RubyGems - grape_devise_auth - Versions diffs - 0.0.1 - Mend

grape_devise_auth 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

checksums.yaml +7 -0
data/.gitignore +9 -0
data/Gemfile +4 -0
data/LICENSE.txt +19 -0
data/README.md +111 -0
data/Rakefile +2 -0
data/bin/console +14 -0
data/bin/setup +7 -0
data/grape_devise_auth.gemspec +23 -0
data/lib/grape_devise_auth/auth_headers.rb +49 -0
data/lib/grape_devise_auth/auth_helpers.rb +143 -0
data/lib/grape_devise_auth/authorizer_data.rb +27 -0
data/lib/grape_devise_auth/concerns/user.rb +195 -0
data/lib/grape_devise_auth/configuration.rb +37 -0
data/lib/grape_devise_auth/devise_interface.rb +31 -0
data/lib/grape_devise_auth/errors/login_failed.rb +4 -0
data/lib/grape_devise_auth/errors/logout_failed.rb +4 -0
data/lib/grape_devise_auth/errors/registration_failed.rb +4 -0
data/lib/grape_devise_auth/errors/unauthorized.rb +4 -0
data/lib/grape_devise_auth/middleware.rb +65 -0
data/lib/grape_devise_auth/token_authorizer.rb +54 -0
data/lib/grape_devise_auth/version.rb +3 -0
data/lib/grape_devise_auth.rb +43 -0
metadata +122 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a31a5bc78acdb9b71c8fadb7e40c6749b528b351
+  data.tar.gz: 65f84ad5104121b80f71f5d95c5d0a4e9a45eac6
+SHA512:
+  metadata.gz: c2ce492cb137cabd59586407b26de00d5f7c399f3f18598d5d0bf55fa2c9f8caf74df123b1f09716147f3e7472d39ed49116914f9001c03c1650af601fdcbe71
+  data.tar.gz: de83764552a6cb31da9df696288a2f685c7f0bec2a8331a0d681e71668450791bbaf10580446d5eded79be8d18b37c59c08573f218eb71d0c756af71b713109f

data/.gitignore ADDED Viewed

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/Gemfile ADDED Viewed

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in grape_devise_auth.gemspec
+gemspec

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,19 @@
+The MIT License (MIT)
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,111 @@
+# GrapeDeviseAuth
+GrapeDeviseAuth allows to use [devise][3] based registration/authorization inside [grape][2]. This gem is based on [grape_devise_auth_token][1] so all credit goes to its authors.
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem 'grape_devise_auth'
+```
+And then execute:
+    $ bundle
+Or install it yourself as:
+    $ gem install grape_devise_auth
+## Usage
+Place this line in an initializer in your rails app or at least somewhere before
+the grape API will get loaded:
+```ruby
+GrapeDeviseAuth.setup!
+```
+Available config parameters and default values:
+```
+batch_request_buffer_throttle = 2.weeks
+change_headers_on_each_request = true
+authenticate_all = false
+default_provider = 'email'
+token_lifespan = 2.weeks
+max_number_of_devices = 10
+headers_names = {:'access-token' => 'access-token',
+                        :'client' => 'client',
+                        :'expiry' => 'expiry',
+                        :'uid' => 'uid',
+                        :'token-type' => 'token-type' }
+remove_tokens_after_password_reset = false
+```
+Within the Grape API:
+```
+class Posts < Grape::API
+  auth :grape_devise_auth, resource_class: :user
+  helpers GrapeDeviseAuth::AuthHelpers
+  # ...
+end
+```
+Inside your User model:
+```
+include GrapeDeviseAuth::Concerns::User
+  # ...
+```
+Endpoints can be called by `method_name_YOUR_MAPPING_HERE!` (e.g. `authenticate_user!`).
+For Example:
+```
+get '/' do
+  authenticate_user!
+  login_user!
+  logout_user!
+  register_user!
+end
+```
+Get current auth headers:
+```
+user_auth_headers
+```
+Devise routes must be present:
+```
+Rails.application.routes.draw do
+  devise_for :users
+end
+```
+Every endpoind has a version that doesn't fail or returns 401. For example authenticate_user(notice that it lacks of exclamation mark)
+Necessary parameters for endpoints:
+login_user!        - uid and password (inside request body)
+register_user!     - uid and any field to have validation for (inside request body)
+authenticate_user! - uid, client, access-token (inside request headers)
+[1]: https://github.com/mcordell/grape_devise_token_auth
+[2]: https://github.com/intridea/grape
+[3]: https://github.com/plataformatec/devise

