RubyGems - has_secure_token - Versions diffs - 0.0.2 → 1.0.0 - Diffend - OSS supply chain security and management platform

has_secure_token 0.0.2 → 1.0.0

Files changed (18) hide show

checksums.yaml +4 -4
data/.travis.yml +7 -4
data/README.md +38 -6
data/gemfiles/rails3.gemfile +6 -0
data/gemfiles/rails4_0.gemfile +7 -0
data/gemfiles/rails4_1.gemfile +6 -0
data/gemfiles/rails4_2.gemfile +6 -0
data/has_secure_token.gemspec +5 -4
data/lib/active_support/core_ext/securerandom.rb +23 -0
data/lib/has_secure_token.rb +33 -49
data/lib/has_secure_token/version.rb +1 -1
data/test/has_secure_password_test.rb +17 -23
data/test/models/user.rb +3 -17
data/test/schema.rb +6 -0
data/test/securerandom_test.rb +19 -0
data/test/test_helper.rb +8 -0
metadata +37 -13
data/test/models/visitor.rb +0 -15

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1148bcff41e4dab40603ae600aae8129d4fd4dab
-  data.tar.gz: 1686f165bdc43dba2030e09a5d72c847763b718c
+  metadata.gz: b067e69148a2f5b30e754c459a50104225acbbdb
+  data.tar.gz: c9d010b6a22812ac5e6e3685890f1ad3f79a884d
 SHA512:
-  metadata.gz: b0f969596f567eefe82d69bac7a2d5258100018f904cef879c3c4fa65690d7eddc380e7cb1c6532e380da2c2f8d6972703eb12e85693798a8c9cb5bb34a80601
-  data.tar.gz: 7a414116ae3415f7121fe401256e23a0997d6ad7ad38b9d0b1ec6ac7e7b8af1c02ce4b2222cee86eae9f4b234cdbb74cea7da50b252aa761e1ce066226a5669f
+  metadata.gz: 88bf39886c95f4d9b87329dc4403d1fecfbcdc281539712106a5108efe2c9f059e271148a45b4ecf067b9d251eeedf8520bd53a698393801da233848867c1b6c
+  data.tar.gz: ce83ec47005732c144d9e25c579530cae9c146f1205c738784abd8fa20bd68c99ccf78e3680a3370f7ceff744afbfa54f1026900658347267a9122946c8d0e85

data/.travis.yml CHANGED

@@ -1,10 +1,13 @@
+language: ruby
 rvm:
   - 1.9.3
   - 2.0.0
   - 2.1
-matrix:
-  include:
-    - rvm: jruby
-      env: JRUBY_OPTS="--1.9 --server -Xcext.enabled=true"
+  - 2.2
+gemfile:
+  - gemfiles/rails3.gemfile
+  - gemfiles/rails4_0.gemfile
+  - gemfiles/rails4_1.gemfile
+  - gemfiles/rails4_2.gemfile
 notifications:
   email: false

data/README.md CHANGED

@@ -5,6 +5,10 @@
 # HasSecureToken
+HasSecureToken provides you an easily way to geneatre uniques random tokens for any model in ruby on rails. **SecureRandom::base58** is used to generate the 24-character unique token, so collisions are highly unlikely.
+**Note** that it's still possible to generate a race condition in the database in the same way that **validates_uniqueness_of** can. You're encouraged to add a unique index in the database to deal
 ## Installation
 Add this line to your application's Gemfile:
@@ -19,21 +23,49 @@ Or install it yourself as:
     $ gem install has_secure_token
-##Setting your Model
+## Setting your Model
+The first step is to run the migration generator in order to add the token key field.
+```ruby
+rails g migration AddTokenToUsers token:string
+=>
+   invoke  active_record
+   create    db/migrate/20150424010931_add_token_to_users.rb
+```
+Then need to run `rake db:migrate` to update the users table in the database. The next step is to update the model code
+```ruby
+# Schema: User(token:string, auth_token:string)
+class User < ActiveRecord::Base
+  has_secure_token
+end
+user = User.new
+user.save
+user.token # => "4kUgL2pdQMSCQtjE"
+user.regenerate_token # => true
+```
+To use a custom column to store the token key field you can use the column_name option.
 ```ruby
+# Schema: User(token:string, auth_token:string)
 class User < ActiveRecord::Base
-  has_secure_token :token1, :token2
+  has_secure_token :auth_token
 end
-user = User.create
-user.token1 => "44539a6a59835a4ee9d7b112b48cd76e"
-user.token2 => "226dd46af6be78953bde1641622497a8"
+user = User.new
+user.save
+user.auth_token # => "4kUgL2pdQMSCQtjE"
+user.regenerate_auth_token # => true
 ```
 ## Contributing
-1. Fork it ( https://github.com/robertomiranda/has_secure_password/fork )
+1. Fork it ( https://github.com/robertomiranda/has_secure_token/fork )
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)

