devise_token_auth_headers 1.0.0

data/.gitignore

@@ -0,0 +1,2 @@
+pkg
+.idea

data/Gemfile

@@ -0,0 +1,3 @@
+source "http://rubygems.org"
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,70 @@
+PATH
+  remote: .
+  specs:
+    devise_header_token (1.0.0)
+      devise
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionpack (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.1)
+      rack (~> 1.4.0)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.1.2)
+    activemodel (3.2.3)
+      activesupport (= 3.2.3)
+      builder (~> 3.0.0)
+    activesupport (3.2.3)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    bcrypt-ruby (3.0.1)
+    builder (3.0.0)
+    devise (2.0.4)
+      bcrypt-ruby (~> 3.0)
+      orm_adapter (~> 0.0.3)
+      railties (~> 3.1)
+      warden (~> 1.1.1)
+    erubis (2.7.0)
+    hike (1.2.1)
+    i18n (0.6.0)
+    journey (1.0.3)
+    json (1.7.0)
+    multi_json (1.3.4)
+    orm_adapter (0.0.7)
+    rack (1.4.1)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.2)
+      rack
+    rack-test (0.6.1)
+      rack (>= 1.0)
+    railties (3.2.3)
+      actionpack (= 3.2.3)
+      activesupport (= 3.2.3)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (~> 0.14.6)
+    rake (0.9.2.2)
+    rdoc (3.12)
+      json (~> 1.4)
+    sprockets (2.1.3)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    thor (0.14.6)
+    tilt (1.3.3)
+    warden (1.1.1)
+      rack (>= 1.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  devise_header_token!

data/README.md

@@ -0,0 +1,27 @@
+devise_token_auth_headers
+===================
+
+Patches in support for token authentication via headers in addition to the basic auth or request params for Devise's `token_authenticatable` strategy.
+
+Based on https://github.com/stvp/devise_header_token - if you need to _replace_ params/basic auth support with headers, so
+token in parameters or in basic auth will not work, use it.
+
+Usage
+-----
+
+In your Gemfile:
+
+```ruby
+gem 'devise'
+gem 'devise_token_auth_headers'
+```
+
+In your `config/initializers/devise.rb`, set the authentication key as usual (or use default).
+
+Now you can put your token in your headers. Gem generates two keys
+to check in headers: source key as is was, and X-{source_key.camelize}. Of course it changes '-' to '_' and uses uppercase.
+
+For example, if you use deault key @:auth_token@ then the header keys could be either "AUTH_TOKEN" or "X-AuthToken".
+
+And it all should Just Work™.
+

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+desc 'Default: run specs.'
+task :default => :spec
+
+desc "Run specs"
+RSpec::Core::RakeTask.new

data/devise_token_auth_headers.gemspec

@@ -0,0 +1,18 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name        = "devise_token_auth_headers"
+  s.version     = "1.0.0"
+  s.authors     = ["Sergey Chernov"]
+  s.email       = ["real.sergeych@gmail.com"]
+  s.homepage    = "https://github.com/sergeych/devise_token_auth_headers"
+  s.summary     = "Adds header token authentication for Devise :token_authenticable strategy"
+  s.description = "Patches Devise's token authentication strategy to add header-based token authentication to params/basic auth."
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_runtime_dependency "devise"
+end

data/lib/devise_token_auth_headers.rb

@@ -0,0 +1,12 @@
+module Devise
+  module Models
+    # This is an awful way to load our code, but Devise defers loading its
+    # "strategies" until `devise` is called and provides no way to hook into
+    # that. So we're left with this.
+    alias_method :__original_devise, :devise
+    def devise(*modules)
+      __original_devise(*modules)
+      require 'devise_token_auth_headers/header_token_authenticatable'
+    end
+  end
+end

data/lib/devise_token_auth_headers/header_token_authenticatable.rb

@@ -0,0 +1,43 @@
+module Devise
+  module Strategies
+    class HeaderTokenAuthenticatable < TokenAuthenticatable
+      # Devise accomplishes all the work of authentication through side-effects.
+      # What you see below is a much, much simpler version of how Devise's
+      # strategies normally work.
+      def valid?
+        super or begin
+          if !@header_keys
+            base = mapping.to.token_authentication_key.to_s
+            @header_keys = [base, "X_#{base.camelize}"].map { |x| "HTTP_#{x.upcase}" }
+            puts "Generated header auth keys: #{@header_keys.inspect}"
+          end
+          self.authentication_hash = {}
+          self.authentication_type = :token_auth
+          headers = header_values
+          @header_keys.each { |key|
+            if token = headers[key]
+              self.authentication_hash[mapping.to.token_authentication_key] = token
+              return true
+            end
+          }
+          false
+        end
+      end
+
+      private
+
+      # def header_key
+        # "HTTP_#{mapping.to.token_authentication_key.gsub('-', '_').upcase}"
+      # end
+
+      def header_values
+        env.select { |k, v| k =~ /^HTTP_/ }
+      end
+    end
+  end
+end
+
+# Overwrite the heathen basic auth / params token strategy with our kickin'-rad
+# headers-only strategy.
+Warden::Strategies.add(:token_authenticatable, Devise::Strategies::HeaderTokenAuthenticatable)
+# Warden::Strategies.add(:token_authenticatable, Devise::Strategies::TokenAuthenticatable)

metadata

@@ -0,0 +1,70 @@
+--- !ruby/object:Gem::Specification
+name: devise_token_auth_headers
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+  prerelease: 
+platform: ruby
+authors:
+- Sergey Chernov
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-05-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Patches Devise's token authentication strategy to add header-based token
+  authentication to params/basic auth.
+email:
+- real.sergeych@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- devise_token_auth_headers.gemspec
+- lib/devise_token_auth_headers.rb
+- lib/devise_token_auth_headers/header_token_authenticatable.rb
+homepage: https://github.com/sergeych/devise_token_auth_headers
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Adds header token authentication for Devise :token_authenticable strategy
+test_files: []