devise_token_authenticatable 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +86 -0
- data/README.md +30 -3
- data/devise_token_authenticatable.gemspec +2 -2
- data/lib/devise_token_authenticatable/controllers/token_authenticatable.rb +1 -1
- data/lib/devise_token_authenticatable/models/token_authenticatable.rb +5 -2
- data/lib/devise_token_authenticatable/strategies/token_authenticatable.rb +8 -4
- data/lib/devise_token_authenticatable/version.rb +1 -1
- metadata +6 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: acb1df5fb554dd007f5b47e04835c63d3d8ba26f12929f361d2389cd62c2e9f6
|
4
|
+
data.tar.gz: fe174753795b1d09fa28ba46f4b699a59d6ade87df8c719cbead6b9e40b32b15
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f576277d3d01b5331da24a50016149f9b4a0541164f150e15b0779d62e6a3ec5717df81c48006569f8cf08237b523b9280e53efe09e1e52d085b0855ee8d717a
|
7
|
+
data.tar.gz: cd54a71fc9b30b49fa122c3564ef17c6985606243117ce9cf2344b1fb24d1d5a55f71b9301411815fbf43265ce1d5829be6456b899c6986d7f66cf60f2d3992f
|
data/Gemfile.lock
ADDED
@@ -0,0 +1,86 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
devise_token_authenticatable (0.1.1)
|
5
|
+
devise (~> 4.4, >= 4.4.3)
|
6
|
+
jwt (~> 2.1)
|
7
|
+
|
8
|
+
GEM
|
9
|
+
remote: https://rubygems.org/
|
10
|
+
specs:
|
11
|
+
actionpack (5.2.1)
|
12
|
+
actionview (= 5.2.1)
|
13
|
+
activesupport (= 5.2.1)
|
14
|
+
rack (~> 2.0)
|
15
|
+
rack-test (>= 0.6.3)
|
16
|
+
rails-dom-testing (~> 2.0)
|
17
|
+
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
18
|
+
actionview (5.2.1)
|
19
|
+
activesupport (= 5.2.1)
|
20
|
+
builder (~> 3.1)
|
21
|
+
erubi (~> 1.4)
|
22
|
+
rails-dom-testing (~> 2.0)
|
23
|
+
rails-html-sanitizer (~> 1.0, >= 1.0.3)
|
24
|
+
activesupport (5.2.1)
|
25
|
+
concurrent-ruby (~> 1.0, >= 1.0.2)
|
26
|
+
i18n (>= 0.7, < 2)
|
27
|
+
minitest (~> 5.1)
|
28
|
+
tzinfo (~> 1.1)
|
29
|
+
bcrypt (3.1.12)
|
30
|
+
builder (3.2.3)
|
31
|
+
concurrent-ruby (1.0.5)
|
32
|
+
crass (1.0.4)
|
33
|
+
devise (4.5.0)
|
34
|
+
bcrypt (~> 3.0)
|
35
|
+
orm_adapter (~> 0.1)
|
36
|
+
railties (>= 4.1.0, < 6.0)
|
37
|
+
responders
|
38
|
+
warden (~> 1.2.3)
|
39
|
+
erubi (1.7.1)
|
40
|
+
i18n (1.1.1)
|
41
|
+
concurrent-ruby (~> 1.0)
|
42
|
+
jwt (2.1.0)
|
43
|
+
loofah (2.2.2)
|
44
|
+
crass (~> 1.0.2)
|
45
|
+
nokogiri (>= 1.5.9)
|
46
|
+
method_source (0.9.0)
|
47
|
+
mini_portile2 (2.3.0)
|
48
|
+
minitest (5.11.3)
|
49
|
+
nokogiri (1.8.5)
|
50
|
+
mini_portile2 (~> 2.3.0)
|
51
|
+
orm_adapter (0.5.0)
|
52
|
+
rack (2.0.5)
|
53
|
+
rack-test (1.1.0)
|
54
|
+
rack (>= 1.0, < 3)
|
55
|
+
rails-dom-testing (2.0.3)
|
56
|
+
activesupport (>= 4.2.0)
|
57
|
+
nokogiri (>= 1.6)
|
58
|
+
rails-html-sanitizer (1.0.4)
|
59
|
+
loofah (~> 2.2, >= 2.2.2)
|
60
|
+
railties (5.2.1)
|
61
|
+
actionpack (= 5.2.1)
|
62
|
+
activesupport (= 5.2.1)
|
63
|
+
method_source
|
64
|
+
rake (>= 0.8.7)
|
65
|
+
thor (>= 0.19.0, < 2.0)
|
66
|
+
rake (10.5.0)
|
67
|
+
responders (2.4.0)
|
68
|
+
actionpack (>= 4.2.0, < 5.3)
|
69
|
+
railties (>= 4.2.0, < 5.3)
|
70
|
+
thor (0.20.0)
|
71
|
+
thread_safe (0.3.6)
|
72
|
+
tzinfo (1.2.5)
|
73
|
+
thread_safe (~> 0.1)
|
74
|
+
warden (1.2.7)
|
75
|
+
rack (>= 1.0)
|
76
|
+
|
77
|
+
PLATFORMS
|
78
|
+
ruby
|
79
|
+
|
80
|
+
DEPENDENCIES
|
81
|
+
bundler (~> 1.16)
|
82
|
+
devise_token_authenticatable!