data/gemfiles/rails3.gemfile ADDED

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+gemspec :path => '../'
+group :development, :test do
+  gem 'activerecord', '~> 3.2.0'
+end

data/gemfiles/rails4_0.gemfile ADDED

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+gemspec :path => '../'
+group :development, :test do
+  gem 'activerecord', '~> 4.0.0'
+  gem 'minitest', '~> 4.2'
+end

data/gemfiles/rails4_1.gemfile ADDED

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+gemspec :path => '../'
+group :development, :test do
+  gem 'activerecord', '~> 4.1.0'
+end

data/gemfiles/rails4_2.gemfile ADDED

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+gemspec :path => '../'
+group :development, :test do
+  gem 'activerecord', '~> 4.2.0'
+end

data/has_secure_token.gemspec CHANGED

@@ -8,8 +8,8 @@ Gem::Specification.new do |spec|
   spec.version       = HasSecureToken::VERSION
   spec.authors       = ["Roberto Miranda Altamar"]
   spec.email         = ["rjmaltamar@gmail.com"]
-  spec.summary       = %q{Create uniques random tokens for any model in ruby on rails.}
-  spec.description   = %q{Add to your models an easily way to generate tokens}
+  spec.summary       = %q{Create uniques random tokens for any model in ruby on rails. Backport of ActiveRecord::SecureToken 5 to AR 3.x and 4.x}
+  spec.description   = %q{HasSecureToken provides you an easily way to geneatre uniques random tokens for any model in ruby on rails. **SecureRandom::base58** is used to generate the 24-character unique token, so collisions are highly unlikely.}
   spec.homepage      = "https://github.com/robertomiranda/has_secure_token"
   spec.license       = "MIT"
@@ -18,9 +18,10 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
-  spec.add_dependency "activemodel"
+  spec.add_dependency "activerecord", ">= 3.0"
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake"
-  spec.add_development_dependency "minitest", "~> 5.4.2"
+  spec.add_development_dependency "minitest"
+  spec.add_development_dependency 'sqlite3'
 end

data/lib/active_support/core_ext/securerandom.rb ADDED

@@ -0,0 +1,23 @@
+require 'securerandom'
+module SecureRandom
+  BASE58_ALPHABET = ('0'..'9').to_a  + ('A'..'Z').to_a + ('a'..'z').to_a - ['0', 'O', 'I', 'l']
+  # SecureRandom.base58 generates a random base58 string.
+  #
+  # The argument _n_ specifies the length, of the random string to be generated.
+  #
+  # If _n_ is not specified or is nil, 16 is assumed. It may be larger in the future.
+  #
+  # The result may contain alphanumeric characters except 0, O, I and l
+  #
+  #   p SecureRandom.base58 #=> "4kUgL2pdQMSCQtjE"
+  #   p SecureRandom.base58(24) #=> "77TMHrHJFvFDwodq8w7Ev2m7"
+  #
+  def self.base58(n = 16)
+    SecureRandom.random_bytes(n).unpack("C*").map do |byte|
+      idx = byte % 64
+      idx = SecureRandom.random_number(58) if idx >= 58
+      BASE58_ALPHABET[idx]
+    end.join
+  end
+end

