mini_auth 0.2.0 → 0.3.0.beta
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.md +5 -0
- data/README.md +27 -0
- data/lib/mini_auth.rb +30 -10
- data/lib/mini_auth/version.rb +1 -1
- data/mini_auth.gemspec +1 -0
- data/spec/fake_app.rb +7 -2
- data/spec/mini_auth/change_password_spec.rb +3 -1
- data/spec/mini_auth/token_spec.rb +35 -0
- data/spec/spec_helper.rb +14 -0
- metadata +25 -13
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -233,6 +233,33 @@ If your class has a _role_ such as :admin, you should enumerate the accessible a
|
|
|
233
233
|
For more information about mass assignment security, please refer to the
|
|
234
234
|
[Mass Assignment](http://guides.rubyonrails.org/security.html#mass-assignment) section of Rails Guides.
|
|
235
235
|
|
|
236
|
+
|
|
237
|
+
### Random token
|
|
238
|
+
|
|
239
|
+
`MiniAuth` module provides an easy way to generate a random token and verify it.
|
|
240
|
+
|
|
241
|
+
The class method `token` takes a list of names and defines "generate\_#{name}\_token" and "verify\_#{name}\_token" methods dynamically.
|
|
242
|
+
|
|
243
|
+
class User < ActiveRecord::Base
|
|
244
|
+
include MiniAuth
|
|
245
|
+
|
|
246
|
+
attr_accessible :name, :address, :phone
|
|
247
|
+
token :auto_login, :mail_confirmation
|
|
248
|
+
end
|
|
249
|
+
|
|
250
|
+
By calling `generate_auto_login_token`, you can generate a random hex string of 32 letters and set it to the `auto_login_token` column.
|
|
251
|
+
|
|
252
|
+
d = User.new(:name => "david")
|
|
253
|
+
d.generate_auto_login_token
|
|
254
|
+
d.auto_login_token # => "8d21d3830a3ef2aafe8a7c0388493883"
|
|
255
|
+
|
|
256
|
+
Call `verify_auto_login_token` to verify it. For example,
|
|
257
|
+
|
|
258
|
+
d.verify_auto_login_token(params[:token])
|
|
259
|
+
|
|
260
|
+
returns `true` if `params[:token]` equals to the generated token. Otherwise it returns `false`.
|
|
261
|
+
|
|
262
|
+
|
|
236
263
|
License
|
|
237
264
|
-------
|
|
238
265
|
|
data/lib/mini_auth.rb
CHANGED
|
@@ -52,19 +52,39 @@ module MiniAuth
|
|
|
52
52
|
end
|
|
53
53
|
end
|
|
54
54
|
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
55
|
+
module InstanceMethods
|
|
56
|
+
def authenticate(raw_password)
|
|
57
|
+
if password_digest && BCrypt::Password.new(password_digest) == raw_password
|
|
58
|
+
self
|
|
59
|
+
else
|
|
60
|
+
false
|
|
61
|
+
end
|
|
60
62
|
end
|
|
61
|
-
end
|
|
62
63
|
|
|
63
|
-
|
|
64
|
-
|
|
64
|
+
def changing_password?
|
|
65
|
+
!!changing_password
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def setting_password?
