knock 1.4.2 → 1.5

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    MmQ1NDdiNjFmNjkyNTEyMTIwYjlmNWNjZmU3ZDI3NjhkNTM4ZGNiNA==
+    MzZjZmQ3ZDIxMmQ3NDBjMTc2NmU1NGUxNmQwNWM0NmMyNzc5ZGNkYw==
   data.tar.gz: !binary |-
-    YzlkOGFkZTZkNDRiMzFhNDA1YzQ4NGFiM2NkYTNjMzkxZTA3MjUwOQ==
+    YzcwZWUzNDRlYjFiOWIwMjdkZGI0NWFkY2RkZGMwMTBiYzgyYTIyMw==
 SHA512:
   metadata.gz: !binary |-
-    ODgxOWJmMTQxNTkzMWYzN2QyMGU0ZGZkNDkyNTE0M2RkMzM4MGVhMTQ5NjA5
-    ZjcxOTdhNTlkNjFiNzlmZTMxYTExODg1OGI5ZjIwZmI4MjRkN2U0ZjhmODk1
-    Y2FjMmZjMjQxYzkxZThmYTFiOTY5NzMzMTI4MmVmMDVlNWY0N2U=
+    YjYyMjJkZjM0ZDRmNzA4OTk4YTFiZTc3NTUzMDQzNWEwMmEyMmRjYzc1OTMw
+    YzMzMTZhNzgzM2ZjZDhjZGIxNTAwZjdkMGEwZDIyZjVkMmYzZDI1ZWMxMWZj
+    YTQ3MTE3OWY5YWRiODk1ZDkwMjZlZTkzM2ZjYzA5MjdhNzU5NjA=
   data.tar.gz: !binary |-
-    ZWY5ZTczMGJmOTkwYThmZmIzMzgzMWUxZDNmZDU3YjJkY2RlODk0NDJmNWY4
-    ZDM4NTI1MDQ3ZjFlYjZlYmUyZjViMjllNDE4NWE4OWFiZGM3Y2NhNGM0ZGYx
-    NjFjZTZkNjU4ZTViNGUxNmNiNWM2NjJjOGU3NjRkMDU5NWYzMmM=
+    NDM1NGRjNjlkYWM2NWY3YTVhZTNkNTFiNGYyY2M3NjdhMmVlNmJlMDE0MTc1
+    ZTJhY2I0M2RlNTY4NDEzYzIzZGI2Mjk4NTkyNGVmODljOWYwNWNmMDYzNjgz
+    OTFmMmU5OGY3MjQ3MTFlNWNlMDQyMDRlMWJhNzIxOTJlYjlmZWM=

data/app/controllers/knock/application_controller.rb

@@ -1,6 +1,6 @@
 module Knock
   class ApplicationController < ActionController::Base
-    rescue_from ActiveRecord::RecordNotFound, with: :not_found
+    rescue_from Knock.not_found_exception_class_name, with: :not_found
 
   private
 

data/app/controllers/knock/auth_token_controller.rb

@@ -2,23 +2,48 @@ require_dependency "knock/application_controller"
 
 module Knock
   class AuthTokenController < ApplicationController
-    before_action :authenticate!
+    before_action :authenticate
 
     def create
-      render json: { jwt: auth_token.token }, status: :created
+      render json: auth_token, status: :created
     end
 
   private
-    def authenticate!
-      raise ActiveRecord::RecordNotFound unless user.authenticate(auth_params[:password])
+    def authenticate
+      unless entity.present? && entity.authenticate(auth_params[:password])
+        raise Knock.not_found_exception_class
+      end
     end
 
     def auth_token
-      AuthToken.new payload: { sub: user.id }
+      if entity.respond_to? :to_token_payload
+        AuthToken.new payload: entity.to_token_payload
+      else
+        AuthToken.new payload: { sub: entity.id }
+      end
     end
 