|
83
|
+
rake (~> 10.0)
|
84
|
+
|
85
|
+
BUNDLED WITH
|
86
|
+
1.16.2
|
data/README.md
CHANGED
@@ -8,9 +8,11 @@ Add this line to your application's Gemfile:
|
|
8
8
|
gem 'devise_token_authenticatable'
|
9
9
|
```
|
10
10
|
|
11
|
-
|
11
|
+
### Controllers
|
12
12
|
|
13
|
-
|
13
|
+
Create an `users` directory in your `controllers` directory.
|
14
|
+
In this `users` directory, create a `sessions` controller.
|
15
|
+
Override the `create` action like this :
|
14
16
|
|
15
17
|
```ruby
|
16
18
|
class Users::SessionsController < Devise::SessionsController
|
@@ -22,7 +24,8 @@ class Users::SessionsController < Devise::SessionsController
|
|
22
24
|
end
|
23
25
|
```
|
24
26
|
|
25
|
-
|
27
|
+
In the same `users` directory than previous, create a `registrations` controller.
|
28
|
+
Update it like this :
|
26
29
|
|
27
30
|
```ruby
|
28
31
|
class Users::RegistrationsController < Devise::RegistrationsController
|
@@ -40,6 +43,30 @@ end
|
|
40
43
|
|
41
44
|
Use "before_action :token_authenticate_user!" instead of "before_action :authenticate_user!"
|
42
45
|
|
46
|
+
### Models
|
47
|
+
|
48
|
+
In your `user` model, add the module `:token_authenticatable` next to other devise's modules
|
49
|
+
Example :
|
50
|
+
|
51
|
+
```ruby
|
52
|
+
class User < ApplicationRecord
|
53
|
+
# Include default devise modules. Others available are:
|
54
|
+
# :confirmable, :lockable and :omniauthable
|
55
|
+
devise :database_authenticatable, :registerable, :timeoutable,
|
56
|
+
:recoverable, :rememberable, :trackable, :validatable,
|
57
|
+
:token_authenticatable
|
58
|
+
end
|
59
|
+
```
|
60
|
+
|
61
|
+
### Configs
|
62
|
+
|
63
|
+
You can add uncomment the `timeoutable` devise module to set an expiry date to your token.
|
64
|
+
Choose token's lifetime in `devise.rb`
|
65
|
+
|
66
|
+
```ruby
|
67
|
+
config.timeout_in = 30.minutes
|
68
|
+
```
|
69
|
+
|
43
70
|
## License
|
44
71
|
|
45
72
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
@@ -8,8 +8,8 @@ Gem::Specification.new do |spec|
|
|
8
8
|
spec.authors = ['Jonathan PHILIPPE']
|
9
9
|
spec.email = ['pretrine@gmail.com']
|
10
10
|
|
11
|
-
spec.summary = %q{
|
12
|
-
spec.description = %q{
|
11
|
+
spec.summary = %q{Token module for Devise}
|
12
|
+
spec.description = %q{This gem is a token module for Devise. It generates a new token at each request.}
|
13
13
|
spec.homepage = ''
|
14
14
|
spec.license = 'MIT'
|
15
15
|
|
@@ -10,7 +10,7 @@ module Devise
|
|
10
10
|
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
11
11
|
def set_#{mapping}_access_token!
|
12
12
|
return unless #{mapping}_signed_in?