|
|
69
|
+
!!setting_password
|
|
70
|
+
end
|
|
65
71
|
end
|
|
66
72
|
|
|
67
|
-
|
|
68
|
-
|
|
73
|
+
module ClassMethods
|
|
74
|
+
def token(*names)
|
|
75
|
+
names.each do |name|
|
|
76
|
+
self.class_eval <<-METHOD, __FILE__, __LINE__ + 1
|
|
77
|
+
def generate_#{name}_token
|
|
78
|
+
send("#{name}_token=", SecureRandom.hex)
|
|
79
|
+
end
|
|
80
|
+
METHOD
|
|
81
|
+
|
|
82
|
+
self.class_eval <<-METHOD, __FILE__, __LINE__ + 1
|
|
83
|
+
def verify_#{name}_token(token)
|
|
84
|
+
token && token == self.send("#{name}_token")
|
|
85
|
+
end
|
|
86
|
+
METHOD
|
|
87
|
+
end
|
|
88
|
+
end
|
|
69
89
|
end
|
|
70
90
|
end
|
data/lib/mini_auth/version.rb
CHANGED
data/mini_auth.gemspec
CHANGED
data/spec/fake_app.rb
CHANGED
|
@@ -10,8 +10,12 @@ ActiveRecord::Base.logger = Logger.new('/dev/null')
|
|
|
10
10
|
# Define migration class
|
|
11
11
|
class CreateAllTables < ActiveRecord::Migration
|
|
12
12
|
def change
|
|
13
|
-
create_table(:users)
|
|
14
|
-
|
|
13
|
+
create_table(:users) do |t|
|
|
14
|
+
t.string :name
|
|
15
|
+
t.string :password_digest
|
|
16
|
+
t.string :auto_login_token
|
|
17
|
+
t.string :mail_confirmation_token
|
|
18
|
+
end
|
|
15
19
|
end
|
|
16
20
|
end
|
|
17
21
|
|
|
@@ -25,4 +29,5 @@ class User < ActiveRecord::Base
|
|
|
25
29
|
include MiniAuth
|
|
26
30
|
|
|
27
31
|
attr_accessible :name
|
|
32
|
+
token :auto_login, :mail_confirmation
|
|
28
33
|
end
|
|
@@ -2,7 +2,9 @@ require 'spec_helper'
|
|
|
2
2
|
|
|
3
3
|
describe "change_password" do
|
|
4
4
|
let(:user) do
|
|
5
|
-
u = User.
|
|
5
|
+
u = User.new(:name => 'alice', :password => 'password')
|
|
6
|
+
u.setting_password = true
|
|
7
|
+
u.save!
|
|
6
8
|
u.changing_password = true
|
|
7
9
|
u
|
|
8
10
|
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe "MiniAuth.token" do
|
|
4
|
+
let(:user) do
|
|
5
|
+
User.create!(:name => 'alice')
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
it "should generate auto_login_token" do
|
|
9
|
+
expect {
|
|
10
|
+
user.generate_auto_login_token
|
|
11
|
+
}.to change { user.auto_login_token }
|
|
12
|
+
|
|
13
|
+
user.auto_login_token.should_not be_nil
|
|
14
|
+
user.auto_login_token.length.should == 32
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
it "should generate mail_confirmation_token" do
|
|
18
|
+
expect {
|
|
19
|
+
user.generate_mail_confirmation_token
|
|
20
|
+
}.to change { user.mail_confirmation_token }
|
|
21
|
+
|
|
22
|
+
user.mail_confirmation_token.should_not be_nil
|
|
23
|
+
user.mail_confirmation_token.length.should == 32
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
it "should verify auto_login_token" do
|
|
27
|
+
user.generate_auto_login_token
|
|
28
|
+
|
|
29
|
+
user.verify_auto_login_token(user.auto_login_token).should be_true
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
it "should reject wrong token" do
|
|
33
|
+
user.verify_auto_login_token('z' * 32).should be_false
|
|
34
|
+
end
|
|
35
|
+
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -3,6 +3,7 @@ ENV["RAILS_ENV"] = "test"
|
|
|
3
3
|
|
|
4
4
|
require "rails/all"
|
|
5
5
|
require "rspec/rails"
|
|
6
|
+
require 'database_cleaner'
|
|
6
7
|
require "mini_auth"
|
|
7
8
|
|
|
8
9
|
# Pull in the fake rails app
|
|
@@ -16,4 +17,17 @@ RSpec.configure do |config|
|
|
|
16
17
|
require 'rspec/expectations'
|
|
17
18
|
config.include RSpec::Matchers
|
|
18
19
|
config.mock_with :rspec
|
|
20
|
+
|
|
21
|
+
config.before(:suite) do
|
|
22
|
