devise_token_auth 0.1.28 → 0.1.29.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5a97968a706152912c6f7d8357340e0e6885ba6a
-  data.tar.gz: 476575b95c813c9af74617898a3dee647ced5d76
+  metadata.gz: 27aae401ac1cd56896e88990fafd43722ae0874d
+  data.tar.gz: 641556555fefe2509adf75b29125a94abb9ca14a
 SHA512:
-  metadata.gz: 3a5344cdc51f5691c5711463e865acf2ff53e18588a9ae99d0c244b15c5addf3267ef32cc68368778da8aca27aeaea5a2b79dab67ba7973317ba0264d84b290d
-  data.tar.gz: ba19c67607c5d8b06e5695ecf60763bdcd6c012e7b1183f8bae309e5dcddc6193cbfc5d37e97a2dbc9c2d1b630e559e51a11612de6909024f7e0114027a0a3fd
+  metadata.gz: a439fc3a695c0aeec35b4a15b9c5da795fa66ceffe917d03a3b9da79ebe713b59a742af02911f0bd0d301a79f6c5785c101dda0ea15fc93dc44b7614e556fb76
+  data.tar.gz: f6e51f041bee6233ffa21a92888fc62fcd1be9fd871bc233c946e2735b3745e3f0a0d640ba7eb26ab486eea759d49acdf8ab108e6b268412bcbf73b10826d581

data/README.md

@@ -42,6 +42,7 @@ The fully configured api used in the demo can be found [here](https://github.com
   * [Controller Integration](#controller-concerns)
   * [Model Integration](#model-concerns)
   * [Using Multiple User Classes](#using-multiple-models)
+  * [Custom Controller Overrides](#custom-controller-overrides)
 * [Conceptual Diagrams](#conceptual)
   * [Token Management](#about-token-management)
   * [Batch Requests](#about-batch-requests)
@@ -75,12 +76,18 @@ You will need to create a [user model](#model-concerns), [define routes](#mounti
 rails g devise_token_auth:install [USER_CLASS] [MOUNT_PATH]
 ~~~
 
+**Example**:
+
+~~~bash
+rails g devise_token_auth:install User /auth
+~~~
+
 This generator accepts the following optional arguments:
 
 | Argument | Default | Description |
 |---|---|---|
 | USER_CLASS | `User` | The name of the class to use for user authentication. |
-| MOUNT_PATH | `auth` | The path at which to mount the authentication routes. [Read more](#usage). |
+| MOUNT_PATH | `/auth` | The path at which to mount the authentication routes. [Read more](#usage). |
 
 The following events will take place when using the install generator:
 
@@ -498,6 +505,59 @@ In the above example, the following methods will be available (in addition to `c
   * `current_member`
   * `member_signed_in?`
 
+## Custom Controller Overrides
+
+The built-in controllers can be overridden with your own custom controllers. 
+
+For example, the default behavior of the [`validate_token`](https://github.com/lynndylanhurley/devise_token_auth/blob/8a33d25deaedb4809b219e557e82ec7ec61bf940/app/controllers/devise_token_auth/token_validations_controller.rb#L6) method of the [`TokenValidationController`](https://github.com/lynndylanhurley/devise_token_auth/blob/8a33d25deaedb4809b219e557e82ec7ec61bf940/app/controllers/devise_token_auth/token_validations_controller.rb) is to return the `User` object as json (sans password and token data). The following example shows how to override the `validate_token` action to include a model method as well.
+
+##### Example: controller overrides
+
+~~~ruby
+# config/routes.rb
+Rails.application.routes.draw do
+  ...  
+  mount_devise_token_auth_for 'User', at: '/auth', controllers: {
+    token_validations:  'overrides/token_validations'
+  }
+end
+
+# app/controllers/overrides/token_validations_controller.rb
+module Overrides
+  class TokenValidationsController < DeviseTokenAuth::TokenValidationsController
+
+    def validate_token
+      # @user will have been set by set_user_by_token concern
+      if @user
+        render json: {
+          data: @user.as_json(methods: :calculate_operating_thetan)
+        }
+      else
+        render json: {
+          success: false,
+          errors: ["Invalid login credentials"]
+        }, status: 401
+      end
+    end
+  end
+end
+~~~
+
+##### Example: all :controller options with default settings:
+
+~~~ruby
+mount_devise_token_auth_for 'User', at: '/auth', controllers: {
+  confirmations:      'devise_token_auth/confirmations',
+  passwords:          'devise_token_auth/passwords',
+  omniauth_callbacks: 'devise_token_auth/omniauth_callbacks',
+  registrations:      'devise_token_auth/registrations',
+  sessions:           'devise_token_auth/sessions',
+  token_validations:  'devise_token_auth/token_validations'
+}
+~~~
+
+**Note:** Controller overrides must implement the expected actions of the controllers that they replace.
