rails_jwt_auth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 358aa1478beb6c6865bfae0f5cd68ba858bb1aba
+  data.tar.gz: e5abe5407f709050b90cc4803fbe842169cc36c7
+SHA512:
+  metadata.gz: 6ce00fa7c9865dcd86711796e7a9572fab1087170b22923462d2c10a9ac9930bda6c0019f0fa4cda9d62b7d7f452edc4aeb9bcf6c5a386b7ad5a73ba5acb3f39
+  data.tar.gz: acb4771ed15ea3fa31629e5e4db525542c7b67ae3a2bfd1fac91b457fb0a5c2b6ca6f4e39ccef0ba88103a3995180f42f5f66c4fbe0779b07b394c47ce99e54c

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2017 rjurado
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,378 @@
+# RailsJwtAuth
+
+Rails authentication solution based on Warden and JWT and inspired by Devise.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'rails_jwt_auth'
+```
+
+And then execute:
+
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+
+```bash
+$ gem install rails_jwt_auth
+```
+
+Finally execute:
+
+```bash
+rails g rails_jwt_auth:install
+```
+
+## Configuration
+
+You can edit configuration options into `config/initializers/auth_token_auth.rb` file created by generator.
+
+| Option                         | Default value     | Description                                                           |
+| ------------------------------ | ----------------- | --------------------------------------------------------------------- |
+| model_name                     | 'User'            | Authentication model name                                             |
+| auth_field_name                | 'email'           | Field used to authenticate user with password                         |
+| auth_field_email               | true              | Validate auth field email format                                      |
+| jwt_expiration_time            | 7.days            | Tokens expiration time                                                |
+| jwt_issuer                     | 'RailsJwtAuth'    | The "iss" (issuer) claim identifies the principal that issued the JWT |
+| simultaneous_sessions          | 2                 | Number of simultaneous sessions for an user                           |
+| mailer_sender                  |                   | E-mail address which will be shown in RailsJwtAuth::Mailer            |
+| confirmation_url               | confirmation_path | Url used to create email link with confirmation token                 |
+| confirmation_expiration_time   | 1.day             | Confirmation token expiration time                                    |
+| reset_password_url             | password_path     | Url used to create email link with reset password token               |
+| reset_password_expiration_time | 1.day             | Confirmation token expiration time                                    |
+
+## Authenticatable
+
+Hashes and stores a password in the database to validate the authenticity of a user while signing in.
+
+### ActiveRecord
+
+Include `RailsJwtAuth::Authenticatable` module into your User class:
+
+```ruby
+# app/models/user.rb
+class User < ApplicationRecord
+  include RailsJwtAuth::Authenticatable
+end
+```
+
+and create a migration to add authenticable fields to User model:
+
+```ruby
+# example migration
+create_table :users do |t|
+  t.string :email
+  t.string :password_digest
+  t.string :auth_tokens
+end
+```
+
+### Mongoid
+
+Include `RailsJwtAuth::Authenticatable` module into your User class:
+
+```ruby
+# app/models/user.rb
+class User
+  include Mongoid::Document
+  include RailsJwtAuth::Authenticatable
+end
+```
+
+Fields are added automatically.
+
+## Confirmable
+
+Sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
+
+### ActiveRecord
+
+Include `RailsJwtAuth::Confirmable` module into your User class:
+
+```ruby
+# app/models/user.rb
+class User < ApplicationRecord
+  include RailsJwtAuth::Authenticatable
+  include RailsJwtAuth::Confirmable
+end
+```
+
+and create a migration to add confirmation fields to User model:
+
+```ruby
+# example migration
+change_table :users do |t|
+  t.string :confirmation_token
+  t.datetime :confirmation_sent_at
+  t.datetime :confimed_at
+end
+```
+
+### Mongoid
+
+Include `RailsJwtAuth::Confirmable` module into your User class:
+
+```ruby
+# app/models/user.rb
+class User
+  include Mongoid::Document
+  include RailsJwtAuth::Authenticatable
+  include RailsJwtAuth::Confirmable
+end
+```
+
+## Recoverable
+
+Resets the user password and sends reset instructions
+
+### ActiveRecord
+
+Include `RailsJwtAuth::Recoverable` module into your User class:
+
+```ruby
+# app/models/user.rb
+class User < ApplicationRecord
