devise_token_auth_skycocker_fork 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +13 -0
- data/README.md +97 -0
- data/Rakefile +42 -0
- data/app/controllers/devise_token_auth/application_controller.rb +79 -0
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +44 -0
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +178 -0
- data/app/controllers/devise_token_auth/confirmations_controller.rb +39 -0
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +239 -0
- data/app/controllers/devise_token_auth/passwords_controller.rb +185 -0
- data/app/controllers/devise_token_auth/registrations_controller.rb +198 -0
- data/app/controllers/devise_token_auth/sessions_controller.rb +131 -0
- data/app/controllers/devise_token_auth/token_validations_controller.rb +31 -0
- data/app/controllers/devise_token_auth/unlocks_controller.rb +89 -0
- data/app/models/devise_token_auth/concerns/active_record_support.rb +34 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/user.rb +262 -0
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +28 -0
- data/app/validators/devise_token_auth/email_validator.rb +23 -0
- data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
- data/config/locales/da-DK.yml +50 -0
- data/config/locales/de.yml +49 -0
- data/config/locales/en.yml +50 -0
- data/config/locales/es.yml +49 -0
- data/config/locales/fr.yml +49 -0
- data/config/locales/it.yml +46 -0
- data/config/locales/ja.yml +46 -0
- data/config/locales/nl.yml +30 -0
- data/config/locales/pl.yml +48 -0
- data/config/locales/pt-BR.yml +46 -0
- data/config/locales/pt.yml +48 -0
- data/config/locales/ro.yml +46 -0
- data/config/locales/ru.yml +50 -0
- data/config/locales/sq.yml +46 -0
- data/config/locales/sv.yml +50 -0
- data/config/locales/uk.yml +59 -0
- data/config/locales/vi.yml +50 -0
- data/config/locales/zh-CN.yml +46 -0
- data/config/locales/zh-HK.yml +48 -0
- data/config/locales/zh-TW.yml +48 -0
- data/lib/devise_token_auth.rb +13 -0
- data/lib/devise_token_auth/blacklist.rb +2 -0
- data/lib/devise_token_auth/controllers/helpers.rb +161 -0
- data/lib/devise_token_auth/controllers/url_helpers.rb +10 -0
- data/lib/devise_token_auth/engine.rb +90 -0
- data/lib/devise_token_auth/errors.rb +8 -0
- data/lib/devise_token_auth/rails/routes.rb +116 -0
- data/lib/devise_token_auth/url.rb +41 -0
- data/lib/devise_token_auth/version.rb +5 -0
- data/lib/generators/devise_token_auth/USAGE +31 -0
- data/lib/generators/devise_token_auth/install_generator.rb +91 -0
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/install_views_generator.rb +18 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +50 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +56 -0
- data/lib/generators/devise_token_auth/templates/user.rb.erb +9 -0
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +63 -0
- data/lib/tasks/devise_token_auth_tasks.rake +6 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +25 -0
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +33 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +79 -0
- data/test/controllers/custom/custom_registrations_controller_test.rb +63 -0
- data/test/controllers/custom/custom_sessions_controller_test.rb +39 -0
- data/test/controllers/custom/custom_token_validations_controller_test.rb +42 -0
- data/test/controllers/demo_group_controller_test.rb +151 -0
- data/test/controllers/demo_mang_controller_test.rb +284 -0
- data/test/controllers/demo_user_controller_test.rb +629 -0
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +127 -0
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +376 -0
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +639 -0
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +880 -0
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +541 -0
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +102 -0
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +196 -0
- data/test/controllers/overrides/confirmations_controller_test.rb +47 -0
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +53 -0
- data/test/controllers/overrides/passwords_controller_test.rb +64 -0
- data/test/controllers/overrides/registrations_controller_test.rb +46 -0
- data/test/controllers/overrides/sessions_controller_test.rb +35 -0
- data/test/controllers/overrides/token_validations_controller_test.rb +43 -0
- data/test/dummy/README.rdoc +28 -0
- data/test/dummy/app/active_record/lockable_user.rb +7 -0
- data/test/dummy/app/active_record/mang.rb +5 -0
- data/test/dummy/app/active_record/only_email_user.rb +7 -0