-    def user
-      Knock.current_user_from_handle.call auth_params[Knock.handle_attr]
+    def entity
+      @entity ||=
+        if self.class.name == "Knock::AuthTokenController"
+          warn "[DEPRECATION]: Routing to `AuthTokenController` directly is deprecated. Please use `<Entity Name>TokenController` inheriting from it instead. E.g. `UserTokenController`"
+          warn "[DEPRECATION]: Relying on `Knock.current_user_from_handle` is deprecated. Please implement `User#from_token_request` instead."
+          Knock.current_user_from_handle.call auth_params[Knock.handle_attr]
+        else
+          if entity_class.respond_to? :from_token_request
+            entity_class.from_token_request request
+          else
+            entity_class.find_by email: auth_params[:email]
+          end
+        end
+    end
+
+    def entity_class
+      entity_name.constantize
+    end
+
+    def entity_name
+      self.class.name.split('TokenController').first
     end
 
     def auth_params

data/app/model/knock/auth_token.rb

@@ -3,6 +3,7 @@ require 'jwt'
 module Knock
   class AuthToken
     attr_reader :token
+    attr_reader :payload
 
     def initialize payload: {}, token: nil
       if token.present?
@@ -16,8 +17,21 @@ module Knock
       end
     end
 
-    def current_user
-      @current_user ||= Knock.current_user_from_token.call @payload
+    def entity_for entity_class
+      if entity_class.respond_to? :from_token_payload
+        entity_class.from_token_payload @payload
+      else
+        if entity_class.to_s == "User" && Knock.respond_to?(:current_user_from_token)
+          warn "[DEPRECATION]: `Knock.current_user_from_token` is deprecated. Please implement `User.from_token_payload` instead."
+          Knock.current_user_from_token.call @payload
+        else
+          entity_class.find @payload['sub']
+        end
+      end
+    end
+
+    def to_json options = {}
+      {jwt: @token}.to_json
     end
 
   private
@@ -36,15 +50,25 @@ module Knock
     end
 
     def claims
-      {
-        exp: Knock.token_lifetime.from_now.to_i,
-        aud: token_audience
-      }
+      _claims = {}
+      _claims[:exp] = token_lifetime if verify_lifetime?
+      _claims[:aud] = token_audience if verify_audience?
+      _claims
+    end
+
+    def token_lifetime
+      Knock.token_lifetime.from_now.to_i if verify_lifetime?
+    end
+
+    def verify_lifetime?
+      !Knock.token_lifetime.nil?
     end
 
     def verify_claims
       {
-        aud: token_audience, verify_aud: verify_audience?
+        aud: token_audience,
+        verify_aud: verify_audience?,
+        verify_expiration: verify_lifetime?
       }
     end
 

data/lib/generators/knock/token_controller_generator.rb

@@ -0,0 +1,25 @@
+module Knock
+  class TokenControllerGenerator < Rails::Generators::Base
+    source_root File.expand_path("../../templates", __FILE__)
+    argument :name, type: :string
+
+    desc <<-DESC
+      Creates a Knock token controller for the given entity
+      and add the corresponding routes.
+    DESC
+
+    def copy_controller_file
+      template 'entity_token_controller.rb.erb', "app/controllers/#{name.underscore}_token_controller.rb"
+    end
+
+    def add_route
+      route "post '#{name.underscore}_token' => '#{name.underscore}_token#create'"
+    end
+
+    private
+
+    def entity_name
+      name
+    end
+  end
+end

data/lib/generators/templates/entity_token_controller.rb.erb

@@ -0,0 +1,2 @@
+class <%= entity_name.camelize %>TokenController < Knock::AuthTokenController
+end

data/lib/generators/templates/knock.rb

@@ -1,5 +1,8 @@
 Knock.setup do |config|
 
+  ## [DEPRECATED]
+  ## This is deprecated in favor of `User.from_token_request`.
+  ##
   ## User handle attribute
   ## ---------------------
   ##
@@ -8,6 +11,9 @@ Knock.setup do |config|
   ## Default:
   # config.handle_attr = :email
 