+  include RailsJwtAuth::Authenticatable
+  include RailsJwtAuth::Recoverable
+end
+```
+
+and create a migration to add recoverable fields to User model:
+
+```ruby
+# example migration
+change_table :users do |t|
+  t.string :reset_password_token
+  t.datetime :reset_password_sent_at
+end
+```
+
+### Mongoid
+
+Include `RailsJwtAuth::Recoverable` module into your User class:
+
+```ruby
+# app/models/user.rb
+class User
+  include Mongoid::Document
+  include RailsJwtAuth::Authenticatable
+  include RailsJwtAuth::Recoverable
+end
+```
+
+## Controller helpers
+
+RailsJwtAuth will create some helpers to use inside your controllers.
+
+To use this helpers we need to include `WardenHelper` into `ApplicationController`:
+
+```ruby
+# app/controllers/application_controller.rb
+class ApplicationController < ActionController::API
+  include RailsJwtAuth::WardenHelper
+end
+```
+
+-   **authenticate!**
+
+    Authenticate your controllers:
+
+    ```ruby
+    class MyController < ApplicationController
+      before_action :authenticate!
+    end
+    ```
+
+    This helper expect that token has been into **AUTHORIZATION** header.
+
+-   **current_user**
+
+    Return current signed-in user.
+
+-   **signed_in?**
+
+    Verify if a user is signed in.
+
+## Default Controllers API
+
+### Session
+
+Session api is defined by RailsJwtAuth::SessionsController.
+
+1.  Get session token:
+
+```js
+{
+  url: host/session,
+  method: POST,
+  data: {
+    session: {
+      email: "user@email.com",
+      password: "12345678"
+    }
+  }
+}
+```
+
+2.  Delete session
+
+```js
+{
+  url: host/session,
+  method: DELETE,
+  headers: { 'Authorization': 'auth_token'}
+}
+```
+
+### Registration
+
+Registration api is defined by RailsJwtAuth::RegistrationsController.
+
+1.  Register user:
+
+```js
+{
+  url: host/registration,
+  method: POST,
+  data: {
+    user: {
+      email: "user@email.com",
+      password: "12345678"
+    }
+  }
+}
+```
+
+2.  Delete user:
+
+```js
+{
+  url: host/registration,
+  method: DELETE,
+  headers: { 'Authorization': 'auth_token'}
+}
+```
+
+### Confirmation
+
+Confirmation api is defined by RailsJwtAuth::ConfirmationsController.
+
+1.  Confirm user:
+
+```js
+{
+  url: host/confirmation,
+  method: GET
+  data: {
+    confirmation_token: "token"
+  }
+}
+```
+
+2.  Create confirmation (resend confirmation email):
+
+```js
+{
+  url: host/confirmation,
+  method: POST,
+  data: {
+    email: "user@example.com"
+  }
+}
+```
+
+### Password
+
+Password api is defined by RailsJwtAuth::PasswordsController.
+
+1.  Send reset password email:
+
+```js
+{
+  url: host/confirmation,
+  method: POST,
+  data: {
+    email: "user@example.com"
+  }
+}
+```
+
+2.  Update password:
+
+```js
+{
+  url: host/confirmation,
+  method: PUT,
+  data: {
+    reset_password_token: "token",
+    password: {
+      password: '1234',
+      password_confirmation: '1234'
+    }
+  }
+}
+```
+
+## Custom controllers
+
+You can overwrite RailsJwtAuth controller to edit actions, responses,
+permitted parameters...
+
+For example, if we want to change registration strong parameters we
+create new registration controller inherited from default controller:
+
+```ruby
+# app/controllers/registrations_controller.rb
+class RegistrationsController < RailsJwtAuth::RegistrationsController
+  private
+
+  def create_params
+    params.require(:user).permit(:email, :name, :surname, :password, :password_confirmation)
+  end
+end
+```
+
+And edit route resource to use it:
+
+```ruby
+# config/routes.rb
+resource :registration, controller: 'registrations', only: [:create, :update, :destroy]
+```
+
+## Testing (rspec)
+
+Require the RailsJwtAuth::Spec::Helpers helper module in `spec_helper.rb`.
+
+```ruby
+  require 'rails_jwt_auth/spec/helpers'
+  ...
+  RSpec.configure do |config|
+    ...
+    config.include RailsJwtAuth::Spec::Helpers, :type => :controller
+    ...
+  end
+```
+
+And then in controller examples we can just call sign_in(user) to sign in as a user, or sign_out for examples that have no user signed in. Here's two quick examples:
+
+```ruby
+  it "blocks unauthenticated access" do
+    sign_out
+    expect { get :index }.to raise_error(RailsJwtAuth::Errors::NotAuthorized)
+  end
+
+  it "allows authenticated access" do
+    sign_in
+    get :index
+    expect(response).to be_success
+  end
+```
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,26 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'RailsJwtAuth'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+require 'bundler/gem_tasks'
+