- data/test/dummy/app/active_record/scoped_user.rb +9 -0
- data/test/dummy/app/active_record/unconfirmable_user.rb +9 -0
- data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/application_controller.rb +18 -0
- data/test/dummy/app/controllers/auth_origin_controller.rb +7 -0
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +13 -0
- data/test/dummy/app/controllers/custom/passwords_controller.rb +39 -0
- data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
- data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
- data/test/dummy/app/controllers/demo_group_controller.rb +15 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +14 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +27 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +28 -0
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +16 -0
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +35 -0
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +29 -0
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
- data/test/dummy/app/helpers/application_helper.rb +1058 -0
- data/test/dummy/app/models/concerns/favorite_color.rb +19 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +53 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +57 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +51 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +54 -0
- data/test/dummy/app/mongoid/user.rb +56 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/config.ru +18 -0
- data/test/dummy/config/application.rb +48 -0
- data/test/dummy/config/application.yml.bk +0 -0
- data/test/dummy/config/boot.rb +11 -0
- data/test/dummy/config/environment.rb +7 -0
- data/test/dummy/config/environments/development.rb +46 -0
- data/test/dummy/config/environments/production.rb +84 -0
- data/test/dummy/config/environments/test.rb +50 -0
- data/test/dummy/config/initializers/assets.rb +10 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +9 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +5 -0
- data/test/dummy/config/initializers/devise.rb +17 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +24 -0
- data/test/dummy/config/initializers/figaro.rb +3 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +6 -0
- data/test/dummy/config/initializers/inflections.rb +18 -0
- data/test/dummy/config/initializers/mime_types.rb +6 -0
- data/test/dummy/config/initializers/omniauth.rb +10 -0
- data/test/dummy/config/initializers/session_store.rb +5 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +16 -0
- data/test/dummy/config/routes.rb +55 -0
- data/test/dummy/config/spring.rb +3 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +65 -0
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +64 -0
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +8 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +7 -0
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +62 -0
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +63 -0
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +63 -0
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +63 -0
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +63 -0
- data/test/dummy/db/schema.rb +200 -0
- data/test/dummy/lib/migration_database_helper.rb +43 -0
- data/test/dummy/tmp/generators/app/models/user.rb +9 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +50 -0
- data/test/dummy/tmp/generators/db/migrate/20181030122248_devise_token_auth_create_users.rb +56 -0
- data/test/factories/users.rb +40 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +11 -0
- data/test/lib/devise_token_auth/url_test.rb +26 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +217 -0
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +25 -0
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/only_email_user_test.rb +37 -0
- data/test/models/user_test.rb +140 -0
- data/test/support/controllers/routes.rb +43 -0
- data/test/test_helper.rb +103 -0
- metadata +443 -0
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'devise'
|
|
4
|
+
|
|
5
|
+
module DeviseTokenAuth
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
require 'devise_token_auth/engine'
|
|
9
|
+
require 'devise_token_auth/controllers/helpers'
|
|
10
|
+
require 'devise_token_auth/controllers/url_helpers'
|
|
11
|
+
require 'devise_token_auth/url'
|
|
12
|
+
require 'devise_token_auth/errors'
|
|
13
|
+
require 'devise_token_auth/blacklist'
|
|
@@ -0,0 +1,161 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module DeviseTokenAuth