data/lib/has_secure_token.rb CHANGED

@@ -1,57 +1,41 @@
-require "active_model"
-require 'securerandom'
+require 'active_record'
+module ActiveRecord
+  module SecureToken
+    extend ActiveSupport::Concern
-module HasSecureToken
-  extend ActiveSupport::Concern
-  module ClassMethods
-    # Example using Active Record (which automatically includes ActiveModel::SecurePassword):
-    #
-    #   # Schema: User(auth_token:string, invitation_token:string)
-    #   class User < ActiveRecord::Base
-    #     has_secure_token :auth_token, :invitation_token
-    #   end
-    #
-    #   user = User.new
-    #   user.save
-    #   user.auth_token # => "44539a6a59835a4ee9d7b112"
-    #   user.invitation_token # => "226dd46af6be78953bde1648"
-    #   user.regenerate_auth_token # => true
-    #   user.regenerate_invitation_token # => true
-    def has_secure_token(*args)
-      # Load securerandom only when has_secure_key is used.
-      require 'securerandom'
-      include InstanceMethodsOnActivation
-      cattr_accessor :token_columns, :options
-      options = args.extract_options!
-      key_length = options.fetch(:key_length, 24)
-      bytes = (key_length / 2.0).ceil
-      args.each do |attribute|
-        define_method("regenerate_#{attribute}!") do
-          send(:generate_unique_secure_token, attribute, bytes, key_length)
-          save
-        end
+    module ClassMethods
+      # Example using has_secure_token
+      #
+      #   # Schema: User(token:string, auth_token:string)
+      #   class User < ActiveRecord::Base
+      #     has_secure_token
+      #     has_secure_token :auth_token
+      #   end
+      #
+      #   user = User.new
+      #   user.save
+      #   user.token # => "4kUgL2pdQMSCQtjE"
+      #   user.auth_token # => "77TMHrHJFvFDwodq8w7Ev2m7"
+      #   user.regenerate_token # => true
+      #   user.regenerate_auth_token # => true
+      #
+      # SecureRandom::base58 is used to generate the 24-character unique token, so collisions are highly unlikely.
+      #
+      # Note that it's still possible to generate a race condition in the database in the same way that
+      # <tt>validates_uniqueness_of</tt> can. You're encouraged to add a unique index in the database to deal
+      # with this even more unlikely scenario.
+      def has_secure_token(attribute = :token)
+        # Load securerandom only when has_secure_token is used.
+        require 'active_support/core_ext/securerandom'
+        define_method("regenerate_#{attribute}") { update_attributes attribute => self.class.generate_unique_secure_token }
+        before_create { self.send("#{attribute}=", self.class.generate_unique_secure_token) unless self.send("#{attribute}?")}
       end
-      before_create do
-        args.each do |attribute|
-          self.generate_unique_secure_token(attribute, bytes, key_length)
-        end
+      def generate_unique_secure_token
+        SecureRandom.base58(24)
       end
     end
   end
-  module InstanceMethodsOnActivation
-    def generate_unique_secure_token(attribute, bytes, key_length)
-      self.send("#{attribute}=", loop do
-        random_token =  SecureRandom.hex(bytes)[0..key_length]
-        break random_token unless self.class.exists?(attribute => random_token)
-      end)
-    end
-  end
 end
-ActiveSupport.on_load(:active_record) do
-  include HasSecureToken
-end
+ActiveRecord::Base.send(:include, ActiveRecord::SecureToken)

data/lib/has_secure_token/version.rb CHANGED

@@ -1,3 +1,3 @@
 module HasSecureToken
-  VERSION = "0.0.2"
+  VERSION = "1.0.0"
 end

data/test/has_secure_password_test.rb CHANGED

@@ -1,37 +1,31 @@
 require "test_helper"
-class HasSecureTokenTest < MiniTest::Unit::TestCase
+class SecureTokenTest < MiniTest::Unit::TestCase
   def setup
     @user = User.new
-    @user.run_callbacks :create
-    @visitor = Visitor.new
-    @visitor.run_callbacks :create
   end
-  def test_assing_token_values
-    assert_not_nil @user.auth_token
-    assert_not_nil @user.invitation_token
+  def test_token_values_are_generated_for_specified_attributes_and_persisted_on_save
+    @user.save
+    refute_nil @user.token
+    refute_nil @user.auth_token
   end
-  def test_default_length_of_secure_token_is_set_to_24
-    assert_equal 24, @user.auth_token.length
-    assert_equal 24, @user.invitation_token.length
-  end
+  def test_regenerating_the_secure_token
+    @user.save
+    old_token = @user.token
+    old_auth_token = @user.auth_token
+    @user.regenerate_token
+    @user.regenerate_auth_token
-  def test_create_record_with_customised_length_of_secure_token
-    assert_equal 30, @visitor.auth_token.length
-    assert_equal 30, @visitor.invitation_token.length
+    refute_equal @user.token, old_token
+    refute_equal @user.auth_token, old_auth_token
   end
-  def test_regenerate_the_secure_key_for_the_attribute
-    old_auth_token = @user.auth_token
-    old_invitation_token = @user.invitation_token
-    @user.regenerate_auth_token!
-    @user.regenerate_invitation_token!
+  def test_token_value_not_overwritten_when_present
+    @user.token = "custom-secure-token"
+    @user.save
-    assert @user.auth_token != old_auth_token
-    assert @user.invitation_token != old_invitation_token
-    assert_equal 24, @user.auth_token.length
-    assert_equal 24, @user.invitation_token.length
+    assert_equal @user.token, "custom-secure-token"
   end
 end