data/app/controllers/rails_jwt_auth/confirmations_controller.rb

@@ -0,0 +1,29 @@
+class RailsJwtAuth::ConfirmationsController < ApplicationController
+  def show
+    return render json: {}, status: 400 unless params[:confirmation_token]
+
+    user = RailsJwtAuth.model.find_by!(confirmation_token: params[:confirmation_token])
+
+    if user.confirm!
+      render json: {}, status: 204
+    else
+      render json: show_error_response(user), status: 422
+    end
+  end
+
+  def create
+    user = RailsJwtAuth.model.find_by!(email: confirmation_params[:email])
+    user.send_confirmation_instructions
+    render json: {}, status: 204
+  end
+
+  private
+
+  def confirmation_params
+    params.require(:confirmation).permit(:email)
+  end
+
+  def show_error_response(user)
+    {errors: user.errors}
+  end
+end

data/app/controllers/rails_jwt_auth/passwords_controller.rb

@@ -0,0 +1,31 @@
+class RailsJwtAuth::PasswordsController < ApplicationController
+  def create
+    user = RailsJwtAuth.model.find_by!(email: create_password_params[:email])
+    user.send_reset_password_instructions
+    render json: {}, status: 204
+  end
+
+  def update
+    user = RailsJwtAuth.model.find_by!(reset_password_token: params[:reset_password_token])
+
+    if user.update_attributes(update_password_params)
+      render json: {}, status: 204
+    else
+      render json: update_error_response(user), status: 422
+    end
+  end
+
+  private
+
+  def create_password_params
+    params.require(:password).permit(:email)
+  end
+
+  def update_password_params
+    params.require(:password).permit(:password, :password_confirmation)
+  end
+
+  def update_error_response(user)
+    {errors: user.errors}
+  end
+end

data/app/controllers/rails_jwt_auth/registrations_controller.rb

@@ -0,0 +1,35 @@
+class RailsJwtAuth::RegistrationsController < ApplicationController
+  def create
+    user = RailsJwtAuth.model.new(create_params)
+
+    if user.save
+      render json: create_success_response(user), status: 201
+    else
+      render json: create_error_response(user), status: 422
+    end
+  end
+
+  private
+
+  def root
+    RailsJwtAuth.model_name.underscore
+  end
+
+  def create_success_response(user)
+    {
+      root => {
+        id: user.id.to_s,
+        RailsJwtAuth.auth_field_name => user.send(RailsJwtAuth.auth_field_name)
+      }
+    }
+  end
+
+  def create_error_response(user)
+    {errors: user.errors}
+  end
+
+  def create_params
+    params.require(root).permit(
+      RailsJwtAuth.auth_field_name, :password, :password_confirmation)
+  end
+end