+
 # Conceptual
 
 None of the following information is required to use this gem, but read on if you're curious.

data/app/controllers/devise_token_auth/{auth_controller.rb → omniauth_callbacks_controller.rb}

@@ -1,25 +1,6 @@
 module DeviseTokenAuth
-  class AuthController < DeviseTokenAuth::ApplicationController
+  class OmniauthCallbacksController < DeviseTokenAuth::ApplicationController
     skip_after_filter :update_auth_header, :only => [:omniauth_success, :omniauth_failure]
-    skip_before_filter :assert_is_devise_resource!, :only => [:validate_token]
-    before_filter :set_user_by_token, :only => [:validate_token]
-
-    def validate_token
-      # @user will have been set by set_user_token concern
-      if @user
-        render json: {
-          success: true,
-          data: @user.as_json(except: [
-            :tokens, :confirm_success_url, :reset_password_redirect_url, :created_at, :updated_at
-          ])
-        }
-      else
-        render json: {
-          success: false,
-          errors: ["Invalid login credentials"]
-        }, status: 401
-      end
-    end
 
     def omniauth_success
       # find or create user by provider and provider uid
@@ -32,7 +13,7 @@ module DeviseTokenAuth
       @client_id = SecureRandom.urlsafe_base64(nil, false)
       @token     = SecureRandom.urlsafe_base64(nil, false)
 
-      @auth_origin_url = generate_url(request.env['omniauth.params']['auth_origin_url'], {
+      @auth_origin_url = generate_url(auth_params['auth_origin_url'], {
         token:     @token,
         client_id: @client_id,
         uid:       @user.uid
@@ -52,12 +33,7 @@ module DeviseTokenAuth
       }
 
       # sync user info with provider, update/generate auth token
-      @user.assign_attributes({
-        nickname: auth_hash['info']['nickname'],
-        name:     auth_hash['info']['name'],
-        image:    auth_hash['info']['image'],
-        email:    auth_hash['info']['email']
-      })
+      assign_provider_attrs(@user, auth_hash)
 
       # assign any additional (whitelisted) attributes
       extra_params = whitelisted_params
@@ -74,6 +50,15 @@ module DeviseTokenAuth
       end
     end
 
+    def assign_provider_attrs(user, auth_hash)
+      user.assign_attributes({
+        nickname: auth_hash['info']['nickname'],
+        name:     auth_hash['info']['name'],
+        image:    auth_hash['info']['image'],
+        email:    auth_hash['info']['email']
+      })
+    end
+
     def omniauth_failure
       @error = params[:message]
 
@@ -83,14 +68,18 @@ module DeviseTokenAuth
     end
 
     def auth_hash
-      request.env['omniauth.auth']
+      params["auth_hash"]
+    end
+
+    def auth_params
+      params["auth_params"]
     end
 
     def whitelisted_params
       whitelist = devise_parameter_sanitizer.for(:sign_up)
 
       whitelist.inject({}){|coll, key|
-        param = request.env['omniauth.params'][key.to_s]
+        param = auth_params[key.to_s]
         if param
           coll[key] = param
         end
@@ -104,8 +93,8 @@ module DeviseTokenAuth
 
     # pull resource class from omniauth return
     def resource_name
-      if request.env['omniauth.params']
-        request.env['omniauth.params']['resource_class'].constantize
+      if auth_params
+        auth_params['resource_class'].constantize
       else
         super
       end
@@ -113,8 +102,8 @@ module DeviseTokenAuth
 
     # necessary for access to devise_parameter_sanitizers
     def devise_mapping
-      if request.env['omniauth.params']
-        Devise.mappings[request.env['omniauth.params']['resource_class'].underscore.to_sym]
+      if auth_params
+        Devise.mappings[auth_params['resource_class'].underscore.to_sym]
       else
         request.env['devise.mapping']
       end

data/app/controllers/devise_token_auth/registrations_controller.rb

@@ -20,6 +20,8 @@ module DeviseTokenAuth
       end
 
       begin
+        # override email confirmation, must be sent manually from ctrl
+        User.skip_callback("create", :after, :send_on_create_confirmation_instructions)
         if @resource.save
           @resource.send_confirmation_instructions({
             client_config: params[:config_name],

data/app/controllers/devise_token_auth/sessions_controller.rb

@@ -19,7 +19,7 @@ module DeviseTokenAuth
 
         render json: {
           data: @user.as_json(except: [
-            :tokens, :confirm_success_url, :reset_password_redirect_url, :created_at, :updated_at
+            :tokens, :created_at, :updated_at