data/Rakefile ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ require "bundler/gem_tasks"
2	+

data/bin/console ADDED Viewed

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+require "bundler/setup"
+require "grape_devise_auth"
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+require "irb"
+IRB.start

data/bin/setup ADDED Viewed

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+bundle install
+# Do any other automated setup that you need to do here

data/grape_devise_auth.gemspec ADDED Viewed

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'grape_devise_auth/version'
+Gem::Specification.new do |spec|
+  spec.name          = "grape_devise_auth"
+  spec.version       = GrapeDeviseAuth::VERSION
+  spec.authors       = ["Anton Sokolskyi"]
+  spec.email         = ["antonsokolskyi@gmail.com"]
+  spec.summary       = %q{Allows to use Devise-based registration/authorization inside Grape API}
+  spec.homepage      = "https://github.com/antonsokolskyy/GrapeDeviseAuth"
+  spec.license       = "MIT"
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.require_paths = ["lib"]
+  spec.add_development_dependency "bundler", "~> 1.8"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_dependency 'grape', '>= 0.15.0'
+  spec.add_dependency 'devise', '>= 4.2'
+end

data/lib/grape_devise_auth/auth_headers.rb ADDED Viewed

@@ -0,0 +1,49 @@
+module GrapeDeviseAuth
+  class AuthHeaders
+    extend Forwardable
+    def initialize(warden, mapping, request_start, data)
+      @resource = warden.user(:user)
+      @request_start = request_start
+      @data = data
+    end
+    def headers
+      return {} unless resource && resource.valid? && client_id
+      auth_headers_from_resource
+    end
+    private
+    def_delegators :@data, :token, :client_id
+    attr_reader :request_start, :resource
+    def batch_request?
+      @batch_request ||= resource.tokens[client_id] &&
+                         resource.tokens[client_id]['updated_at'] &&
+                         within_batch_request_window?
+    end
+    def within_batch_request_window?
+      end_of_window = Time.parse(resource.tokens[client_id]['updated_at']) +
+                      GrapeDeviseAuth.batch_request_buffer_throttle
+      request_start < end_of_window
+    end
+    def auth_headers_from_resource
+      auth_headers = {}
+      resource.with_lock do
+        if !GrapeDeviseAuth.change_headers_on_each_request
+          auth_headers = resource.extend_batch_buffer(token, client_id)
+        elsif batch_request?
+          resource.extend_batch_buffer(token, client_id)
+          # don't set any headers in a batch request
+        else
+          auth_headers = resource.create_new_auth_token(client_id)
+        end
+      end
+      auth_headers
+    end
+  end
+end

