RubyGems - has_secure_token - Versions diffs - 0.0.2 → 1.0.0 - Mend

has_secure_token 0.0.2 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +4 -4
data/.travis.yml +7 -4
data/README.md +38 -6
data/gemfiles/rails3.gemfile +6 -0
data/gemfiles/rails4_0.gemfile +7 -0
data/gemfiles/rails4_1.gemfile +6 -0
data/gemfiles/rails4_2.gemfile +6 -0
data/has_secure_token.gemspec +5 -4
data/lib/active_support/core_ext/securerandom.rb +23 -0
data/lib/has_secure_token.rb +33 -49
data/lib/has_secure_token/version.rb +1 -1
data/test/has_secure_password_test.rb +17 -23
data/test/models/user.rb +3 -17
data/test/schema.rb +6 -0
data/test/securerandom_test.rb +19 -0
data/test/test_helper.rb +8 -0
metadata +37 -13
data/test/models/visitor.rb +0 -15

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1148bcff41e4dab40603ae600aae8129d4fd4dab
-  data.tar.gz: 1686f165bdc43dba2030e09a5d72c847763b718c
+  metadata.gz: b067e69148a2f5b30e754c459a50104225acbbdb
+  data.tar.gz: c9d010b6a22812ac5e6e3685890f1ad3f79a884d
 SHA512:
-  metadata.gz: b0f969596f567eefe82d69bac7a2d5258100018f904cef879c3c4fa65690d7eddc380e7cb1c6532e380da2c2f8d6972703eb12e85693798a8c9cb5bb34a80601
-  data.tar.gz: 7a414116ae3415f7121fe401256e23a0997d6ad7ad38b9d0b1ec6ac7e7b8af1c02ce4b2222cee86eae9f4b234cdbb74cea7da50b252aa761e1ce066226a5669f
+  metadata.gz: 88bf39886c95f4d9b87329dc4403d1fecfbcdc281539712106a5108efe2c9f059e271148a45b4ecf067b9d251eeedf8520bd53a698393801da233848867c1b6c
+  data.tar.gz: ce83ec47005732c144d9e25c579530cae9c146f1205c738784abd8fa20bd68c99ccf78e3680a3370f7ceff744afbfa54f1026900658347267a9122946c8d0e85

data/.travis.yml CHANGED

@@ -1,10 +1,13 @@
+language: ruby
 rvm:
   - 1.9.3
   - 2.0.0
   - 2.1
-matrix:
-  include:
-    - rvm: jruby
-      env: JRUBY_OPTS="--1.9 --server -Xcext.enabled=true"
+  - 2.2
+gemfile:
+  - gemfiles/rails3.gemfile
+  - gemfiles/rails4_0.gemfile
+  - gemfiles/rails4_1.gemfile
+  - gemfiles/rails4_2.gemfile
 notifications:
   email: false

data/README.md CHANGED

@@ -5,6 +5,10 @@
 # HasSecureToken
+HasSecureToken provides you an easily way to geneatre uniques random tokens for any model in ruby on rails. **SecureRandom::base58** is used to generate the 24-character unique token, so collisions are highly unlikely.
+**Note** that it's still possible to generate a race condition in the database in the same way that **validates_uniqueness_of** can. You're encouraged to add a unique index in the database to deal
 ## Installation
 Add this line to your application's Gemfile:
@@ -19,21 +23,49 @@ Or install it yourself as:
     $ gem install has_secure_token
-##Setting your Model
+## Setting your Model
+The first step is to run the migration generator in order to add the token key field.
+```ruby
+rails g migration AddTokenToUsers token:string
+=>
+   invoke  active_record
+   create    db/migrate/20150424010931_add_token_to_users.rb
+```
+Then need to run `rake db:migrate` to update the users table in the database. The next step is to update the model code
+```ruby
+# Schema: User(token:string, auth_token:string)
+class User < ActiveRecord::Base
+  has_secure_token
+end
+user = User.new
+user.save
+user.token # => "4kUgL2pdQMSCQtjE"
+user.regenerate_token # => true
+```
+To use a custom column to store the token key field you can use the column_name option.
 ```ruby
+# Schema: User(token:string, auth_token:string)
 class User < ActiveRecord::Base
-  has_secure_token :token1, :token2
+  has_secure_token :auth_token
 end
-user = User.create
-user.token1 => "44539a6a59835a4ee9d7b112b48cd76e"
-user.token2 => "226dd46af6be78953bde1641622497a8"
+user = User.new
+user.save
+user.auth_token # => "4kUgL2pdQMSCQtjE"
+user.regenerate_auth_token # => true
 ```
 ## Contributing
-1. Fork it ( https://github.com/robertomiranda/has_secure_password/fork )
+1. Fork it ( https://github.com/robertomiranda/has_secure_token/fork )
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)

