devise_token_auth_skycocker_fork 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (167) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +13 -0
  3. data/README.md +97 -0
  4. data/Rakefile +42 -0
  5. data/app/controllers/devise_token_auth/application_controller.rb +79 -0
  6. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +44 -0
  7. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +178 -0
  8. data/app/controllers/devise_token_auth/confirmations_controller.rb +39 -0
  9. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +239 -0
  10. data/app/controllers/devise_token_auth/passwords_controller.rb +185 -0
  11. data/app/controllers/devise_token_auth/registrations_controller.rb +198 -0
  12. data/app/controllers/devise_token_auth/sessions_controller.rb +131 -0
  13. data/app/controllers/devise_token_auth/token_validations_controller.rb +31 -0
  14. data/app/controllers/devise_token_auth/unlocks_controller.rb +89 -0
  15. data/app/models/devise_token_auth/concerns/active_record_support.rb +34 -0
  16. data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
  17. data/app/models/devise_token_auth/concerns/user.rb +262 -0
  18. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +28 -0
  19. data/app/validators/devise_token_auth/email_validator.rb +23 -0
  20. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  21. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  22. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  23. data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
  24. data/config/locales/da-DK.yml +50 -0
  25. data/config/locales/de.yml +49 -0
  26. data/config/locales/en.yml +50 -0
  27. data/config/locales/es.yml +49 -0
  28. data/config/locales/fr.yml +49 -0
  29. data/config/locales/it.yml +46 -0
  30. data/config/locales/ja.yml +46 -0
  31. data/config/locales/nl.yml +30 -0
  32. data/config/locales/pl.yml +48 -0
  33. data/config/locales/pt-BR.yml +46 -0
  34. data/config/locales/pt.yml +48 -0
  35. data/config/locales/ro.yml +46 -0
  36. data/config/locales/ru.yml +50 -0
  37. data/config/locales/sq.yml +46 -0
  38. data/config/locales/sv.yml +50 -0
  39. data/config/locales/uk.yml +59 -0
  40. data/config/locales/vi.yml +50 -0
  41. data/config/locales/zh-CN.yml +46 -0
  42. data/config/locales/zh-HK.yml +48 -0
  43. data/config/locales/zh-TW.yml +48 -0
  44. data/lib/devise_token_auth.rb +13 -0
  45. data/lib/devise_token_auth/blacklist.rb +2 -0
  46. data/lib/devise_token_auth/controllers/helpers.rb +161 -0
  47. data/lib/devise_token_auth/controllers/url_helpers.rb +10 -0
  48. data/lib/devise_token_auth/engine.rb +90 -0
  49. data/lib/devise_token_auth/errors.rb +8 -0
  50. data/lib/devise_token_auth/rails/routes.rb +116 -0
  51. data/lib/devise_token_auth/url.rb +41 -0
  52. data/lib/devise_token_auth/version.rb +5 -0
  53. data/lib/generators/devise_token_auth/USAGE +31 -0
  54. data/lib/generators/devise_token_auth/install_generator.rb +91 -0
  55. data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
  56. data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
  57. data/lib/generators/devise_token_auth/install_views_generator.rb +18 -0
  58. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +50 -0
  59. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +56 -0
  60. data/lib/generators/devise_token_auth/templates/user.rb.erb +9 -0
  61. data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +63 -0
  62. data/lib/tasks/devise_token_auth_tasks.rake +6 -0
  63. data/test/controllers/custom/custom_confirmations_controller_test.rb +25 -0
  64. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +33 -0
  65. data/test/controllers/custom/custom_passwords_controller_test.rb +79 -0
  66. data/test/controllers/custom/custom_registrations_controller_test.rb +63 -0
  67. data/test/controllers/custom/custom_sessions_controller_test.rb +39 -0
  68. data/test/controllers/custom/custom_token_validations_controller_test.rb +42 -0
  69. data/test/controllers/demo_group_controller_test.rb +151 -0
  70. data/test/controllers/demo_mang_controller_test.rb +284 -0
  71. data/test/controllers/demo_user_controller_test.rb +629 -0
  72. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +127 -0
  73. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +376 -0
  74. data/test/controllers/devise_token_auth/passwords_controller_test.rb +639 -0
  75. data/test/controllers/devise_token_auth/registrations_controller_test.rb +880 -0
  76. data/test/controllers/devise_token_auth/sessions_controller_test.rb +541 -0
