g5_authenticatable 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7a62091f31bef8d7d3b0dbd2b57aa2e3dc627ebc
-  data.tar.gz: e74855a8c9bf2e5e89edf97d40cb4d11ba004427
+  metadata.gz: 01d16764300ca8cf106601e9bc00625631f1feb0
+  data.tar.gz: bba2757fa2298839be4230713b1804adde562198
 SHA512:
-  metadata.gz: b815696a057a7e20ff3a0d6e67fe831ac69c8f17663a8419039b501e76da81fef1ab7cd3122fdbbe6166504f46ad943df072be16ed89d80945a24a908c568194
-  data.tar.gz: 077e3c67efa60753a0333cb6a749c0e7066a07605737a9148af854a819a532781a32effc1f7f9c51ee81920fef946136552e1765a84845d36bc6854d3d4837ef
+  metadata.gz: 776f2f806c5f29953799728e93503f5947424b426f64f45283b750f290dddbaecece6015c9d2d6acf0b77e3110714b6849ccf5f1754fd3d113deb857dfe8b12c
+  data.tar.gz: 30d6470860d0f7c0a504ca37d056133a9ed44eb57bebc33a0d2630e2078da0432ce80bb5d31f0402f78577ab4719dcbcf4501e699e2c7e926da4616c232c650e

data/.ruby-version

@@ -1 +1 @@
-2.1.0
+2.1.2

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+## v0.4.0 (2015-01-20)
+
+* Several fixes around sign-out, including accepting GET requests and
+  enabling strict token validation
+  ([#21](https://github.com/G5/g5_authenticatable/pull/21))
+* Improved documentation around controller test helpers
+  ([#22](https://github.com/G5/g5_authenticatable/pull/22))
+* Added `g5_authenticatable:purge_users` rake task to purge local user data;
+  primarily used for configuring demo/dev environments built on a production
+  clone or DB dump
+  ([#23](https://github.com/G5/g5_authenticatable/pull/23))
+
 ## v0.3.0 (2014-03-13)
 
 * First open source release to [RubyGems](https://rubygems.org)
@@ -17,7 +29,7 @@
 
 ## v0.1.2 (2014-03-05)
 
-* Set G5_AUTH_USERNAME and G5_AUTH_PASSWORD on auth client defaults
+* Set `G5_AUTH_USERNAME` and `G5_AUTH_PASSWORD` on auth client defaults
 
 ## v0.1.0 (2014-02-26)
 

data/Gemfile

@@ -6,13 +6,13 @@ source 'https://rubygems.org'
 gemspec
 
 # Gems used by the dummy application
-gem 'rails', '~> 4.0.2'
+gem 'rails', '4.1.4'
 gem 'jquery-rails'
 gem 'pg'
 gem 'grape'
 
 group :test, :development do
-  gem 'rspec-rails', '~> 2.14'
+  gem 'rspec-rails', '~> 2.99'
   gem 'pry'
   gem 'dotenv-rails'
 end
@@ -23,7 +23,7 @@ group :test do
   gem 'simplecov', require: false
   gem 'codeclimate-test-reporter', require: false
   gem 'webmock'
-  gem 'shoulda-matchers'
+  gem 'shoulda-matchers', '~> 2.6'
   gem 'generator_spec'
   gem 'rspec-http', require: 'rspec/http'
 end

data/README.md

@@ -18,7 +18,7 @@ library in isolation.
 
 ## Current Version
 
-0.3.0
+0.4.0
 
 ## Requirements
 
@@ -85,7 +85,7 @@ root :to => 'home#index'
    For non-production environments, this redirect URI does not have to
    be publicly accessible, but it must be accessible from the browser
    where you will be testing (so using something like
-   http://localhost:3000/users/auth/g5/callback is fine if your browser
+   http://localhost:3000/g5_auth/users/auth/g5/callback is fine if your browser
    and client application server are both local).
 