data/lib/grape_devise_auth/auth_helpers.rb ADDED Viewed

@@ -0,0 +1,143 @@
+module GrapeDeviseAuth
+  module AuthHelpers
+    def self.included(_base)
+      Devise.mappings.keys.each do |mapping|
+        define_method("current_#{mapping}") do
+          warden.user(mapping)
+        end
+        define_method("authenticate_#{mapping}") do
+          load_auth_headers_data(mapping)
+          authorizer_data  = AuthorizerData.from_env(env)
+          devise_interface = DeviseInterface.new(authorizer_data)
+          token_authorizer = TokenAuthorizer.new(authorizer_data,
+                                                 devise_interface)
+          resource = token_authorizer.authenticate_from_token(mapping)
+          if resource
+            devise_interface.set_user_in_warden(mapping, resource)
+            update_expiry_for_client_token(authorizer_data.client_id)
+            true
+          end
+        end
+        define_method("authenticate_#{mapping}!") do
+          authentication = send("authenticate_#{mapping}")
+          raise Unauthorized unless authentication
+          authentication
+        end
+        define_method("login_#{mapping}") do
+          field = authentication_field(mapping)
+          uid = find_uid(field)
+          resource = resource_class(mapping).find_by_uid(uid)
+          if resource && valid_params?(field, uid) && resource.valid_password?(params[:password]) && (!resource.respond_to?(:active_for_authentication?) || resource.active_for_authentication?)
+            update_env_with_auth_data(resource.create_new_auth_token)
+            warden.set_user(resource, scope: mapping, store: false)
+          end
+        end
+        define_method("login_#{mapping}!") do
+          login = send("login_#{mapping}")
+          raise LoginFailed unless login
+          login
+        end
+        define_method("logout_#{mapping}") do
+          resource = warden.user(mapping)
+          client_id = env[Configuration::CLIENT_KEY]
+          warden.logout
+          if resource && client_id && resource.tokens[client_id]
+            resource.tokens.delete(client_id)
+            resource.save!
+          else
+            nil
+          end
+        end
+        define_method("logout_#{mapping}!") do
+          logout = send("logout_#{mapping}")
+          raise LogoutFailed unless logout
+          logout
+        end
+        define_method("#{mapping}_auth_headers") do
+          env[Configuration::CURRENT_AUTH_HEADERS]
+        end
+        define_method("register_#{mapping}") do
+          resource = resource_class(mapping).new(declared(params))
+          resource.provider = GrapeDeviseAuth.default_provider
+          if resource_class(mapping).case_insensitive_keys.include?(:email)
+            resource.email = declared(params)['email'].try :downcase
+          end
+          if resource.save
+            update_env_with_auth_data(resource.create_new_auth_token)
+          else
+            nil
+          end
+        end
+        define_method("register_#{mapping}!") do
+          register = send("register_#{mapping}")
+          raise RegistrationFailed unless register
+          register
+        end
+      end
+    end
+    def warden
+      @warden ||= env['warden']
+    end
+    def authenticated?(scope = :user)
+      user_type = "current_#{scope}"
+      return false unless respond_to?(user_type)
+      !!send(user_type)
+    end
+    private
+    def valid_params?(key, val)
+      params[:password] && key && val
+    end
+    def resource_class(m = nil)
+      mapping = if m
+                  Devise.mappings[m]
+                else
+                  Devise.mappings[resource_name] || Devise.mappings.values.first
+                end
+      mapping.to
+    end
+    def authentication_field(mapping)
+      field = (params.keys.map(&:to_sym) && resource_class(mapping).authentication_keys).first
+    end
+    def find_uid(field)
+      request.headers[field.to_s.capitalize] || params[field] || request.headers['Uid'] || params['uid']
+    end
+    def load_auth_headers_data(mapping)
+      env[Configuration::UID_KEY] = find_uid(authentication_field(mapping))
+      env[Configuration::CLIENT_KEY] = request.headers['Client'] || params['client']
+      env[Configuration::ACCESS_TOKEN_KEY] = request.headers['Access-Token'] || params['access-token']
+    end
+    def update_expiry_for_client_token(client_id)
+      if @user
+        @client_id = client_id
+        @user.tokens[@client_id]['expiry'] = (Time.now + GrapeDeviseAuth.token_lifespan).to_i
+        @user.save
+      end
+    end
+    def update_env_with_auth_data(auth_data)
+      env[Configuration::CURRENT_AUTH_HEADERS] = auth_data
+    end
+  end
+end