data/app/controllers/rails_jwt_auth/sessions_controller.rb

@@ -0,0 +1,50 @@
+require 'rails_jwt_auth/jwt/manager'
+require 'rails_jwt_auth/jwt/request'
+
+module RailsJwtAuth
+  class SessionsController < ApplicationController
+    def create
+      user = RailsJwtAuth.model.where(
+        RailsJwtAuth.auth_field_name => create_params[RailsJwtAuth.auth_field_name].to_s.downcase
+      ).first
+
+      if !user
+        render json: create_error_response(user), status: 422
+      elsif user.respond_to?('confirmed?') && !user.confirmed?
+        render json: unconfirmed_error_response, status: 422
+      elsif user.authenticate(create_params[:password])
+        render json: create_success_response(user, get_jwt(user)), status: 201
+      else
+        render json: create_error_response(user), status: 422
+      end
+    end
+
+    def destroy
+      authenticate!
+      current_user.destroy_auth_token Jwt::Request.new(request).auth_token
+    end
+
+    private
+
+    def get_jwt(user)
+      token = user.regenerate_auth_token
+      RailsJwtAuth::Jwt::Manager.encode(auth_token: token)
+    end
+
+    def unconfirmed_error_response
+      {errors: {session: 'Unconfirmed email'}}
+    end
+
+    def create_success_response(_user, jwt)
+      {session: {jwt: jwt}}
+    end
+
+    def create_error_response(_user)
+      {errors: {session: "Invalid #{RailsJwtAuth.auth_field_name} / password"}}
+    end
+
+    def create_params
+      params.require(:session).permit(RailsJwtAuth.auth_field_name, :password)
+    end
+  end
+end

data/app/controllers/unauthorized_controller.rb

@@ -0,0 +1,11 @@
+class UnauthorizedController < ActionController::Metal
+  def self.call(env)
+    @respond ||= action(:respond)
+    @respond.call(env)
+  end
+
+  def respond
+    self.response_body = "Unauthorized Action"
+    self.status = :unauthorized
+  end
+end

data/app/helpers/rails_jwt_auth/warden_helper.rb

@@ -0,0 +1,23 @@
+module RailsJwtAuth
+  module WardenHelper
+    def signed_in?
+      !current_user.nil?
+    end
+
+    def current_user
+      warden.user
+    end
+
+    def warden
+      request.env['warden']
+    end
+
+    def authenticate!
+      warden.authenticate!
+    end
+
+    def render_401
+      render json: {}, status: 401
+    end
+  end
+end

data/app/mailers/rails_jwt_auth/mailer.rb

@@ -0,0 +1,37 @@
+if defined?(ActionMailer)
+  class RailsJwtAuth::Mailer < ApplicationMailer
+    default from: RailsJwtAuth.mailer_sender
+
+    def confirmation_instructions(user)
+      return unless user.confirmation_in_progress?
+      @user = user
+
+      if RailsJwtAuth.confirmation_url
+        url = URI.parse(RailsJwtAuth.confirmation_url)
+        url.query = [url.query, "confirmation_token=#{@user.confirmation_token}"].compact.join('&')
+        @confirmation_url = url.to_s
+      else
+        @confirmation_url = confirmation_url(confirmation_token: @user.confirmation_token)
+      end
+
+      subject = I18n.t('rails_jwt_auth.mailer.confirmation_instructions.subject')
+      mail(to: @user.email, subject: subject)
+    end
+
+    def reset_password_instructions(user)
+      return unless user.reset_password_in_progress?
+      @user = user
+
+      if RailsJwtAuth.reset_password_url
+        url = URI.parse(RailsJwtAuth.reset_password_url)
+        url.query = [url.query, "reset_password_token=#{@user.reset_password_token}"].compact.join('&')
+        @reset_password_url = url.to_s
+      else
+        @reset_password_url = password_url(reset_password_token: @user.reset_password_token)
+      end
+
+      subject = I18n.t('rails_jwt_auth.mailer.reset_password_instructions.subject')
+      mail(to: @user.email, subject: subject)
+    end
+  end
+end