  77. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +102 -0
  78. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +196 -0
  79. data/test/controllers/overrides/confirmations_controller_test.rb +47 -0
  80. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +53 -0
  81. data/test/controllers/overrides/passwords_controller_test.rb +64 -0
  82. data/test/controllers/overrides/registrations_controller_test.rb +46 -0
  83. data/test/controllers/overrides/sessions_controller_test.rb +35 -0
  84. data/test/controllers/overrides/token_validations_controller_test.rb +43 -0
  85. data/test/dummy/README.rdoc +28 -0
  86. data/test/dummy/app/active_record/lockable_user.rb +7 -0
  87. data/test/dummy/app/active_record/mang.rb +5 -0
  88. data/test/dummy/app/active_record/only_email_user.rb +7 -0
  89. data/test/dummy/app/active_record/scoped_user.rb +9 -0
  90. data/test/dummy/app/active_record/unconfirmable_user.rb +9 -0
  91. data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
  92. data/test/dummy/app/active_record/user.rb +6 -0
  93. data/test/dummy/app/controllers/application_controller.rb +18 -0
  94. data/test/dummy/app/controllers/auth_origin_controller.rb +7 -0
  95. data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
  96. data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +13 -0
  97. data/test/dummy/app/controllers/custom/passwords_controller.rb +39 -0
  98. data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
  99. data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
  100. data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
  101. data/test/dummy/app/controllers/demo_group_controller.rb +15 -0
  102. data/test/dummy/app/controllers/demo_mang_controller.rb +14 -0
  103. data/test/dummy/app/controllers/demo_user_controller.rb +27 -0
  104. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +28 -0
  105. data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +16 -0
  106. data/test/dummy/app/controllers/overrides/passwords_controller.rb +35 -0
  107. data/test/dummy/app/controllers/overrides/registrations_controller.rb +29 -0
  108. data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
  109. data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
  110. data/test/dummy/app/helpers/application_helper.rb +1058 -0
  111. data/test/dummy/app/models/concerns/favorite_color.rb +19 -0
  112. data/test/dummy/app/mongoid/lockable_user.rb +38 -0
  113. data/test/dummy/app/mongoid/mang.rb +53 -0
  114. data/test/dummy/app/mongoid/only_email_user.rb +33 -0
  115. data/test/dummy/app/mongoid/scoped_user.rb +57 -0
  116. data/test/dummy/app/mongoid/unconfirmable_user.rb +51 -0
  117. data/test/dummy/app/mongoid/unregisterable_user.rb +54 -0
  118. data/test/dummy/app/mongoid/user.rb +56 -0
  119. data/test/dummy/app/views/layouts/application.html.erb +14 -0
  120. data/test/dummy/config.ru +18 -0
  121. data/test/dummy/config/application.rb +48 -0
  122. data/test/dummy/config/application.yml.bk +0 -0
  123. data/test/dummy/config/boot.rb +11 -0
  124. data/test/dummy/config/environment.rb +7 -0
  125. data/test/dummy/config/environments/development.rb +46 -0
  126. data/test/dummy/config/environments/production.rb +84 -0
  127. data/test/dummy/config/environments/test.rb +50 -0
  128. data/test/dummy/config/initializers/assets.rb +10 -0
  129. data/test/dummy/config/initializers/backtrace_silencers.rb +9 -0
  130. data/test/dummy/config/initializers/cookies_serializer.rb +5 -0
  131. data/test/dummy/config/initializers/devise.rb +17 -0
  132. data/test/dummy/config/initializers/devise_token_auth.rb +24 -0
  133. data/test/dummy/config/initializers/figaro.rb +3 -0
  134. data/test/dummy/config/initializers/filter_parameter_logging.rb +6 -0
  135. data/test/dummy/config/initializers/inflections.rb +18 -0
  136. data/test/dummy/config/initializers/mime_types.rb +6 -0
  137. data/test/dummy/config/initializers/omniauth.rb +10 -0
  138. data/test/dummy/config/initializers/session_store.rb +5 -0
  139. data/test/dummy/config/initializers/wrap_parameters.rb +16 -0
  140. data/test/dummy/config/routes.rb +55 -0
  141. data/test/dummy/config/spring.rb +3 -0
  142. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +65 -0
  143. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +64 -0
  144. data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +8 -0
  145. data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +7 -0
  146. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +62 -0
