knocknock 0.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d201ff692191ecb40b82db654dd5ec345cde6e76
+  data.tar.gz: 4dba1fabb76874fbe9926917cefeaa3d5be340fe
+SHA512:
+  metadata.gz: c8b0068fecc55b4e5e79d6078f6716b43854e106e1be00a5f6bb491514173c001cabdd11bb02d08e89d5eafc40653362de756603e51f52046d9295722c4c0fba
+  data.tar.gz: 0c9c7b061476df87e3b28ccc907cf083f12a372048beda55e7676d66ade0fdfabbc728c7fca005d5c3ec343bb40827e2d4dba399163f2b603c34143d80ddf77c

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2015 Arnaud MESUREUR
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,206 @@
+# knocknock
+[![Gem Version](https://badge.fury.io/rb/knock.svg)](http://badge.fury.io/rb/knock)
+[![Build Status](https://travis-ci.org/nsarno/knock.svg)](https://travis-ci.org/nsarno/knock)
+[![Test Coverage](https://codeclimate.com/github/nsarno/knock/badges/coverage.svg)](https://codeclimate.com/github/nsarno/knock/coverage)
+[![Code Climate](https://codeclimate.com/github/nsarno/knock/badges/gpa.svg)](https://codeclimate.com/github/nsarno/knock)
+[![Dependency Status](https://gemnasium.com/nsarno/knock.svg)](https://gemnasium.com/nsarno/knock)
+
+Seamless JWT authentication for Rails API
+
+## Description
+
+Knock is an authentication solution for Rails API-only application based on JSON Web Tokens.
+
+### What are JSON Web Tokens?
+
+[![JWT](http://jwt.io/assets/badge.svg)](http://jwt.io/)
+
+### Why should I use this?
+
+- It's lightweight.
+- It's tailored for Rails API-only application.
+- It's [stateless](https://en.wikipedia.org/wiki/Representational_state_transfer#Stateless).
+- It works out of the box with [Auth0](https://auth0.com/docs/server-apis/rails).
+
+### Is this gem going to be maintained?
+
+Yes. And we will keep improving it.
+
+## Getting Started
+
+### Requirements
+
+Knock makes one assumption about your user model:
+
+It must have an `authenticate` method, similar to the one added by [has_secure_password](http://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password).
+
+```ruby
+class User < ActiveRecord::Base
+  has_secure_password
+end
+```
+
+Using `has_secure_password` is recommended, but you don't have to as long as your user model implements an `authenticate` instance method with the same behavior.
+
+Knock (>= 2.0) can handle multiple user models (eg: User, Admin, etc).
+Although, for the sake of simplicity, all examples in this README will use the `User` model.
+
+### Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'knock'
+```
+
+And then execute:
+
+    $ bundle install
+
+Finally, run the install generator:
+
+    $ rails generate knock:install
+
+It will create the following initializer `config/initializers/knock.rb`.
+This file contains all the informations about the existing configuration options.
+
+If you don't use an external authentication solution like Auth0, you also need to
+provide a way for users to authenticate:
+
+    $ rails generate knock:token_controller user
+
+This will generate the controller `user_token_controller.rb` and add the required
+route to your `config/routes.rb` file.
+
+### Usage
+
+Include the `Knock::Authenticatable` module in your `ApplicationController`
+
+```ruby
+class ApplicationController < ActionController::API
+  include Knock::Authenticatable
+end
+```
+
+You can now restrict access to your controllers like this:
+
+```ruby
+class SecuredController < ApplicationController
+  before_action :authenticate_user
+
+  def index
+    # etc...
+  end
+
+  # etc...
+end
+```
+
+If your user model is something other than User, replace "user" with "yourmodel". The same logic applies everywhere.
+
+You can access the current authenticated user in your controller with this method:
+
+```ruby
+current_user
+```
+
+If no valid token is passed with the request, Knock will respond with:
+
+```
+head :unauthorized
+```
+
+If you just want to read the `current_user`, without actually authenticating, you can also do that:
+
+```ruby
+class CurrentUsersController < ApplicationController
+  def show
+    if current_user
+      head :ok
+    else
+      head :not_found
+    end
+  end
+end
+```
+
+### Authenticating from a web or mobile application:
+
+Example request to get a token from your API:
+```
+POST /user_auth_token
+{"auth": {"email": "foo@bar.com", "password": "secret"}}
+```
+
+Example response from the API:
+```
+201 Created
+{"jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9"}
+```
+
+To make an authenticated request to your API, you need to pass the token in the request header:
+```
+Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9
+GET /my_resources
+```
+
+**NB:** HTTPS should always be enabled when sending a password or token in your request.
+
+### Authenticated tests
+
+To authenticate within your tests:
+
+1. Create a valid token
+2. Pass it in your request
+
+e.g.
+
+```ruby
+class SecuredControllerTest < ActionController::TestCase
+  def authenticate
+    token = Knock::AuthToken.new(payload: { sub: users(:one).id }).token
+    request.env['HTTP_AUTHORIZATION'] = "Bearer #{token}"
+  end
+
+  setup do
+    authenticate
+  end
+
+  it 'responds successfully' do
+    get :index
+    assert_response :success
+  end
+end
+```
+
+### Algorithms
+
+The JWT spec supports different kind of cryptographic signing algorithms.
+You can set `token_signature_algorithm` to use the one you want in the
+initializer or do nothing and use the default one (HS256).
+
+You can specify any of the algorithms supported by the
+[jwt](https://github.com/jwt/ruby-jwt) gem.
+
+If the algorithm you use requires a public key, you also need to set
+`token_public_key` in the initializer.
+
+## CORS
+
+To enable cross-origin resource sharing, check out the [rack-cors](https://github.com/cyu/rack-cors) gem.
+
+## Related links
+
+- [10 things you should know about tokens](https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/)
+
+## Contributing
+
+1. Fork it ( https://github.com/nsarno/knock/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+## License
+
+MIT

data/Rakefile

@@ -0,0 +1,37 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Knock'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/app/controllers/knocknock/auth_tokens_controller.rb