data/lib/grape_devise_auth/authorizer_data.rb ADDED Viewed

@@ -0,0 +1,27 @@
+module GrapeDeviseAuth
+  class AuthorizerData
+    attr_reader :uid, :client_id, :token, :expiry, :warden
+    def initialize(uid, client_id, token, expiry, warden)
+      @uid = uid
+      @client_id = client_id
+      @token = token
+      @expiry = expiry
+      @warden = warden
+    end
+    def self.from_env(env)
+      new(
+        env[Configuration::UID_KEY],
+        env[Configuration::CLIENT_KEY] || 'default',
+        env[Configuration::ACCESS_TOKEN_KEY],
+        env[Configuration::EXPIRY_KEY],
+        env['warden']
+      )
+    end
+    def token_prerequisites_present?
+      token && uid
+    end
+  end
+end

data/lib/grape_devise_auth/concerns/user.rb ADDED Viewed

@@ -0,0 +1,195 @@
+require 'bcrypt'
+module GrapeDeviseAuth
+  module Concerns
+    module User
+      extend ActiveSupport::Concern
+      def self.tokens_match?(token_hash, token)
+        @token_equality_cache ||= {}
+        key = "#{token_hash}/#{token}"
+        result = @token_equality_cache[key] ||= (::BCrypt::Password.new(token_hash) == token)
+        if @token_equality_cache.size > 10000
+          @token_equality_cache = {}
+        end
+        result
+      end
+      included do
+        # Hack to check if devise is already enabled
+        unless self.method_defined?(:devise_modules)
+          devise :database_authenticatable, :registerable,
+              :recoverable, :trackable, :validatable, :confirmable
+        else
+          self.devise_modules.delete(:omniauthable)
+        end
+        unless tokens_has_json_column_type?
+          serialize :tokens, JSON
+        end
+        # can't set default on text fields in mysql, simulate here instead.
+        after_save :set_empty_token_hash
+        after_initialize :set_empty_token_hash
+        # get rid of dead tokens
+        before_save :destroy_expired_tokens
+        # remove old tokens if password has changed
+        before_save :remove_tokens_after_password_reset
+        # allows user to change password without current_password
+        attr_writer :allow_password_change
+        def allow_password_change
+          @allow_password_change || false
+        end
+        # don't use default devise email validation
+        def email_required?
+          false
+        end
+        def email_changed?
+          false
+        end
+      end
+      module ClassMethods
+        protected
+        def tokens_has_json_column_type?
+          table_exists? && self.columns_hash['tokens'] && self.columns_hash['tokens'].type.in?([:json, :jsonb])
+        end
+      end
+      def build_auth_header(token, client_id='default')
+        client_id ||= 'default'
+        # client may use expiry to prevent validation request if expired
+        # must be cast as string or headers will break
+        expiry = self.tokens[client_id]['expiry'] || self.tokens[client_id][:expiry]
+        max_clients = GrapeDeviseAuth.max_number_of_devices
+        while self.tokens.keys.length > 0 and max_clients < self.tokens.keys.length
+          oldest_token = self.tokens.min_by { |cid, v| v[:expiry] || v["expiry"] }
+          self.tokens.delete(oldest_token.first)
+        end
+        self.save!
+        return {
+          GrapeDeviseAuth.headers_names[:"access-token"] => token,
+          GrapeDeviseAuth.headers_names[:"token-type"]   => "Bearer",
+          GrapeDeviseAuth.headers_names[:"client"]       => client_id,
+          GrapeDeviseAuth.headers_names[:"expiry"]       => expiry.to_s,
+          GrapeDeviseAuth.headers_names[:"uid"]          => self.uid
+        }
+      end
+      def extend_batch_buffer(token, client_id)
+        self.tokens[client_id]['updated_at'] = Time.now
+        return build_auth_header(token, client_id)
+      end
+      def valid_token?(token, client_id='default')
+        client_id ||= 'default'
+        return false unless self.tokens[client_id]
+        return true if token_is_current?(token, client_id)
+        return true if token_can_be_reused?(token, client_id)
+        # return false if none of the above conditions are met
+        return false
+      end
+      def token_is_current?(token, client_id)
+        # ghetto HashWithIndifferentAccess
+        expiry     = self.tokens[client_id]['expiry'] || self.tokens[client_id][:expiry]
+        token_hash = self.tokens[client_id]['token'] || self.tokens[client_id][:token]
+        return true if (
+          # ensure that expiry and token are set
+          expiry and token and
+          # ensure that the token has not yet expired
+          DateTime.strptime(expiry.to_s, '%s') > Time.now and
+          # ensure that the token is valid
+          GrapeDeviseAuth::Concerns::User.tokens_match?(token_hash, token)
+        )
+      end
+      # allow batch requests to use the previous token
+      def token_can_be_reused?(token, client_id)
+        # ghetto HashWithIndifferentAccess
+        updated_at = self.tokens[client_id]['updated_at'] || self.tokens[client_id][:updated_at]
+        last_token = self.tokens[client_id]['last_token'] || self.tokens[client_id][:last_token]
+        return true if (
+          # ensure that the last token and its creation time exist
+          updated_at and last_token and
+          # ensure that previous token falls within the batch buffer throttle time of the last request
+          Time.parse(updated_at) > Time.now - GrapeDeviseAuth.batch_request_buffer_throttle and
+          # ensure that the token is valid
+          ::BCrypt::Password.new(last_token) == token
+        )
+      end
+      # update user's auth token (should happen on each request)
+      def create_new_auth_token(client_id=nil)
+        client_id  ||= SecureRandom.urlsafe_base64(nil, false)
+        last_token ||= nil
+        token        = SecureRandom.urlsafe_base64(nil, false)
+        token_hash   = ::BCrypt::Password.create(token)
+        expiry       = (Time.now + GrapeDeviseAuth.token_lifespan).to_i
+        if self.tokens[client_id] and self.tokens[client_id]['token']
+          last_token = self.tokens[client_id]['token']
+        end
+        self.tokens[client_id] = {
+          token:      token_hash,
+          expiry:     expiry,
+          last_token: last_token,
+          updated_at: Time.now
+        }
+        return build_auth_header(token, client_id)
+      end
+      protected
+      def set_empty_token_hash
+        self.tokens ||= {} if has_attribute?(:tokens)
+      end
+      def destroy_expired_tokens
+        if self.tokens
+          self.tokens.delete_if do |cid, v|
+            expiry = v[:expiry] || v["expiry"]
+            DateTime.strptime(expiry.to_s, '%s') < Time.now
+          end
+        end
+      end
+      def remove_tokens_after_password_reset
+        there_is_more_than_one_token = self.tokens && self.tokens.keys.length > 1
+        should_remove_old_tokens = GrapeDeviseAuth.remove_tokens_after_password_reset &&
+                                   encrypted_password_changed? && there_is_more_than_one_token
+        if should_remove_old_tokens
+          latest_token = self.tokens.max_by { |cid, v| v[:expiry] || v["expiry"] }
+          self.tokens = { latest_token.first => latest_token.last }
+        end
+      end
+    end
+  end
+end