|
|
4
|
+
module Controllers
|
|
5
|
+
module Helpers
|
|
6
|
+
extend ActiveSupport::Concern
|
|
7
|
+
|
|
8
|
+
module ClassMethods
|
|
9
|
+
# Define authentication filters and accessor helpers for a group of mappings.
|
|
10
|
+
# These methods are useful when you are working with multiple mappings that
|
|
11
|
+
# share some functionality. They are pretty much the same as the ones
|
|
12
|
+
# defined for normal mappings.
|
|
13
|
+
#
|
|
14
|
+
# Example:
|
|
15
|
+
#
|
|
16
|
+
# inside BlogsController (or any other controller, it doesn't matter which):
|
|
17
|
+
# devise_group :blogger, contains: [:user, :admin]
|
|
18
|
+
#
|
|
19
|
+
# Generated methods:
|
|
20
|
+
# authenticate_blogger! # Redirects unless user or admin are signed in
|
|
21
|
+
# blogger_signed_in? # Checks whether there is either a user or an admin signed in
|
|
22
|
+
# current_blogger # Currently signed in user or admin
|
|
23
|
+
# current_bloggers # Currently signed in user and admin
|
|
24
|
+
# render_authenticate_error # Render error unless user or admin are signed in
|
|
25
|
+
#
|
|
26
|
+
# Use:
|
|
27
|
+
# before_action :authenticate_blogger! # Redirects unless either a user or an admin are authenticated
|
|
28
|
+
# before_action ->{ authenticate_blogger! :admin } # Redirects to the admin login page
|
|
29
|
+
# current_blogger :user # Preferably returns a User if one is signed in
|
|
30
|
+
#
|
|
31
|
+
def devise_token_auth_group(group_name, opts = {})
|
|
32
|
+
mappings = "[#{opts[:contains].map { |m| ":#{m}" }.join(',')}]"
|
|
33
|
+
|
|
34
|
+
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
|
35
|
+
def authenticate_#{group_name}!(favourite=nil, opts={})
|
|
36
|
+
unless #{group_name}_signed_in?
|
|
37
|
+
mappings = #{mappings}
|
|
38
|
+
mappings.unshift mappings.delete(favourite.to_sym) if favourite
|
|
39
|
+
mappings.each do |mapping|
|
|
40
|
+
set_user_by_token(mapping)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
unless current_#{group_name}
|
|
44
|
+
render_authenticate_error
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def #{group_name}_signed_in?
|
|
50
|
+
#{mappings}.any? do |mapping|
|
|
51
|
+
set_user_by_token(mapping)
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def current_#{group_name}(favourite=nil)
|
|
56
|
+
mappings = #{mappings}
|
|
57
|
+
mappings.unshift mappings.delete(favourite.to_sym) if favourite
|
|
58
|
+
mappings.each do |mapping|
|
|
59
|
+
current = set_user_by_token(mapping)
|
|
60
|
+
return current if current
|
|
61
|
+
end
|
|
62
|
+
nil
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def current_#{group_name.to_s.pluralize}
|
|
66
|
+
#{mappings}.map do |mapping|
|
|
67
|
+
set_user_by_token(mapping)
|
|
68
|
+
end.compact
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def render_authenticate_error
|
|
72
|
+
return render json: {
|
|
73
|
+
errors: [I18n.t('devise.failure.unauthenticated')]
|
|
74
|
+
}, status: 401
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
if respond_to?(:helper_method)
|
|
78
|
+
helper_method(
|
|
79
|
+
"current_#{group_name}",
|
|
80
|
+
"current_#{group_name.to_s.pluralize}",
|
|
81
|
+
"#{group_name}_signed_in?",
|
|
82
|
+
"render_authenticate_error"
|
|
83
|
+
)
|
|
84
|
+
end
|
|
85
|
+
METHODS
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
def log_process_action(payload)
|
|
89
|
+
payload[:status] ||= 401 unless payload[:exception]
