTokenAuth.change_headers_on_each_request = true
|
124
|
+
end
|
125
|
+
|
203
126
|
it 'should allow the first request through' do
|
204
127
|
assert_equal 200, @first_response_status
|
205
128
|
end
|
206
129
|
|
207
|
-
it 'should
|
208
|
-
assert_equal
|
130
|
+
it 'should allow the second request through' do
|
131
|
+
assert_equal 200, @second_response_status
|
209
132
|
end
|
210
133
|
|
211
134
|
it 'should return auth headers from the first request' do
|
212
135
|
assert @first_auth_headers
|
213
136
|
end
|
214
137
|
|
215
|
-
it 'should
|
216
|
-
|
138
|
+
it 'should return auth headers from the second request' do
|
139
|
+
assert @second_auth_headers
|
217
140
|
end
|
218
141
|
|
219
142
|
it 'should define user during first request' do
|
220
143
|
assert @first_user
|
221
144
|
end
|
222
145
|
|
223
|
-
it 'should
|
224
|
-
|
146
|
+
it 'should define user during second request' do
|
147
|
+
assert @second_user
|
225
148
|
end
|
226
149
|
end
|
227
|
-
end
|
228
|
-
end
|
229
150
|
|
230
|
-
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
151
|
+
describe 'batch requests' do
|
152
|
+
describe 'success' do
|
153
|
+
before do
|
154
|
+
request.headers['Authorization'] = @auth_header
|
155
|
+
xhr :get, :members_only
|
235
156
|
|
236
|
-
|
237
|
-
|
238
|
-
|
157
|
+
@first_is_batch_request = assigns(:is_batch_request)
|
158
|
+
@first_user = assigns(:user)
|
159
|
+
@first_auth_headers = response.headers['Authorization']
|
160
|
+
|
161
|
+
request.headers['Authorization'] = @auth_header
|
162
|
+
xhr :get, :members_only
|
163
|
+
|
164
|
+
@second_is_batch_request = assigns(:is_batch_request)
|
165
|
+
@second_user = assigns(:user)
|
166
|
+
@second_auth_headers = response.headers['Authorization']
|
167
|
+
end
|
168
|
+
|
169
|
+
it 'should allow both requests through' do
|
170
|
+
assert_equal 200, response.status
|
171
|
+
end
|
172
|
+
|
173
|
+
it 'should return the same auth headers for both requests' do
|
174
|
+
assert_equal @first_auth_headers, @second_auth_headers
|
175
|
+
end
|
176
|
+
end
|
177
|
+
|
178
|
+
describe 'time out' do
|
179
|
+
before do
|
180
|
+
@user.reload
|
181
|
+
age_token(@user, @client_id)
|
182
|
+
|
183
|
+
request.headers['Authorization'] = @auth_header
|
184
|
+
xhr :get, :members_only
|
239
185
|
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
186
|
+
@first_is_batch_request = assigns(:is_batch_request)
|
187
|
+
@first_user = assigns(:user).dup
|
188
|
+
@first_auth_headers = response.headers['Authorization'].clone
|
189
|
+
@first_response_status = response.status
|
244
190
|
|
245
|
-
|
191
|
+
@user.reload
|
192
|
+
age_token(@user, @client_id)
|
246
193
|
|
247
|
-
|
248
|
-
|
249
|
-
|
194
|
+
# use expired auth header
|
195
|
+
request.headers['Authorization'] = @auth_header
|
196
|
+
xhr :get, :members_only
|
250
197
|
|
251
|
-
|
252
|
-
|
198
|
+
@second_is_batch_request = assigns(:is_batch_request)
|
199
|
+
@second_user = assigns(:user)
|
200
|
+
@second_auth_headers = response.headers['Authorization']
|
201
|
+
@second_response_status = response.status
|
202
|
+
end
|
253
203
|
|
254
|
-
|
255
|
-
|
204
|
+
it 'should allow the first request through' do
|
205
|
+
assert_equal 200, @first_response_status
|
206
|
+
end
|
256
207
|
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
208
|
+
it 'should not allow the second request through' do
|
209
|
+
assert_equal 401, @second_response_status
|
210
|
+
end
|
211
|
+
|
212
|
+
it 'should return auth headers from the first request' do
|
213
|
+
assert @first_auth_headers
|
214
|
+
end
|
215
|
+
|
216
|
+
it 'should not return auth headers from the second request' do
|
217
|
+
refute @second_auth_headers
|
218
|
+
end
|
219
|
+
|
220
|
+
it 'should define user during first request' do
|
221
|
+
assert @first_user
|
222
|
+
end
|
223
|
+
|
224
|
+
it 'should not define user during second request' do
|
225
|
+
refute @second_user
|
226
|
+
end
|
227
|
+
end
|
228
|
+
end
|
262
229
|
end
|
263
230
|
|
264
|
-
|
265
|
-
|
231
|
+
# test with non-standard user class
|
232
|
+
describe "Alternate user class" do
|
233
|
+
setup do
|
234
|
+
@request.env['devise.mapping'] = Devise.mappings[:mang]
|
235
|
+
end
|
236
|
+
|
237
|
+
teardown do
|
238
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
239
|
+
end
|
240
|
+
|
241
|
+
before do
|
242
|
+
@user = mangs(:confirmed_email_user)
|
243
|
+
@user.skip_confirmation!
|
244
|
+
@user.save!
|
245
|
+
|
246
|
+
@auth_header = @user.create_new_auth_token
|
247
|
+
|
248
|
+
@token = @auth_header[/token=(.*?) /,1]
|
249
|
+
@client_id = @auth_header[/client=(.*?) /,1]
|
250
|
+
@expiry = @auth_header[/expiry=(.*?) /,1]
|
251
|
+
|
252
|
+
# ensure that request is not treated as batch request
|
253
|
+
age_token(@user, @client_id)
|
254
|
+
|
255
|
+
request.headers['Authorization'] = @auth_header
|
256
|
+
xhr :get, :members_only
|
257
|
+
|
258
|
+
@resp_auth_header = response.headers['Authorization']
|
259
|
+
@resp_token = @resp_auth_header[/token=(.*?) /,1]
|
260
|
+
@resp_client_id = @resp_auth_header[/client=(.*?) /,1]
|
261
|
+
@resp_expiry = @resp_auth_header[/expiry=(.*?) /,1]
|
262
|
+
@resp_uid = @resp_auth_header[/uid=(.*?)$/,1]
|
263
|
+
end
|
264
|
+
|
265
|
+
it 'should return success status' do
|
266
|
+
assert_equal 200, response.status
|
267
|
+
end
|
266
268
|
end
|
267
269
|
end
|
268
270
|
end
|