rails_jwt_auth 0.18.1 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. checksums.yaml +5 -5
  2. data/README.md +161 -242
  3. data/app/controllers/concerns/rails_jwt_auth/authenticable_helper.rb +44 -0
  4. data/app/controllers/concerns/rails_jwt_auth/params_helper.rb +1 -3
  5. data/app/controllers/concerns/rails_jwt_auth/render_helper.rb +4 -0
  6. data/app/controllers/rails_jwt_auth/confirmations_controller.rb +6 -9
  7. data/app/controllers/rails_jwt_auth/invitations_controller.rb +8 -9
  8. data/app/controllers/rails_jwt_auth/passwords_controller.rb +8 -16
  9. data/app/controllers/rails_jwt_auth/registrations_controller.rb +1 -1
  10. data/app/controllers/rails_jwt_auth/sessions_controller.rb +14 -15
  11. data/app/mailers/rails_jwt_auth/mailer.rb +30 -39
  12. data/app/models/concerns/rails_jwt_auth/authenticatable.rb +44 -32
  13. data/app/models/concerns/rails_jwt_auth/confirmable.rb +59 -47
  14. data/app/models/concerns/rails_jwt_auth/invitable.rb +36 -34
  15. data/app/models/concerns/rails_jwt_auth/recoverable.rb +28 -27
  16. data/app/models/concerns/rails_jwt_auth/trackable.rb +1 -1
  17. data/app/views/rails_jwt_auth/mailer/confirmation_instructions.html.erb +2 -2
  18. data/app/views/rails_jwt_auth/mailer/email_changed.html.erb +3 -0
  19. data/app/views/rails_jwt_auth/mailer/reset_password_instructions.html.erb +2 -2
  20. data/app/views/rails_jwt_auth/mailer/send_invitation.html.erb +2 -2
  21. data/app/views/rails_jwt_auth/mailer/set_password_instructions.html.erb +2 -2
  22. data/config/locales/en.yml +2 -17
  23. data/lib/generators/rails_jwt_auth/install_generator.rb +6 -7
  24. data/lib/generators/rails_jwt_auth/migrate_generator.rb +17 -0
  25. data/lib/generators/templates/initializer.rb +17 -21
  26. data/lib/generators/templates/migration.rb +29 -0
  27. data/lib/rails_jwt_auth/engine.rb +0 -21
  28. data/lib/rails_jwt_auth/jwt_manager.rb +33 -0
  29. data/lib/rails_jwt_auth/spec_helpers.rb +19 -0
  30. data/lib/rails_jwt_auth/version.rb +1 -1
  31. data/lib/rails_jwt_auth.rb +67 -30
  32. metadata +25 -35
  33. data/app/controllers/concerns/rails_jwt_auth/warden_helper.rb +0 -27
  34. data/app/validators/email_validator.rb +0 -7
  35. data/lib/rails_jwt_auth/jwt/manager.rb +0 -37
  36. data/lib/rails_jwt_auth/jwt/request.rb +0 -34
  37. data/lib/rails_jwt_auth/spec/helpers.rb +0 -17
  38. data/lib/rails_jwt_auth/spec/not_authorized.rb +0 -6
  39. data/lib/rails_jwt_auth/strategies/jwt.rb +0 -17
  40. data/lib/tasks/rails_token_jwt_tasks.rake +0 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 3f935bf415eb61e8c8d04a0ee5701e35225a1f68
4
- data.tar.gz: 5f97e07f1f1ff4de288872d717f6b632a6132417
2
+ SHA256:
3
+ metadata.gz: 3ce38e7a38fa015a6dbf8b1504e41fd273cf3646d0b2d9053c63476d55b3c729
4
+ data.tar.gz: 9581d2075661754ed5d43f3a344c8d3fd0da631b9b5c8ea8e51b65fa14bb2c33
5
5
  SHA512:
6
- metadata.gz: 0a8976264bfcf1fae83bf32d8c3f2930141b162614a0af7b9782ca90725ba4af8173508eb7c1fa7c8094624e0f477faad6337ca6a2e99376bbc84c7be5b75594
7
- data.tar.gz: 297a00da37aff4ece4ba9580e0e2d59bd1351f9dfe234373e00ac8de9f917094b814de50ca501305465eaf1551158a0129102d59fd25f62ef80e72c87721d59f
6
+ metadata.gz: f0bdc862727abcdc1db5d1a3e00bd124b7ac15e45d47e483b8487ba46854dfc68edda3a1dcef1d5cda55fb733840f7679f2bbd03996cae3ee4e775d0f12f5a5d
7
+ data.tar.gz: 58cd478adf9a9145fb33e7f531e8010faa6e68f86243478515333acc9aa5578531f047ca059620ae1ce867cff8fbbf7a03de5ceb81e30ede35b9d8360e5392b6
data/README.md CHANGED
@@ -1,8 +1,29 @@
1
1
  # RailsJwtAuth
2
+
2
3
  [![Gem Version](https://badge.fury.io/rb/rails_jwt_auth.svg)](https://badge.fury.io/rb/rails_jwt_auth)
3
4
  ![Build Status](https://travis-ci.org/rjurado01/rails_jwt_auth.svg?branch=master)
4
5
 
