lp_token_auth 0.3.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 58b7281e6182492224419d1744647bb269908e95
+  data.tar.gz: 9e607f2f76660a71194cae75ff2a936683db0a56
+SHA512:
+  metadata.gz: da0e5bfba21a09d402e50abee20ea107f679e66c48439a77e370bb17640823a0f02e5687198057f1cd647a9a87e06c38ebfd82ed3ee7d16fc966f8d4bf119b32
+  data.tar.gz: b4a8ecd8307b0d494f18c5a9a1032beda00fb5b14a68a5a5edbaddb75fa88386913a5a5520499250d2e09be21c8c0601b001c79c51e850bc89b9c73b0013307b

data/.gitignore

@@ -0,0 +1,4 @@
+lp_token_auth-*.gem
+doc
+.yardoc
+coverage

data/.ruby-version

@@ -0,0 +1 @@
+2.3.0

data/.travis.yml

@@ -0,0 +1,8 @@
+language: ruby
+
+addons:
+  code_climate:
+    repo_token: e57b3b36c781473fb047165641730c2653195939bee2d982683d330eab2e9892
+
+after_success:
+  - bundle exec codeclimate-test-reporter

data/.yardopts

@@ -0,0 +1,2 @@
+--markup markdown
+--exclude /generators

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+group :test do
+  gem 'simplecov'
+  gem 'codeclimate-test-reporter', '~> 1.0.0'
+end
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,34 @@
+PATH
+  remote: .
+  specs:
+    lp_token_auth (0.3.0)
+      jwt (>= 1.5.6)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    codeclimate-test-reporter (1.0.5)
+      simplecov
+    docile (1.1.5)
+    json (2.0.3)
+    jwt (1.5.6)
+    minitest (5.10.2)
+    rake (10.5.0)
+    simplecov (0.13.0)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  codeclimate-test-reporter (~> 1.0.0)
+  lp_token_auth!
+  minitest (~> 5.10, >= 5.10.1)
+  rake (~> 10.4, >= 10.4.2)
+  simplecov
+
+BUNDLED WITH
+   1.16.1

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 TODO: Write your name
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,93 @@
+[![Documentation](http://img.shields.io/badge/docs-rdoc.info-blue.svg)](http://www.rubydoc.info/github/LaunchPadLab/lp_token_auth)
+[![Build Status](https://travis-ci.org/LaunchPadLab/lp_token_auth.svg?branch=master)](https://travis-ci.org/LaunchPadLab/lp_token_auth)
+[![Test Coverage](https://codeclimate.com/repos/593aabffc759c90269001912/badges/1e40a4f9bc94a46fc508/coverage.svg)](https://codeclimate.com/repos/593aabffc759c90269001912/coverage)
+[![Code Climate](https://codeclimate.com/repos/593aabffc759c90269001912/badges/1e40a4f9bc94a46fc508/gpa.svg)](https://codeclimate.com/repos/593aabffc759c90269001912/feed)
+
+# LP Token Auth
+Simple token authentication logic with JWTs for Rails apps. No baked in routing, just the barebones logic you need to implement token authentication with JWTs.
+
+* [Installation](#installation)
+* [Usage](#usage)
+* [Examples](#examples)
+
+## Installation
+Add this line to your application's Gemfile:
+
+`gem 'lp_token_auth'`
+
+And then execute:
+
+`$ bundle`
+
+Or install it yourself as:
+
+`$ gem install lp_token_auth`
+
+## Usage
+1. Run `bundle exec rails generate lp_token_auth:install` to generate an initializer at `../config/initalizers/lp_token_auth.rb`. See the initializer for more details about what is configurable.
+2. In the most senior controller that you want to authenticate, add `include LpTokenAuth::Controller`. This gives you 4 methods that are available in this and all child controllers:
+  + `login(user)` - Given a valid user, this will generate a JWT and return it. The token should be sent to the client and passed in the 'Authorization' header in all subsequent requests to the server.
+  + `authenticate_request!` - This is a `before_action` to use in your controllers that will extract the token from the header and authenticate it before proceeding. If the resource class that you're using is not the default `User`, you may override the `authenticate_request!` method by creating a custom `before_action`, in which you may pass in the resource class name.
+
+  ```
+    class AuthenticationController < ApplicationController
+      include LpTokenAuth::Controller
+
+      before_action :authenticate_request
+
+      protected
+
+      def authenticate_request
+        authenticate_request!('AdminUser')
+      end 
+    end
+  ```
+  + `authenticate!(token)` - This is called by `authenticate_request!` but is available to use if you ever need to manually authenticate a token.
+  + `current_user` - This returns the current user identified by `authenticate!`. It is available after logging in the user or authenticating.
+3. All errors will return an instance of `LpTokenAuth::Error`
+
+## Examples
+### Controller
+```
+class AuthenticatingController < ApplicationController
+  include LpTokenAuth::Controller
+
+  before_action :authenticate_request!
+
+  rescue_from LpTokenAuth::Error, with: :unauthorized
+
+  protected
+
+  def unauthorized(error)
+    render json: { data: error.message }, status: :unauthorized
+  end
+end
+```
+
+### Api Request
+```
+// Using fetch api
+const jwt = '...'
+fetch('localhost:3000/authenticated-route', {
+  headers: {
+    'Authorization': `Bearer ${jwt}`
+    ...
+  }
+  ...
+})
+```
+
+## Development
++ `git clone git@github.com:LaunchPadLab/lp_token_auth.git`
++ `bundle install`
+
+### Testing
++ Run tests with `rake`
+
+## FAQ
+
+### Can I use this without ActiveRecord?
+
+Almost! There is a slight dependence on the ActiveRecord method `find`, which is used in order to decode a token based on the resource's `id`. The current workaround is to make sure the resource class you're using implements `find`, and has either a column `id` or implements a method called `id`.
+
+## Authenticate away!