    If you are using the production G5 Auth server, the redirect URI **MUST**
@@ -103,13 +103,31 @@ environment variables for your client application:
 * `G5_AUTH_CLIENT_ID` - the OAuth 2.0 application ID from the auth server
 * `G5_AUTH_CLIENT_SECRET` - the OAuth 2.0 application secret from the auth server
 * `G5_AUTH_REDIRECT_URI` - the OAuth 2.0 redirect URI registered with the auth server
-* `G5_AUTH_ENDPOINT` - the endpoint URL for the G5 auth server
+* `G5_AUTH_ENDPOINT` - the endpoint URL (without any path info) for the G5 auth server.
+  Generally, this will be set to either `https://dev-auth.g5search.com` or
+  `https://auth.g5search.com` (the default).
 
-You can also set up a default user's credentials with:
+If you need to make server-to-server API calls that are not associated with an
+end user, you can also set up a default user's credentials with:
 
 * `G5_AUTH_USERNAME` - the G5 auth server user name
 * `G5_AUTH_PASSWORD` - the G5 auth server user's password
 
+### Token validation
+
+By default, G5 Authenticatable only validates access tokens on incoming API
+requests. If you are relying on session-based authentication instead, it is
+possible for the local application's session to remain active after the
+global access token has been revoked.
+
+If you want to guarantee that the local session is destroyed when the access
+token is revoked, add the following to
+`config/initializers/g5_authenticatable.rb`:
+
+```ruby
+G5Authenticatable.strict_token_validation = true
+```
+
 ## Usage
 
 ### Controller filters and helpers
@@ -255,6 +273,32 @@ following line in your `spec/spec_helper.rb`:
 require 'g5_authenticatable/rspec'
 ```
 
+Note that the example code assumes you are using Rspec 3 metadata syntax. If you are
+using Rspec 2.x, you can either:
+
+* Enable this syntax with the following config in your `spec/spec_helper.rb`:
+
+  ```ruby
+  RSpec.configure do |config|
+    config.treat_symbols_as_metadata_keys_with_true_values = true
+  end
+  ```
+
+* Or you can replace every instance of a bare symbol in the metadata with a full
+  key-value pair. For example:
+
+  ```ruby
+  # This won't work out of the box with Rspec 2
+  context 'my secure context', :auth do
+    it 'can see my secrets'
+  end
+
+  # But this will...
+  context 'my secure context', auth: true do
+    it 'can see my secrets'
+  end
+  ```
+
 #### Feature Specs ####
 
 The easiest way to use g5_authenticatable in feature specs is through
@@ -360,23 +404,40 @@ To use the shared context, tag your example group with the `:auth_controller`
 Rspec metadata:
 
 ```ruby
-describe 'my secure action', :auth_controller do
+describe 'my secure action' do
   context 'when the user is authenticated' do
-	it 'can access some secure path' do
-	  get :my_action
-	  expect(response). to be_success
-	end
+    it 'can access some secure path' do
+      get :my_action
+      expect(response). to be_success
+    end
   end
 
-  context 'whent there is no authenticated user' do
-	it 'cannot access the secure path' do
-	  get :my_action
-	  expect(reponse).to be_redirect
-	end
+  context 'when there is no authenticated user', :auth_controller do
+    it 'cannot access the secure path' do
+      get :my_action
+      expect(reponse).to be_redirect
+    end
   end
 end
 ```
 
+### Purging local user data
+
+G5 Authenticatable automatically maintains user data locally via the
+`G5Authenticatable::User` model. This local data can be purged
+using the following rake task:
+
+```console
+$ rake g5_authenticatable:purge_users
+```
+
+Executing this task does not affect any remote user data on the
+auth server.
+
+It is especially important to purge the local user data
+when reconfiguring a client application to use a different auth endpoint
+(for example, when cloning a demo environment from production).
+
 ## Examples
 
 ### Protecting a particular Rails controller action
@@ -404,11 +465,10 @@ In your view template, add the following:
 
 ### Adding a link to sign out
 
-In order to sign out, the link must not only have the correct path,
-but must also use the DELETE HTTP method:
+In your view template, add the following:
 