+  ## [DEPRECATED]
+  ## This is deprecated in favor of `User.from_token_request`.
+  ##
   ## Current user retrieval from handle when signing in
   ## --------------------------------------------------
   ##
@@ -18,11 +24,16 @@ Knock.setup do |config|
   ## AuthTokenController parameters. It also uses the same variable to enforce
   ## permitted values in the controller.
   ##
-  ## You must raise ActiveRecord::RecordNotFound if the resource cannot be retrieved.
+  ## You must raise an exception if the resource cannot be retrieved.
+  ## The type of the exception is configured in config.not_found_exception_class_name,
+  ## and it is ActiveRecord::RecordNotFound by default
   ##
   ## Default:
   # config.current_user_from_handle = -> (handle) { User.find_by! Knock.handle_attr => handle }
 
+  ## [DEPRECATED]
+  ## This is depreacted in favor of `User.from_token_payload`.
+  ##
   ## Current user retrieval when validating token
   ## --------------------------------------------
   ##
@@ -30,7 +41,9 @@ Knock.setup do |config|
   ## By default, it assumes you have a model called `User` and that
   ## the user_id is stored in the 'sub' claim.
   ##
-  ## You must raise ActiveRecord::RecordNotFound if the resource cannot be retrieved.
+  ## You must raise an exception if the resource cannot be retrieved.
+  ## The type of the exception is configured in config.not_found_exception_class_name,
+  ## and it is ActiveRecord::RecordNotFound by default
   ##
   ## Default:
   # config.current_user_from_token = -> (claims) { User.find claims['sub'] }
@@ -39,7 +52,8 @@ Knock.setup do |config|
   ## Expiration claim
   ## ----------------
   ##
-  ## How long before a token is expired.
+  ## How long before a token is expired. If nil is provided, token will
+  ## last forever.
   ##
   ## Default:
   # config.token_lifetime = 1.day
@@ -83,4 +97,12 @@ Knock.setup do |config|
   ##
   ## Default:
   # config.token_public_key = nil
+
+  ## Exception Class
+  ## ---------------
+  ##
+  ## Configure the exception to be used when user cannot be found.
+  ##
+  ## Default:
+  # config.not_found_exception_class_name = 'ActiveRecord::RecordNotFound'
 end

data/lib/knock.rb

@@ -26,6 +26,13 @@ module Knock
   mattr_accessor :token_public_key
   self.token_public_key = nil
 
+  mattr_accessor :not_found_exception_class_name
+  self.not_found_exception_class_name = 'ActiveRecord::RecordNotFound'
+
+  def self.not_found_exception_class
+    not_found_exception_class_name.to_s.constantize
+  end
+
   # Default way to setup Knock. Run `rails generate knock:install` to create
   # a fresh initializer with all configuration values.
   def self.setup

data/lib/knock/authenticable.rb

@@ -1,14 +1,53 @@
 module Knock::Authenticable
-  def current_user
-    @current_user ||= begin
-      token = params[:token] || request.headers['Authorization'].split.last
-      Knock::AuthToken.new(token: token).current_user
+  def authenticate
+    warn "[DEPRECATION]: `authenticate` is deprecated. Please use `authenticate_user` instead."
+    head(:unauthorized) unless authenticate_for(User)
+  end
+
+  def authenticate_for entity_class
+    token = params[:token] || token_from_request_headers
+    return nil if token.nil?
+
+    begin
+      @entity = Knock::AuthToken.new(token: token).entity_for(entity_class)
+      define_current_entity_getter(entity_class)
+      @entity
     rescue
       nil
     end
   end
 
-  def authenticate
-    head :unauthorized unless current_user
+  private
+
+  def method_missing(method, *args)
+    prefix, entity_name = method.to_s.split('_', 2)
+    case prefix
+    when 'authenticate'
+      head(:unauthorized) unless authenticate_entity(entity_name)
+    when 'current'
+      authenticate_entity(entity_name)
+    else
+      super
+    end
+  end
+
+  def authenticate_entity(entity_name)
+    entity_class = entity_name.camelize.constantize
+    send(:authenticate_for, entity_class)
+  end
+
+  def token_from_request_headers
+    unless request.headers['Authorization'].nil?
+      request.headers['Authorization'].split.last
+    end
+  end
+
+  def define_current_entity_getter entity_class
+    getter_name = "current_#{entity_class.to_s.underscore}"
+    unless self.respond_to?(getter_name)
+      self.class.send(:define_method, getter_name) do
+        @entity ||= nil
+      end
+    end
   end
 end