data/Rakefile

@@ -0,0 +1,8 @@
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+
+desc "Run tests"
+task :default => :test

data/lib/generators/lp_token_auth/install_generator.rb

@@ -0,0 +1,19 @@
+require 'securerandom'
+
+module LpTokenAuth
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      desc 'Creates a LpTokenAuth initializer in your application.'
+
+      def create_initializer
+        template 'initializer.rb.erb', 'config/initializers/lp_token_auth.rb'
+      end
+
+      def secret_key
+        SecureRandom.hex(64)
+      end
+    end
+  end
+end

data/lib/generators/lp_token_auth/templates/initializer.rb.erb

@@ -0,0 +1,22 @@
+LpTokenAuth.config do |config|
+
+  # The secret used when encrypting the JWT
+  #
+  config.secret = '<%= secret_key %>'
+
+  # The number of hours the token is active
+  # default: 7 * 24
+  #
+  config.expires = 7 * 24
+
+  # The encryption algorithm to use
+  # default: HS512
+  #
+  config.algorithm = 'HS512'
+
+  # Where to include the token in the response, must be an array, options are
+  # :cookie, :header
+  # default: [:cookie]
+  #
+  config.token_transport = [:cookie]
+end

data/lib/lp_token_auth.rb

@@ -0,0 +1,16 @@
+module LpTokenAuth
+  def self.config
+    @config ||= LpTokenAuth::Config.new
+    if block_given?
+      yield @config
+    else
+      @config
+    end
+  end
+end
+
+require 'lp_token_auth/config'
+require 'lp_token_auth/error'
+require 'lp_token_auth/core'
+require 'lp_token_auth/controller'
+require 'lp_token_auth/version'

data/lib/lp_token_auth/config.rb

@@ -0,0 +1,31 @@
+require 'lp_token_auth/error'
+
+module LpTokenAuth
+  # `LpTokenAuth::Config` manages the configuration options for the token.
+  # These can be set with the initializer provided with the generator.
+  class Config
+    # Creates virtual attributes for configuration options:
+    # * `algorithm` is a string corresponding to token encryption algorithm to use
+    # * `expires` is an integer corresponding to the number of hours that the token is active
+    # * `secret` is a string corresponding to the secret key used when encrypting the token
+    # * `token_transport` is a string indicating where to include the token in the HTTP response
+    attr_accessor :algorithm, :expires, :secret, :token_transport
+
+    # Provides default values to token options
+    DEFAULT_VALUES = {
+      algorithm: 'HS512',
+      expires: (7 * 24),
+      token_transport: [:cookie],
+    }
+
+    # Retrieves value for token option, either as set by the application, or the default
+    # @param [Symbol] key the token option name
+    # @raise [LpTokenAuth::Error] if the option has not been set by the application and a default value does not exist
+    # @return [String,Integer] the value of the token option
+    def get_option(key)
+      option = send(key) || DEFAULT_VALUES[key]
+      raise LpTokenAuth::Error "Missing config option value: #{ key }" unless option
+      option
+    end
+  end
+end