 ```html+erb
-<%= link_to('Logout', destroy_session_path(:user), :method => :delete) %>
+<%= link_to('Logout', destroy_session_path(:user)) %>
 ```
 
 ### Selectively securing Grape API methods
@@ -460,6 +520,29 @@ In the code above, we assume that HTML requests come from a client that
 can display the auth server's sign in page to the end user, while all other
 formats are assumed to be API requests.
 
+If HTML requests do not imply a client capable of providing a user to interact with
+a signup form, you can try something like this:
+
+```ruby
+class MyMixedUpController < ApplicationController
+  before_filter :authenticate_api_user!, if: :is_api_request?
+  before_filter :authenticate_user!, unless: :is_api_request?
+
+  respond_to :html
+
+  def show
+    resource = MyResource.find(params[:id])
+    respond_with(resource)
+  end
+
+  private
+
+  def is_api_request?
+	!G5Authenticatable::TokenValidator.new(params, headers).access_token.nil?
+  end
+end
+```
+
 ## Authors
 
 * Maeve Revels / [@maeve](https://github.com/maeve)

data/app/controllers/g5_authenticatable/sessions_controller.rb

@@ -19,5 +19,9 @@ module G5Authenticatable
     def after_omniauth_failure_path_for(scope)
       auth_error_path
     end
+
+    def after_sign_out_path_for(resource_or_scope)
+      main_app.root_path
+    end
   end
 end

data/circle.yml

@@ -1,4 +1,4 @@
 database:
   override:
     - cp spec/dummy/config/database.yml.ci spec/dummy/config/database.yml
-    - RAILS_ENV=test rake app:db:setup
+    - RAILS_ENV=test bundle exec rake app:db:setup

data/config/initializers/devise.rb

@@ -222,7 +222,7 @@ Devise.setup do |config|
   # config.navigational_formats = ['*/*', :html]
 
   # The default HTTP method used to sign out a resource. Default is :delete.
-  config.sign_out_via = :delete
+  config.sign_out_via = :get
 
   # ==> OmniAuth
   # Add a new OmniAuth provider. Check the wiki for more information on setting

data/config/routes.rb

@@ -2,5 +2,10 @@ G5Authenticatable::Engine.routes.draw do
   devise_for :users, class_name: 'G5Authenticatable::User',
                      module: :devise,
                      controllers: {sessions: 'g5_authenticatable/sessions'}
+
+  devise_scope :user do
+    delete '/users/sign_out', to: redirect('users/sign_out')
+  end
+
   get '/auth_error', to: 'error#auth_error'
 end

data/g5_authenticatable.gemspec

@@ -20,6 +20,6 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'devise_g5_authenticatable', '~> 0.1'
-  spec.add_dependency 'g5_authenticatable_api', '~> 0.2'
+  spec.add_dependency 'devise_g5_authenticatable', '~> 0.2'
+  spec.add_dependency 'g5_authenticatable_api', '~> 0.3.1'
 end

data/lib/g5_authenticatable/rspec.rb

@@ -1,4 +1,5 @@
 require 'g5_authenticatable/test/factory'
+require 'g5_authenticatable/test/token_validation_helpers'
 require 'g5_authenticatable/test/feature_helpers'
 require 'g5_authenticatable/test/request_helpers'
 require 'g5_authenticatable/test/controller_helpers'

data/lib/g5_authenticatable/test/feature_helpers.rb

@@ -16,6 +16,7 @@ module G5Authenticatable
 
       def visit_path_and_login_with(path, user)
         stub_g5_omniauth(user)
+        stub_valid_access_token(user.g5_access_token)
         visit path
       end
     end

data/lib/g5_authenticatable/test/request_helpers.rb

@@ -19,7 +19,16 @@ shared_context 'auth request', auth_request: true do
 
   let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
 
-  before { login_user(user) }
+  let!(:orig_auth_endpoint) { ENV['G5_AUTH_ENDPOINT'] }
+  let(:auth_endpoint) { 'https://test.auth.host' }
+  before { ENV['G5_AUTH_ENDPOINT'] = auth_endpoint }
+  after { ENV['G5_AUTH_ENDPOINT'] = orig_auth_endpoint }
+
+  before do
+    login_user(user)