           ])
         }
 

data/app/controllers/devise_token_auth/token_validations_controller.rb

@@ -0,0 +1,23 @@
+module DeviseTokenAuth
+  class TokenValidationsController < DeviseTokenAuth::ApplicationController
+    skip_before_filter :assert_is_devise_resource!, :only => [:validate_token]
+    before_filter :set_user_by_token, :only => [:validate_token]
+
+    def validate_token
+      # @user will have been set by set_user_token concern
+      if @user
+        render json: {
+          success: true,
+          data: @user.as_json(except: [
+            :tokens, :created_at, :updated_at
+          ])
+        }
+      else
+        render json: {
+          success: false,
+          errors: ["Invalid login credentials"]
+        }, status: 401
+      end
+    end
+  end
+end

data/app/models/devise_token_auth/concerns/user.rb

@@ -6,7 +6,7 @@ module DeviseTokenAuth::Concerns::User
     # :confirmable, :lockable, :timeoutable and :omniauthable
     devise :database_authenticatable, :registerable,
           :recoverable, :rememberable, :trackable, :validatable,
-          :confirmable
+          :confirmable, :omniauthable
 
     serialize :tokens, JSON
 
@@ -48,7 +48,6 @@ module DeviseTokenAuth::Concerns::User
       send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)
     end
 
-
     # override devise method to include additional info as opts hash
     def send_reset_password_instructions(opts=nil)
       token = set_reset_password_token
@@ -71,7 +70,6 @@ module DeviseTokenAuth::Concerns::User
   end
 
 
-
   def valid_token?(token, client_id='default')
     client_id ||= 'default'
 

data/config/initializers/devise.rb

@@ -201,12 +201,3 @@ Devise.setup do |config|
     end
   end
 end
-
-
-#module Devise::Mailers::Helpers
-  #protected
-
-  #def headers_for
-
-  #end
-#end

data/config/routes.rb

@@ -1,5 +1,16 @@
 Rails.application.routes.draw do
   if defined?(::OmniAuth)
-    get "#{::OmniAuth::config.path_prefix}/:provider/callback", to: 'devise_token_auth/auth#omniauth_success'
+    match "#{::OmniAuth::config.path_prefix}/:provider/callback", to: redirect {|params, request|
+      devise_mapping = request.env['omniauth.params']['resource_class'].underscore.to_sym
+      mount_point = Devise.mappings[devise_mapping].as_json["path_prefix"]
+
+      qs = {
+        auth_hash:   request.env['omniauth.auth'],
+        auth_params: request.env['omniauth.params']
+      }.to_query
+
+      "#{mount_point}/#{params[:provider]}/callback?#{qs}"
+    }, via: :all
   end
+
 end

data/lib/devise_token_auth/engine.rb

@@ -7,6 +7,14 @@ module DeviseTokenAuth
     initializer "devise_token_auth.url_helpers" do
       Devise.helpers << DeviseTokenAuth::Controllers::Helpers
     end
+
+    initializer "devise_token_auth.omniauth_strategy" do
+      if defined?(::OmniAuth)
+        Devise.with_options model: true do |d|
+          d.add_module(:dta_omniauthable, controller: :omniauth_callbacks, route: :omniauth_callbacks)
+        end
+      end
+    end
   end
 
   mattr_accessor :change_headers_on_each_request,

data/lib/devise_token_auth/rails/routes.rb

@@ -1,22 +1,43 @@
 module ActionDispatch::Routing
   class Mapper
     def mount_devise_token_auth_for(resource, opts)
+      # ensure objects exist to simplify attr checks
+      opts[:controllers] ||= {}
+      opts[:skip]        ||= []
+
+      # check for ctrl overrides, fall back to defaults
+      sessions_ctrl          = opts[:controllers][:sessions] || "devise_token_auth/sessions"
+      registrations_ctrl     = opts[:controllers][:registrations] || "devise_token_auth/registrations"
+      passwords_ctrl         = opts[:controllers][:passwords] || "devise_token_auth/passwords"
+      confirmations_ctrl     = opts[:controllers][:confirmations] || "devise_token_auth/confirmations"
+      token_validations_ctrl = opts[:controllers][:token_validations] || "devise_token_auth/token_validations"
+      omniauth_ctrl          = opts[:controllers][:omniauth_callbacks] || "devise_token_auth/omniauth_callbacks"
+
+      # define devise controller mappings
+      controllers = {:sessions           => sessions_ctrl,
+                     :registrations      => registrations_ctrl,
+                     :passwords          => passwords_ctrl,
+                     :confirmations      => confirmations_ctrl,
+                     :omniauth_callbacks => omniauth_ctrl}
+
+      # remove any unwanted devise modules
+      opts[:skip].each{|item| controllers.delete(item)}
