signinable 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.rdoc +107 -1
- data/Rakefile +6 -0
- data/lib/signinable/model_additions.rb +7 -7
- data/lib/signinable/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 28561853b037485e6c9c747c720a93078287ff6a
|
|
4
|
+
data.tar.gz: 1bb5d4f681708be5ea63eb0421afe7c82eb05527
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 76e28218c0bc1efa7c35c57fd6c1f759ed9d2c838a6f44559e639572031aae5031e7ee3095462548de3c504eaebd9d692289f5c385e0321677a1d95699350088
|
|
7
|
+
data.tar.gz: 9a7b11fd507a3fc63478cf5024033f3e1705766bb98ca8c99f4d28b67d491806d26467a66f22273d02ad118281a3646cd9614c005750d09e7b8359b048bf26fc
|
data/README.rdoc
CHANGED
|
@@ -1,3 +1,109 @@
|
|
|
1
1
|
= Signinable
|
|
2
|
+
{<img src="https://badge.fury.io/rb/signinable.png" alt="Gem Version" />}[http://badge.fury.io/rb/signinable]
|
|
3
|
+
{<img src="https://travis-ci.org/novozhenets/signinable.png?branch=master" alt="Build Status" />}[https://travis-ci.org/novozhenets/signinable]
|
|
2
4
|
|
|
3
|
-
|
|
5
|
+
Signinable is an authentication library for Ruby on Rails which allows token authentication for any user model.
|
|
6
|
+
|
|
7
|
+
== Installation
|
|
8
|
+
|
|
9
|
+
Add this to your Gemfile and run the +bundle+ command to install it.
|
|
10
|
+
|
|
11
|
+
gem "signinable"
|
|
12
|
+
|
|
13
|
+
After that run
|
|
14
|
+
|
|
15
|
+
rails generate signinable
|
|
16
|
+
|
|
17
|
+
and migrate the database.
|
|
18
|
+
|
|
19
|
+
Gem does not work with <b>Rails < 4</b>.
|
|
20
|
+
|
|
21
|
+
<b>Requires Ruby 1.9.2 or later.</b>
|
|
22
|
+
|
|
23
|
+
== Usage
|
|
24
|
+
|
|
25
|
+
Call signinable in an ActiveRecord class to make your model token signinable.
|
|
26
|
+
|
|
27
|
+
class User < ActiveRecord::Base
|
|
28
|
+
signinable
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
=== 1. Instance methods
|
|
32
|
+
|
|
33
|
+
User.signin(ip, user_agent, referer)
|
|
34
|
+
|
|
35
|
+
This will create and return signin token, which you can store in user cookies or session. For example, in your +session_controller+
|
|
36
|
+
|
|
37
|
+
class SessionsController < ApplicationController
|
|
38
|
+
|
|
39
|
+
def create
|
|
40
|
+
# check user credentials
|
|
41
|
+
|
|
42
|
+
# create signin token and set it into cookies
|
|
43
|
+
cookies[:signin_token] = user.signin(request.remote_ip, request.user_agent, request.referer)
|
|
44
|
+
|
|
45
|
+
# more code here
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
To signout user in your +session_controller+
|
|
51
|
+
|
|
52
|
+
def destroy
|
|
53
|
+
# your code here
|
|
54
|
+
|
|
55
|
+
user.signout(cookies[:signin_token], request.remote_ip, request.user_agent, request.referer)
|
|
56
|
+
|
|
57
|
+
# more code here
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
This will expire passed token.
|
|
61
|
+
|
|
62
|
+
user.last_signin
|
|
63
|
+
|
|
64
|
+
This will return instance of +Signin+ model unless +User+ hasn't signed in yet.