5
- Rails-API authentication solution based on Warden and JWT and inspired by Devise.
6
+ Rails-API authentication solution based on JWT and inspired by Devise.
7
+
8
+ > This is documentation for version `1.x`. If you are using `0.x` version use this
9
+ [link](https://github.com/rjurado01/rails_jwt_auth/tree/0.x)
10
+
11
+ ## Table of Contents
12
+
13
+ - [Installation](#installation)
14
+ - [Configuration](#configuration)
15
+ - [Modules](#modules)
16
+ - [ORMs support](#orms-support)
17
+ - [Controller helpers](#controller-helpers)
18
+ - [Default Controllers API](#default-controllers-api)
19
+ - [Customize]()
20
+ + [Controllers](#custom-controllers)
21
+ + [Payload](#custom-payload)
22
+ + [Responses](#custom-responses)
23
+ + [Strong parameters](#custom-strong-parameters)
24
+ - [Examples](#examples)
25
+ - [Testing](#testing-rspec)
26
+ - [License](#license)
6
27
 
7
28
  ## Installation
8
29
 
@@ -30,228 +51,88 @@ Finally execute:
30
51
  rails g rails_jwt_auth:install
31
52
  ```
32
53
 
33
- ## Configuration
34
-
35
- You can edit configuration options into `config/initializers/auth_token_auth.rb` file created by generator.
36
-
37
- | Option | Default value | Description |
38
- | ------------------------------ | ----------------- | --------------------------------------------------------------------- |
39
- | model_name | 'User' | Authentication model name |
40
- | auth_field_name | 'email' | Field used to authenticate user with password |
41
- | auth_field_email | true | Validate auth field email format |
42
- | email_regex | see config file | Regex used to Validate email format |
43
- | jwt_expiration_time | 7.days | Tokens expiration time |
44
- | jwt_issuer | 'RailsJwtAuth' | The "iss" (issuer) claim identifies the principal that issued the JWT |
45
- | simultaneous_sessions | 2 | Number of simultaneous sessions for an user |
46
- | mailer_sender | | E-mail address which will be shown in RailsJwtAuth::Mailer |
47
- | confirmation_url | confirmation_path | Url used to create email link with confirmation token |
48
- | confirmation_expiration_time | 1.day | Confirmation token expiration time |
49
- | reset_password_url | password_path | Url used to create email link with reset password token |
50
- | reset_password_expiration_time | 1.day | Confirmation token expiration time |
51
- | set_password_url | password_path | Url used to create email link with set password token |
52
- | deliver_later | false | Uses `deliver_later` method to send emails |
53
- | invitation_expiration_time | 2.days | Time an invitation is valid and can be accepted |
54
- | invitation_url | invitation_path | URL used to create email link with invitation token |
55
-
56
- ## Authenticatable
57
-
58
- Hashes and stores a password in the database to validate the authenticity of a user while signing in.
59
-
60
- ### ActiveRecord
61
-
62
- Include `RailsJwtAuth::Authenticatable` module into your User class:
63
-
64
- ```ruby
65
- # app/models/user.rb
66
- class User < ApplicationRecord
67
- include RailsJwtAuth::Authenticatable
68
- end
69
- ```
70
-
71
- and create a migration to add authenticable fields to User model:
72
-
73
- ```ruby
74
- # example migration
75
- create_table :users do |t|
76
- t.string :email
77
- t.string :password_digest
78
- t.string :auth_tokens
79
- end
80
- ```
81
-
82
- ### Mongoid
83
-
84
- Include `RailsJwtAuth::Authenticatable` module into your User class:
54
+ Only for ActiveRecord, generate migrations:
85
55
 
86
- ```ruby
87
- # app/models/user.rb
88
- class User
89
- include Mongoid::Document
90
- include RailsJwtAuth::Authenticatable
91
- end
56
+ ```bash
57
+ rails g rails_jwt_auth:migrate
92
58
  ```
93
59
 