|
13
|
-
response.set_header("X-#{mapping.to_s.split('_').map(&:capitalize).join('-')}-Token", current_#{mapping}.access_token)
|
13
|
+
response.set_header("X-#{mapping.to_s.split('_').map(&:capitalize).join('-')}-Token", current_#{mapping}.access_token(request.remote_ip))
|
14
14
|
end
|
15
15
|
|
16
16
|
def token_authenticate_#{mapping}!(opts={})
|
@@ -9,8 +9,11 @@ module Devise
|
|
9
9
|
[]
|
10
10
|
end
|
11
11
|
|
12
|
-
def access_token
|
13
|
-
|
12
|
+
def access_token(remote_ip = nil)
|
13
|
+
current_sign_in_at = self.respond_to?(:timedout?) && Time.now.utc
|
14
|
+
current_sign_in_ip = self.respond_to?(:current_sign_in_ip) && remote_ip
|
15
|
+
|
16
|
+
Base64.strict_encode64(JWT.encode({ id: id, current_sign_in_at: current_sign_in_at, current_sign_in_ip: current_sign_in_ip }, Devise.secret_key, 'HS256'))
|
14
17
|
end
|
15
18
|
end
|
16
19
|
end
|
@@ -4,14 +4,16 @@ require 'jwt'
|
|
4
4
|
module Devise
|
5
5
|
module Strategies
|
6
6
|
class TokenAuthenticatable < Authenticatable
|
7
|
-
attr_accessor :user_id, :
|
7
|
+
attr_accessor :user_id, :current_sign_in_at, :current_sign_in_ip
|
8
8
|
|
9
9
|
def authenticate!
|
10
10
|
env['devise.skip_trackable'] = true
|
11
11
|
|
12
12
|
resource = user_id.present? && mapping.to.find_for_database_authentication(authentication_hash)
|
13
13
|
|
14
|
-
|
14
|
+
fail(:timeout) if resource.respond_to?(:timedout?) && resource.timedout?(current_sign_in_at)
|
15
|
+
|
16
|
+
if validate(resource) { !resource.respond_to?(:current_sign_in_ip) || request.remote_ip == current_sign_in_ip }
|
15
17
|
success!(resource)
|
16
18
|
end
|
17
19
|
|
@@ -35,7 +37,8 @@ module Devise
|
|
35
37
|
def with_authentication_hash(auth_type, auth_values)
|
36
38
|
self.authentication_hash, self.authentication_type = {}, auth_type
|
37
39
|
self.user_id = auth_values['id']
|
38
|
-
self.
|
40
|
+
self.current_sign_in_at = auth_values['current_sign_in_at']
|
41
|
+
self.current_sign_in_ip = auth_values['current_sign_in_ip']
|
39
42
|
|
40
43
|
parse_authentication_key_values(auth_values, ['id'])
|
41
44
|
end
|
@@ -48,7 +51,8 @@ module Devise
|
|
48
51
|
return {} unless request.authorization && request.authorization =~ /^Bearer (.*)/mi
|
49
52
|
|
50
53
|
payload = JWT.decode(Base64.decode64($1), Devise.secret_key, true, { algorithm: 'HS256' }).first
|
51
|
-
payload
|
54
|
+
payload['current_sign_in_at'] = Time.parse(payload['current_sign_in_at']) if payload['current_sign_in_at'].present?
|
55
|
+
payload
|
52
56
|
rescue JWT::DecodeError
|
53
57
|
{}
|
54
58
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_token_authenticatable
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonathan PHILIPPE
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-10-
|
11
|
+
date: 2018-10-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: devise
|
@@ -72,7 +72,8 @@ dependencies:
|
|
72
72
|
- - "~>"
|
73
73
|
- !ruby/object:Gem::Version
|
74
74
|
version: '10.0'
|
75
|
-
description:
|
75
|
+
description: This gem is a token module for Devise. It generates a new token at each
|
76
|
+
request.
|
76
77
|
email:
|
77
78
|
- pretrine@gmail.com
|
78
79
|
executables: []
|
@@ -81,6 +82,7 @@ extra_rdoc_files: []
|
|
81
82
|
files:
|
82
83
|
- ".gitignore"
|
83
84
|
- Gemfile
|
85
|
+
- Gemfile.lock
|
84
86
|
- LICENSE.txt
|
85
87
|
- README.md
|
86
88
|
- Rakefile
|
@@ -113,5 +115,5 @@ rubyforge_project:
|
|
113
115
|
rubygems_version: 2.7.7
|
114
116
|
signing_key:
|
115
117
|
specification_version: 4
|
116
|
-
summary:
|
118
|
+
summary: Token module for Devise
|
117
119
|
test_files: []
|