|
|
90
|
+
super
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
# Define authentication filters and accessor helpers based on mappings.
|
|
95
|
+
# These filters should be used inside the controllers as before_actions,
|
|
96
|
+
# so you can control the scope of the user who should be signed in to
|
|
97
|
+
# access that specific controller/action.
|
|
98
|
+
# Example:
|
|
99
|
+
#
|
|
100
|
+
# Roles:
|
|
101
|
+
# User
|
|
102
|
+
# Admin
|
|
103
|
+
#
|
|
104
|
+
# Generated methods:
|
|
105
|
+
# authenticate_user! # Signs user in or 401
|
|
106
|
+
# authenticate_admin! # Signs admin in or 401
|
|
107
|
+
# user_signed_in? # Checks whether there is a user signed in or not
|
|
108
|
+
# admin_signed_in? # Checks whether there is an admin signed in or not
|
|
109
|
+
# current_user # Current signed in user
|
|
110
|
+
# current_admin # Current signed in admin
|
|
111
|
+
# user_session # Session data available only to the user scope
|
|
112
|
+
# admin_session # Session data available only to the admin scope
|
|
113
|
+
# render_authenticate_error # Render error unless user or admin is signed in
|
|
114
|
+
#
|
|
115
|
+
# Use:
|
|
116
|
+
# before_action :authenticate_user! # Tell devise to use :user map
|
|
117
|
+
# before_action :authenticate_admin! # Tell devise to use :admin map
|
|
118
|
+
#
|
|
119
|
+
def self.define_helpers(mapping) #:nodoc:
|
|
120
|
+
mapping = mapping.name
|
|
121
|
+
|
|
122
|
+
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
|
123
|
+
def authenticate_#{mapping}!(opts={})
|
|
124
|
+
unless current_#{mapping}
|
|
125
|
+
render_authenticate_error
|
|
126
|
+
end
|
|
127
|
+
end
|
|
128
|
+
|
|
129
|
+
def #{mapping}_signed_in?
|
|
130
|
+
!!current_#{mapping}
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
def current_#{mapping}
|
|
134
|
+
@current_#{mapping} ||= set_user_by_token(:#{mapping})
|
|
135
|
+
end
|
|
136
|
+
|
|
137
|
+
def #{mapping}_session
|
|
138
|
+
current_#{mapping} && warden.session(:#{mapping})
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
def render_authenticate_error
|
|
142
|
+
return render json: {
|
|
143
|
+
errors: [I18n.t('devise.failure.unauthenticated')]
|
|
144
|
+
}, status: 401
|
|
145
|
+
end
|
|
146
|
+
METHODS
|
|
147
|
+
|
|
148
|
+
ActiveSupport.on_load(:action_controller) do
|
|
149
|
+
if respond_to?(:helper_method)
|
|
150
|
+
helper_method(
|
|
151
|
+
"current_#{mapping}",
|
|
152
|
+
"#{mapping}_signed_in?",
|
|
153
|
+
"#{mapping}_session",
|
|
154
|
+
'render_authenticate_error'
|
|
155
|
+
)
|
|
156
|
+
end
|
|
157
|
+
end
|
|
158
|
+
end
|
|
159
|
+
end
|
|
160
|
+
end
|
|
161
|
+
end
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'devise_token_auth/rails/routes'
|
|
4
|
+
|
|
5
|
+
module DeviseTokenAuth
|
|
6
|
+
class Engine < ::Rails::Engine
|
|
7
|
+
isolate_namespace DeviseTokenAuth
|
|
8
|
+
|
|
9
|
+
initializer 'devise_token_auth.url_helpers' do
|
|
10
|
+
Devise.helpers << DeviseTokenAuth::Controllers::Helpers
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
mattr_accessor :change_headers_on_each_request,
|
|
15
|
+
:max_number_of_devices,
|
|
16
|
+