94
- Fields are added automatically.
95
-
96
- ## Confirmable
97
-
98
- Sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
60
+ ## Configuration
99
61
 
100
- ### ActiveRecord
62
+ You can edit configuration options into `config/initializers/auth_token_auth.rb` file created by generator.
101
63
 
102
- Include `RailsJwtAuth::Confirmable` module into your User class:
64
+ | Option | Default value | Description |
65
+ | ------------------------------- | ----------------- | ---------------------------------------------------------------------- |
66
+ | model_name | 'User' | Authentication model name |
67
+ | auth_field_name | 'email' | Field used to authenticate user with password |
68
+ | email_auth_field | 'email' | Field used to send emails |
69
+ | jwt_expiration_time | 7.days | Tokens expiration time |
70
+ | jwt_issuer | 'RailsJwtAuth' | The "iss" (issuer) claim identifies the principal that issued the JWT |
71
+ | simultaneous_sessions | 2 | Number of simultaneous sessions for an user. Set 0 to disable sessions |
72
+ | mailer_sender | | E-mail address which will be shown in RailsJwtAuth::Mailer |
73
+ | send_email_changed_notification | true | Notify original email when it changes |
74
+ | confirmation_expiration_time | 1.day | Confirmation token expiration time |
75
+ | reset_password_expiration_time | 1.day | Confirmation token expiration time |
76
+ | deliver_later | false | Uses `deliver_later` method to send emails |
77
+ | invitation_expiration_time | 2.days | Time an invitation is valid and can be accepted |
78
+ | confirmations_url | nil | Url used to create email link with confirmation token |
79
+ | reset_passwords_url | nil | Url used to create email link with reset password token |
80
+ | set_passwords_url | nil | Url used to create email link with set password token |
81
+ | invitationss_url | nil | Url used to create email link with invitation token |
82
+
83
+ ## Modules
84
+
85
+ It's composed of 5 modules:
86
+
87
+ | Module | Description |
88
+ | ------------- | --------------------------------------------------------------------------------------------------------------- |
89
+ | Authenticable | Hashes and stores a password in the database to validate the authenticity of a user while signing in |
90
+ | Confirmable | Sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in |
91
+ | Recoverable | Resets the user password and sends reset instructions |
92
+ | Trackable | Tracks sign in timestamps and IP address |
93
+ | Invitable | Allows you to invite an user to your application sending an invitation mail |
94
+
95
+ ## ORMs support
96
+
97
+ RailsJwtAuth support both Mongoid and ActiveRecord.
98
+
99
+ For next examples `auth_field_name` and `email_field_name` are configured to use the field `email`.
100
+
101
+ **ActiveRecord**
103
102
 