data/lib/grape_devise_auth/configuration.rb ADDED Viewed

@@ -0,0 +1,37 @@
+module GrapeDeviseAuth
+  class Configuration
+    attr_accessor :batch_request_buffer_throttle,
+                  :change_headers_on_each_request,
+                  :authenticate_all,
+                  :default_provider,
+                  :token_lifespan,
+                  :max_number_of_devices,
+                  :headers_names,
+                  :remove_tokens_after_password_reset
+    ACCESS_TOKEN_KEY = 'HTTP_ACCESS_TOKEN'
+    EXPIRY_KEY = 'HTTP_EXPIRY'
+    UID_KEY = 'HTTP_UID'
+    CLIENT_KEY = 'HTTP_CLIENT'
+    CURRENT_AUTH_HEADERS = 'CURRENT_AUTH_HEADERS'
+    def initialize
+      @batch_request_buffer_throttle = 2.weeks
+      @change_headers_on_each_request = true
+      @authenticate_all = false
+      @default_provider = 'email'
+      @token_lifespan = 2.weeks
+      @max_number_of_devices = 10
+      @headers_names = {:'access-token' => 'access-token',
+                        :'client' => 'client',
+                        :'expiry' => 'expiry',
+                        :'uid' => 'uid',
+                        :'token-type' => 'token-type' }
+      @remove_tokens_after_password_reset = false
+    end
+    def auth_all?
+      @authenticate_all
+    end
+  end
+end

