devise_token_auth_multitenancy 1.1.3.alpha1

data/lib/generators/devise_token_auth/install_generator.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+require_relative 'install_generator_helpers'
+
+module DeviseTokenAuth
+  class InstallGenerator < Rails::Generators::Base
+    include Rails::Generators::Migration
+    include DeviseTokenAuth::InstallGeneratorHelpers
+
+    class_option :primary_key_type, type: :string, desc: 'The type for primary key'
+
+    def copy_migrations
+      if self.class.migration_exists?('db/migrate', "devise_token_auth_create_#{user_class.pluralize.gsub('::','').underscore}")
+        say_status('skipped', "Migration 'devise_token_auth_create_#{user_class.pluralize.gsub('::','').underscore}' already exists")
+      else
+        migration_template(
+          'devise_token_auth_create_users.rb.erb',
+          "db/migrate/devise_token_auth_create_#{user_class.pluralize.gsub('::','').underscore}.rb"
+        )
+      end
+    end
+
+    def create_user_model
+      fname = "app/models/#{user_class.underscore}.rb"
+      if File.exist?(File.join(destination_root, fname))
+        inclusion = 'include DeviseTokenAuth::Concerns::User'
+        unless parse_file_for_line(fname, inclusion)
+
+          active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
+          inject_into_file fname, after: "class #{user_class} < #{active_record_needle}\n" do <<-'RUBY'
+            # Include default devise modules.
+            devise :database_authenticatable, :registerable,
+                    :recoverable, :rememberable, :trackable, :validatable,
+                    :confirmable, :omniauthable
+            include DeviseTokenAuth::Concerns::User
+            RUBY
+          end
+        end
+      else
+        template('user.rb.erb', fname)
+      end
+    end
+
+    private
+
+    def self.next_migration_number(path)
+      Time.zone.now.utc.strftime('%Y%m%d%H%M%S')
+    end
+
+    def json_supported_database?
+      (postgres? && postgres_correct_version?) || (mysql? && mysql_correct_version?)
+    end
+
+    def postgres?
+      database_name == 'ActiveRecord::ConnectionAdapters::PostgreSQLAdapter'
+    end
+
+    def postgres_correct_version?
+      database_version > '9.3'
+    end
+
+    def mysql?
+      database_name == 'ActiveRecord::ConnectionAdapters::MysqlAdapter'
+    end
+
+    def mysql_correct_version?
+      database_version > '5.7.7'
+    end
+
+    def database_name
+      ActiveRecord::Base.connection.class.name
+    end
+
+    def database_version
+      ActiveRecord::Base.connection.select_value('SELECT VERSION()')
+    end
+
+    def rails_5_or_newer?
+      Rails::VERSION::MAJOR >= 5
+    end
+
+    def primary_key_type
+      primary_key_string if rails_5_or_newer?
+    end
+
+    def primary_key_string
+      key_string = options[:primary_key_type]
+      ", id: :#{key_string}" if key_string
+    end
+  end
+end