104
103
  ```ruby
105
104
  # app/models/user.rb
106
105
  class User < ApplicationRecord
107
106
  include RailsJwtAuth::Authenticatable
108
107
  include RailsJwtAuth::Confirmable
109
- end
110
- ```
111
-
112
- and create a migration to add confirmation fields to User model:
113
-
114
- ```ruby
115
- # example migration
116
- change_table :users do |t|
117
- t.string :email # if it doesn't exist yet
118
- t.string :unconfirmed_email
119
- t.string :confirmation_token
120
- t.datetime :confirmation_sent_at
121
- t.datetime :confimed_at
122
- end
123
- ```
124
-
125
- ### Mongoid
126
-
127
- Include `RailsJwtAuth::Confirmable` module into your User class:
128
-
129
- ```ruby
130
- # app/models/user.rb
131
- class User
132
- include Mongoid::Document
133
- include RailsJwtAuth::Authenticatable
134
- include RailsJwtAuth::Confirmable
135
- end
136
- ```
137
-
138
- This module needs that model has `email` field.
139
-
140
- ## Recoverable
141
-
142
- Resets the user password and sends reset instructions
143
-
144
- ### ActiveRecord
145
-
146
- Include `RailsJwtAuth::Recoverable` module into your User class:
147
-
148
- ```ruby
149
- # app/models/user.rb
150
- class User < ApplicationRecord
151
- include RailsJwtAuth::Authenticatable
152
108
  include RailsJwtAuth::Recoverable
153
- end
154
- ```
155
-
156
- and create a migration to add recoverable fields to User model:
157
-
158
- ```ruby
159
- # example migration
160
- change_table :users do |t|
161
- t.string :reset_password_token
162
- t.datetime :reset_password_sent_at
163
- end
164
- ```
165
-
166
- ### Mongoid
167
-
168
- Include `RailsJwtAuth::Recoverable` module into your User class:
169
-
170
- ```ruby
171
- # app/models/user.rb
172
- class User
173
- include Mongoid::Document
174
- include RailsJwtAuth::Authenticatable
175
- include RailsJwtAuth::Recoverable
176
- end
177
- ```
178
-
179
- ## Trackable
180
-
181
- Tracks sign in timestamps and IP address.
182
-
183
- ### ActiveRecord
184
-
185
- Include `RailsJwtAuth::Trackable` module into your User class:
186
-
187
- ```ruby
188
- # app/models/user.rb
189
- class User < ApplicationRecord
190
- include RailsJwtAuth::Authenticatable
191
109
  include RailsJwtAuth::Trackable
192
- end
193
- ```
194
-
195
- and create a migration to add recoverable fields to User model:
110
+ include RailsJwtAuth::Invitable
196
111
 
197
- ```ruby
198
- # example migration
199
- change_table :users do |t|
200
- t.string :last_sign_in_ip
201
- t.datetime :last_sign_in_at
112
+ validates :email, presence: true,
113
+ uniqueness: true,
114
+ format: URI::MailTo::EMAIL_REGEXP
202
115
  end
203
116
  ```
204
117
 
205
- ### Mongoid
118
+ Ensure you have executed migrate task: `rails g rails_jwt_auth:migrate` and you have uncomented all modules fields into generated [migration file](https://github.com/rjurado01/rails_jwt_auth/blob/master/lib/generators/templates/migration.rb).
206
119
 
207
- Include `RailsJwtAuth::Trackable` module into your User class:
120
+ **Mongoid**
208
121
 
209
122
  ```ruby
210
- # app/models/user.rb
211
123
  class User
212
124
  include Mongoid::Document
213
125
  include RailsJwtAuth::Authenticatable
126
+ include RailsJwtAuth::Confirmable
127
+ include RailsJwtAuth::Recoverable
214
128
  include RailsJwtAuth::Trackable
215
- end
216
- ```
217
-
218
- ## Invitable
219
-
220
- This module allows you to invite an user to your application sending an invitation mail with a unique link and complete registration by setting user's password.
221
-
222
- ### ActiveRecord
223
-
224
- Include `RailsJwtAuth::Invitable` module in your User model:
225
-
226
- ```ruby
227
- # app/models/user.rb
228
- class User < ApplicationRecord
229
- include RailsJwtAuth::Authenticatable
230
129
  include RailsJwtAuth::Invitable
231
- end
232
- ```
233
130
 
234
- And create the corresponding migration
131
+ field :email, type: String
235
132
 
236
- ```ruby
237
- # Example migration
238
- change_table :users do |t|
239
- t.string :invitation_token
240
- t.datetime :invitation_sent_at
241
- t.datetime :invitation_accepted_at
242
- t.datetime :invitation_created_at
243
- end
244
- ```
245
-
246
- ### Mongoid
247
-
248
- Include `RailsJwtAuth::Invitable` module in your User model:
249
-
250
- ```ruby
251
- # app/models/user.rb
252
- class User < ApplicationRecord
253
- include RailsJwtAuth::Authenticatable
254
- include RailsJwtAuth::Invitable
133
+ validates :email, presence: true,
134
+ uniqueness: true,
135
+ format: URI::MailTo::EMAIL_REGEXP
255
136
  end
256
137
  ```
257
138
 