data/gemfiles/rails3.gemfile ADDED

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+gemspec :path => '../'
+group :development, :test do
+  gem 'activerecord', '~> 3.2.0'
+end

data/gemfiles/rails4_0.gemfile ADDED

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+gemspec :path => '../'
+group :development, :test do
+  gem 'activerecord', '~> 4.0.0'
+  gem 'minitest', '~> 4.2'
+end

data/gemfiles/rails4_1.gemfile ADDED

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+gemspec :path => '../'
+group :development, :test do
+  gem 'activerecord', '~> 4.1.0'
+end

data/gemfiles/rails4_2.gemfile ADDED

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+gemspec :path => '../'
+group :development, :test do
+  gem 'activerecord', '~> 4.2.0'
+end

data/has_secure_token.gemspec CHANGED

@@ -8,8 +8,8 @@ Gem::Specification.new do |spec|
   spec.version       = HasSecureToken::VERSION
   spec.authors       = ["Roberto Miranda Altamar"]
   spec.email         = ["rjmaltamar@gmail.com"]
-  spec.summary       = %q{Create uniques random tokens for any model in ruby on rails.}
-  spec.description   = %q{Add to your models an easily way to generate tokens}
+  spec.summary       = %q{Create uniques random tokens for any model in ruby on rails. Backport of ActiveRecord::SecureToken 5 to AR 3.x and 4.x}
+  spec.description   = %q{HasSecureToken provides you an easily way to geneatre uniques random tokens for any model in ruby on rails. **SecureRandom::base58** is used to generate the 24-character unique token, so collisions are highly unlikely.}
   spec.homepage      = "https://github.com/robertomiranda/has_secure_token"
   spec.license       = "MIT"
@@ -18,9 +18,10 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
-  spec.add_dependency "activemodel"
+  spec.add_dependency "activerecord", ">= 3.0"
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake"
-  spec.add_development_dependency "minitest", "~> 5.4.2"
+  spec.add_development_dependency "minitest"
+  spec.add_development_dependency 'sqlite3'
 end

data/lib/active_support/core_ext/securerandom.rb ADDED

@@ -0,0 +1,23 @@
+require 'securerandom'
+module SecureRandom
+  BASE58_ALPHABET = ('0'..'9').to_a  + ('A'..'Z').to_a + ('a'..'z').to_a - ['0', 'O', 'I', 'l']
+  # SecureRandom.base58 generates a random base58 string.
+  #
+  # The argument _n_ specifies the length, of the random string to be generated.
+  #
+  # If _n_ is not specified or is nil, 16 is assumed. It may be larger in the future.
+  #
+  # The result may contain alphanumeric characters except 0, O, I and l
+  #
+  #   p SecureRandom.base58 #=> "4kUgL2pdQMSCQtjE"
+  #   p SecureRandom.base58(24) #=> "77TMHrHJFvFDwodq8w7Ev2m7"
+  #
+  def self.base58(n = 16)
+    SecureRandom.random_bytes(n).unpack("C*").map do |byte|
+      idx = byte % 64
+      idx = SecureRandom.random_number(58) if idx >= 58
+      BASE58_ALPHABET[idx]
+    end.join
+  end
+end