data/lib/generators/devise_token_auth/install_generator_helpers.rb

@@ -0,0 +1,98 @@
+module DeviseTokenAuth
+  module InstallGeneratorHelpers
+    class << self
+      def included(mod)
+        mod.class_eval do
+          source_root File.expand_path('templates', __dir__)
+
+          argument :user_class, type: :string, default: 'User'
+          argument :mount_path, type: :string, default: 'auth'
+
+          def create_initializer_file
+            copy_file('devise_token_auth.rb', 'config/initializers/devise_token_auth.rb')
+          end
+
+          def include_controller_concerns
+            fname = 'app/controllers/application_controller.rb'
+            line  = 'include DeviseTokenAuth::Concerns::SetUserByToken'
+
+            if File.exist?(File.join(destination_root, fname))
+              if parse_file_for_line(fname, line)
+                say_status('skipped', 'Concern is already included in the application controller.')
+              elsif is_rails_api?
+                inject_into_file fname, after: "class ApplicationController < ActionController::API\n" do <<-'RUBY'
+        include DeviseTokenAuth::Concerns::SetUserByToken
+                RUBY
+                end
+              else
+                inject_into_file fname, after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
+        include DeviseTokenAuth::Concerns::SetUserByToken
+                RUBY
+                end
+              end
+            else
+              say_status('skipped', "app/controllers/application_controller.rb not found. Add 'include DeviseTokenAuth::Concerns::SetUserByToken' to any controllers that require authentication.")
+            end
+          end
+
+          def add_route_mount
+            f    = 'config/routes.rb'
+            str  = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
+
+            if File.exist?(File.join(destination_root, f))
+              line = parse_file_for_line(f, 'mount_devise_token_auth_for')
+
+              if line
+                existing_user_class = true
+              else
+                line = 'Rails.application.routes.draw do'
+                existing_user_class = false
+              end
+
+              if parse_file_for_line(f, str)
+                say_status('skipped', "Routes already exist for #{user_class} at #{mount_path}")
+              else
+                insert_after_line(f, line, str)
+
+                if existing_user_class
+                  scoped_routes = ''\
+                    "as :#{user_class.underscore} do\n"\
+                    "    # Define routes for #{user_class} within this block.\n"\
+                    "  end\n"
+                  insert_after_line(f, str, scoped_routes)
+                end
+              end
+            else
+              say_status('skipped', "config/routes.rb not found. Add \"mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'\" to your routes file.")
+            end
+          end
+
+          private
+
+          def insert_after_line(filename, line, str)
+            gsub_file filename, /(#{Regexp.escape(line)})/mi do |match|
+              "#{match}\n  #{str}"
+            end
+          end
+
+          def parse_file_for_line(filename, str)
+            match = false
+
+            File.open(File.join(destination_root, filename)) do |f|
+              f.each_line do |line|
+                match = line if line =~ /(#{Regexp.escape(str)})/mi
+              end
+            end
+            match
+          end
+
+          def is_rails_api?
+            fname = 'app/controllers/application_controller.rb'
+            line = 'class ApplicationController < ActionController::API'
+            parse_file_for_line(fname, line)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/generators/devise_token_auth/install_mongoid_generator.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require_relative 'install_generator_helpers'
+
+module DeviseTokenAuth
+  class InstallMongoidGenerator < Rails::Generators::Base
+    include DeviseTokenAuth::InstallGeneratorHelpers
+
+    def create_user_model
+      fname = "app/models/#{user_class.underscore}.rb"
+      if File.exist?(File.join(destination_root, fname))
+        inclusion = 'include DeviseTokenAuth::Concerns::User'
+        unless parse_file_for_line(fname, inclusion)
+          inject_into_file fname, before: /end\s\z/ do <<-'RUBY'
+
+  include Mongoid::Locker
+
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :validatable
+  include DeviseTokenAuth::Concerns::User
+
+  index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
+            RUBY
+          end
+        end
+      else
+        template('user_mongoid.rb.erb', fname)
+      end
+    end
+  end
+end

data/lib/generators/devise_token_auth/install_views_generator.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module DeviseTokenAuth
+  class InstallViewsGenerator < Rails::Generators::Base
+    source_root File.expand_path('../../../app/views/devise/mailer', __dir__)
+
+    def copy_mailer_templates
+      copy_file(
+        'confirmation_instructions.html.erb',
+        'app/views/devise/mailer/confirmation_instructions.html.erb'
+      )
+      copy_file(
+        'reset_password_instructions.html.erb',
+        'app/views/devise/mailer/reset_password_instructions.html.erb'
+      )
+    end
+  end
+end