|
|
65
|
+
|
|
66
|
+
=== 2. Class methods
|
|
67
|
+
|
|
68
|
+
Token is passed to +authenticate_with_token+ method on model class. For example, in your +application_controller+
|
|
69
|
+
|
|
70
|
+
class ApplicationController < ActionController::Base
|
|
71
|
+
# your code here
|
|
72
|
+
|
|
73
|
+
before_action :require_login
|
|
74
|
+
helper_method :current_user
|
|
75
|
+
|
|
76
|
+
protected
|
|
77
|
+
def current_user
|
|
78
|
+
@current_user ||= User.authenticate_with_token(cookies[:signin_token], request.remote_ip, request.user_agent, request.referer) if cookies[:signin_token]
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
# you should change this to whatever logic you need
|
|
82
|
+
def require_login
|
|
83
|
+
unless current_user
|
|
84
|
+
session[:return_to] ||= request.referer
|
|
85
|
+
redirect_to login_url
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
# more code here
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
=== 3. Options
|
|
93
|
+
|
|
94
|
+
Optional parameters can be passed in +signinable+ method.
|
|
95
|
+
|
|
96
|
+
signinable expiration: 1.day
|
|
97
|
+
|
|
98
|
+
Expiration time of token is increased by +expiration+ value every time +authenticate_with_token+ gets called. <b>Default</b> is +2.hours+.
|
|
99
|
+
|
|
100
|
+
signinable simultaneous: false
|
|
101
|
+
|
|
102
|
+
If false then all user signin tokens become expired except the last one, once the user is signed in. <b>Default</b> is +true+.
|
|
103
|
+
|
|
104
|
+
signinable restrictions: [:ip, :user_agent]
|
|
105
|
+
|
|
106
|
+
+restriction+ can be passed as an array of parameters, which have to be checked every time user tries to +authenticate_with_token+.
|
|
107
|
+
This is done to prevent unauthorized access to tokens or to forbid using one token from different IPs or browsers. Posibble values are: +ip+ and +user_agent+ <b>Default</b> is empty array.
|
|
108
|
+
|
|
109
|
+
All options can be combined any way.
|
data/Rakefile
CHANGED
|
@@ -14,7 +14,7 @@ module Signinable
|
|
|
14
14
|
has_many :signins, as: :signinable, dependent: :destroy
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
def authenticate_with_token(token, ip, user_agent
|
|
17
|
+
def authenticate_with_token(token, ip, user_agent)
|
|
18
18
|
if(signin = Signin.find_by_token(token))
|
|
19
19
|
if self.signin_expiration > 0
|
|
20
20
|
return nil if signin.expired?
|
|
@@ -24,18 +24,18 @@ module Signinable
|
|
|
24
24
|
return nil unless signin == signin.signinable.last_signin
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
return nil unless self.check_signin_permission(signin, ip, user_agent
|
|
27
|
+
return nil unless self.check_signin_permission(signin, ip, user_agent)
|
|
28
28
|
signin.update!(expiration_time: (Time.zone.now + self.signin_expiration)) unless self.signin_expiration == 0
|
|
29
29
|
signin.signinable
|
|
30
30
|
end
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
def check_signin_permission(signin, ip, user_agent
|
|
34
|
-
signin_permitted?(signin, ip, user_agent
|
|
33
|
+
def check_signin_permission(signin, ip, user_agent)
|
|
34
|
+
signin_permitted?(signin, ip, user_agent)
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
private
|
|
38
|
-
def signin_permitted?(signin, ip, user_agent
|
|
38
|
+
def signin_permitted?(signin, ip, user_agent)
|
|
39
39
|
self.signin_restrictions.each do |field|
|
|
40
40
|
if(local_variables.include?(field.to_sym) && signin.respond_to?("#{field}"))
|
|
41
41
|
return false unless signin.send("#{field}") == eval("#{field}")
|
|
@@ -51,9 +51,9 @@ module Signinable
|
|
|
51
51
|
Signin.create!(signinable: self, ip: ip, referer: referer, user_agent: user_agent, expiration_time: expiration_time).token
|
|
52
52
|
end
|
|
53
53
|
|
|
54
|
-
def signout(token, ip, user_agent
|
|
54
|
+
def signout(token, ip, user_agent)
|
|
55
55
|
if(signin = Signin.find_by_token(token))
|
|
56
|
-
return nil unless self.class.check_signin_permission(signin, ip, user_agent
|
|
56
|
+
return nil unless self.class.check_signin_permission(signin, ip, user_agent)
|
|
57
57
|
signin.expire!
|
|
58
58
|
|
|
59
59
|
return true
|
data/lib/signinable/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: signinable
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ivan Novozhenets
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-01-
|
|
11
|
+
date: 2014-01-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|