+    stub_valid_access_token(user.g5_access_token)
+  end
+
   after { logout_user }
 end
 

data/lib/g5_authenticatable/test/token_validation_helpers.rb

@@ -0,0 +1,25 @@
+module G5Authenticatable
+  module Test
+    module TokenValidationHelpers
+      def stub_valid_access_token(token_value)
+        stub_request(:get, "#{ENV['G5_AUTH_ENDPOINT']}/oauth/token/info").
+          with(headers: {'Authorization'=>"Bearer #{token_value}"}).
+          to_return(status: 200, body: '', headers: {})
+      end
+
+      def stub_invalid_access_token(token_value)
+        stub_request(:get, "#{ENV['G5_AUTH_ENDPOINT']}/oauth/token/info").
+          with(headers: {'Authorization'=>"Bearer #{token_value}"}).
+          to_return(status: 401,
+                    headers: {'Content-Type' => 'application/json; charset=utf-8',
+                              'Cache-Control' => 'no-cache'},
+                    body: {'error' => 'invalid_token',
+                           'error_description' => 'The access token expired'}.to_json)
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include G5Authenticatable::Test::TokenValidationHelpers
+end

data/lib/g5_authenticatable/version.rb

@@ -1,3 +1,3 @@
 module G5Authenticatable
-  VERSION = '0.3.0'
+  VERSION = '0.4.0'
 end

data/lib/g5_authenticatable.rb

@@ -4,4 +4,16 @@ require 'devise_g5_authenticatable'
 require 'g5_authenticatable_api'
 
 module G5Authenticatable
+  # When enabled, access tokens are always validated against the auth
+  # server, even when that token is associated with an authenticated user.
+  # Disabled by default, meaning that tokens are only validated if
+  # they are explicitly passed in on an API request.
+  @@strict_token_validation = false
+  mattr_reader :strict_token_validation
+
+  def self.strict_token_validation=(validate)
+    @@strict_token_validation =
+      G5AuthenticatableApi.strict_token_validation =
+      Devise.g5_strict_token_validation = validate
+  end
 end

data/lib/generators/g5_authenticatable/install/install_generator.rb

@@ -17,4 +17,8 @@ class G5Authenticatable::InstallGenerator < Rails::Generators::Base
   def mount_engine
     route "mount G5Authenticatable::Engine => '/g5_auth'"
   end
+
+  def create_initializer
+    template 'g5_authenticatable.rb', 'config/initializers/g5_authenticatable.rb'
+  end
 end

data/lib/generators/g5_authenticatable/install/templates/g5_authenticatable.rb

@@ -0,0 +1,8 @@
+# Enable strict token validation to guarantee that an authenticated
+# user's access token is still valid on the global auth server, at the
+# cost of performance. When disabled, the user's access token will
+# not be repeatedly validated, but this means that the local
+# session may persist long after the access token is revoked on the
+# auth server. Disabled by default.
+#
+# G5Authenticatable.strict_token_validation = true

data/lib/tasks/g5_authenticatable/purge_users.rake

@@ -0,0 +1,6 @@
+namespace :g5_authenticatable do
+  desc 'Purge local user data from the DB'
+  task :purge_users do
+    G5Authenticatable::User.destroy_all
+  end
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -10,6 +10,7 @@
 <p class="notice"><%= notice %></p>
 <p class="alert"><%= alert %></p>
 <%= link_to('Login', new_session_path(:user)) %>
+<%= link_to('Logout', destroy_session_path(:user)) %>
 <%= yield %>
 
 </body>

data/spec/features/token_validation_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+
+describe 'UI Token validation' do
+  let!(:old_auth_endpoint) { ENV['G5_AUTH_ENDPOINT'] }
+  before { ENV['G5_AUTH_ENDPOINT'] = auth_endpoint }
+  after { ENV['G5_AUTH_ENDPOINT'] = old_auth_endpoint }
+  let(:auth_endpoint) { 'https://auth.test.host' }
+
+  let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+