+
DatabaseCleaner.strategy = :transaction
|
|
23
|
+
DatabaseCleaner.clean_with(:truncation, :except => %w())
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
config.before(:each) do
|
|
27
|
+
DatabaseCleaner.start
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
config.after(:each) do
|
|
31
|
+
DatabaseCleaner.clean
|
|
32
|
+
end
|
|
19
33
|
end
|
metadata
CHANGED
|
@@ -1,19 +1,19 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mini_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
5
|
-
prerelease:
|
|
4
|
+
version: 0.3.0.beta
|
|
5
|
+
prerelease: 6
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- Tsutomu Kuroda
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2011-12-
|
|
12
|
+
date: 2011-12-20 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rails
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &21780380 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ~>
|
|
@@ -21,10 +21,10 @@ dependencies:
|
|
|
21
21
|
version: 3.1.0
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *21780380
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: bcrypt-ruby
|
|
27
|
-
requirement: &
|
|
27
|
+
requirement: &21779500 !ruby/object:Gem::Requirement
|
|
28
28
|
none: false
|
|
29
29
|
requirements:
|
|
30
30
|
- - ! '>='
|
|
@@ -32,10 +32,10 @@ dependencies:
|
|
|
32
32
|
version: '0'
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *21779500
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: rspec-rails
|
|
38
|
-
requirement: &
|
|
38
|
+
requirement: &21778600 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
40
40
|
requirements:
|
|
41
41
|
- - ~>
|
|
@@ -43,10 +43,10 @@ dependencies:
|
|
|
43
43
|
version: 2.7.0
|
|
44
44
|
type: :development
|
|
45
45
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *21778600
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
name: sqlite3
|
|
49
|
-
requirement: &
|
|
49
|
+
requirement: &21778080 !ruby/object:Gem::Requirement
|
|
50
50
|
none: false
|
|
51
51
|
requirements:
|
|
52
52
|
- - ! '>='
|
|
@@ -54,7 +54,18 @@ dependencies:
|
|
|
54
54
|
version: '0'
|
|
55
55
|
type: :development
|
|
56
56
|
prerelease: false
|
|
57
|
-
version_requirements: *
|
|
57
|
+
version_requirements: *21778080
|
|
58
|
+
- !ruby/object:Gem::Dependency
|
|
59
|
+
name: database_cleaner
|
|
60
|
+
requirement: &21777360 !ruby/object:Gem::Requirement
|
|
61
|
+
none: false
|
|
62
|
+
requirements:
|
|
63
|
+
- - ! '>='
|
|
64
|
+
- !ruby/object:Gem::Version
|
|
65
|
+
version: '0'
|
|
66
|
+
type: :development
|
|
67
|
+
prerelease: false
|
|
68
|
+
version_requirements: *21777360
|
|
58
69
|
description: A minimal authentication module for Rails
|
|
59
70
|
email:
|
|
60
71
|
- t-kuroda@oiax.jp
|
|
@@ -76,6 +87,7 @@ files:
|
|
|
76
87
|
- spec/mini_auth/change_password_spec.rb
|
|
77
88
|
- spec/mini_auth/password_digest_spec.rb
|
|
78
89
|
- spec/mini_auth/setting_password_spec.rb
|
|
90
|
+
- spec/mini_auth/token_spec.rb
|
|
79
91
|
- spec/spec_helper.rb
|
|
80
92
|
homepage: ''
|
|
81
93
|
licenses: []
|
|
@@ -92,9 +104,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
92
104
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
93
105
|
none: false
|
|
94
106
|
requirements:
|
|
95
|
-
- - ! '
|
|
107
|
+
- - ! '>'
|
|
96
108
|
- !ruby/object:Gem::Version
|
|
97
|
-
version:
|
|
109
|
+
version: 1.3.1
|
|
98
110
|
requirements: []
|
|
99
111
|
rubyforge_project: mini_auth
|
|
100
112
|
rubygems_version: 1.8.10
|