rails_jwt_auth 0.23.2 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f2bb54ad03eb6ae68df80837ebabf8c5776a203054c8bd0cc36717c64584998
-  data.tar.gz: 5f70184881ea5d659370b4de0efe24728cfed2b6a3e609d52a9ba9ac7d2d3a84
+  metadata.gz: f63639f1e2a7e76f1cc66542856d1830315f24b1e372410ee0b96bac84396c20
+  data.tar.gz: 128da4d690fb05962cec78e8d4be797d66aa52945ca1b6524fcda05c17627c51
 SHA512:
-  metadata.gz: 272e1db7b47baa155082f0b3ad30166b98d5d8dd688e1ae8780c9c646f9a05b1257e7f71ae460beace39d361e0cdf13ebc4b999719c7370cdd1ed58697c388d7
-  data.tar.gz: 6cbe40b43ad22c88166e7814ae5e06b018a9116e6ddc92f37bd3ac67519b41ec0d8bbce8c7d217c697da6721608ae6e265c615bfb03500e58e08ebfa650a26bc
+  metadata.gz: db297edd6467c31e019b55a092a207042f5f7fbecfe7b5fede45d7163a66f3731e37b39bfe3e02b4313da96464310c8e00db1c0f4a311e48d3f302ed03b05718
+  data.tar.gz: ed60a1e8d6dced010c39d64c9bcedd5d0231049b09725de346c0ef17581d72a18b57ba6efc96d7da7709b41ef39365da295a3857d42e5894e874ffda787c39ec

data/README.md

@@ -1,8 +1,12 @@
 # RailsJwtAuth
+
 [![Gem Version](https://badge.fury.io/rb/rails_jwt_auth.svg)](https://badge.fury.io/rb/rails_jwt_auth)
 ![Build Status](https://travis-ci.org/rjurado01/rails_jwt_auth.svg?branch=master)
 
-Rails-API authentication solution based on Warden and JWT and inspired by Devise.
+Rails-API authentication solution based on JWT and inspired by Devise.
+
+This is documentation for version `1.x`. If you are using `0.x` version use this
+[link](https://github.com/rjurado01/rails_jwt_auth/tree/0.x)
 
 ## Installation
 
@@ -30,228 +34,83 @@ Finally execute:
 rails g rails_jwt_auth:install
 ```
 
-## Configuration
-
-You can edit configuration options into `config/initializers/auth_token_auth.rb` file created by generator.
-
-| Option                         | Default value     | Description                                                           |
-| ------------------------------ | ----------------- | --------------------------------------------------------------------- |
-| model_name                     | 'User'            | Authentication model name                                             |
-| auth_field_name                | 'email'           | Field used to authenticate user with password                         |
-| auth_field_email               | true              | Validate auth field email format                                      |
-| email_regex                    | see config file   | Regex used to Validate email format                                   |
-| jwt_expiration_time            | 7.days            | Tokens expiration time                                                |
-| jwt_issuer                     | 'RailsJwtAuth'    | The "iss" (issuer) claim identifies the principal that issued the JWT |
-| simultaneous_sessions          | 2                 | Number of simultaneous sessions for an user                           |
-| mailer_sender                  |                   | E-mail address which will be shown in RailsJwtAuth::Mailer            |
-| confirmation_url               | confirmation_path | Url used to create email link with confirmation token                 |
-| confirmation_expiration_time   | 1.day             | Confirmation token expiration time                                    |
-| reset_password_url             | password_path     | Url used to create email link with reset password token               |
-| reset_password_expiration_time | 1.day             | Confirmation token expiration time                                    |
-| set_password_url               | password_path     | Url used to create email link with set password token                 |
-| deliver_later                  | false             | Uses `deliver_later` method to send emails                            |
-| invitation_expiration_time     | 2.days            | Time an invitation is valid and can be accepted                       |
-| accept_invitation_url          | invitations_path  | URL used to create email link with invitation token                   |
-
-## Authenticatable
-
-Hashes and stores a password in the database to validate the authenticity of a user while signing in.
-
-### ActiveRecord
-
-Include `RailsJwtAuth::Authenticatable` module into your User class:
-
-```ruby
-# app/models/user.rb
-class User < ApplicationRecord
-  include RailsJwtAuth::Authenticatable
-end
-```
-
-and create a migration to add authenticable fields to User model:
-
-```ruby
-# example migration
-create_table :users do |t|
-  t.string :email
-  t.string :password_digest
-  t.string :auth_tokens
-end
-```
-
-### Mongoid
-
-Include `RailsJwtAuth::Authenticatable` module into your User class:
+Only for ActiveRecord, generate migrations:
 
-```ruby
-# app/models/user.rb
-class User
-  include Mongoid::Document
-  include RailsJwtAuth::Authenticatable
-end
+```bash
+rails g rails_jwt_auth:migrate
 ```
 