@@ -259,12 +140,12 @@ end
259
140
 
260
141
  RailsJwtAuth will create some helpers to use inside your controllers.
261
142
 
262
- To use this helpers we need to include `WardenHelper` into `ApplicationController`:
143
+ To use this helpers we need to include `AuthenticableHelper` into `ApplicationController`:
263
144
 
264
145
  ```ruby
265
146
  # app/controllers/application_controller.rb
266
147
  class ApplicationController < ActionController::API
267
- include RailsJwtAuth::WardenHelper
148
+ include RailsJwtAuth::AuthenticableHelper
268
149
  end
269
150
  ```
270
151
 
@@ -278,7 +159,20 @@ end
278
159
  end
279
160
  ```
280
161
 
281
- This helper expect that token has been into **AUTHORIZATION** header.
162
+ This helper expect that token has been into **AUTHORIZATION** header.
163
+ Raises `RailsJwtAuth::NotAuthorized` exception when it fails.
164
+
165
+ - **authenticate**
166
+
167
+ Authenticate your controllers:
168
+
169
+ ```ruby
170
+ class MyController < ApplicationController
171
+ before_action :authenticate
172
+ end
173
+ ```
174
+
175
+ This helper is like `authenticate!` but it not raises exception
282
176
 
283
177
  - **current_user**
284
178
 
@@ -292,7 +186,7 @@ end
292
186
 
293
187
  ### Session
294
188
 
295
- Session api is defined by RailsJwtAuth::SessionsController.
189
+ Session api is defined by `RailsJwtAuth::SessionsController`.
296
190
 
297
191
  1. Get session token:
298
192
 
@@ -321,7 +215,7 @@ Session api is defined by RailsJwtAuth::SessionsController.
321
215
 
322
216
  ### Registration
323
217
 
324
- Registration api is defined by RailsJwtAuth::RegistrationsController.
218
+ Registration api is defined by `RailsJwtAuth::RegistrationsController`.
325
219
 
326
220
  1. Register user:
327
221
 
@@ -350,7 +244,7 @@ Registration api is defined by RailsJwtAuth::RegistrationsController.
350
244
 
351
245
  ### Confirmation
352
246
 
353
- Confirmation api is defined by RailsJwtAuth::ConfirmationsController.
247
+ Confirmation api is defined by `RailsJwtAuth::ConfirmationsController`.
354
248
 
355
249
  1. Confirm user:
356
250
 
@@ -380,7 +274,7 @@ Confirmation api is defined by RailsJwtAuth::ConfirmationsController.
380
274
 
381
275
  ### Password
382
276
 
383
- Password api is defined by RailsJwtAuth::PasswordsController.
277
+ Password api is defined by `RailsJwtAuth::PasswordsController`.
384
278
 
385
279
  1. Send reset password email:
386
280
 
@@ -414,13 +308,13 @@ Password api is defined by RailsJwtAuth::PasswordsController.
414
308
 
415
309
  ### Invitations
416
310
 
417
- Invitations api is provided by RailsJwtAuth::InvitationsController.
311
+ Invitations api is provided by `RailsJwtAuth::InvitationsController`.
418
312
 
419
313
  1. Create an invitation and send email:
420
314
 
421
315
  ```js
422
316
  {
423
- url: host/invitation,
317
+ url: host/invitations,
424
318
  method: POST,
425
319
  data: {
426
320
  invitation: {
@@ -435,14 +329,12 @@ Invitations api is provided by RailsJwtAuth::InvitationsController.
435
329
 
436
330
  ```js
437
331
  {
438
- url: host/invitation,
332
+ url: host/invitations/:invitation_token,
439
333
  method: PUT,
440
334
  data: {
441
- accept_invitation: {
442
- invitation_token: "token",
335
+ invitation: {
443
336
  password: '1234',
444
- password_confirmation: '1234',
445
- // More fields of your user...
337
+ password_confirmation: '1234'
446
338
  }
447
339
  }
448
340
  }
@@ -450,22 +342,30 @@ Invitations api is provided by RailsJwtAuth::InvitationsController.
450
342
 
451
343
  Note: To add more fields, see "Custom strong parameters" below.
452
344
 
453
- ## Custom controllers
345
+ ## Customize
346
+
347
+ RailsJwtAuth offers an easy way to customize certain parts.
348
+
349
+ ### Custom controllers
454
350
 
455
351
  You can overwrite RailsJwtAuth controllers to edit actions, responses,
456
352
  permitted parameters...
457
353
 
458
- For example, if we want to change registration strong parameters we
354
+ For example, if we want to call custom method when user is created we need to
459
355
  create new registration controller inherited from default controller:
460
356
 
461
357
  ```ruby
462
358
  # app/controllers/registrations_controller.rb
463
359
  class RegistrationsController < RailsJwtAuth::RegistrationsController
464
- private
360
+ ...
465
361
 