:token_lifespan,
|
|
17
|
+
:batch_request_buffer_throttle,
|
|
18
|
+
:omniauth_prefix,
|
|
19
|
+
:default_confirm_success_url,
|
|
20
|
+
:default_password_reset_url,
|
|
21
|
+
:redirect_whitelist,
|
|
22
|
+
:check_current_password_before_update,
|
|
23
|
+
:enable_standard_devise_support,
|
|
24
|
+
:remove_tokens_after_password_reset,
|
|
25
|
+
:default_callbacks,
|
|
26
|
+
:headers_names,
|
|
27
|
+
:bypass_sign_in
|
|
28
|
+
|
|
29
|
+
self.change_headers_on_each_request = true
|
|
30
|
+
self.max_number_of_devices = 10
|
|
31
|
+
self.token_lifespan = 2.weeks
|
|
32
|
+
self.batch_request_buffer_throttle = 5.seconds
|
|
33
|
+
self.omniauth_prefix = '/omniauth'
|
|
34
|
+
self.default_confirm_success_url = nil
|
|
35
|
+
self.default_password_reset_url = nil
|
|
36
|
+
self.redirect_whitelist = nil
|
|
37
|
+
self.check_current_password_before_update = false
|
|
38
|
+
self.enable_standard_devise_support = false
|
|
39
|
+
self.remove_tokens_after_password_reset = false
|
|
40
|
+
self.default_callbacks = true
|
|
41
|
+
self.headers_names = { 'access-token': 'access-token',
|
|
42
|
+
'client': 'client',
|
|
43
|
+
'expiry': 'expiry',
|
|
44
|
+
'uid': 'uid',
|
|
45
|
+
'token-type': 'token-type' }
|
|
46
|
+
self.bypass_sign_in = true
|
|
47
|
+
|
|
48
|
+
def self.setup(&block)
|
|
49
|
+
yield self
|
|
50
|
+
|
|
51
|
+
Rails.application.config.after_initialize do
|
|
52
|
+
if defined?(::OmniAuth)
|
|
53
|
+
::OmniAuth::config.path_prefix = Devise.omniauth_path_prefix = omniauth_prefix
|
|
54
|
+
|
|
55
|
+
# Omniauth currently does not pass along omniauth.params upon failure redirect
|
|
56
|
+
# see also: https://github.com/intridea/omniauth/issues/626
|
|
57
|
+
OmniAuth::FailureEndpoint.class_eval do
|
|
58
|
+
def redirect_to_failure
|
|
59
|
+
message_key = env['omniauth.error.type']
|
|
60
|
+
origin_query_param = env['omniauth.origin'] ? "&origin=#{CGI.escape(env['omniauth.origin'])}" : ''
|
|
61
|
+
strategy_name_query_param = env['omniauth.error.strategy'] ? "&strategy=#{env['omniauth.error.strategy'].name}" : ''
|
|
62
|
+
extra_params = env['omniauth.params'] ? "&#{env['omniauth.params'].to_query}" : ''
|
|
63
|
+
new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{message_key}#{origin_query_param}#{strategy_name_query_param}#{extra_params}"
|
|
64
|
+
Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
# Omniauth currently removes omniauth.params during mocked requests
|
|
69
|
+
# see also: https://github.com/intridea/omniauth/pull/812
|
|
70
|
+
OmniAuth::Strategy.class_eval do
|
|
71
|
+
def mock_callback_call
|
|
72
|
+
setup_phase
|
|
73
|
+
@env['omniauth.origin'] = session.delete('omniauth.origin')
|
|
74
|
+
@env['omniauth.origin'] = nil if env['omniauth.origin'] == ''
|
|
75
|
+
@env['omniauth.params'] = session.delete('omniauth.params') || {}
|
|
76
|
+
mocked_auth = OmniAuth.mock_auth_for(name.to_s)
|
|
77
|
+
if mocked_auth.is_a?(Symbol)
|
|
78
|
+
fail!(mocked_auth)
|
|
79
|
+
else
|
|
80
|
+
@env['omniauth.auth'] = mocked_auth
|
|
81
|
+
OmniAuth.config.before_callback_phase.call(@env) if OmniAuth.config.before_callback_phase
|
|
82
|
+
call_app!