data/lib/lp_token_auth/controller.rb

@@ -0,0 +1,113 @@
+require 'lp_token_auth/core'
+require 'json'
+
+module LpTokenAuth
+  # `LpTokenAuth::Controller` contains the primary functionality of the `LpTokenAuth` gem.
+  # The `Controller` module contains the logic around setting and clearing tokens for 
+  # a resource, as well as authenticating requests with a token.
+  module Controller
+
+    # Creates and sets a JWT token for a resource
+    # @param [Object] user the resource
+    # @param [String] context any contextual information necessary for authentication
+    # @return [String] encoded token
+    def login(user, context='')
+      token = LpTokenAuth.issue_token(user.id)
+      set_current_user user
+      set_token token, context
+      token
+    end
+
+    # Deletes the `lp_auth` key from the `cookies` hash
+    # @return [nil]
+    def logout
+      clear_token
+    end
+
+    # Retrieves and authenticates the token for the given resource
+    # @param [Symbol, String] resource the symbolized or stringified class of the resource
+    # @raise [LpTokenAuth::Error] if the token is invalid or otherwise unable to be decoded
+    # @return [Object] @current_user
+    def authenticate_request!(resource=:user)
+      token = get_token
+      authenticate_token! token, resource
+    end
+
+    # Decodes the token, and finds and sets the current user
+    # @param [String] token the token object
+    # @param [Symbol, String] resource the symbolized or stringified class of the resource
+    # @raise [LpTokenAuth::Error] if the token is invalid or otherwise unable to decoded
+    # @return [Object] @current_user
+    def authenticate_token!(token, resource=:user)
+      begin
+        decoded = LpTokenAuth.decode!(token)
+        @current_user = find_lp_resource(resource, decoded)
+      rescue LpTokenAuth::Error => error
+        logout
+        raise error
+      rescue => error
+        logout
+        raise LpTokenAuth::Error, error
+      end
+    end
+
+    # Helper method to retrieve the current user
+    # @return [Object] @current_user
+    def current_user
+      @current_user
+    end
+
+    private
+
+    def set_current_user(user)
+      @current_user = user
+    end
+
+    def set_token(token, context)
+      lp_auth_cookie = { token: token, context: context }.to_json
+      cookies[:lp_auth] = lp_auth_cookie if has_transport?(:cookie)
+      response.headers['X-LP-AUTH'] = lp_auth_cookie if has_transport?(:header)
+    end
+
+    def clear_token
+      cookies.delete :lp_auth if has_transport?(:cookie)
+    end
+
+    def get_token
+      [cookie_token, header_token].compact.first
+    end
+
+    def cookie_token
+      return nil unless has_transport?(:cookie)
+      parse_token(cookies[:lp_auth])
+    end
+
+    def header_token
+      return nil unless has_transport?(:header)
+      parse_token(fetch_header_auth)
+    end
+
+    def fetch_header_auth
+      request.headers.fetch('Authorization', '').split(' ').last
+    end
+
+    def parse_token(token_path)
+      return nil unless token_path
+      begin
+        parsed = JSON.parse(token_path)
+        parsed.fetch('token', nil)
+      rescue JSON::ParserError
+        token_path
+      end
+    end
+
+    def has_transport?(type)
+      LpTokenAuth.config.get_option(:token_transport).include?(type)
+    end
+
+    def find_lp_resource(resource, decoded)
+      klass = resource.to_s.classify.constantize
+      klass.find(decoded['id'])
+    end
+  end
+end