data/lib/generators/devise_token_auth/templates/devise_token_auth.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+DeviseTokenAuth.setup do |config|
+  # By default the authorization headers will change after each request. The
+  # client is responsible for keeping track of the changing tokens. Change
+  # this to false to prevent the Authorization header from changing after
+  # each request.
+  # config.change_headers_on_each_request = true
+
+  # By default, users will need to re-authenticate after 2 weeks. This setting
+  # determines how long tokens will remain valid after they are issued.
+  # config.token_lifespan = 2.weeks
+
+  # Limiting the token_cost to just 4 in testing will increase the performance of
+  # your test suite dramatically. The possible cost value is within range from 4
+  # to 31. It is recommended to not use a value more than 10 in other environments.
+  config.token_cost = Rails.env.test? ? 4 : 10
+
+  # Sets the max number of concurrent devices per user, which is 10 by default.
+  # After this limit is reached, the oldest tokens will be removed.
+  # config.max_number_of_devices = 10
+
+  # Sometimes it's necessary to make several requests to the API at the same
+  # time. In this case, each request in the batch will need to share the same
+  # auth token. This setting determines how far apart the requests can be while
+  # still using the same auth token.
+  # config.batch_request_buffer_throttle = 5.seconds
+
+  # This route will be the prefix for all oauth2 redirect callbacks. For
+  # example, using the default '/omniauth', the github oauth2 provider will
+  # redirect successful authentications to '/omniauth/github/callback'
+  # config.omniauth_prefix = "/omniauth"
+
+  # By default sending current password is not needed for the password update.
+  # Uncomment to enforce current_password param to be checked before all
+  # attribute updates. Set it to :password if you want it to be checked only if
+  # password is updated.
+  # config.check_current_password_before_update = :attributes
+
+  # By default we will use callbacks for single omniauth.
+  # It depends on fields like email, provider and uid.
+  # config.default_callbacks = true
+
+  # Makes it possible to change the headers names
+  # config.headers_names = {:'access-token' => 'access-token',
+  #                        :'client' => 'client',
+  #                        :'expiry' => 'expiry',
+  #                        :'uid' => 'uid',
+  #                        :'token-type' => 'token-type' }
+
+  # By default, only Bearer Token authentication is implemented out of the box.
+  # If, however, you wish to integrate with legacy Devise authentication, you can
+  # do so by enabling this flag. NOTE: This feature is highly experimental!
+  # config.enable_standard_devise_support = false
+
+  # By default DeviseTokenAuth will not send confirmation email, even when including
+  # devise confirmable module. If you want to use devise confirmable module and
+  # send email, set it to true. (This is a setting for compatibility)
+  # config.send_confirmation_email = true
+end

data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb

@@ -0,0 +1,49 @@
+class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRecord::Migration<%= "[#{Rails::VERSION::STRING[0..2]}]" if Rails::VERSION::MAJOR > 4 %>
+  def change
+    <% table_name = @user_class.pluralize.gsub("::","").underscore %>
+    create_table(:<%= table_name %><%= primary_key_type %>) do |t|
+      ## Required
+      t.string :provider, :null => false, :default => "email"
+      t.string :uid, :null => false, :default => ""
+
+      ## Database authenticatable
+      t.string :encrypted_password, :null => false, :default => ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+      t.boolean  :allow_password_change, :default => false
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+      ## User Info
+      t.string :name
+      t.string :nickname
+      t.string :image
+      t.string :email
+
+      ## Tokens
+      <%= json_supported_database? ? 't.json :tokens' : 't.text :tokens' %>
+
+      t.timestamps
+    end
+
+    add_index :<%= table_name %>, :email,                unique: true
+    add_index :<%= table_name %>, [:uid, :provider],     unique: true
+    add_index :<%= table_name %>, :reset_password_token, unique: true
+    add_index :<%= table_name %>, :confirmation_token,   unique: true
+    # add_index :<%= table_name %>, :unlock_token,       unique: true
+  end
+end

data/lib/generators/devise_token_auth/templates/user.rb.erb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class <%= user_class %> < ActiveRecord::Base
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :validatable
+  include DeviseTokenAuth::Concerns::User
+end