  147. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +63 -0
  148. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +63 -0
  149. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +63 -0
  150. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +63 -0
  151. data/test/dummy/db/schema.rb +200 -0
  152. data/test/dummy/lib/migration_database_helper.rb +43 -0
  153. data/test/dummy/tmp/generators/app/models/user.rb +9 -0
  154. data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +50 -0
  155. data/test/dummy/tmp/generators/db/migrate/20181030122248_devise_token_auth_create_users.rb +56 -0
  156. data/test/factories/users.rb +40 -0
  157. data/test/lib/devise_token_auth/blacklist_test.rb +11 -0
  158. data/test/lib/devise_token_auth/url_test.rb +26 -0
  159. data/test/lib/generators/devise_token_auth/install_generator_test.rb +217 -0
  160. data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
  161. data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +25 -0
  162. data/test/models/concerns/mongoid_support_test.rb +31 -0
  163. data/test/models/only_email_user_test.rb +37 -0
  164. data/test/models/user_test.rb +140 -0
  165. data/test/support/controllers/routes.rb +43 -0
  166. data/test/test_helper.rb +103 -0
  167. metadata +443 -0
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 9922a2c2e83ca531ad3b2b8e3a92a1392abdb094cf3edd21204953eff737aed5
4
+ data.tar.gz: e085374c3e70be248e2694b506065f2f4268f8a8d0885ac99eea9ebed59305da
5
+ SHA512:
6
+ metadata.gz: 8bcc04453c48dbba5ed1309463f2ce4b519b1dfb5c3b6762c511e9e90e765091bbae083b6baefc1c5f8171221b6796c6bc370c53fda3c0a24fa6593cef8d5341
7
+ data.tar.gz: e21182168dde5772932670000d3f4c2cd3f877f317e3eab3aa59b8f6671a9a5fb20c9d40b83a49c550c5527eb9896fc8d03539cd69b4d14619466e7cd6e0bf81
data/LICENSE ADDED
@@ -0,0 +1,13 @@
1
+ DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
2
+ Version 2, December 2004
3
+
4
+ Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
5
+
6
+ Everyone is permitted to copy and distribute verbatim or modified
7
+ copies of this license document, and changing it is allowed as long
8
+ as the name is changed.
9
+
10
+ DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
11
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
12
+
13
+ 0. You just DO WHAT THE FUCK YOU WANT TO.
@@ -0,0 +1,97 @@
1
+ # Devise Token Auth
2
+
3
+ [![Gem Version](https://badge.fury.io/rb/devise_token_auth.svg)](http://badge.fury.io/rb/devise_token_auth)
4
+ [![Build Status](https://travis-ci.org/lynndylanhurley/devise_token_auth.svg?branch=master)](https://travis-ci.org/lynndylanhurley/devise_token_auth)
5
+ [![Code Climate](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/badges/gpa.svg)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth)
6
+ [![Test Coverage](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/badges/coverage.svg)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/coverage)
7
+ [![Downloads](https://img.shields.io/gem/dt/devise_token_auth.svg)](https://rubygems.org/gems/devise_token_auth)
8
+ [![Backers on Open Collective](https://opencollective.com/devise_token_auth/backers/badge.svg)](#backers)
9
+ [![Sponsors on Open Collective](https://opencollective.com/devise_token_auth/sponsors/badge.svg)](#sponsors)
10
+ [![Join the chat at https://gitter.im/lynndylanhurley/devise_token_auth](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/lynndylanhurley/devise_token_auth?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
11
+
12
+ Simple, multi-client and secure token-based authentication for Rails.
13
+
14
+ If you're building SPA or a mobile app, and you want authentication, you need tokens, not cookies.
15
+ This gem refreshes the tokens on each request, and expires them in a short time, so the app is secure.
16
+ Also, it maintains a session for each client/device, so you can have as many sessions as you want.
17
+
18
+ ## Main features
19
+
20
+ * Seamless integration with:
21
+ * [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) for [AngularJS](https://github.com/angular/angular.js)
22
+ * [Angular2-Token](https://github.com/neroniaky/angular2-token) for [Angular2](https://github.com/angular/angular)
23
+ * [redux-token-auth](https://github.com/kylecorbelli/redux-token-auth) for [React with Redux](https://github.com/reactjs/react-redux)
24
+ * [jToker](https://github.com/lynndylanhurley/j-toker) for [jQuery](https://jquery.com/)
25
+ * Oauth2 authentication using [OmniAuth](https://github.com/intridea/omniauth).