data/lib/grape_devise_auth/devise_interface.rb ADDED Viewed

@@ -0,0 +1,31 @@
+module GrapeDeviseAuth
+  class DeviseInterface
+    def initialize(data)
+      @warden = data.warden
+      @client_id = data.client_id
+    end
+    # extracted and simplified from Devise
+    def set_user_in_warden(scope, resource)
+      scope = Devise::Mapping.find_scope!(scope)
+      warden.set_user(resource, scope: scope, store: false)
+    end
+    def mapping_to_class(m)
+      mapping = m ? Devise.mappings[m] : Devise.mappings.values.first
+      @resource_class = mapping.to
+    end
+    def exisiting_warden_user(resource_class)
+      warden_user =  warden.user(resource_class.to_s.underscore.to_sym)
+      return unless warden_user && warden_user.tokens[@client_id].nil?
+      resource = warden_user
+      resource.create_new_auth_token
+      resource
+    end
+    private
+    attr_reader :warden
+  end
+end

data/lib/grape_devise_auth/errors/login_failed.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module GrapeDeviseAuth
+  class LoginFailed < StandardError
+  end
+end

data/lib/grape_devise_auth/errors/logout_failed.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module GrapeDeviseAuth
+  class LogoutFailed < StandardError
+  end
+end

data/lib/grape_devise_auth/errors/registration_failed.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module GrapeDeviseAuth
+  class RegistrationFailed < StandardError
+  end
+end

data/lib/grape_devise_auth/errors/unauthorized.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module GrapeDeviseAuth
+  class Unauthorized < StandardError
+  end
+end

data/lib/grape_devise_auth/middleware.rb ADDED Viewed

@@ -0,0 +1,65 @@
+module GrapeDeviseAuth
+  class Middleware
+    extend Forwardable
+    def initialize(app, resource_name)
+      @app = app
+      @resource_name = resource_name
+    end
+    def call(env)
+      setup(env)
+      begin
+        auth_all
+        responses_with_auth_headers(*@app.call(env))
+      rescue Unauthorized => _e
+        return unauthorized
+      end
+    end
+    private
+    attr_reader :authorizer_data, :token_authorizer, :resource, :request_start
+    def_delegators :@authorizer_data, :warden, :token, :client_id
+    def auth_all
+      return if skip_auth_all?
+      user = token_authorizer.authenticate_from_token(@resource_name)
+      fail Unauthorized unless user
+      sign_in_user(user)
+    end
+    def skip_auth_all?
+      !GrapeDeviseAuth.configuration.auth_all?
+    end
+    def setup(env)
+      @request_start    = Time.now
+      @authorizer_data  = AuthorizerData.from_env(env)
+      @devise_interface = DeviseInterface.new(@authorizer_data)
+      @token_authorizer = TokenAuthorizer.new(@authorizer_data,
+                                              @devise_interface)
+    end
+    def sign_in_user(user)
+      @devise_interface.set_user_in_warden(@resource_name, user)
+    end
+    def responses_with_auth_headers(status, headers, response)
+      auth_headers = AuthHeaders.new(warden, @resource_name, request_start, authorizer_data)
+      [
+        status,
+        headers.merge(auth_headers.headers),
+        response
+      ]
+    end
+    def unauthorized
+      [401,
+       { 'Content-Type' => 'application/json'
+       },
+       []
+      ]
+    end
+  end
+end