data/app/models/concerns/rails_jwt_auth/authenticatable.rb

@@ -0,0 +1,54 @@
+include ActiveModel::SecurePassword
+
+module RailsJwtAuth
+  module Authenticatable
+    def regenerate_auth_token(token = nil)
+      new_token = SecureRandom.base58(24)
+
+      if RailsJwtAuth.simultaneous_sessions > 1
+        tokens = ((auth_tokens || []) - [token]).last(RailsJwtAuth.simultaneous_sessions - 1)
+        update_attribute(:auth_tokens, (tokens + [new_token]).uniq)
+      else
+        update_attribute(:auth_tokens, [new_token])
+      end
+
+      new_token
+    end
+
+    def destroy_auth_token(token)
+      if RailsJwtAuth.simultaneous_sessions > 1
+        tokens = auth_tokens || []
+        update_attribute(:auth_tokens, tokens - [token])
+      else
+        update_attribute(:auth_tokens, [])
+      end
+    end
+
+    module ClassMethods
+      def get_by_token(token)
+        if defined?(Mongoid) && ancestors.include?(Mongoid::Document)
+          where(auth_tokens: token).first
+        elsif defined?(ActiveRecord) && ancestors.include?(ActiveRecord::Base)
+          where('auth_tokens like ?', "%#{token}%").first
+        end
+      end
+    end
+
+    def self.included(base)
+      if defined?(Mongoid) && base.ancestors.include?(Mongoid::Document)
+        base.send(:field, RailsJwtAuth.auth_field_name, type: String)
+        base.send(:field, :password_digest,             type: String)
+        base.send(:field, :auth_tokens,                 type: Array)
+      elsif defined?(ActiveRecord) && base.ancestors.include?(ActiveRecord::Base)
+        base.send(:serialize, :auth_tokens, Array)
+      end
+
+      base.send(:validates, RailsJwtAuth.auth_field_name, presence: true, uniqueness: true)
+      base.send(:validates, RailsJwtAuth.auth_field_name, email: true) if RailsJwtAuth.auth_field_email
+
+      base.send(:has_secure_password)
+
+      base.extend(ClassMethods)
+    end
+  end
+end

data/app/models/concerns/rails_jwt_auth/confirmable.rb

@@ -0,0 +1,57 @@
+module RailsJwtAuth
+  module Confirmable
+    def send_confirmation_instructions
+      return false if confirmed?
+
+      self.confirmation_token = SecureRandom.base58(24)
+      self.confirmation_sent_at = Time.now
+
+      Mailer.confirmation_instructions(self).deliver if save
+    end
+
+    def confirmed?
+      confirmed_at.present?
+    end
+
+    def confirm!
+      self.confirmed_at = Time.now.utc
+      save
+    end
+
+    def skip_confirmation!
+      self.confirmed_at = Time.now.utc
+    end
+
+    def confirmation_in_progress?
+      !confirmed_at && confirmation_token && confirmation_sent_at &&
+        (Time.now < (confirmation_sent_at + RailsJwtAuth.confirmation_expiration_time))
+    end
+
+    def self.included(base)
+      if base.ancestors.include? Mongoid::Document
+        base.send(:field, :confirmation_token,   type: String)
+        base.send(:field, :confirmation_sent_at, type: Time)
+        base.send(:field, :confirmed_at,         type: Time)
+      end
+
+      base.send(:validate, :validate_confirmation, if: :confirmed_at_changed?)
+
+      base.send(:after_create) do
+        send_confirmation_instructions unless confirmed_at || confirmation_sent_at
+      end
+    end
+
+    private
+
+    def validate_confirmation
+      return unless confirmed_at
+
+      if confirmed_at_was
+        errors.add(:email, I18n.t('rails_jwt_auth.errors.already_confirmed'))
+      elsif confirmation_sent_at &&
+            (confirmation_sent_at < (Time.now - RailsJwtAuth.confirmation_expiration_time))
+        errors.add(:confirmation_token, I18n.t('rails_jwt_auth.errors.confirmation_expired'))
+      end
+    end
+  end
+end