data/test/models/user.rb CHANGED

@@ -1,18 +1,4 @@
-class User
-  extend ActiveModel::Callbacks
-  include ActiveModel::Validations
-  include HasSecureToken
-  define_model_callbacks :create
-  attr_accessor :auth_token, :invitation_token
-  has_secure_token :auth_token, :invitation_token
-  def self.exists?(attrs)
-    false
-  end
-  def save
-    true
-  end
+class User < ActiveRecord::Base
+  has_secure_token
+  has_secure_token :auth_token
 end

data/test/schema.rb ADDED

@@ -0,0 +1,6 @@
+ActiveRecord::Schema.define(:version => 1) do
+  create_table :users do |t|
+    t.string :token
+    t.string :auth_token
+  end
+end

data/test/securerandom_test.rb ADDED

@@ -0,0 +1,19 @@
+require "test_helper"
+class SecureRandomTest < MiniTest::Unit::TestCase
+  def test_base58
+    s1 = SecureRandom.base58
+    s2 = SecureRandom.base58
+    refute_equal s1, s2
+    assert_equal 16, s1.length
+  end
+  def test_base58_with_length
+    s1 = SecureRandom.base58(24)
+    s2 = SecureRandom.base58(24)
+    refute_equal s1, s2
+    assert_equal 24, s1.length
+  end
+end

data/test/test_helper.rb CHANGED

@@ -15,3 +15,11 @@ Dir["models/*.rb"].each {|file| require file }
         msg = message(msg) { "<#{mu_pp(exp)}> expected to not be nil" }
         assert(!exp.nil?, msg)
   end
+DB_FILE = 'tmp/test_db'
+FileUtils.mkdir_p File.dirname(DB_FILE)
+FileUtils.rm_f DB_FILE
+ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => DB_FILE
+load 'schema.rb'

metadata CHANGED

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: has_secure_token
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 1.0.0
 platform: ruby
 authors:
 - Roberto Miranda Altamar
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-12-27 00:00:00.000000000 Z
+date: 2015-04-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: activemodel
+  name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -56,17 +56,33 @@ dependencies:
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.4.2
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.4.2
-description: Add to your models an easily way to generate tokens
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: HasSecureToken provides you an easily way to geneatre uniques random
+  tokens for any model in ruby on rails. **SecureRandom::base58** is used to generate
+  the 24-character unique token, so collisions are highly unlikely.
 email:
 - rjmaltamar@gmail.com
 executables: []
@@ -79,12 +95,18 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- gemfiles/rails3.gemfile
+- gemfiles/rails4_0.gemfile
+- gemfiles/rails4_1.gemfile
+- gemfiles/rails4_2.gemfile
 - has_secure_token.gemspec
+- lib/active_support/core_ext/securerandom.rb
 - lib/has_secure_token.rb
 - lib/has_secure_token/version.rb
 - test/has_secure_password_test.rb
 - test/models/user.rb
-- test/models/visitor.rb
+- test/schema.rb
+- test/securerandom_test.rb
 - test/test_helper.rb
 homepage: https://github.com/robertomiranda/has_secure_token
 licenses:
@@ -109,9 +131,11 @@ rubyforge_project:
 rubygems_version: 2.2.2
 signing_key:
 specification_version: 4
-summary: Create uniques random tokens for any model in ruby on rails.
+summary: Create uniques random tokens for any model in ruby on rails. Backport of
+  ActiveRecord::SecureToken 5 to AR 3.x and 4.x
 test_files:
 - test/has_secure_password_test.rb
 - test/models/user.rb
-- test/models/visitor.rb
+- test/schema.rb
+- test/securerandom_test.rb
 - test/test_helper.rb

data/test/models/visitor.rb DELETED

@@ -1,15 +0,0 @@
-class Visitor
-  extend ActiveModel::Callbacks
-  include ActiveModel::SecurePassword
-  include HasSecureToken
-  define_model_callbacks :create
-  has_secure_token :auth_token, :invitation_token, key_length: 30
-  attr_accessor :auth_token, :invitation_token
-  def self.exists?(attrs)
-    false
-  end
-end