data/lib/grape_devise_auth/token_authorizer.rb ADDED Viewed

@@ -0,0 +1,54 @@
+module GrapeDeviseAuth
+  class TokenAuthorizer
+    extend Forwardable
+    def initialize(data, devise_interface)
+      @data = data
+      @devise_interface = devise_interface
+    end
+    def authenticate_from_token(mapping = nil)
+      @resource_class =  devise_interface.mapping_to_class(mapping)
+      return nil unless resource_class
+      # client id is not required
+      client_id = data.client_id || 'default'
+      resource_from_existing_devise_user
+      return resource if correct_resource_type_logged_in? &&
+                         resource_does_not_have_client_token?(client_id)
+      return nil unless data.token_prerequisites_present?
+      load_user_from_uid
+      return nil unless user_authenticated?
+      user
+    end
+    private
+    attr_accessor :resource_class
+    attr_reader :data, :resource, :user, :devise_interface
+    def_delegators :@data, :warden, :uid, :token, :client_id
+    def user_authenticated?
+      user && user.valid_token?(token, client_id)
+    end
+    def load_user_from_uid
+      @user = resource_class.find_by_uid(uid)
+    end
+    def resource_from_existing_devise_user
+      @resource = @devise_interface.exisiting_warden_user(resource_class)
+    end
+    def correct_resource_type_logged_in?
+      resource && resource.class == resource_class
+    end
+    def resource_does_not_have_client_token?(client_id)
+      resource.tokens[client_id].nil?
+    end
+  end
+end

data/lib/grape_devise_auth/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module GrapeDeviseAuth
+  VERSION = '0.0.1'
+end

data/lib/grape_devise_auth.rb ADDED Viewed

@@ -0,0 +1,43 @@
+%w(version middleware auth_helpers authorizer_data errors/unauthorized
+   token_authorizer configuration auth_headers devise_interface concerns/user
+   errors/login_failed errors/logout_failed errors/registration_failed).each  do |file|
+     require "grape_devise_auth/#{file}"
+   end
+require 'grape'
+module GrapeDeviseAuth
+  class << self
+    extend Forwardable
+    def_delegators :configuration,
+                   :batch_request_buffer_throttle,
+                   :change_headers_on_each_request,
+                   :default_provider,
+                   :token_lifespan,
+                   :max_number_of_devices,
+                   :headers_names,
+                   :remove_tokens_after_password_reset
+    def configuration
+      @configuration ||= Configuration.new
+    end
+    def config
+      yield(configuration)
+    end
+    def setup!(middleware = false)
+      yield(configuration) if block_given?
+      add_auth_strategy
+    end
+    def add_auth_strategy
+      Grape::Middleware::Auth::Strategies.add(
+        :grape_devise_auth,
+        GrapeDeviseAuth::Middleware,
+        ->(options) { [options[:resource_class]] }
+      )
+    end
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,122 @@
+--- !ruby/object:Gem::Specification
+name: grape_devise_auth
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Anton Sokolskyi
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2016-11-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: grape
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.15.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.15.0
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.2'
+description:
+email:
+- antonsokolskyi@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- grape_devise_auth.gemspec
+- lib/grape_devise_auth.rb
+- lib/grape_devise_auth/auth_headers.rb
+- lib/grape_devise_auth/auth_helpers.rb
+- lib/grape_devise_auth/authorizer_data.rb
+- lib/grape_devise_auth/concerns/user.rb
+- lib/grape_devise_auth/configuration.rb
+- lib/grape_devise_auth/devise_interface.rb
+- lib/grape_devise_auth/errors/login_failed.rb
+- lib/grape_devise_auth/errors/logout_failed.rb
+- lib/grape_devise_auth/errors/registration_failed.rb
+- lib/grape_devise_auth/errors/unauthorized.rb
+- lib/grape_devise_auth/middleware.rb
+- lib/grape_devise_auth/token_authorizer.rb
+- lib/grape_devise_auth/version.rb
+homepage: https://github.com/antonsokolskyy/GrapeDeviseAuth
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.5.1
+signing_key:
+specification_version: 4
+summary: Allows to use Devise-based registration/authorization inside Grape API
+test_files: []