data/app/models/concerns/rails_jwt_auth/recoverable.rb

@@ -0,0 +1,22 @@
+module RailsJwtAuth
+  module Recoverable
+    def send_reset_password_instructions
+      self.reset_password_token = SecureRandom.base58(24)
+      self.reset_password_sent_at = Time.now
+
+      Mailer.reset_password_instructions(self).deliver if save
+    end
+
+    def reset_password_in_progress?
+      reset_password_token && reset_password_sent_at &&
+        (Time.now < (reset_password_sent_at + RailsJwtAuth.reset_password_expiration_time))
+    end
+
+    def self.included(base)
+      if base.ancestors.include? Mongoid::Document
+        base.send(:field, :reset_password_token,   type: String)
+        base.send(:field, :reset_password_sent_at, type: Time)
+      end
+    end
+  end
+end

data/app/validators/email_validator.rb

@@ -0,0 +1,7 @@
+class EmailValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    unless value =~ /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
+      record.errors[attribute] << (options[:message] || "is not an email")
+    end
+  end
+end

data/app/views/rails_jwt_auth/mailer/confirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+<p>Welcome <%= @user.email %>!</p>
+
+<p>You can confirm your account email through the link below:</p>
+
+<p><%= link_to 'Confirm my account', @confirmation_url %></p>

data/app/views/rails_jwt_auth/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+<p>Hello <%= @user.email %>!</p>
+
+<p>Someone has requested a link to change your password. You can do this through the link below.</p>
+
+<p><%= link_to 'Change my password', @reset_password_url %></p>
+
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the link above and create a new one.</p>

data/config/locales/en.yml

@@ -0,0 +1,15 @@
+en:
+  rails_jwt_auth:
+    mailer:
+      confirmation_instructions:
+        subject: "Confirmation instructions"
+    errors:
+      messages:
+        already_confirmed: "was already confirmed, please try signing in"
+        confirmation_expired: "needs to be confirmed within %{period}, please request a new one"
+        expired: "has expired, please request a new one"
+        not_found: "not found"
+        not_locked: "was not locked"
+        not_saved:
+          one: "1 error prohibited this %{resource} from being saved:"
+          other: "%{count} errors prohibited this %{resource} from being saved:"

data/lib/generators/rails_jwt_auth/install_generator.rb

@@ -0,0 +1,15 @@
+class RailsJwtAuth::InstallGenerator < Rails::Generators::Base
+  source_root File.expand_path('../../templates', __FILE__)
+
+  def create_initializer_file
+    copy_file "initializer.rb", "config/initializers/rails_jwt_auth.rb"
+  end
+
+  def create_routes
+    route "resource :session, controller: 'rails_jwt_auth/sessions', only: [:create, :destroy]"
+    route "resource :registration, controller: 'rails_jwt_auth/registrations', only: [:create, :update, :destroy]"
+
+    route "resource :confirmation, controller: 'rails_jwt_auth/confirmations', only: [:show, :create]"
+    route "resource :password, controller: 'rails_jwt_auth/passwords', only: [:create, :update]"
+  end
+end

data/lib/generators/templates/initializer.rb

@@ -0,0 +1,25 @@
+RailsJwtAuth.setup do |config|
+  # authentication model class name
+  #config.model_name = 'User'
+
+  # field name used to authentication with password
+  #config.auth_field_name = 'email'
+
+  # set to true to validate auth_field email format
+  #config.auth_field_email = true
+
+  # expiration time for generated tokens
+  #config.jwt_expiration_time = 7.days
+
+  # the "iss" (issuer) claim identifies the principal that issued the JWT
+  #config.jwt_issuer = 'RailsJwtAuth'
+
+  # number of simultaneously sessions for an user
+  #config.simultaneously_sessions = 3
+
+  # mailer sender
+  #config.mailer_sender = 'initialize-mailer_sender@example.com'
+
+  # url used into confirmation email to reditect with confirmation_token
+  #config.confirmation_url = 'http://frontend.com/confirmation'
+end