-Fields are added automatically.
-
-## Confirmable
-
-Sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
+## Configuration
 
-### ActiveRecord
+You can edit configuration options into `config/initializers/auth_token_auth.rb` file created by generator.
 
-Include `RailsJwtAuth::Confirmable` module into your User class:
+| Option                         | Default value     | Description                                                            |
+| ------------------------------ | ----------------- | ---------------------------------------------------------------------- |
+| model_name                     | 'User'            | Authentication model name                                              |
+| auth_field_name                | 'email'           | Field used to authenticate user with password                          |
+| email_auth_field               | 'email'           | Field used to send emails                                              |
+| jwt_expiration_time            | 7.days            | Tokens expiration time                                                 |
+| jwt_issuer                     | 'RailsJwtAuth'    | The "iss" (issuer) claim identifies the principal that issued the JWT  |
+| simultaneous_sessions          | 2                 | Number of simultaneous sessions for an user. Set 0 to disable sessions |
+| mailer_sender                  |                   | E-mail address which will be shown in RailsJwtAuth::Mailer             |
+| confirmation_expiration_time   | 1.day             | Confirmation token expiration time                                     |
+| reset_password_expiration_time | 1.day             | Confirmation token expiration time                                     |
+| deliver_later                  | false             | Uses `deliver_later` method to send emails                             |
+| invitation_expiration_time     | 2.days            | Time an invitation is valid and can be accepted                        |
+| confirmations_url              | nil               | Url used to create email link with confirmation token                  |
+| reset_passwords_url            | nil               | Url used to create email link with reset password token                |
+| set_passwords_url              | nil               | Url used to create email link with set password token                  |
+| invitationss_url               | nil               | Url used to create email link with invitation token                    |
+
+## Modules
+
+| Module        | Description                                                                                                     |
+| ------------- | --------------------------------------------------------------------------------------------------------------- |
+| Authenticable | Hashes and stores a password in the database to validate the authenticity of a user while signing in            |
+| Confirmable   | Sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in |
+| Recoverable   | Resets the user password and sends reset instructions                                                           |
+| Trackable     | Tracks sign in timestamps and IP address                                                                        |
+| Invitable     | Allows you to invite an user to your application sending an invitation mail                                     |
+
+### Examples
+
+For next examples `auth_field_name` and `email_field_name` are configured to use the field `email`.
+
+**ActiveRecord**
 
 ```ruby
 # app/models/user.rb
 class User < ApplicationRecord
   include RailsJwtAuth::Authenticatable
   include RailsJwtAuth::Confirmable
-end
-```
-
-and create a migration to add confirmation fields to User model:
-
-```ruby
-# example migration
-change_table :users do |t|
-  t.string :email # if it doesn't exist yet
-  t.string :unconfirmed_email
-  t.string :confirmation_token
-  t.datetime :confirmation_sent_at
-  t.datetime :confirmed_at
-end
-```
-
-### Mongoid
-
-Include `RailsJwtAuth::Confirmable` module into your User class:
-
-```ruby
-# app/models/user.rb
-class User
-  include Mongoid::Document
-  include RailsJwtAuth::Authenticatable
-  include RailsJwtAuth::Confirmable
-end
-```
-
-This module needs that model has `email` field.
-
-## Recoverable
-
-Resets the user password and sends reset instructions
-
-### ActiveRecord
-
-Include `RailsJwtAuth::Recoverable` module into your User class:
-
-```ruby
-# app/models/user.rb
-class User < ApplicationRecord
-  include RailsJwtAuth::Authenticatable
   include RailsJwtAuth::Recoverable
-end
-```
-
-and create a migration to add recoverable fields to User model:
-
-```ruby
-# example migration
-change_table :users do |t|
-  t.string :reset_password_token
-  t.datetime :reset_password_sent_at
-end
-```
-
-### Mongoid
-
-Include `RailsJwtAuth::Recoverable` module into your User class:
-
-```ruby
-# app/models/user.rb
-class User
-  include Mongoid::Document
-  include RailsJwtAuth::Authenticatable
-  include RailsJwtAuth::Recoverable
-end
-```
-
-## Trackable
-
-Tracks sign in timestamps and IP address.
-
-### ActiveRecord
-
-Include `RailsJwtAuth::Trackable` module into your User class:
-
-```ruby
-# app/models/user.rb
-class User < ApplicationRecord
-  include RailsJwtAuth::Authenticatable
   include RailsJwtAuth::Trackable
-end
-```
-
-and create a migration to add recoverable fields to User model:
+  include RailsJwtAuth::Invitable
 
-```ruby
-# example migration
-change_table :users do |t|
-  t.string :last_sign_in_ip
-  t.datetime :last_sign_in_at
+  validates :email, presence: true,
+                    uniqueness: true,
+                    format: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
 end
 ```
 