+  before do
+    stub_g5_omniauth(user)
+    visit protected_page_path
+
+    # Now that we're logged in, any subsequent attempts to
+    # authenticate with the auth server will trigger an omniauth
+    # failure, which is a condition we can test for
+    stub_g5_invalid_credentials
+  end
+
+  context 'when token validation is enabled' do
+    before { G5Authenticatable.strict_token_validation = true }
+
+    context 'when user has a valid g5 access token' do
+      before { stub_valid_access_token(user.g5_access_token) }
+
+      it 'should allow the user to visit a protected page' do
+        visit protected_page_path
+        expect(current_path).to eq(protected_page_path)
+      end
+    end
+
+    context 'when user has an invalid g5 access token' do
+      before { stub_invalid_access_token(user.g5_access_token) }
+
+      it 'should force the user to re-authenticate' do
+        visit protected_page_path
+        expect(current_path).to_not eq(protected_page_path)
+      end
+    end
+  end
+
+  context 'when token validation is disabled' do
+    before { G5Authenticatable.strict_token_validation = false }
+
+    it 'should allow the user to visit a protected page' do
+      visit protected_page_path
+      expect(current_path).to eq(protected_page_path)
+    end
+  end
+end

data/spec/lib/generators/g5_authenticatable/install_generator_spec.rb

@@ -7,7 +7,7 @@ require 'spec_helper'
 require 'generators/g5_authenticatable/install/install_generator'
 
 describe G5Authenticatable::InstallGenerator, type: :generator do
-  destination File.expand_path('../../../tmp', __FILE__)
+  destination File.expand_path('../../../../tmp', __FILE__)
 
   before do
     prepare_destination
@@ -27,6 +27,18 @@ describe G5Authenticatable::InstallGenerator, type: :generator do
     }
   end
 
+  it 'should copy the initializer' do
+    expect(destination_root).to have_structure {
+      directory 'config' do
+        directory 'initializers' do
+          file 'g5_authenticatable.rb' do
+            contains '# G5Authenticatable.strict_token_validation = true'
+          end
+        end
+      end
+    }
+  end
+
   it 'should mount the engine' do
     expect(destination_root).to have_structure {
       directory 'config' do

data/spec/requests/sign_out_spec.rb

@@ -0,0 +1,44 @@
+require 'spec_helper'
+
+# Normally, we'd do this as a feature spec, but there's
+# currently no easy way to get capybara to play along nicely
+# with mocks for external redirects (the capybara-mechanize driver
+# comes closest, but not quite)
+describe 'Signing out' do
+  before { ENV['G5_AUTH_ENDPOINT'] = auth_endpoint }
+  after { ENV['G5_AUTH_ENDPOINT'] = nil }
+  let(:auth_endpoint) { 'https://auth.test.host' }
+
+  let(:auth_sign_out_url) do
+    "#{auth_endpoint}/users/sign_out?redirect_url=http%3A%2F%2Fwww.example.com%2F"
+  end
+
+  describe 'GET /g5_auth/users/sign_out' do
+    subject(:sign_out) { get '/g5_auth/users/sign_out' }
+
+    context 'when user is logged in', :auth_request do
+      it 'should redirect to the auth server' do
+        expect(sign_out).to redirect_to(auth_sign_out_url)
+      end
+
+      it 'should not allow the user to access protected pages' do
+        sign_out
+        expect(get '/protected_page').to redirect_to('/g5_auth/users/sign_in')
+      end
+    end
+
+    context 'when user is not logged in' do
+      it 'should redirect to the auth server' do
+        expect(sign_out).to redirect_to(auth_sign_out_url)
+      end
+    end
+  end
+
+  describe 'DELETE /g5_auth/users/sign_out', :auth_request do
+    subject(:sign_out) { delete '/g5_auth/users/sign_out' }
+
+    it 'should redirect to GET' do
+      expect(sign_out).to redirect_to('/g5_auth/users/sign_out')
