devise_token_authenticatable 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4275b7871fcc7e2710d5d2011d4fa8c0844d74ec2bbb717714c4ed741e79d150
-  data.tar.gz: 8c9f52885cdb7a686b2d465b3ccbc0d2c210973feb78975c1b682f922367c2ce
+  metadata.gz: acb1df5fb554dd007f5b47e04835c63d3d8ba26f12929f361d2389cd62c2e9f6
+  data.tar.gz: fe174753795b1d09fa28ba46f4b699a59d6ade87df8c719cbead6b9e40b32b15
 SHA512:
-  metadata.gz: a8407d2558934e2b4db0365728aea93a3f12c1b4e67b871747c5793d392332fc73f6b5a4ecf526af0f292bff4b34fa0646479af534a90d9ab7c60cd21c971c61
-  data.tar.gz: 6891b6fde487ccc1045aa1012b5c6eaedb0c38f44e7fc8e14a2e093bcfff8202c53eeead214f45e87d2893bdce1373b73bfa74b7946fd14a97e2d1517e6993f9
+  metadata.gz: f576277d3d01b5331da24a50016149f9b4a0541164f150e15b0779d62e6a3ec5717df81c48006569f8cf08237b523b9280e53efe09e1e52d085b0855ee8d717a
+  data.tar.gz: cd54a71fc9b30b49fa122c3564ef17c6985606243117ce9cf2344b1fb24d1d5a55f71b9301411815fbf43265ce1d5829be6456b899c6986d7f66cf60f2d3992f

data/Gemfile.lock

@@ -0,0 +1,86 @@
+PATH
+  remote: .
+  specs:
+    devise_token_authenticatable (0.1.1)
+      devise (~> 4.4, >= 4.4.3)
+      jwt (~> 2.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (5.2.1)
+      actionview (= 5.2.1)
+      activesupport (= 5.2.1)
+      rack (~> 2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.2.1)
+      activesupport (= 5.2.1)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activesupport (5.2.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    bcrypt (3.1.12)
+    builder (3.2.3)
+    concurrent-ruby (1.0.5)
+    crass (1.0.4)
+    devise (4.5.0)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0, < 6.0)
+      responders
+      warden (~> 1.2.3)
+    erubi (1.7.1)
+    i18n (1.1.1)
+      concurrent-ruby (~> 1.0)
+    jwt (2.1.0)
+    loofah (2.2.2)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    method_source (0.9.0)
+    mini_portile2 (2.3.0)
+    minitest (5.11.3)
+    nokogiri (1.8.5)
+      mini_portile2 (~> 2.3.0)
+    orm_adapter (0.5.0)
+    rack (2.0.5)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
+    railties (5.2.1)
+      actionpack (= 5.2.1)
+      activesupport (= 5.2.1)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.19.0, < 2.0)
+    rake (10.5.0)
+    responders (2.4.0)
+      actionpack (>= 4.2.0, < 5.3)
+      railties (>= 4.2.0, < 5.3)
+    thor (0.20.0)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    warden (1.2.7)
+      rack (>= 1.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  devise_token_authenticatable!
+  rake (~> 10.0)
+
+BUNDLED WITH
+   1.16.2

data/README.md

@@ -8,9 +8,11 @@ Add this line to your application's Gemfile:
 gem 'devise_token_authenticatable'
 ```
 
-install it yourself as:
+### Controllers
 
-Customize Devise::SessionsController. You need to create and return token in #create
+Create an `users` directory in your `controllers` directory.
+In this `users` directory, create a `sessions` controller.
+Override the `create` action like this :
 
 ```ruby
 class Users::SessionsController < Devise::SessionsController
@@ -22,7 +24,8 @@ class Users::SessionsController < Devise::SessionsController
 end
 ```
 
-Customize Devise::RegistrationsController. add this code
+In the same `users` directory than previous, create a `registrations` controller.
+Update it like this :
 
 ```ruby
 class Users::RegistrationsController < Devise::RegistrationsController
@@ -40,6 +43,30 @@ end
 
 Use "before_action :token_authenticate_user!" instead of "before_action :authenticate_user!"
 