+
       scope opts[:at] do
         devise_for resource.pluralize.underscore.to_sym,
           :class_name  => resource,
           :module      => :devise,
           :path        => "",
-          :controllers => {:sessions      => "devise_token_auth/sessions",
-                           :registrations => "devise_token_auth/registrations",
-                           :passwords     => "devise_token_auth/passwords",
-                           :confirmations => "devise_token_auth/confirmations"}
+          :controllers => controllers
 
         devise_scope resource.underscore.to_sym do
-          get "validate_token",      to: "devise_token_auth/auth#validate_token"
-          if defined?(::OmniAuth)
-            get "failure",             to: "devise_token_auth/auth#omniauth_failure"
-            get ":provider/callback",  to: "devise_token_auth/auth#omniauth_success"
-            post ":provider/callback", to: "devise_token_auth/auth#omniauth_success"
+          # path to verify token validity
+          get "validate_token", to: "#{token_validations_ctrl}#validate_token"
+
+          # omniauth routes. only define if omniauth is installed and not skipped.
+          if defined?(::OmniAuth) and not opts[:skip].include?(:omniauth_callbacks)
+            get "failure",             to: "#{omniauth_ctrl}#omniauth_failure"
+            get ":provider/callback",  to: "#{omniauth_ctrl}#omniauth_success"
 
             # preserve the resource class thru oauth authentication by setting name of
             # resource as "resource_class" param

data/lib/devise_token_auth/version.rb

@@ -1,3 +1,3 @@
 module DeviseTokenAuth
-  VERSION = "0.1.28"
+  VERSION = "0.1.29.beta1"
 end

data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb

@@ -8,7 +8,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
       ## Recoverable
       t.string   :reset_password_token
       t.datetime :reset_password_sent_at
-      t.string   :reset_password_redirect_url
 
       ## Rememberable
       t.datetime :remember_created_at
@@ -24,7 +23,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
       t.string   :confirmation_token
       t.datetime :confirmed_at
       t.datetime :confirmation_sent_at
-      t.string   :confirm_success_url
       t.string   :unconfirmed_email # Only if using reconfirmable
 
       ## Lockable

data/test/controllers/devise_token_auth/{auth_controller_test.rb → omniauth_callbacks_controller_test.rb}

@@ -38,11 +38,11 @@ class OmniauthTest < ActionDispatch::IntegrationTest
       end
 
       test 'request should determine the correct resource_class' do
-        assert_equal 'User', request.env['omniauth.params']['resource_class']
+        assert_equal 'User', controller.auth_params['resource_class']
       end
 
       test 'request should pass correct redirect_url' do
-        assert_equal @redirect_url, request.env['omniauth.params']['auth_origin_url']
+        assert_equal @redirect_url, controller.auth_params['auth_origin_url']
       end
 
       test 'user should have been created' do
@@ -116,11 +116,11 @@ class OmniauthTest < ActionDispatch::IntegrationTest
       end
 
       test 'request should determine the correct resource_class' do
-        assert_equal 'Mang', request.env['omniauth.params']['resource_class']
+        assert_equal 'Mang', controller.auth_params['resource_class']
       end
 
       test 'request should pass correct redirect_url' do
-        assert_equal @redirect_url, request.env['omniauth.params']['auth_origin_url']
+        assert_equal @redirect_url, controller.auth_params['auth_origin_url']
       end
 
       test 'user should have been created' do

data/test/controllers/devise_token_auth/registrations_controller_test.rb

@@ -10,6 +10,8 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
   describe DeviseTokenAuth::RegistrationsController do
     describe "Successful registration" do
       before do
+        @mails_sent = ActionMailer::Base.deliveries.count
+
         xhr :post, :create, {
           email: Faker::Internet.email,
           password: "secret123",
@@ -46,6 +48,10 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionController::TestCase
       test "new user password should not be returned" do
         assert_nil @data['data']['password']
       end
+
+      test "only one email was sent" do
+        assert_equal @mails_sent + 1, ActionMailer::Base.deliveries.count
+      end
     end
 
     describe "Adding extra params" do