+    end
+  end
+end

data/spec/requests/token_validation_spec.rb

@@ -0,0 +1,47 @@
+require 'spec_helper'
+
+describe 'API Token validation' do
+  let!(:old_auth_endpoint) { ENV['G5_AUTH_ENDPOINT'] }
+  before { ENV['G5_AUTH_ENDPOINT'] = auth_endpoint }
+  after { ENV['G5_AUTH_ENDPOINT'] = old_auth_endpoint }
+  let(:auth_endpoint) { 'https://auth.test.host' }
+
+  let(:token_info_url) { URI.join(auth_endpoint, '/oauth/token/info') }
+
+  let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+  before { login_user(user) }
+  after { logout_user }
+
+  subject(:api_call) { get '/rails_api/secure_resource.json' }
+
+  context 'when token validation is enabled' do
+    before { G5Authenticatable.strict_token_validation = true }
+
+    context 'when user has a valid g5 access token' do
+      before { stub_valid_access_token(user.g5_access_token) }
+
+      it 'should allow the user to make the api call' do
+        api_call
+        expect(response).to be_success
+      end
+    end
+
+    context 'when user has an invalid g5 access token' do
+      before { stub_invalid_access_token(user.g5_access_token) }
+
+      it 'should return a 401' do
+        api_call
+        expect(response).to be_http_unauthorized
+      end
+    end
+  end
+
+  context 'when token validation is disabled' do
+    before { G5Authenticatable.strict_token_validation = false }
+
+    it 'should allow the user to make the api call' do
+      api_call
+      expect(response).to be_success
+    end
+  end
+end

data/spec/routing/sign_out_routing_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+describe 'Sign out routes' do
+  routes {G5Authenticatable::Engine.routes}
+
+  it 'should route GET /g5_auth/users/sign_out' do
+    expect(get('/users/sign_out')).to route_to(controller: 'g5_authenticatable/sessions',
+                                               action: 'destroy')
+  end
+end

data/spec/spec_helper.rb

@@ -48,5 +48,7 @@ RSpec.configure do |config|
 
   config.treat_symbols_as_metadata_keys_with_true_values = true
 
+  config.infer_spec_type_from_file_location!
+
   config.after(:suite) { WebMock.disable! }
 end

data/spec/support/shared_contexts/rake.rb

@@ -0,0 +1,21 @@
+# Based on: http://robots.thoughtbot.com/test-rake-tasks-like-a-boss
+# Modified for a non-Rails environment
+require 'rake'
+
+shared_context 'rake' do
+  let(:rake)      { Rake::Application.new }
+  let(:task_name) { self.class.top_level_description }
+  let(:task_path) { "lib/tasks/#{task_name.split(':').first}/#{task_name.split(':').last}" }
+  let(:root_path) { File.expand_path('../../../..', __FILE__) }
+  subject(:task)  { rake[task_name] }
+
+  def loaded_files_excluding_current_rake_file
+    $".reject {|file| file =~ /#{task_path}\.rake$/ }
+  end
+
+  before do
+    Rake.application = rake
+    Rake.application.rake_require(task_path, [root_path], loaded_files_excluding_current_rake_file)
+    Rake::Task.define_task(:environment)
+  end
+end

data/spec/support/token_validation.rb

@@ -0,0 +1,3 @@
+RSpec.configure do |config|
+  config.before(:each) { G5Authenticatable.strict_token_validation = false }
+end

data/spec/tasks/purge_users_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+describe 'g5_authenticatable:purge_users' do
+  include_context 'rake'
+
+  context 'when there are no local users' do
+    it 'should not raise any errors' do
+      expect { task.invoke }.to_not raise_error
+    end
+
+    it 'should not leave any user data in the db' do
+      task.invoke
+      expect(G5Authenticatable::User.count).to eq(0)
+    end
+  end
+
+  context 'when there is one local user' do
+    let!(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+
+    it 'should delete the user data from the db' do