466
- def create_params
467
- params.require(:user).permit(:email, :name, :surname, :password, :password_confirmation)
362
+ def create
363
+ user = RailsJwtAuth.model.new(create_params)
364
+ user.do_something_custom
365
+ ...
468
366
  end
367
+
368
+ ...
469
369
  end
470
370
  ```
471
371
 
@@ -476,7 +376,35 @@ And edit route resource to use it:
476
376
  resource :registration, controller: 'registrations', only: [:create, :update, :destroy]
477
377
  ```
478
378
 
479
- ## Edit user information
379
+ ### Custom payload
380
+
381
+ If you need edit default payload used to generate jwt you can overwrite the method `to_token_payload` into your User class:
382
+
383
+ ```ruby
384
+ class User < ApplicationRecord
385
+ include RailsJwtAuth::Authenticatable
386
+ ...
387
+
388
+ def to_token_payload(request)
389
+ {
390
+ auth_token: regenerate_auth_token,
391
+ # add here your custom info
392
+ }
393
+ end
394
+ end
395
+ ```
396
+
397
+ ### Custom responses
398
+
399
+ You can overwrite `RailsJwtAuth::RenderHelper` to customize controllers responses.
400
+
401
+ ### Custom strong parameters
402
+
403
+ You can overwrite `RailsJwtAuth::ParamsHelper` to customize controllers strong parameters.
404
+
405
+ ## Examples
406
+
407
+ ### Edit user information
480
408
 
481
409
  This is a controller example that allows users to edit their `email` and `password`.
482
410
 
@@ -500,7 +428,7 @@ class CurrentUserController < ApplicationController
500
428
  end
501
429
  ```
502
430
 
503
- ## Register users with random password
431
+ ### Register users with random password
504
432
 
505
433
  This is a controller example that allows admins to register users with random password and send email to reset it.
506
434
  If registration is sucess it will send email to `set_password_url` with reset password token.
@@ -511,7 +439,7 @@ class UsersController < ApplicationController
511
439
 
512
440
  def create
513
441
  user = User.new(create_params)
514
- user.set_and_send_password_instructions ? render_204 : render_422(user.errors)
442
+ user.set_and_send_password_instructions ? render_204 : render_422(user.errors.details)
515
443
  end
516
444
 
517
445
  private
@@ -522,42 +450,33 @@ class UsersController < ApplicationController
522
450
  end
523
451
  ```
524
452
 
525
- ## Custom responses
526
-
527
- You can overwrite `RailsJwtAuth::RenderHelper` to customize controllers responses.
528
-
529
- ## Custom strong parameters
530
-
531
- You can overwrite `RailsJwtAuth::ParamsHelper` to customize controllers strong parameters.
532
-
533
453
  ## Testing (rspec)
534
454
 
535
455
  Require the RailsJwtAuth::Spec::Helpers helper module in `rails_helper.rb`.
536
456
 
537
457
  ```ruby
538
- require 'rails_jwt_auth/spec/helpers'
458
+ require 'rails_jwt_auth/spec_helpers'
459
+ ...
460
+ RSpec.configure do |config|
539
461
  ...
540
- RSpec.configure do |config|
541
- ...
542
- config.include RailsJwtAuth::Spec::Helpers, :type => :controller
543
- end
462
+ config.include RailsJwtAuth::SpecHelpers, :type => :controller
463
+ end
544
464
  ```
545
465
 
546
- And then we can just call sign_in(user) to sign in as a user, or sign_out for examples that have no user signed in. Here's two quick examples:
466
+ And then we can just call sign_in(user) to sign in as a user:
547
467
 