data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+class <%= user_class %>
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+
+  ## Recoverable
+  field :reset_password_token,        type: String
+  field :reset_password_sent_at,      type: Time
+  field :reset_password_redirect_url, type: String
+  field :allow_password_change,       type: Boolean, default: false
+
+  ## Rememberable
+  field :remember_created_at, type: Time
+
+  ## Confirmable
+  field :confirmation_token,   type: String
+  field :confirmed_at,         type: Time
+  field :confirmation_sent_at, type: Time
+  field :unconfirmed_email,    type: String # Only if using reconfirmable
+
+  ## Lockable
+  # field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
+  # field :unlock_token,    type: String # Only if unlock strategy is :email or :both
+  # field :locked_at,       type: Time
+
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :validatable
+  include DeviseTokenAuth::Concerns::User
+
+  index({ email: 1 }, { name: 'email_index', unique: true, background: true })
+  index({ reset_password_token: 1 }, { name: 'reset_password_token_index', unique: true, sparse: true, background: true })
+  index({ confirmation_token: 1 }, { name: 'confirmation_token_index', unique: true, sparse: true, background: true })
+  index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
+  # index({ unlock_token: 1 }, { name: 'unlock_token_index', unique: true, sparse: true, background: true })
+end

data/lib/tasks/devise_token_auth_tasks.rake

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+# desc "Explaining what the task does"
+# task :devise_token_auth do
+#   # Task goes here
+# end

data/test/controllers/custom/custom_confirmations_controller_test.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class Custom::ConfirmationsControllerTest < ActionController::TestCase
+  describe Custom::ConfirmationsController do
+    include CustomControllersRoutes
+
+    before do
+      @redirect_url = Faker::Internet.url
+      @new_user = create(:user)
+      @new_user.send_confirmation_instructions(redirect_url: @redirect_url)
+      @mail          = ActionMailer::Base.deliveries.last
+      @token         = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
+      @client_config = @mail.body.match(/config=([^&]*)&/)[1]
+
+      get :show,
+          params: { confirmation_token: @token, redirect_url: @redirect_url }
+    end
+
+    test 'yield resource to block on show success' do
+      assert @controller.show_block_called?, 'show failed to yield resource to provided block'
+    end
+  end
+end

data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class Custom::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
+  describe Custom::OmniauthCallbacksController do
+    include CustomControllersRoutes
+
+    setup do
+      OmniAuth.config.test_mode = true
+      OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
+        provider: 'facebook',
+        uid: '123545',
+        info: {
+          name: 'swong',
+          email: 'swongsong@yandex.ru'
+        }
+      )
+    end
+
+    test 'yield resource to block on omniauth_success success' do
+      @redirect_url = 'http://ng-token-auth.dev/'
+      get '/nice_user_auth/facebook',
+          params: { auth_origin_url: @redirect_url,
+                    omniauth_window_type: 'newWindow' }
+
+      follow_all_redirects!
+
+      assert @controller.omniauth_success_block_called?,
+             'omniauth_success failed to yield resource to provided block'
+    end
+  end
+end

data/test/controllers/custom/custom_passwords_controller_test.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class Custom::PasswordsControllerTest < ActionController::TestCase
+  describe Custom::PasswordsController do
+    include CustomControllersRoutes
+
+    before do
+      @resource = create(:user, :confirmed)
+      @redirect_url = 'http://ng-token-auth.dev'
+    end
+
+    test 'yield resource to block on create success' do
+      post :create,
+           params: { email:  @resource.email,
+                     redirect_url: @redirect_url }
+
+      @mail = ActionMailer::Base.deliveries.last
+      @resource.reload
+
+      @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
+      @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
+      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)\"/)[1]
+
+      assert @controller.create_block_called?,
+             'create failed to yield resource to provided block'
+    end
+
+    test 'yield resource to block on edit success' do
+      @resource = create(:user)
+      @redirect_url = 'http://ng-token-auth.dev'
+
+      post :create,
+           params: { email:  @resource.email,
+                     redirect_url: @redirect_url },
+           xhr: true
+
+      @mail = ActionMailer::Base.deliveries.last
+      @resource.reload
+
+      @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
+      @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
+      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)\"/)[1]
+
+      get :edit,
+          params: { reset_password_token: @mail_reset_token,
+                    redirect_url: @mail_redirect_url },
+          xhr: true
+      @resource.reload
+      assert @controller.edit_block_called?,
+             'edit failed to yield resource to provided block'
+    end
+
+    test 'yield resource to block on update success' do
+      @auth_headers = @resource.create_new_auth_token
+      request.headers.merge!(@auth_headers)
+      @new_password = Faker::Internet.password
+      put :update,
+          params: { password: @new_password,
+                    password_confirmation: @new_password }
+      assert @controller.update_block_called?, 'update failed to yield resource to provided block'
+    end
+
+    test 'yield resource to block on update success with custom json' do
+      @auth_headers = @resource.create_new_auth_token
+      request.headers.merge!(@auth_headers)
+      @new_password = Faker::Internet.password
+      put :update,
+          params: { password: @new_password,
+                    password_confirmation: @new_password }
+
+      @data = JSON.parse(response.body)
+
+      assert @controller.update_block_called?, 'update failed to yield resource to provided block'
+      assert_equal @data['custom'], 'foo'
+    end
+  end
+end