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
end
|
|
90
|
+
end
|
|
@@ -0,0 +1,116 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module ActionDispatch::Routing
|
|
4
|
+
class Mapper
|
|
5
|
+
def mount_devise_token_auth_for(resource, opts)
|
|
6
|
+
# ensure objects exist to simplify attr checks
|
|
7
|
+
opts[:controllers] ||= {}
|
|
8
|
+
opts[:skip] ||= []
|
|
9
|
+
|
|
10
|
+
# check for ctrl overrides, fall back to defaults
|
|
11
|
+
sessions_ctrl = opts[:controllers][:sessions] || 'devise_token_auth/sessions'
|
|
12
|
+
registrations_ctrl = opts[:controllers][:registrations] || 'devise_token_auth/registrations'
|
|
13
|
+
passwords_ctrl = opts[:controllers][:passwords] || 'devise_token_auth/passwords'
|
|
14
|
+
confirmations_ctrl = opts[:controllers][:confirmations] || 'devise_token_auth/confirmations'
|
|
15
|
+
token_validations_ctrl = opts[:controllers][:token_validations] || 'devise_token_auth/token_validations'
|
|
16
|
+
omniauth_ctrl = opts[:controllers][:omniauth_callbacks] || 'devise_token_auth/omniauth_callbacks'
|
|
17
|
+
unlocks_ctrl = opts[:controllers][:unlocks] || 'devise_token_auth/unlocks'
|
|
18
|
+
|
|
19
|
+
# define devise controller mappings
|
|
20
|
+
controllers = { sessions: sessions_ctrl,
|
|
21
|
+
registrations: registrations_ctrl,
|
|
22
|
+
passwords: passwords_ctrl,
|
|
23
|
+
confirmations: confirmations_ctrl }
|
|
24
|
+
|
|
25
|
+
controllers[:unlocks] = unlocks_ctrl if unlocks_ctrl
|
|
26
|
+
|
|
27
|
+
# remove any unwanted devise modules
|
|
28
|
+
opts[:skip].each{ |item| controllers.delete(item) }
|
|
29
|
+
|
|
30
|
+
devise_for resource.pluralize.underscore.gsub('/', '_').to_sym,
|
|
31
|
+
class_name: resource,
|
|
32
|
+
module: :devise,
|
|
33
|
+
path: opts[:at].to_s,
|
|
34
|
+
controllers: controllers,
|
|
35
|
+
skip: opts[:skip] + [:omniauth_callbacks]
|
|
36
|
+
|
|
37
|
+
unnest_namespace do
|
|
38
|
+
# get full url path as if it were namespaced
|
|
39
|
+
full_path = "#{@scope[:path]}/#{opts[:at]}"
|
|
40
|
+
|
|
41
|
+
# get namespace name
|
|
42
|
+
namespace_name = @scope[:as]
|
|
43
|
+
|
|
44
|
+
# clear scope so controller routes aren't namespaced
|
|
45
|
+
@scope = ActionDispatch::Routing::Mapper::Scope.new(
|
|
46
|
+
path: '',
|
|
47
|
+
shallow_path: '',
|
|
48
|
+
constraints: {},
|
|
49
|
+
defaults: {},
|
|
50
|
+
options: {},
|
|
51
|
+
parent: nil
|
|
52
|
+
)
|
|
53
|
+
|
|
54
|
+
mapping_name = resource.underscore.gsub('/', '_')
|
|
55
|
+
mapping_name = "#{namespace_name}_#{mapping_name}" if namespace_name
|
|
56
|
+
|
|
57
|
+
devise_scope mapping_name.to_sym do
|
|
58
|
+
# path to verify token validity
|
|
59
|
+
get "#{full_path}/validate_token", controller: token_validations_ctrl.to_s, action: 'validate_token'