data/lib/lp_token_auth/core.rb

@@ -0,0 +1,60 @@
+require 'jwt'
+require 'lp_token_auth/error'
+
+module LpTokenAuth
+  # The `LpTokenAuth` class performs all of the logic of encoding and decoding JWT tokens,
+  # and raises appropriate error messages if any errors occur.
+  class << self
+    
+    # Encodes the JWT token with the payload
+    # @param [Integer, String] id the identifier of the resource
+    # @param [Symbol=>String] payload keyword arguments required to create the token
+    # @raise [LpTokenAuth::Error] if the `id` is not a `String` or `Integer`
+    # @return [String] encoded token
+    def issue_token(id, **payload)
+
+      check_id!(id)
+
+      payload[:id] = id
+
+      unless payload.has_key? :exp
+        payload[:exp] = (Time.now + LpTokenAuth.config.get_option(:expires) * 60 * 60).to_i
+      end
+
+      JWT.encode(
+        payload,
+        LpTokenAuth.config.get_option(:secret),
+        LpTokenAuth.config.get_option(:algorithm)
+      )
+    end
+
+    # Decodes the JWT token
+    # @param [String] token the token to decode
+    # @raise [LpTokenAuth::Error] if the token is expired, or if any errors occur during decoding
+    # @return [Array] decoded token
+    def decode!(token)
+      begin
+        JWT.decode(
+          token,
+          LpTokenAuth.config.get_option(:secret),
+          true,
+          algorithm: LpTokenAuth.config.get_option(:algorithm)
+        ).first
+      rescue JWT::ExpiredSignature => msg
+        raise LpTokenAuth::Error, msg
+      rescue StandardError => msg
+        raise LpTokenAuth::Error, msg
+      end
+    end
+
+    # Determines if the `id` provided is either a `String` or an `Integer`
+    # @param [Integer, String] id the identifier of the resource
+    # @raise [LpTokenAuth::Error] if the `id` is not a `String` or `Integer`
+    # @return [nil]
+    def check_id!(id)
+      unless id.is_a?(String) || id.is_a?(Integer)
+        raise LpTokenAuth::Error, "id must be a string or integer, you provided #{id}"
+      end
+    end
+  end
+end

data/lib/lp_token_auth/error.rb

@@ -0,0 +1,4 @@
+module LpTokenAuth
+  # The base class for all errors raised by LpTokenAuth
+  class Error < StandardError; end
+end

data/lib/lp_token_auth/version.rb

@@ -0,0 +1,4 @@
+module LpTokenAuth
+  # Current version of LpTokenAuth
+  VERSION = '0.3.0'.freeze
+end

data/lp_token_auth.gemspec

@@ -0,0 +1,21 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'lp_token_auth/version'
+
+Gem::Specification.new do |s|
+  s.name                  = 'lp_token_auth'
+  s.version               = LpTokenAuth::VERSION
+  s.date                  = '2017-02-03'
+  s.summary               = 'Auth!'
+  s.description           = 'Simple token authentication'
+  s.authors               = ['Dave Corwin']
+  s.email                 = 'dave@launchpadlab.com'
+  s.homepage              = 'https://github.com/launchpadlab/lp_token_auth'
+  s.license               = 'MIT'
+  s.required_ruby_version = '>= 2.3.0'
+  s.files                 = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+
+  s.add_dependency        'jwt', '>= 1.5.6'
+  s.add_development_dependency 'rake', '~> 10.4', '>= 10.4.2'
+  s.add_development_dependency 'minitest', '~> 5.10', '>= 5.10.1'
+end

metadata

@@ -0,0 +1,115 @@
+--- !ruby/object:Gem::Specification
+name: lp_token_auth
+version: !ruby/object:Gem::Version
+  version: 0.3.0
+platform: ruby
+authors:
+- Dave Corwin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-02-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.6
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 10.4.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 10.4.2
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.10'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.10.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.10'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.10.1
+description: Simple token authentication
+email: dave@launchpadlab.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".ruby-version"
+- ".travis.yml"
+- ".yardopts"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/generators/lp_token_auth/install_generator.rb
+- lib/generators/lp_token_auth/templates/initializer.rb.erb
+- lib/lp_token_auth.rb
+- lib/lp_token_auth/config.rb
+- lib/lp_token_auth/controller.rb
+- lib/lp_token_auth/core.rb
+- lib/lp_token_auth/error.rb
+- lib/lp_token_auth/version.rb
+- lp_token_auth.gemspec
+homepage: https://github.com/launchpadlab/lp_token_auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Auth!
+test_files: []