26
+ * Email authentication using [Devise](https://github.com/plataformatec/devise), including:
27
+ * User registration, update and deletion
28
+ * Login and logout
29
+ * Password reset, account confirmation
30
+ * Support for [multiple user models](./docs/usage/multiple_models.md).
31
+ * It is [secure](docs/security.md).
32
+
33
+ This project leverages the following gems:
34
+
35
+ * [Devise](https://github.com/plataformatec/devise)
36
+ * [OmniAuth](https://github.com/intridea/omniauth)
37
+
38
+ ## Installation
39
+
40
+ Add the following to your `Gemfile`:
41
+
42
+ ~~~ruby
43
+ gem 'devise_token_auth'
44
+ ~~~
45
+
46
+ Then install the gem using bundle:
47
+
48
+ ~~~bash
49
+ bundle install
50
+ ~~~
51
+
52
+ ## [Docs](https://devise-token-auth.gitbook.io/devise-token-auth)
53
+
54
+ ## Need help?
55
+
56
+ Please use [StackOverflow](https://stackoverflow.com/questions/tagged/devise-token-auth) for help requests and how-to questions.
57
+
58
+ Please open GitHub issues for bugs and enhancements only, not general help requests. Please search previous issues (and Google and StackOverflow) before creating a new issue.
59
+
60
+ Please read the [issue template](https://github.com/lynndylanhurley/devise_token_auth/blob/master/.github/ISSUE_TEMPLATE.md) before posting issues.
61
+
62
+ ## [FAQ](docs/faq.md)
63
+
64
+ ## Contributors wanted!
65
+
66
+ See our [Contribution Guidelines](https://github.com/lynndylanhurley/devise_token_auth/blob/master/.github/CONTRIBUTING.md). Feel free to submit pull requests, review pull requests, or review open issues. If you'd like to get in contact, [Zach Feldman](https://github.com/zachfeldman) has been wrangling this effort, you can reach him with his name @gmail. Further discussion of this in [this issue](https://github.com/lynndylanhurley/devise_token_auth/issues/969).
67
+
68
+ ## Live Demos
69
+
70
+ [Here is a demo](http://ng-token-auth-demo.herokuapp.com/) of this app running with the [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) module and [AngularJS](https://github.com/angular/angular.js).
71
+
72
+ [Here is a demo](https://angular2-token.herokuapp.com) of this app running with the [Angular2-Token](https://github.com/neroniaky/angular2-token) service and [Angular2](https://github.com/angular/angular).
73
+
74
+ [Here is a demo](https://j-toker-demo.herokuapp.com/) of this app using the [jToker](https://github.com/lynndylanhurley/j-toker) plugin and [React](http://facebook.github.io/react/).
75
+
76
+ The fully configured api used in these demos can be found [here](https://github.com/lynndylanhurley/devise_token_auth_demo).
77
+
78
+
79
+ ## Contributors
80
+
81
+ <a href="graphs/contributors"><img src="https://opencollective.com/devise_token_auth/contributors.svg?width=890&button=false" /></a>
82
+
83
+ ## Backers
84
+
85
+ Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/devise_token_auth#backer)]
86
+
87
+ [![](https://opencollective.com/devise_token_auth/backers.svg?width=890)](https://opencollective.com/devise_token_auth#backers)
88
+
89
+
90
+ ## Sponsors
91
+
92
+ Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/devise_token_auth#sponsor)]
93
+
94
+ [![](https://opencollective.com/devise_token_auth/sponsor/0/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/0/website) [![](https://opencollective.com/devise_token_auth/sponsor/1/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/1/website) [![](https://opencollective.com/devise_token_auth/sponsor/2/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/2/website) [![](https://opencollective.com/devise_token_auth/sponsor/3/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/3/website) [![](https://opencollective.com/devise_token_auth/sponsor/4/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/4/website) [![](https://opencollective.com/devise_token_auth/sponsor/5/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/5/website) [![](https://opencollective.com/devise_token_auth/sponsor/6/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/6/website) [![](https://opencollective.com/devise_token_auth/sponsor/7/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/7/website) [![](https://opencollective.com/devise_token_auth/sponsor/8/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/8/website) [![](https://opencollective.com/devise_token_auth/sponsor/9/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/9/website)
