grape_devise_token_auth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 52925f8c667a9fb733ff96c62b0954d58d58d7cd
+  data.tar.gz: fa72880434bd05f866161c0c8da9bc9a0af3cb94
+SHA512:
+  metadata.gz: da3ffa3915aa58fe11c467c9e15dee10cb1f78a09a8faa77a0c3fa5b4e8aaaaa2d3de24bc7c500a1a28b226e91279e5f5441b2b50a3d37be89ae74d56d76abba
+  data.tar.gz: 19b085008ec2b60507a3a968013b78c7ad0bcab3e5cf739cfcae49331c0a6cefe6e79a030a96f12a15f21b874b09fa47115e41420a8503427aa0aafb40f5630b

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.0.0

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in grape_devise_token_auth.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Michael Cordell
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,84 @@
+# GrapeDeviseTokenAuth
+
+GrapeDeviseTokenAuth gem is a compatability layer between
+[devise_token_auth][1] and [grape][2]. It is useful when mounting a grape API
+in a rails application where [devise][3] (or `devise_token_auth` + `devise`)
+is already present. It is reliant on `devise_token_auth` and `devise`,
+therefore it is not suitable for grape where these are not present.
+
+The majority of the hard work and credit goes to [Lyann Dylan
+Hurley][4] and his fantistic [devise_token_auth][1] gem.
+I merely have ported this to work well with grape.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'grape_devise_token_auth'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install grape_devise_token_auth
+
+## Usage
+
+Place this line in an initializer in your rails app or at least somewhere before
+the grape API will get loaded:
+
+```ruby
+GrapeDeviseTokenAuth.setup!(true)
+```
+
+Within the Grape API:
+
+```
+class Posts < Grape::API
+  auth :grape_devise_token_auth, resource_class: :user
+
+  helpers GrapeDeviseTokenAuth::AuthHelpers
+
+  # ...
+end
+```
+
+including the helpers line allows you to use methods the `current_user` and
+`authenticated?` within the API.
+
+The resource class option allows you to specific the scope that will be
+authenticated, this corresponds to your devise mapping.
+
+All calls will now be authenticated in the above API via rack middleware.
+
+## Testing and Example
+
+Currently I am using [this repo][5] to test this gem, eventually I plan on
+migrating the tests into the `grape_devise_token_auth` repo. For now though, I
+refer you to that repo for how to integrate with an existing `devise` and
+`devise_token_auth` repo.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release` to create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/grape_devise_token_auth/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+[1]: https://github.com/lynndylanhurley/devise_token_auth
+[2]: https://github.com/intridea/grape
+[3]: https://github.com/plataformatec/devise
+[4]: https://github.com/lynndylanhurley
+[5]: https://github.com/mcordell/rails_grape_auth
+

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "grape_devise_token_auth"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/grape_devise_token_auth.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'grape_devise_token_auth/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "grape_devise_token_auth"
+  spec.version       = GrapeDeviseTokenAuth::VERSION
+  spec.authors       = ["Michael Cordell"]
+  spec.email         = ["mike@mikecordell.com"]
+
+  spec.summary       = %q{Allows an existing devise_token_auth/rails project to authenticate a Grape API}
+  spec.homepage      = "https://github.com/mcordell/grape_devise_token_auth"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.8"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_dependency 'grape', '> 0.9.0'
+  spec.add_dependency 'devise', '~> 3.3'
+  spec.add_dependency 'devise_token_auth', '~> 0.1.32.beta9'
+end

data/lib/grape_devise_token_auth/auth_helpers.rb

@@ -0,0 +1,21 @@
+module GrapeDeviseTokenAuth
+  module AuthHelpers
+    def self.included(_base)
+      Devise.mappings.keys.each do |mapping|
+        define_method("current_#{mapping}") do
+          warden.session_serializer.fetch(:user)
+        end
+      end
+    end
+
+    def warden
+      @warden ||= env['warden']
+    end
+
+    def authenticated?(scope = :user)
+      user_type = "current_#{scope}"
+      return false unless respond_to?(user_type)
+      !!send(user_type)
+    end
+  end
+end