data/lib/rails_jwt_auth.rb

@@ -0,0 +1,47 @@
+require "warden"
+require "bcrypt"
+
+require "rails_jwt_auth/engine"
+
+module RailsJwtAuth
+  mattr_accessor :model_name
+  @@model_name = 'User'
+
+  mattr_accessor :auth_field_name
+  @@auth_field_name = 'email'
+
+  mattr_accessor :auth_field_email
+  @@auth_field_email = true
+
+  mattr_accessor :jwt_expiration_time
+  @@jwt_expiration_time = 7.days
+
+  mattr_accessor :jwt_issuer
+  @@jwt_issuer = 'RailsJwtAuth'
+
+  mattr_accessor :simultaneous_sessions
+  @@simultaneous_sessions = 2
+
+  mattr_accessor :mailer_sender
+  @@mailer_sender = "initialize-mailer_sender@example.com"
+
+  mattr_accessor :confirmation_url
+  @@confirmation_url = nil
+
+  mattr_accessor :confirmation_expiration_time
+  @@confirmation_expiration_time = 1.day
+
+  mattr_accessor :reset_password_url
+  @@reset_password_url = nil
+
+  mattr_accessor :reset_password_expiration_time
+  @@reset_password_expiration_time = 1.day
+
+  def self.model
+    @@model_name.constantize
+  end
+
+  def self.setup
+    yield self
+  end
+end

data/lib/rails_jwt_auth/engine.rb

@@ -0,0 +1,19 @@
+module RailsJwtAuth
+  class Engine < ::Rails::Engine
+    require 'rails_jwt_auth/strategies/jwt'
+
+    config.generators do |g|
+      g.test_framework :rspec
+      g.fixture_replacement :factory_girl, dir: 'spec/factories'
+    end
+
+    initializer 'rails_jwt_auth.warden' do |app|
+      app.middleware.insert_after ActionDispatch::Callbacks, Warden::Manager do |manager|
+        manager.default_strategies :authentication_token
+        manager.failure_app = UnauthorizedController
+      end
+
+      Warden::Strategies.add(:authentication_token, Strategies::Jwt)
+    end
+  end
+end

data/lib/rails_jwt_auth/errors/not_authorized.rb

@@ -0,0 +1,6 @@
+module RailsJwtAuth
+  module Errors
+    class NotAuthorized < StandardError
+    end
+  end
+end

data/lib/rails_jwt_auth/jwt/manager.rb

@@ -0,0 +1,37 @@
+require 'jwt'
+
+module RailsJwtAuth
+  module Jwt
+    class Manager
+      # Encodes and signs JWT Payload with expiration
+      def self.encode(payload)
+        payload.reverse_merge!(meta)
+        JWT.encode(payload, Rails.application.secrets.secret_key_base)
+      end
+
+      # Decodes the JWT with the signed secret
+      # [{"auth_token"=>"xxx", "exp"=>148..., "iss"=>"RJA"}, {"typ"=>"JWT", "alg"=>"HS256"}]
+      def self.decode(token)
+        JWT.decode(token, Rails.application.secrets.secret_key_base)
+      end
+
+      # Validates the payload hash for expiration and meta claims
+      def self.valid_payload?(payload)
+        payload && !expired?(payload) && payload['iss'] == meta[:iss]
+      end
+
+      # Default options to be encoded in the token
+      def self.meta
+        {
+          exp: RailsJwtAuth.jwt_expiration_time.from_now.to_i,
+          iss: RailsJwtAuth.jwt_issuer
+        }
+      end
+
+      # Validates if the token is expired by exp parameter
+      def self.expired?(payload)
+        Time.at(payload['exp']) < Time.now
+      end
+    end
+  end
+end

data/lib/rails_jwt_auth/jwt/request.rb

@@ -0,0 +1,26 @@
+module RailsJwtAuth
+  module Jwt
+    class Request
+      def initialize(request)
+        return unless (@jwt = request.env['HTTP_AUTHORIZATION'])
+        @jwt_info = RailsJwtAuth::Jwt::Manager.decode(@jwt)
+      end
+
+      def valid?
+        @jwt && RailsJwtAuth::Jwt::Manager.valid_payload?(payload)
+      end
+
+      def payload
+        @jwt_info ? @jwt_info[0] : nil
+      end
+
+      def header
+        @jwt_info ? @jwt_info[1] : nil
+      end
+
+      def auth_token
+        payload ? payload['auth_token'] : nil
+      end
+    end
+  end
+end