548
468
  ```ruby
549
- describe ExampleController
550
- it "blocks unauthenticated access" do
551
- sign_out
552
- expect { get :index }.to raise_error(RailsJwtAuth::Errors::NotAuthorized)
553
- end
469
+ describe ExampleController
470
+ it "blocks unauthenticated access" do
471
+ expect { get :index }.to raise_error(RailsJwtAuth::Errors::NotAuthorized)
472
+ end
554
473
 
555
- it "allows authenticated access" do
556
- sign_in
557
- get :index
558
- expect(response).to be_success
559
- end
474
+ it "allows authenticated access" do
475
+ sign_in user
476
+ get :index
477
+ expect(response).to be_success
560
478
  end
479
+ end
561
480
  ```
562
481
 
563
482
  ## Locales
@@ -0,0 +1,44 @@
1
+ module RailsJwtAuth
2
+ NotAuthorized = Class.new(StandardError)
3
+
4
+ module AuthenticableHelper
5
+ def current_user
6
+ @current_user
7
+ end
8
+
9
+ def signed_in?
10
+ !current_user.nil?
11
+ end
12
+
13
+ def authenticate!
14
+ begin
15
+ payload = RailsJwtAuth::JwtManager.decode_from_request(request).first
16
+ rescue JWT::ExpiredSignature, JWT::VerificationError, JWT::DecodeError
17
+ unauthorize!
18
+ end
19
+
20
+ if !@current_user = RailsJwtAuth.model.from_token_payload(payload)
21
+ unauthorize!
22
+ elsif @current_user.respond_to? :update_tracked_fields!
23
+ @current_user.update_tracked_fields!(request)
24
+ end
25
+ end
26
+
27
+ def authenticate
28
+ begin
29
+ payload = RailsJwtAuth::JwtManager.decode_from_request(request).first
30
+ @current_user = RailsJwtAuth.model.from_token_payload(payload)
31
+ rescue JWT::ExpiredSignature, JWT::VerificationError, JWT::DecodeError
32
+ @current_user = nil
33
+ end
34
+
35
+ if @current_user&.respond_to? :update_tracked_fields!
36
+ @current_user.update_tracked_fields!(request)
37
+ end
38
+ end
39
+
40
+ def unauthorize!
41
+ raise NotAuthorized
42
+ end
43
+ end
44
+ end
@@ -29,9 +29,7 @@ module RailsJwtAuth
29
29
  end
30
30
 
31
31
  def invitation_update_params
32
- params.require(:accept_invitation).permit(:invitation_token,
33
- :password,
34
- :password_confirmation)
32
+ params.require(:invitation).permit(:password, :password_confirmation)
35
33
  end
36
34
  end
37
35
  end
@@ -13,6 +13,10 @@ module RailsJwtAuth
13
13
  render json: {}, status: 204
14
14
  end
15
15
 
16
+ def render_404
17
+ render json: {}, status: 404
18
+ end
19
+
16
20
  def render_422(errors)
17
21
  render json: {errors: errors}, status: 422
18
22
  end
@@ -5,20 +5,17 @@ module RailsJwtAuth
5
5
 
6
6
  def create
7
7
  user = RailsJwtAuth.model.where(email: confirmation_create_params[:email]).first
8
- return render_422(email: [I18n.t('rails_jwt_auth.errors.not_found')]) unless user
8
+ return render_422(email: [{error: :not_found}]) unless user
9
9
 
10
- user.send_confirmation_instructions ? render_204 : render_422(user.errors)
10
+ user.send_confirmation_instructions ? render_204 : render_422(user.errors.details)
11
11
  end
12
12
 
13
13
  def update
14
- if params[:confirmation_token].blank?
15
- return render_422(confirmation_token: [I18n.t('rails_jwt_auth.errors.not_found')])
16
- end
14
+ return render_404 unless
15
+ params[:id] &&
16
+ (user = RailsJwtAuth.model.where(confirmation_token: params[:id]).first)
17
17
 
18
- user = RailsJwtAuth.model.where(confirmation_token: params[:confirmation_token]).first
19
- return render_422(confirmation_token: [I18n.t('rails_jwt_auth.errors.not_found')]) unless user
20
-
21
- user.confirm! ? render_204 : render_422(user.errors)
18
+ user.confirm! ? render_204 : render_422(user.errors.details)
22
19
  end
23
20
  end
24
21
  end