-### Mongoid
+Ensure you have executed migrate task: `rails g rails_jwt_auth:migrate` and you have uncomented all modules fields.
 
-Include `RailsJwtAuth::Trackable` module into your User class:
+**Mongoid**
 
 ```ruby
-# app/models/user.rb
 class User
   include Mongoid::Document
   include RailsJwtAuth::Authenticatable
+  include RailsJwtAuth::Confirmable
+  include RailsJwtAuth::Recoverable
   include RailsJwtAuth::Trackable
-end
-```
-
-## Invitable
-
-This module allows you to invite an user to your application sending an invitation mail with a unique link and complete registration by setting user's password.
-
-### ActiveRecord
-
-Include `RailsJwtAuth::Invitable` module in your User model:
-
-```ruby
-# app/models/user.rb
-class User < ApplicationRecord
-  include RailsJwtAuth::Authenticatable
   include RailsJwtAuth::Invitable
-end
-```
 
-And create the corresponding migration
+  field :email, type: String
 
-```ruby
-# Example migration
-change_table :users do |t|
-  t.string :invitation_token
-  t.datetime :invitation_sent_at
-  t.datetime :invitation_accepted_at
-  t.datetime :invitation_created_at
-end
-```
-
-### Mongoid
-
-Include `RailsJwtAuth::Invitable` module in your User model:
-
-```ruby
-# app/models/user.rb
-class User < ApplicationRecord
-  include RailsJwtAuth::Authenticatable
-  include RailsJwtAuth::Invitable
+  validates :email, presence: true,
+                    uniqueness: true,
+                    format: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
 end
 ```
 
@@ -259,12 +118,12 @@ end
 
 RailsJwtAuth will create some helpers to use inside your controllers.
 
-To use this helpers we need to include `WardenHelper` into `ApplicationController`:
+To use this helpers we need to include `AuthenticableHelper` into `ApplicationController`:
 
 ```ruby
 # app/controllers/application_controller.rb
 class ApplicationController < ActionController::API
-  include RailsJwtAuth::WardenHelper
+  include RailsJwtAuth::AuthenticableHelper
 end
 ```
 
@@ -292,7 +151,7 @@ end
 
 ### Session
 
-Session api is defined by RailsJwtAuth::SessionsController.
+Session api is defined by `RailsJwtAuth::SessionsController`.
 
 1.  Get session token:
 
@@ -321,7 +180,7 @@ Session api is defined by RailsJwtAuth::SessionsController.
 
 ### Registration
 
-Registration api is defined by RailsJwtAuth::RegistrationsController.
+Registration api is defined by `RailsJwtAuth::RegistrationsController`.
 