data/lib/has_secure_token.rb CHANGED

@@ -1,57 +1,41 @@
-require "active_model"
-require 'securerandom'
+require 'active_record'
+module ActiveRecord
+  module SecureToken
+    extend ActiveSupport::Concern
-module HasSecureToken
-  extend ActiveSupport::Concern
-  module ClassMethods
-    # Example using Active Record (which automatically includes ActiveModel::SecurePassword):
-    #
-    #   # Schema: User(auth_token:string, invitation_token:string)
-    #   class User < ActiveRecord::Base
-    #     has_secure_token :auth_token, :invitation_token
-    #   end
-    #
-    #   user = User.new
-    #   user.save
-    #   user.auth_token # => "44539a6a59835a4ee9d7b112"
-    #   user.invitation_token # => "226dd46af6be78953bde1648"
-    #   user.regenerate_auth_token # => true
-    #   user.regenerate_invitation_token # => true
-    def has_secure_token(*args)
-      # Load securerandom only when has_secure_key is used.
-      require 'securerandom'
-      include InstanceMethodsOnActivation
-      cattr_accessor :token_columns, :options
-      options = args.extract_options!
-      key_length = options.fetch(:key_length, 24)
-      bytes = (key_length / 2.0).ceil
-      args.each do |attribute|
-        define_method("regenerate_#{attribute}!") do
-          send(:generate_unique_secure_token, attribute, bytes, key_length)
-          save
-        end
+    module ClassMethods
+      # Example using has_secure_token
+      #
+      #   # Schema: User(token:string, auth_token:string)
+      #   class User < ActiveRecord::Base
+      #     has_secure_token
+      #     has_secure_token :auth_token
+      #   end
+      #
+      #   user = User.new
+      #   user.save
+      #   user.token # => "4kUgL2pdQMSCQtjE"
+      #   user.auth_token # => "77TMHrHJFvFDwodq8w7Ev2m7"
+      #   user.regenerate_token # => true
+      #   user.regenerate_auth_token # => true
+      #
+      # SecureRandom::base58 is used to generate the 24-character unique token, so collisions are highly unlikely.
+      #
+      # Note that it's still possible to generate a race condition in the database in the same way that
+      # <tt>validates_uniqueness_of</tt> can. You're encouraged to add a unique index in the database to deal
+      # with this even more unlikely scenario.
+      def has_secure_token(attribute = :token)
+        # Load securerandom only when has_secure_token is used.
+        require 'active_support/core_ext/securerandom'
+        define_method("regenerate_#{attribute}") { update_attributes attribute => self.class.generate_unique_secure_token }
+        before_create { self.send("#{attribute}=", self.class.generate_unique_secure_token) unless self.send("#{attribute}?")}
       end
-      before_create do
-        args.each do |attribute|
-          self.generate_unique_secure_token(attribute, bytes, key_length)
-        end
+      def generate_unique_secure_token
+        SecureRandom.base58(24)
       end
     end
   end
-  module InstanceMethodsOnActivation
-    def generate_unique_secure_token(attribute, bytes, key_length)
-      self.send("#{attribute}=", loop do
-        random_token =  SecureRandom.hex(bytes)[0..key_length]
-        break random_token unless self.class.exists?(attribute => random_token)
-      end)
-    end
-  end
 end
-ActiveSupport.on_load(:active_record) do
-  include HasSecureToken
-end
+ActiveRecord::Base.send(:include, ActiveRecord::SecureToken)

data/lib/has_secure_token/version.rb CHANGED

@@ -1,3 +1,3 @@
 module HasSecureToken
-  VERSION = "0.0.2"
+  VERSION = "1.0.0"
 end

data/test/has_secure_password_test.rb CHANGED

@@ -1,37 +1,31 @@
 require "test_helper"
-class HasSecureTokenTest < MiniTest::Unit::TestCase
+class SecureTokenTest < MiniTest::Unit::TestCase
   def setup
     @user = User.new
-    @user.run_callbacks :create
-    @visitor = Visitor.new
-    @visitor.run_callbacks :create
   end
-  def test_assing_token_values
-    assert_not_nil @user.auth_token
-    assert_not_nil @user.invitation_token
+  def test_token_values_are_generated_for_specified_attributes_and_persisted_on_save
+    @user.save
+    refute_nil @user.token
+    refute_nil @user.auth_token
   end
-  def test_default_length_of_secure_token_is_set_to_24
-    assert_equal 24, @user.auth_token.length
-    assert_equal 24, @user.invitation_token.length
-  end
+  def test_regenerating_the_secure_token
+    @user.save
+    old_token = @user.token
+    old_auth_token = @user.auth_token
+    @user.regenerate_token
+    @user.regenerate_auth_token
-  def test_create_record_with_customised_length_of_secure_token
-    assert_equal 30, @visitor.auth_token.length
-    assert_equal 30, @visitor.invitation_token.length
+    refute_equal @user.token, old_token
+    refute_equal @user.auth_token, old_auth_token
   end
-  def test_regenerate_the_secure_key_for_the_attribute
-    old_auth_token = @user.auth_token
-    old_invitation_token = @user.invitation_token
-    @user.regenerate_auth_token!
-    @user.regenerate_invitation_token!
+  def test_token_value_not_overwritten_when_present
+    @user.token = "custom-secure-token"
+    @user.save
-    assert @user.auth_token != old_auth_token
-    assert @user.invitation_token != old_invitation_token
-    assert_equal 24, @user.auth_token.length
-    assert_equal 24, @user.invitation_token.length
+    assert_equal @user.token, "custom-secure-token"
   end
 end