+      expect { task.invoke }.to change { G5Authenticatable::User.count }.from(1).to(0)
+    end
+  end
+
+  context 'when there are multiple local users' do
+    let!(:user1) { FactoryGirl.create(:g5_authenticatable_user) }
+    let!(:user2) { FactoryGirl.create(:g5_authenticatable_user) }
+
+    it 'should delete the user data from the db' do
+      expect { task.invoke }.to change { G5Authenticatable::User.count }.from(2).to(0)
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: g5_authenticatable
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - maeve
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-13 00:00:00.000000000 Z
+date: 2015-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise_g5_authenticatable
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.2'
 - !ruby/object:Gem::Dependency
   name: g5_authenticatable_api
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: 0.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: 0.3.1
 description: |-
   An engine that provides a basic User model,
                             authentication logic, and remote credential
@@ -79,11 +79,13 @@ files:
 - lib/g5_authenticatable/test/factory.rb
 - lib/g5_authenticatable/test/feature_helpers.rb
 - lib/g5_authenticatable/test/request_helpers.rb
+- lib/g5_authenticatable/test/token_validation_helpers.rb
 - lib/g5_authenticatable/version.rb
 - lib/generators/g5_authenticatable/install/USAGE
 - lib/generators/g5_authenticatable/install/install_generator.rb
 - lib/generators/g5_authenticatable/install/templates/create_g5_authenticatable_users.rb
-- lib/tasks/g5_authenticatable_tasks.rake
+- lib/generators/g5_authenticatable/install/templates/g5_authenticatable.rb
+- lib/tasks/g5_authenticatable/purge_users.rake
 - script/rails
 - spec/config/application_spec.rb
 - spec/controllers/.gitkeep
@@ -131,15 +133,22 @@ files:
 - spec/dummy/script/rails
 - spec/features/auth_error_path_spec.rb
 - spec/features/sign_in_spec.rb
+- spec/features/token_validation_spec.rb
 - spec/g5_authenticatable/version_spec.rb
 - spec/lib/generators/g5_authenticatable/install_generator_spec.rb
 - spec/models/.gitkeep
 - spec/models/g5_authenticatable/user_spec.rb
 - spec/requests/grape_api_spec.rb
 - spec/requests/rails_api_spec.rb
+- spec/requests/sign_out_spec.rb
+- spec/requests/token_validation_spec.rb
 - spec/routing/auth_error_routing_spec.rb
+- spec/routing/sign_out_routing_spec.rb
 - spec/spec_helper.rb
 - spec/support/devise.rb
+- spec/support/shared_contexts/rake.rb
+- spec/support/token_validation.rb
+- spec/tasks/purge_users_spec.rb
 homepage: https://github.com/G5/g5_authenticatable
 licenses:
 - MIT
@@ -160,7 +169,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.0
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: An authentication engine for G5 applications.
@@ -211,12 +220,19 @@ test_files:
 - spec/dummy/script/rails
 - spec/features/auth_error_path_spec.rb
 - spec/features/sign_in_spec.rb
+- spec/features/token_validation_spec.rb
 - spec/g5_authenticatable/version_spec.rb
 - spec/lib/generators/g5_authenticatable/install_generator_spec.rb
 - spec/models/.gitkeep
 - spec/models/g5_authenticatable/user_spec.rb
 - spec/requests/grape_api_spec.rb
 - spec/requests/rails_api_spec.rb
+- spec/requests/sign_out_spec.rb
+- spec/requests/token_validation_spec.rb
 - spec/routing/auth_error_routing_spec.rb
+- spec/routing/sign_out_routing_spec.rb
 - spec/spec_helper.rb
 - spec/support/devise.rb
+- spec/support/shared_contexts/rake.rb
+- spec/support/token_validation.rb
+- spec/tasks/purge_users_spec.rb

data/lib/tasks/g5_authenticatable_tasks.rake

@@ -1,4 +0,0 @@
-# desc "Explaining what the task does"
-# task :g5_authenticatable do
-#   # Task goes here
-# end