data/lib/grape_devise_token_auth/middleware.rb

@@ -0,0 +1,143 @@
+module GrapeDeviseTokenAuth
+  class Middleware
+    ACCESS_TOKEN_KEY = 'HTTP_ACCESS_TOKEN'
+    EXPIRY_KEY = 'HTTP_EXPIRY'
+    UID_KEY = 'HTTP_UID'
+    CLIENT_KEY = 'HTTP_CLIENT'
+
+    def initialize(app, resource_name)
+      @app = app
+      resource_class_from_mapping(resource_name)
+    end
+
+    def call(env)
+      setup(env)
+      user = authenticate_from_token
+      return unauthorized unless user
+      sign_in_user(user)
+      responses_with_auth_headers(*@app.call(env))
+    end
+
+    private
+
+    attr_reader :uid, :client_id, :token, :expiry, :user, :resource_class, :resource, :warden, :batch_request_buffer_throttle, :request_start
+
+    def setup(env)
+      @request_start = Time.now
+      @uid           = env[UID_KEY]
+      @client_id     = env[CLIENT_KEY] || 'default'
+      @token         = env[ACCESS_TOKEN_KEY]
+      @expiry        = env[EXPIRY_KEY]
+      @warden        = env['warden']
+    end
+
+    def sign_in_user(user)
+      # user already logged in from devise:
+      return resource if resource
+      @resource = user
+      set_user_in_warden(:user, user)
+    end
+
+    #extracted and simplified from Devise
+    def set_user_in_warden(scope, resource)
+      scope    = Devise::Mapping.find_scope!(scope)
+      warden.session_serializer.store(resource, scope)
+    end
+
+    def resource_from_existing_devise_user
+      warden_user =  warden.user(resource_class.to_s.underscore.to_sym)
+      return unless warden_user && warden_user.tokens[client_id].nil?
+      @resource = warden_user
+      @resource.create_new_auth_token
+    end
+
+    def authenticate_from_token(mapping = nil)
+      resource_class_from_mapping(mapping)
+      return nil unless resource_class
+
+      resource_from_existing_devise_user
+      return resource if correct_resource_type_logged_in?
+
+      return nil unless token_request_valid?
+
+      user = resource_class.find_by_uid(uid)
+
+      return nil unless user && user.valid_token?(token, client_id)
+
+      user
+    end
+
+    def token_request_valid?
+      token && uid
+    end
+
+    def correct_resource_type_logged_in?
+      resource && resource.class == resource_class
+    end
+
+    def resource_class_from_mapping(m)
+      mapping = m ? Devise.mappings[m] : Devise.mappings.values.first
+      @resource_class = mapping.to
+    end
+
+    def valid?
+      keys_present? && !expired?
+    end
+
+    def keys_present?
+      uid.present? && client_id.present? && token.present?
+    end
+
+    def expired?
+      env[EXPIRY_KEY].to_i < Time.now.to_i
+    end
+
+    def responses_with_auth_headers(status, headers, response)
+      [
+        status,
+        headers.merge(auth_headers),
+        response
+      ]
+    end
+
+    def auth_headers
+      return {} unless resource && resource.valid? && client_id
+      auth_headers_from_resource
+    end
+
+    def auth_headers_from_resource
+      auth_headers = {}
+      resource.with_lock do
+        if !DeviseTokenAuth.change_headers_on_each_request
+          auth_headers = resource.extend_batch_buffer(token, client_id)
+        elsif batch_request?
+          resource.extend_batch_buffer(token, client_id)
+          # don't set any headers in a batch request
+        else
+          auth_headers = resource.create_new_auth_token(client_id)
+        end
+      end
+      auth_headers
+    end
+
+    def unauthorized
+      [401,
+       { 'Content-Type' => 'application/json'
+       },
+       []
+      ]
+    end
+
+    def batch_request?
+      @batch_request ||= resource.tokens[client_id] &&
+                         resource.tokens[client_id]['updated_at'] &&
+                         within_batch_request_window?
+    end
+
+    def within_batch_request_window?
+      end_of_window = Time.parse(resource.tokens[client_id]['updated_at']) +
+                      DeviseTokenAuth.batch_request_buffer_throttle
+      request_start < end_of_window
+    end
+  end
+end

data/lib/grape_devise_token_auth/version.rb

@@ -0,0 +1,3 @@
+module GrapeDeviseTokenAuth
+  VERSION = "0.1.0"
+end

data/lib/grape_devise_token_auth.rb

@@ -0,0 +1,18 @@
+require 'grape_devise_token_auth/version'
+require 'grape_devise_token_auth/middleware'
+require 'grape_devise_token_auth/auth_helpers'
+require 'grape'
+
+module GrapeDeviseTokenAuth
+  def self.setup!(middleware = false)
+    add_auth_strategy if middleware
+  end
+
+  def self.add_auth_strategy
+    Grape::Middleware::Auth::Strategies.add(
+      :grape_devise_token_auth,
+      GrapeDeviseTokenAuth::Middleware,
+      ->(options) { [options[:resource_class]] }
+    )
+  end
+end

metadata

@@ -0,0 +1,129 @@
+--- !ruby/object:Gem::Specification
+name: grape_devise_token_auth
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Michael Cordell
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-06-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: grape
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.3'
+- !ruby/object:Gem::Dependency
+  name: devise_token_auth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.32.beta9
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.32.beta9
+description: 
+email:
+- mike@mikecordell.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- grape_devise_token_auth.gemspec
+- lib/grape_devise_token_auth.rb
+- lib/grape_devise_token_auth/auth_helpers.rb
+- lib/grape_devise_token_auth/middleware.rb
+- lib/grape_devise_token_auth/version.rb
+homepage: https://github.com/mcordell/grape_devise_token_auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Allows an existing devise_token_auth/rails project to authenticate a Grape
+  API
+test_files: []