95
+
96
+ ## License
97
+ This project uses the WTFPL
@@ -0,0 +1,42 @@
1
+ # frozen_string_literal: true
2
+
3
+ begin
4
+ require 'bundler/setup'
5
+ rescue LoadError
6
+ puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
7
+ end
8
+
9
+ require 'rdoc/task'
10
+
11
+ RDoc::Task.new(:rdoc) do |rdoc|
12
+ rdoc.rdoc_dir = 'rdoc'
13
+ rdoc.title = 'DeviseTokenAuth'
14
+ rdoc.options << '--line-numbers'
15
+ rdoc.rdoc_files.include('README.rdoc')
16
+ rdoc.rdoc_files.include('lib/**/*.rb')
17
+ end
18
+
19
+ APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
20
+ load 'rails/tasks/engine.rake'
21
+
22
+ Bundler::GemHelper.install_tasks
23
+
24
+ require 'rake/testtask'
25
+
26
+ Rake::TestTask.new(:test) do |t|
27
+ t.libs << 'lib'
28
+ t.libs << 'test'
29
+ t.pattern = 'test/**/*_test.rb'
30
+ t.verbose = false
31
+ t.warning = false
32
+ end
33
+
34
+ task default: :test
35
+
36
+ require 'rubocop/rake_task'
37
+
38
+ desc 'Run RuboCop'
39
+ RuboCop::RakeTask.new(:rubocop) do |task|
40
+ task.formatters = %w[fuubar offenses worst]
41
+ task.fail_on_error = false # don't abort rake on failure
42
+ end
@@ -0,0 +1,79 @@
1
+ # frozen_string_literal: true
2
+
3
+ module DeviseTokenAuth
4
+ class ApplicationController < DeviseController
5
+ include DeviseTokenAuth::Concerns::SetUserByToken
6
+
7
+ def resource_data(opts = {})
8
+ response_data = opts[:resource_json] || @resource.as_json
9
+ response_data['type'] = @resource.class.name.parameterize if json_api?
10
+ response_data
11
+ end
12
+
13
+ def resource_errors
14
+ @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
15
+ end
16
+
17
+ protected
18
+
19
+ def blacklisted_redirect_url?
20
+ DeviseTokenAuth.redirect_whitelist && !DeviseTokenAuth::Url.whitelisted?(@redirect_url)
21
+ end
22
+
23
+ def build_redirect_headers(access_token, client, redirect_header_options = {})
24
+ {
25
+ DeviseTokenAuth.headers_names[:"access-token"] => access_token,
26
+ DeviseTokenAuth.headers_names[:"client"] => client,
27
+ :config => params[:config],
28
+
29
+ # Legacy parameters which may be removed in a future release.
30
+ # Consider using "client" and "access-token" in client code.
31
+ # See: github.com/lynndylanhurley/devise_token_auth/issues/993
32
+ :client_id => client,
33
+ :token => access_token
34
+ }.merge(redirect_header_options)
35
+ end
36
+
37
+ def params_for_resource(resource)
38
+ devise_parameter_sanitizer.instance_values['permitted'][resource].each do |type|
39
+ params[type.to_s] ||= request.headers[type.to_s] unless request.headers[type.to_s].nil?
40
+ end
41
+ devise_parameter_sanitizer.instance_values['permitted'][resource]
42
+ end
43
+
44
+ def resource_class(m = nil)
45
+ if m
46
+ mapping = Devise.mappings[m]
47
+ else
48
+ mapping = Devise.mappings[resource_name] || Devise.mappings.values.first
49
+ end
50
+
51
+ mapping.to
52
+ end
53
+
54
+ def json_api?
55
+ return false unless defined?(ActiveModel::Serializer)
56
+ return ActiveModel::Serializer.setup do |config|
57
+ config.adapter == :json_api
58
+ end if ActiveModel::Serializer.respond_to?(:setup)
59
+ ActiveModelSerializers.config.adapter == :json_api
60
+ end
61
+
62
+ def recoverable_enabled?
63
+ resource_class.devise_modules.include?(:recoverable)
64
+ end
65
+
66
+ def confirmable_enabled?