data/test/controllers/custom/custom_registrations_controller_test.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  describe Custom::RegistrationsController do
+    include CustomControllersRoutes
+
+    before do
+      @create_params = attributes_for(:user,
+        confirm_success_url: Faker::Internet.url,
+        unpermitted_param: '(x_x)')
+
+      @existing_user = create(:user, :confirmed)
+      @auth_headers  = @existing_user.create_new_auth_token
+      @client_id     = @auth_headers['client']
+
+      # ensure request is not treated as batch request
+      age_token(@existing_user, @client_id)
+    end
+
+    test 'yield resource to block on create success' do
+      post '/nice_user_auth', params: @create_params
+      assert @controller.create_block_called?,
+             'create failed to yield resource to provided block'
+    end
+
+    test 'yield resource to block on create success with custom json' do
+      post '/nice_user_auth', params: @create_params
+
+      @data = JSON.parse(response.body)
+
+      assert @controller.create_block_called?,
+             'create failed to yield resource to provided block'
+      assert_equal @data['custom'], 'foo'
+    end
+
+    test 'yield resource to block on update success' do
+      put '/nice_user_auth',
+          params: {
+            nickname: "Ol' Sunshine-face"
+          },
+          headers: @auth_headers
+      assert @controller.update_block_called?,
+             'update failed to yield resource to provided block'
+    end
+
+    test 'yield resource to block on destroy success' do
+      delete '/nice_user_auth', headers: @auth_headers
+      assert @controller.destroy_block_called?,
+             'destroy failed to yield resource to provided block'
+    end
+
+    describe 'when overriding #build_resource' do
+      test 'it fails' do
+        Custom::RegistrationsController.any_instance.stubs(:build_resource).returns(nil)
+        assert_raises DeviseTokenAuth::Errors::NoResourceDefinedError do
+          post '/nice_user_auth', params: @create_params
+        end
+      end
+    end
+  end
+end

data/test/controllers/custom/custom_sessions_controller_test.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class Custom::SessionsControllerTest < ActionController::TestCase
+  describe Custom::SessionsController do
+    include CustomControllersRoutes
+
+    before do
+      @existing_user = create(:user, :confirmed)
+    end
+
+    test 'yield resource to block on create success' do
+      post :create,
+           params: {
+             email: @existing_user.email,
+             password: @existing_user.password
+           }
+      assert @controller.create_block_called?,
+             'create failed to yield resource to provided block'
+    end
+
+    test 'yield resource to block on destroy success' do
+      @auth_headers = @existing_user.create_new_auth_token
+      request.headers.merge!(@auth_headers)
+      delete :destroy, format: :json
+      assert @controller.destroy_block_called?,
+             'destroy failed to yield resource to provided block'
+    end
+
+    test 'render method override' do
+      post :create,
+           params: { email: @existing_user.email,
+                     password: @existing_user.password }
+      @data = JSON.parse(response.body)
+      assert_equal @data['custom'], 'foo'
+    end
+  end
+end