|
|
60
|
+
|
|
61
|
+
# omniauth routes. only define if omniauth is installed and not skipped.
|
|
62
|
+
if defined?(::OmniAuth) && !opts[:skip].include?(:omniauth_callbacks)
|
|
63
|
+
match "#{full_path}/failure", controller: omniauth_ctrl, action: 'omniauth_failure', via: [:get]
|
|
64
|
+
match "#{full_path}/:provider/callback", controller: omniauth_ctrl, action: 'omniauth_success', via: [:get]
|
|
65
|
+
|
|
66
|
+
match "#{DeviseTokenAuth.omniauth_prefix}/:provider/callback", controller: omniauth_ctrl, action: 'redirect_callbacks', via: [:get, :post]
|
|
67
|
+
match "#{DeviseTokenAuth.omniauth_prefix}/failure", controller: omniauth_ctrl, action: 'omniauth_failure', via: [:get, :post]
|
|
68
|
+
|
|
69
|
+
# preserve the resource class thru oauth authentication by setting name of
|
|
70
|
+
# resource as "resource_class" param
|
|
71
|
+
match "#{full_path}/:provider", to: redirect{ |params, request|
|
|
72
|
+
# get the current querystring
|
|
73
|
+
qs = CGI::parse(request.env['QUERY_STRING'])
|
|
74
|
+
|
|
75
|
+
# append name of current resource
|
|
76
|
+
qs['resource_class'] = [resource]
|
|
77
|
+
qs['namespace_name'] = [namespace_name] if namespace_name
|
|
78
|
+
|
|
79
|
+
set_omniauth_path_prefix!(DeviseTokenAuth.omniauth_prefix)
|
|
80
|
+
|
|
81
|
+
redirect_params = {}.tap { |hash| qs.each{ |k, v| hash[k] = v.first } }
|
|
82
|
+
|
|
83
|
+
if DeviseTokenAuth.redirect_whitelist
|
|
84
|
+
redirect_url = request.params['auth_origin_url']
|
|
85
|
+
unless DeviseTokenAuth::Url.whitelisted?(redirect_url)
|
|
86
|
+
message = I18n.t(
|
|
87
|
+
'devise_token_auth.registrations.redirect_url_not_allowed',
|
|
88
|
+
redirect_url: redirect_url
|
|
89
|
+
)
|
|
90
|
+
redirect_params['message'] = message
|
|
91
|
+
next "#{::OmniAuth.config.path_prefix}/failure?#{redirect_params.to_param}"
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
# re-construct the path for omniauth
|
|
96
|
+
"#{::OmniAuth.config.path_prefix}/#{params[:provider]}?#{redirect_params.to_param}"
|
|
97
|
+
}, via: [:get]
|
|
98
|
+
end
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
# this allows us to use namespaced paths without namespacing the routes
|
|
104
|
+
def unnest_namespace
|
|
105
|
+
current_scope = @scope.dup
|
|
106
|
+
yield
|
|
107
|
+
ensure
|
|
108
|
+
@scope = current_scope
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
# ignore error about omniauth/multiple model support
|
|
112
|
+
def set_omniauth_path_prefix!(path_prefix)
|
|
113
|
+
::OmniAuth.config.path_prefix = path_prefix
|
|
114
|
+
end
|
|
115
|
+
end
|
|
116
|
+
end
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module DeviseTokenAuth::Url
|
|
4
|
+
|
|
5
|
+
def self.generate(url, params = {})
|
|
6
|
+
uri = URI(url)
|
|
7
|
+
|
|
8
|
+
res = "#{uri.scheme}://#{uri.host}"
|
|
9
|
+
res += ":#{uri.port}" if (uri.port && uri.port != 80 && uri.port != 443)
|
|
10
|
+
res += uri.path.to_s if uri.path
|
|
11
|
+
query = [uri.query, params.to_query].reject(&:blank?).join('&')
|
|
12
|
+
res += "?#{query}"
|
|
13
|
+
res += "##{uri.fragment}" if uri.fragment
|
|
14
|
+
|
|
15
|
+
res
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def self.whitelisted?(url)
|
|
19
|
+
url.nil? || \
|
|
20
|
+
!!DeviseTokenAuth.redirect_whitelist.find do |pattern|
|
|
21
|
+
!!Wildcat.new(pattern).match(url)
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# wildcard convenience class
|
|
26
|
+
class Wildcat
|
|
27
|
+
def self.parse_to_regex(str)
|
|
28
|
+
escaped = Regexp.escape(str).gsub('\*','.*?')
|
|
29
|
+
Regexp.new("^#{escaped}$", Regexp::IGNORECASE)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def initialize(str)
|
|
33
|
+
@regex = self.class.parse_to_regex(str)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def match(str)
|
|
37
|
+
!!@regex.match(str)
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
end
|