67
+ resource_class.devise_modules.include?(:confirmable)
68
+ end
69
+
70
+ def render_error(status, message, data = nil)
71
+ response = {
72
+ success: false,
73
+ errors: [message]
74
+ }
75
+ response = response.merge(data) if data
76
+ render json: response, status: status
77
+ end
78
+ end
79
+ end
@@ -0,0 +1,44 @@
1
+ # frozen_string_literal: true
2
+
3
+ module DeviseTokenAuth::Concerns::ResourceFinder
4
+ extend ActiveSupport::Concern
5
+ include DeviseTokenAuth::Controllers::Helpers
6
+
7
+ def get_case_insensitive_field_from_resource_params(field)
8
+ # honor Devise configuration for case_insensitive keys
9
+ q_value = resource_params[field.to_sym]
10
+
11
+ if resource_class.case_insensitive_keys.include?(field.to_sym)
12
+ q_value.downcase!
13
+ end
14
+
15
+ if resource_class.strip_whitespace_keys.include?(field.to_sym)
16
+ q_value.strip!
17
+ end
18
+
19
+ q_value
20
+ end
21
+
22
+ def find_resource(field, value)
23
+ @resource = if resource_class.try(:connection_config).try(:[], :adapter).try(:include?, 'mysql')
24
+ # fix for mysql default case insensitivity
25
+ resource_class.where("BINARY #{field} = ? AND provider= ?", value, provider).first
26
+ else
27
+ resource_class.dta_find_by(field => value, 'provider' => provider)
28
+ end
29
+ end
30
+
31
+ def resource_class(m = nil)
32
+ mapping = if m
33
+ Devise.mappings[m]
34
+ else
35
+ Devise.mappings[resource_name] || Devise.mappings.values.first
36
+ end
37
+
38
+ mapping.to
39
+ end
40
+
41
+ def provider
42
+ 'email'
43
+ end
44
+ end
@@ -0,0 +1,178 @@
1
+ # frozen_string_literal: true
2
+
3
+ module DeviseTokenAuth::Concerns::SetUserByToken
4
+ extend ActiveSupport::Concern
5
+ include DeviseTokenAuth::Concerns::ResourceFinder
6
+
7
+ included do
8
+ before_action :set_request_start
9
+ after_action :update_auth_header
10
+ end
11
+
12
+ protected
13
+
14
+ # keep track of request duration
15
+ def set_request_start
16
+ @request_started_at = Time.zone.now
17
+ @used_auth_by_token = true
18
+
19
+ # initialize instance variables
20
+ @client_id ||= nil
21
+ @resource ||= nil
22
+ @token ||= nil
23
+ @is_batch_request ||= nil
24
+ end
25
+
26
+ def ensure_pristine_resource
27
+ if @resource.changed?
28
+ # Stash pending changes in the resource before reloading.
29
+ changes = @resource.changes
30
+ @resource.reload
31
+ end
32
+ yield
33
+ ensure
34
+ # Reapply pending changes
35
+ @resource.assign_attributes(changes) if changes
36
+ end
37
+
38
+ # user auth
39
+ def set_user_by_token(mapping = nil)
40
+ # determine target authentication class
41
+ rc = resource_class(mapping)
42
+
43
+ # no default user defined
44
+ return unless rc
45
+
46
+ # gets the headers names, which was set in the initialize file
47
+ uid_name = DeviseTokenAuth.headers_names[:'uid']
48
+ access_token_name = DeviseTokenAuth.headers_names[:'access-token']
49
+ client_name = DeviseTokenAuth.headers_names[:'client']
50
+
51
+ # parse header for values necessary for authentication
52
+ uid = request.headers[uid_name] || params[uid_name]
53
+ @token ||= request.headers[access_token_name] || params[access_token_name]
54
+ @client_id ||= request.headers[client_name] || params[client_name]
55
+
56
+ # client_id isn't required, set to 'default' if absent
57
+ @client_id ||= 'default'
58
+
59
+ # check for an existing user, authenticated via warden/devise, if enabled
60
+ if DeviseTokenAuth.enable_standard_devise_support
61
+ devise_warden_user = warden.user(rc.to_s.underscore.to_sym)
62
+ if devise_warden_user && devise_warden_user.tokens[@client_id].nil?
63
+ @used_auth_by_token = false
64
+ @resource = devise_warden_user
65
+ # REVIEW: The following line _should_ be safe to remove;
66
+ # the generated token does not get used anywhere.