data/lib/rails_jwt_auth/spec/helpers.rb

@@ -0,0 +1,23 @@
+module RailsJwtAuth
+  module Spec
+    module Helpers
+      require 'rails_jwt_auth/errors/not_authorized'
+      require 'rails_jwt_auth/jwt/manager'
+
+      def sign_out
+        request.env['warden'] = RailsJwtAuth::Strategies::Jwt.new request.env
+        allow(request.env['warden']).to receive(:authenticate!).and_raise(RailsJwtAuth::Errors::NotAuthorized)
+      end
+
+      def sign_in(user)
+        request.env['warden'] = RailsJwtAuth::Strategies::Jwt.new request.env
+        allow(request.env['warden']).to receive(:authenticate!).and_return(user)
+        allow(controller).to receive(:current_user).and_return(user)
+
+        user.auth_tokens = []
+        token = user.regenerate_auth_token
+        request.env['HTTP_AUTHORIZATION'] = RailsJwtAuth::Jwt::Manager.encode(auth_token: token)
+      end
+    end
+  end
+end

data/lib/rails_jwt_auth/strategies/jwt.rb

@@ -0,0 +1,17 @@
+require 'rails_jwt_auth/jwt/request'
+
+module RailsJwtAuth
+  module Strategies
+    class Jwt < ::Warden::Strategies::Base
+      def authenticate!
+        jwt = RailsJwtAuth::Jwt::Request.new(request)
+
+        if jwt.valid? && (model = RailsJwtAuth.model.get_by_token(jwt.auth_token))
+          success!(model)
+        else
+          fail!('strategies.authentication_token.failed')
+        end
+      end
+    end
+  end
+end

data/lib/rails_jwt_auth/version.rb

@@ -0,0 +1,3 @@
+module RailsJwtAuth
+  VERSION = '0.1.0'
+end

data/lib/tasks/rails_token_jwt_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :rails_jwt_auth do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,129 @@
+--- !ruby/object:Gem::Specification
+name: rails_jwt_auth
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- rjurado
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-02-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: warden
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+description: Rails authentication solution based on Warden and JWT and inspired by
+  Devise.
+email:
+- rjurado@openmailbox.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/rails_jwt_auth/confirmations_controller.rb
+- app/controllers/rails_jwt_auth/passwords_controller.rb
+- app/controllers/rails_jwt_auth/registrations_controller.rb
+- app/controllers/rails_jwt_auth/sessions_controller.rb
+- app/controllers/unauthorized_controller.rb
+- app/helpers/rails_jwt_auth/warden_helper.rb
+- app/mailers/rails_jwt_auth/mailer.rb
+- app/models/concerns/rails_jwt_auth/authenticatable.rb
+- app/models/concerns/rails_jwt_auth/confirmable.rb
+- app/models/concerns/rails_jwt_auth/recoverable.rb
+- app/validators/email_validator.rb
+- app/views/rails_jwt_auth/mailer/confirmation_instructions.html.erb
+- app/views/rails_jwt_auth/mailer/reset_password_instructions.html.erb
+- config/locales/en.yml
+- lib/generators/rails_jwt_auth/install_generator.rb
+- lib/generators/templates/initializer.rb
+- lib/rails_jwt_auth.rb
+- lib/rails_jwt_auth/engine.rb
+- lib/rails_jwt_auth/errors/not_authorized.rb
+- lib/rails_jwt_auth/jwt/manager.rb
+- lib/rails_jwt_auth/jwt/request.rb
+- lib/rails_jwt_auth/spec/helpers.rb
+- lib/rails_jwt_auth/strategies/jwt.rb
+- lib/rails_jwt_auth/version.rb
+- lib/tasks/rails_token_jwt_tasks.rake
+homepage: https://github.com/rjurado01/rails-token-auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Rails jwt authentication.
+test_files: []