 1.  Register user:
 
@@ -350,7 +209,7 @@ Registration api is defined by RailsJwtAuth::RegistrationsController.
 
 ### Confirmation
 
-Confirmation api is defined by RailsJwtAuth::ConfirmationsController.
+Confirmation api is defined by `RailsJwtAuth::ConfirmationsController`.
 
 1.  Confirm user:
 
@@ -380,7 +239,7 @@ Confirmation api is defined by RailsJwtAuth::ConfirmationsController.
 
 ### Password
 
-Password api is defined by RailsJwtAuth::PasswordsController.
+Password api is defined by `RailsJwtAuth::PasswordsController`.
 
 1.  Send reset password email:
 
@@ -414,7 +273,7 @@ Password api is defined by RailsJwtAuth::PasswordsController.
 
 ### Invitations
 
-Invitations api is provided by RailsJwtAuth::InvitationsController.
+Invitations api is provided by `RailsJwtAuth::InvitationsController`.
 
 1.  Create an invitation and send email:
 
@@ -555,29 +414,28 @@ end
 Require the RailsJwtAuth::Spec::Helpers helper module in `rails_helper.rb`.
 
 ```ruby
-  require 'rails_jwt_auth/spec/helpers'
+require 'rails_jwt_auth/spec_helpers'
+...
+RSpec.configure do |config|
   ...
-  RSpec.configure do |config|
-    ...
-    config.include RailsJwtAuth::Spec::Helpers, :type => :controller
-  end
+  config.include RailsJwtAuth::Spec::Helpers, :type => :controller
+end
 ```
 
-And then we can just call sign_in(user) to sign in as a user, or sign_out for examples that have no user signed in. Here's two quick examples:
+And then we can just call sign_in(user) to sign in as a user:
 
 ```ruby
-  describe ExampleController
-    it "blocks unauthenticated access" do
-      sign_out
-      expect { get :index }.to raise_error(RailsJwtAuth::Errors::NotAuthorized)
-    end
+describe ExampleController
+  it "blocks unauthenticated access" do
+    expect { get :index }.to raise_error(RailsJwtAuth::Errors::NotAuthorized)
+  end
 
-    it "allows authenticated access" do
-      sign_in user
-      get :index
-      expect(response).to be_success
-    end
+  it "allows authenticated access" do
+    sign_in user
+    get :index
+    expect(response).to be_success
   end
+end
 ```
 
 ## Locales

data/app/controllers/concerns/rails_jwt_auth/authenticable_helper.rb

@@ -0,0 +1,31 @@
+module RailsJwtAuth
+  NotAuthorized = Class.new(StandardError)
+
+  module AuthenticableHelper
+    def current_user
+      @current_user
+    end
+
+    def signed_in?
+      !current_user.nil?
+    end
+
+    def authenticate!
+      begin
+        payload = RailsJwtAuth::JwtManager.decode_from_request(request).first
+      rescue JWT::ExpiredSignature, JWT::VerificationError, JWT::DecodeError
+        unauthorize!
+      end
+
+      if !@current_user = RailsJwtAuth.model.from_token_payload(payload)
+        unauthorize!
+      elsif @current_user.respond_to? :update_tracked_fields!
+        @current_user.update_tracked_fields!(request)
+      end
+    end
+
+    def unauthorize!
+      raise NotAuthorized
+    end
+  end
+end

data/app/controllers/rails_jwt_auth/confirmations_controller.rb

@@ -11,12 +11,9 @@ module RailsJwtAuth
     end
 
     def update
-      if params[:confirmation_token].blank?
-        return render_422(confirmation_token: [{error: :not_found}])
-      end
-
-      user = RailsJwtAuth.model.where(confirmation_token: params[:confirmation_token]).first
-      return render_422(confirmation_token: [{error: :not_found}]) unless user
+      return render_404 unless
+        params[:id] &&
+        (user = RailsJwtAuth.model.where(confirmation_token: params[:id]).first)
 
       user.confirm! ? render_204 : render_422(user.errors.details)
     end