@@ -0,0 +1,54 @@
+module Knocknock
+  class AuthTokensController < ActionController::API
+    before_action :authenticate, only: :create
+    before_action :authenticate_resource, only: :destroy
+
+    def create
+      render json: auth_token, status: :created
+    end
+
+    def destroy
+      @access_token.destroy
+      head :ok
+    end
+
+  private
+    def authenticate
+      unless resource.present? && resource.authenticate(auth_params[:password])
+        head :not_found
+      end
+    end
+
+    def authenticate_resource
+      token = request.headers['Authorization'].split(' ').last
+      @access_token = Knock::AuthToken.new(token: token).access_token
+    rescue
+      head :unauthorized
+    end
+
+    def auth_token
+      AuthToken.new payload: { sub: resource.access_tokens.create.token }
+    end
+
+    def auth_params
+      params.require(:auth).permit!
+    end
+
+    def resource
+      @resource ||= 
+        if resource_class.respond_to? :find_for_token_creation
+          resource_class.find_for_token_creation auth_params
+        else
+          resource_class.find_by email: auth_params[:email]
+        end
+    end
+
+    def resource_class
+      resource_name.constantize
+    end
+
+    def resource_name
+      self.class.name.split('TokensController').first
+    end
+  end
+end

data/app/model/knocknock/auth_token.rb

@@ -0,0 +1,69 @@
+require 'jwt'
+
+module Knocknock
+  class AuthToken
+    attr_reader :token
+    attr_reader :payload
+
+    def initialize payload: {}, token: nil
+      if token.present?
+        @payload, _ = JWT.decode token, decode_key, true, options
+        @token = token
+      else
+        @payload = payload
+        @token = JWT.encode claims.merge(payload),
+          secret_key,
+          Knocknock.token_signature_algorithm
+      end
+    end
+
+    def access_token
+      AccessToken.find_by(token: @payload['sub'])
+    end
+
+    def resource resource_class
+      AccessToken.find_by(token: @payload['sub'], 
+                          authenticatee_type: resource_class.to_s).authenticatee
+    end
+
+    def to_json options = {}
+      { jwt: @token }.to_json
+    end
+
+  private
+    def secret_key
+      Knocknock.token_secret_signature_key.call
+    end
+
+    def decode_key
+      Knocknock.token_public_key || secret_key
+    end
+
+    def options
+      verify_claims.merge({
+        algorithm: Knocknock.token_signature_algorithm
+      })
+    end
+
+    def claims
+      {
+        exp: Knocknock.token_lifetime.from_now.to_i,
+        aud: token_audience
+      }
+    end
+
+    def verify_claims
+      {
+        aud: token_audience, verify_aud: verify_audience?
+      }
+    end
+
+    def token_audience
+      verify_audience? && Knocknock.token_audience.call
+    end
+
+    def verify_audience?
+      Knocknock.token_audience.present?
+    end
+  end
+end

data/config/routes.rb

@@ -0,0 +1,2 @@
+Knocknock::Engine.routes.draw do
+end

data/lib/generators/knocknock/install_generator.rb

@@ -0,0 +1,20 @@
+module Knocknock
+  class InstallGenerator < Rails::Generators::Base
+    source_root File.expand_path("../../templates", __FILE__)
+
+    desc "Creates a Knocknock initializer and an AccessToken model"
+
+    def copy_initializer
+      template 'knocknock.rb', 'config/initializers/knocknock.rb'
+    end
+
+    def create_access_token_migration
+      template 'create_access_token.rb', 
+               "db/migrate/#{Time.now.strftime("%Y%m%d%H%M%S")}_create_access_token.rb"
+    end
+
+    def copy_access_token_model
+      template 'access_token.rb.erb', 'app/models/access_token.rb'
+    end
+  end
+end

data/lib/generators/knocknock/token_controller_generator.rb

@@ -0,0 +1,25 @@
+module Knocknock
+  class TokenControllerGenerator < Rails::Generators::Base
+    source_root File.expand_path("../../templates", __FILE__)
+    argument :name, type: :string
+
+    desc <<-DESC
+      Creates a Knocknock tokens controller for the given resource
+      and add the corresponding routes.
+    DESC
+
+    def copy_controller_file
+      template 'resource_tokens_controller.rb.erb', "app/controllers/#{name.underscore}_tokens_controller.rb"
+    end
+
+    def add_route
+      route "resource :#{name.underscore}_tokens, only: [:create, :destroy]"
+    end
+
+    private
+
+    def resource_name
+      name
+    end
+  end
+end