data/lib/knock/version.rb

@@ -1,3 +1,3 @@
 module Knock
-  VERSION = "1.4.2"
+  VERSION = "1.5"
 end

data/test/controllers/knock/auth_token_controller_test.rb

@@ -10,6 +10,10 @@ module Knock
       @user ||= users(:one)
     end
 
+    test "it's using configured custom exception" do
+      assert_equal Knock.not_found_exception_class, Knock::MyCustomException
+    end
+
     test "responds with 404 if user does not exist" do
       post :create, auth: { email: 'wrong@example.net', password: '' }
       assert_response :not_found
@@ -24,5 +28,12 @@ module Knock
       post :create, auth: { email: user.email, password: 'secret' }
       assert_response :created
     end
+
+    test "response contains token" do
+      post :create, auth: { email: user.email, password: 'secret' }
+
+      content = JSON.parse(response.body)
+      assert_equal true, content.has_key?("jwt")
+    end
   end
 end

data/test/dummy/app/controllers/admin_protected_controller.rb

@@ -0,0 +1,7 @@
+class AdminProtectedController < ApplicationController
+  before_action :authenticate_admin
+
+  def index
+    head :ok
+  end
+end

data/test/dummy/app/controllers/admin_token_controller.rb

@@ -0,0 +1,2 @@
+class AdminTokenController < Knock::AuthTokenController
+end

data/test/dummy/app/controllers/composite_name_entity_protected_controller.rb

@@ -0,0 +1,7 @@
+class CompositeNameEntityProtectedController < ApplicationController
+  before_action :authenticate_composite_name_entity
+
+  def index
+    head :ok
+  end
+end

data/test/dummy/app/controllers/vendor_protected_controller.rb

@@ -0,0 +1,11 @@
+class VendorProtectedController < ApplicationController
+  before_action :authenticate_vendor, only: [:index]
+  before_action :some_missing_method, only: [:show]
+
+  def index
+    head :ok
+  end
+
+  def show
+  end
+end

data/test/dummy/app/controllers/vendor_token_controller.rb

@@ -0,0 +1,2 @@
+class VendorTokenController < Knock::AuthTokenController
+end

data/test/dummy/app/models/admin.rb

@@ -0,0 +1,16 @@
+class Admin < ActiveRecord::Base
+  has_secure_password
+
+  def self.from_token_request request
+    email = request.params["auth"] && request.params["auth"]["email"]
+    self.find_by email: email
+  end
+
+  def self.from_token_payload payload
+    self.find payload["sub"]
+  end
+
+  def to_token_payload
+    {sub: id}
+  end
+end

data/test/dummy/app/models/composite_name_entity.rb

@@ -0,0 +1,3 @@
+class CompositeNameEntity < ActiveRecord::Base
+  has_secure_password
+end

data/test/dummy/app/models/vendor.rb

@@ -0,0 +1,3 @@
+class Vendor < ActiveRecord::Base
+  has_secure_password
+end

data/test/dummy/config/initializers/knock.rb

@@ -0,0 +1,10 @@
+Knock.setup do |config|
+  config.token_signature_algorithm = 'HS256'
+  config.token_secret_signature_key = -> { Rails.application.secrets.secret_key_base }
+  config.token_public_key = nil
+  config.token_audience = nil
+
+  config.current_user_from_handle = -> handle { User.find_by(Knock.handle_attr => handle) || raise(Knock::MyCustomException) }
+  config.current_user_from_token = -> claims { User.find_by(id: claims['sub']) || raise(Knock::MyCustomException) }
+  config.not_found_exception_class_name = 'Knock::MyCustomException'
+end

data/test/dummy/config/routes.rb

@@ -1,5 +1,13 @@
 Rails.application.routes.draw do
+  post 'admin_token' => 'admin_token#create'
+  post 'vendor_token' => 'vendor_token#create'
+
   resources :protected_resources
   resource :current_user
+
+  resources :admin_protected
+  resources :composite_name_entity_protected
+  resources :vendor_protected
+
   mount Knock::Engine => "/knock"
 end