67
+ # @resource.create_new_auth_token
68
+ end
69
+ end
70
+
71
+ # user has already been found and authenticated
72
+ return @resource if @resource && @resource.is_a?(rc)
73
+
74
+ # ensure we clear the client_id
75
+ unless @token
76
+ @client_id = nil
77
+ return
78
+ end
79
+
80
+ return false unless @token
81
+
82
+ # mitigate timing attacks by finding by uid instead of auth token
83
+ user = uid && rc.dta_find_by(uid: uid)
84
+
85
+ if user && user.valid_token?(@token, @client_id)
86
+ # sign_in with bypass: true will be deprecated in the next version of Devise
87
+ if respond_to?(:bypass_sign_in) && DeviseTokenAuth.bypass_sign_in
88
+ bypass_sign_in(user, scope: :user)
89
+ else
90
+ sign_in(:user, user, store: false, event: :fetch, bypass: DeviseTokenAuth.bypass_sign_in)
91
+ end
92
+ return @resource = user
93
+ else
94
+ # zero all values previously set values
95
+ @client_id = nil
96
+ return @resource = nil
97
+ end
98
+ end
99
+
100
+ def update_auth_header
101
+ # cannot save object if model has invalid params
102
+
103
+ return unless @resource && @client_id
104
+
105
+ # Generate new client_id with existing authentication
106
+ @client_id = nil unless @used_auth_by_token
107
+
108
+ if @used_auth_by_token && !DeviseTokenAuth.change_headers_on_each_request
109
+ # should not append auth header if @resource related token was
110
+ # cleared by sign out in the meantime
111
+ return if @resource.reload.tokens[@client_id].nil?
112
+
113
+ auth_header = @resource.build_auth_header(@token, @client_id)
114
+
115
+ # update the response header
116
+ response.headers.merge!(auth_header)
117
+
118
+ else
119
+ unless @resource.reload.valid?
120
+ @resource = resource_class.find(@resource.to_param) # errors remain after reload
121
+ # if we left the model in a bad state, something is wrong in our app
122
+ unless @resource.valid?
123
+ raise DeviseTokenAuth::Errors::InvalidModel, "Cannot set auth token in invalid model. Errors: #{@resource.errors.full_messages}"
124
+ end
125
+ end
126
+ refresh_headers
127
+ end
128
+ end
129
+
130
+ private
131
+
132
+ def refresh_headers
133
+ ensure_pristine_resource do
134
+ # Lock the user record during any auth_header updates to ensure
135
+ # we don't have write contention from multiple threads
136
+ @resource.with_lock do
137
+ # should not append auth header if @resource related token was
138
+ # cleared by sign out in the meantime
139
+ return if @used_auth_by_token && @resource.tokens[@client_id].nil?
140
+
141
+ # update the response header
142
+ response.headers.merge!(auth_header_from_batch_request)
143
+ end # end lock
144
+ end # end ensure_pristine_resource
145
+ end
146
+
147
+ def is_batch_request?(user, client_id)
148
+ !params[:unbatch] &&
149
+ user.tokens[client_id] &&
150
+ user.tokens[client_id]['updated_at'] &&
151
+ user.tokens[client_id]['updated_at'].to_time > @request_started_at - DeviseTokenAuth.batch_request_buffer_throttle
152
+ end
153
+
154
+ def auth_header_from_batch_request
155
+ # determine batch request status after request processing, in case
156
+ # another processes has updated it during that processing
157
+ @is_batch_request = is_batch_request?(@resource, @client_id)
158
+
159
+ auth_header = {}
160
+ # extend expiration of batch buffer to account for the duration of
161
+ # this request
162
+ if @is_batch_request
163
+ auth_header = @resource.extend_batch_buffer(@token, @client_id)
164
+
165
+ # Do not return token for batch requests to avoid invalidated
166
+ # tokens returned to the client in case of race conditions.
167
+ # Use a blank string for the header to still be present and
168
+ # being passed in a XHR response in case of
169
+ # 304 Not Modified responses.
170
+ auth_header[DeviseTokenAuth.headers_names[:"access-token"]] = ' '
171
+ auth_header[DeviseTokenAuth.headers_names[:"expiry"]] = ' '
172
+ else
173
+ # update Authorization response header with new token
174
+ auth_header = @resource.create_new_auth_token(@client_id)
175
+ end
176
+ auth_header
177
+ end
178
+ end