data/test/models/user.rb CHANGED

@@ -1,18 +1,4 @@
-class User
-  extend ActiveModel::Callbacks
-  include ActiveModel::Validations
-  include HasSecureToken
-  define_model_callbacks :create
-  attr_accessor :auth_token, :invitation_token
-  has_secure_token :auth_token, :invitation_token
-  def self.exists?(attrs)
-    false
-  end
-  def save
-    true
-  end
+class User < ActiveRecord::Base
+  has_secure_token
+  has_secure_token :auth_token
 end

data/test/schema.rb ADDED

@@ -0,0 +1,6 @@
+ActiveRecord::Schema.define(:version => 1) do
+  create_table :users do |t|
+    t.string :token
+    t.string :auth_token
+  end
+end

data/test/securerandom_test.rb ADDED

@@ -0,0 +1,19 @@
+require "test_helper"
+class SecureRandomTest < MiniTest::Unit::TestCase
+  def test_base58
+    s1 = SecureRandom.base58
+    s2 = SecureRandom.base58
+    refute_equal s1, s2
+    assert_equal 16, s1.length
+  end
+  def test_base58_with_length
+    s1 = SecureRandom.base58(24)
+    s2 = SecureRandom.base58(24)
+    refute_equal s1, s2
+    assert_equal 24, s1.length
+  end
+end

data/test/test_helper.rb CHANGED

@@ -15,3 +15,11 @@ Dir["models/*.rb"].each {|file| require file }
         msg = message(msg) { "<#{mu_pp(exp)}> expected to not be nil" }
         assert(!exp.nil?, msg)
   end
+DB_FILE = 'tmp/test_db'
+FileUtils.mkdir_p File.dirname(DB_FILE)
+FileUtils.rm_f DB_FILE
+ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => DB_FILE
+load 'schema.rb'

metadata CHANGED

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: has_secure_token
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 1.0.0
 platform: ruby
 authors:
 - Roberto Miranda Altamar
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-12-27 00:00:00.000000000 Z
+date: 2015-04-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: activemodel
+  name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -56,17 +56,33 @@ dependencies:
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.4.2
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.4.2
-description: Add to your models an easily way to generate tokens
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: HasSecureToken provides you an easily way to geneatre uniques random
+  tokens for any model in ruby on rails. **SecureRandom::base58** is used to generate
+  the 24-character unique token, so collisions are highly unlikely.
 email:
 - rjmaltamar@gmail.com
 executables: []
@@ -79,12 +95,18 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- gemfiles/rails3.gemfile
+- gemfiles/rails4_0.gemfile
+- gemfiles/rails4_1.gemfile
+- gemfiles/rails4_2.gemfile
 - has_secure_token.gemspec
+- lib/active_support/core_ext/securerandom.rb
 - lib/has_secure_token.rb
 - lib/has_secure_token/version.rb
 - test/has_secure_password_test.rb
 - test/models/user.rb
-- test/models/visitor.rb
+- test/schema.rb
+- test/securerandom_test.rb
 - test/test_helper.rb
 homepage: https://github.com/robertomiranda/has_secure_token
 licenses:
@@ -109,9 +131,11 @@ rubyforge_project:
 rubygems_version: 2.2.2
 signing_key:
 specification_version: 4
-summary: Create uniques random tokens for any model in ruby on rails.
+summary: Create uniques random tokens for any model in ruby on rails. Backport of
+  ActiveRecord::SecureToken 5 to AR 3.x and 4.x
 test_files:
 - test/has_secure_password_test.rb
 - test/models/user.rb
-- test/models/visitor.rb
+- test/schema.rb
+- test/securerandom_test.rb
 - test/test_helper.rb

data/test/models/visitor.rb DELETED

@@ -1,15 +0,0 @@
-class Visitor
-  extend ActiveModel::Callbacks
-  include ActiveModel::SecurePassword
-  include HasSecureToken
-  define_model_callbacks :create
-  has_secure_token :auth_token, :invitation_token, key_length: 30
-  attr_accessor :auth_token, :invitation_token
-  def self.exists?(attrs)
-    false
-  end
-end