+### Models
+
+In your `user` model, add the module `:token_authenticatable` next to other devise's modules
+Example :
+
+```ruby
+class User < ApplicationRecord
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable and :omniauthable
+  devise :database_authenticatable, :registerable, :timeoutable,
+         :recoverable, :rememberable, :trackable, :validatable,
+         :token_authenticatable
+end
+```
+
+### Configs
+
+You can add uncomment the `timeoutable` devise module to set an expiry date to your token.
+Choose token's lifetime in `devise.rb`
+
+```ruby
+config.timeout_in = 30.minutes
+```
+
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/devise_token_authenticatable.gemspec

@@ -8,8 +8,8 @@ Gem::Specification.new do |spec|
   spec.authors       = ['Jonathan PHILIPPE']
   spec.email         = ['pretrine@gmail.com']
 
-  spec.summary       = %q{Write a short summary, because RubyGems requires one.}
-  spec.description   = %q{Write a longer description or delete this line.}
+  spec.summary       = %q{Token module for Devise}
+  spec.description   = %q{This gem is a token module for Devise. It generates a new token at each request.}
   spec.homepage      = ''
   spec.license       = 'MIT'
 

data/lib/devise_token_authenticatable/controllers/token_authenticatable.rb

@@ -10,7 +10,7 @@ module Devise
           class_eval <<-METHODS, __FILE__, __LINE__ + 1
             def set_#{mapping}_access_token!
               return unless #{mapping}_signed_in?
-              response.set_header("X-#{mapping.to_s.split('_').map(&:capitalize).join('-')}-Token", current_#{mapping}.access_token)
+              response.set_header("X-#{mapping.to_s.split('_').map(&:capitalize).join('-')}-Token", current_#{mapping}.access_token(request.remote_ip))
             end
 
             def token_authenticate_#{mapping}!(opts={})

data/lib/devise_token_authenticatable/models/token_authenticatable.rb

@@ -9,8 +9,11 @@ module Devise
         []
       end
 
-      def access_token
-        Base64.strict_encode64(JWT.encode({ id: id, last_request_at: respond_to?(:timedout?) && Time.now.utc }, Devise.secret_key, 'HS256'))
+      def access_token(remote_ip = nil)
+        current_sign_in_at = self.respond_to?(:timedout?) && Time.now.utc
+        current_sign_in_ip = self.respond_to?(:current_sign_in_ip) && remote_ip
+
+        Base64.strict_encode64(JWT.encode({ id: id, current_sign_in_at: current_sign_in_at, current_sign_in_ip: current_sign_in_ip }, Devise.secret_key, 'HS256'))
       end
     end
   end

data/lib/devise_token_authenticatable/strategies/token_authenticatable.rb

@@ -4,14 +4,16 @@ require 'jwt'
 module Devise
   module Strategies
     class TokenAuthenticatable < Authenticatable
-      attr_accessor :user_id, :last_request_at
+      attr_accessor :user_id, :current_sign_in_at, :current_sign_in_ip
 
       def authenticate!
         env['devise.skip_trackable'] = true
 
         resource = user_id.present? && mapping.to.find_for_database_authentication(authentication_hash)
 
-        if validate(resource) { !resource.respond_to?(:timedout?) || !resource.timedout?(last_request_at) }
+        fail(:timeout) if resource.respond_to?(:timedout?) && resource.timedout?(current_sign_in_at)
+
+        if validate(resource) { !resource.respond_to?(:current_sign_in_ip) || request.remote_ip == current_sign_in_ip }
           success!(resource)
         end
 
@@ -35,7 +37,8 @@ module Devise
       def with_authentication_hash(auth_type, auth_values)
         self.authentication_hash, self.authentication_type = {}, auth_type
         self.user_id = auth_values['id']
-        self.last_request_at = auth_values['last_request_at']
+        self.current_sign_in_at = auth_values['current_sign_in_at']
+        self.current_sign_in_ip = auth_values['current_sign_in_ip']
 
         parse_authentication_key_values(auth_values, ['id'])
       end
@@ -48,7 +51,8 @@ module Devise
         return {} unless request.authorization && request.authorization =~ /^Bearer (.*)/mi
 
         payload = JWT.decode(Base64.decode64($1), Devise.secret_key, true, { algorithm: 'HS256' }).first
-        payload.merge('payload' => Time.parse(payload['last_request_at'])) if payload['last_request_at'].present?
+        payload['current_sign_in_at'] = Time.parse(payload['current_sign_in_at']) if payload['current_sign_in_at'].present?
+        payload
       rescue JWT::DecodeError
         {}
       end

data/lib/devise_token_authenticatable/version.rb

@@ -1,3 +1,3 @@
 module DeviseTokenAuthenticatable
-  VERSION = '0.1.0'
+  VERSION = '0.1.1'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_token_authenticatable
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Jonathan PHILIPPE
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-10-02 00:00:00.000000000 Z
+date: 2018-10-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -72,7 +72,8 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
-description: Write a longer description or delete this line.
+description: This gem is a token module for Devise. It generates a new token at each
+  request.
 email:
 - pretrine@gmail.com
 executables: []
@@ -81,6 +82,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
@@ -113,5 +115,5 @@ rubyforge_project:
 rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
-summary: Write a short summary, because RubyGems requires one.
+summary: Token module for Devise
 test_files: []