simple_token_auth 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/Rakefile +32 -0
- data/lib/generators/active_record/simple_token_auth_generator.rb +15 -0
- data/lib/generators/simple_token_auth/install_generator.rb +39 -0
- data/lib/generators/simple_token_auth/simple_token_auth_generator.rb +15 -0
- data/lib/generators/templates/api_key.rb +30 -0
- data/lib/generators/templates/migration.rb +12 -0
- data/lib/generators/templates/simple_token_auth.rb +14 -0
- data/lib/simple_token_auth.rb +28 -0
- data/lib/simple_token_auth/authenticate_with_token.rb +54 -0
- data/lib/simple_token_auth/configuration.rb +29 -0
- data/lib/simple_token_auth/helpers.rb +20 -0
- data/lib/simple_token_auth/token_authenticatable.rb +31 -0
- data/lib/simple_token_auth/version.rb +3 -0
- data/lib/tasks/simple_token_auth_tasks.rake +4 -0
- data/test/dummy/README.rdoc +28 -0
- data/test/dummy/Rakefile +6 -0
- data/test/dummy/app/assets/javascripts/application.js +13 -0
- data/test/dummy/app/assets/javascripts/users.js +2 -0
- data/test/dummy/app/assets/stylesheets/application.css +15 -0
- data/test/dummy/app/assets/stylesheets/users.css +4 -0
- data/test/dummy/app/controllers/application_controller.rb +9 -0
- data/test/dummy/app/controllers/users_controller.rb +9 -0
- data/test/dummy/app/helpers/application_helper.rb +2 -0
- data/test/dummy/app/models/api_key.rb +26 -0
- data/test/dummy/app/models/user.rb +3 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/bin/bundle +3 -0
- data/test/dummy/bin/rails +4 -0
- data/test/dummy/bin/rake +4 -0
- data/test/dummy/config.ru +4 -0
- data/test/dummy/config/application.rb +23 -0
- data/test/dummy/config/boot.rb +5 -0
- data/test/dummy/config/database.yml +25 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +37 -0
- data/test/dummy/config/environments/production.rb +78 -0
- data/test/dummy/config/environments/test.rb +39 -0
- data/test/dummy/config/initializers/assets.rb +8 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/test/dummy/config/initializers/inflections.rb +16 -0
- data/test/dummy/config/initializers/mime_types.rb +4 -0
- data/test/dummy/config/initializers/session_store.rb +3 -0
- data/test/dummy/config/initializers/simple_token_auth.rb +14 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy/config/locales/en.yml +23 -0
- data/test/dummy/config/routes.rb +3 -0
- data/test/dummy/config/secrets.yml +22 -0
- data/test/dummy/db/development.sqlite3 +0 -0
- data/test/dummy/db/migrate/20141015200820_create_users.rb +8 -0
- data/test/dummy/db/migrate/20141203034209_simple_token_auth_migration.rb +12 -0
- data/test/dummy/db/schema.rb +31 -0
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/development.log +24 -0
- data/test/dummy/log/test.log +2946 -0
- data/test/dummy/public/404.html +67 -0
- data/test/dummy/public/422.html +67 -0
- data/test/dummy/public/500.html +66 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/simple_token_auth/integration_test.rb +38 -0
- data/test/simple_token_auth/user_test.rb +18 -0
- data/test/simple_token_auth_test.rb +6 -0
- data/test/test_helper.rb +17 -0
- metadata +204 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 2aaf16b1c965cf81c5493fd2ea2631c88c603442
|
4
|
+
data.tar.gz: 13e203296f723ba40b6d26e66260b18624723877
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 33b9131c03bb9b7b28c83f8c4c3c953a095c3de2c562cd530284e376ff11e45be70726cb8075424a3f7ecfcb4e355cf2659ffadc4752ef942cf1c036c1e26aa6
|
7
|
+
data.tar.gz: 6743e331d39a3854367b804f94cec344a434bb42d2a01f46028a52063a024546929b49c0c0a8b0fe8c9c8ef520cd8db6327cc9388c1f2d1ff2444dc0b5cd6e5c
|
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright 2014 YOURNAME
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/Rakefile
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
begin
|
2
|
+
require 'bundler/setup'
|
3
|
+
rescue LoadError
|
4
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
5
|
+
end
|
6
|
+
|
7
|
+
require 'rdoc/task'
|
8
|
+
|
9
|
+
RDoc::Task.new(:rdoc) do |rdoc|
|
10
|
+
rdoc.rdoc_dir = 'rdoc'
|
11
|
+
rdoc.title = 'SimpleTokenAuth'
|
12
|
+
rdoc.options << '--line-numbers'
|
13
|
+
rdoc.rdoc_files.include('README.rdoc')
|
14
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
15
|
+
end
|
16
|
+
|
17
|
+
|
18
|
+
|
19
|
+
|
20
|
+
Bundler::GemHelper.install_tasks
|
21
|
+
|
22
|
+
require 'rake/testtask'
|
23
|
+
|
24
|
+
Rake::TestTask.new(:test) do |t|
|
25
|
+
t.libs << 'lib'
|
26
|
+
t.libs << 'test'
|
27
|
+
t.pattern = 'test/**/*_test.rb'
|
28
|
+
t.verbose = false
|
29
|
+
end
|
30
|
+
|
31
|
+
|
32
|
+
task default: :test
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require 'rails/generators/active_record'
|
2
|
+
|
3
|
+
module ActiveRecord
|
4
|
+
module Generators
|
5
|
+
class SimpleTokenAuthGenerator < ActiveRecord::Generators::Base
|
6
|
+
source_root File.expand_path("../templates", __FILE__)
|
7
|
+
|
8
|
+
def append_to_token_authenticatable_model
|
9
|
+
inject_into_class "app/models/#{name}.rb", name.camelize.constantize, <<-END
|
10
|
+
include SimpleTokenAuth::TokenAuthenticatable
|
11
|
+
END
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
require 'rails/generators/base'
|
2
|
+
|
3
|
+
module SimpleTokenAuth
|
4
|
+
module Generators
|
5
|
+
class InstallGenerator < Rails::Generators::Base
|
6
|
+
include Rails::Generators::Migration
|
7
|
+
|
8
|
+
source_root File.expand_path("../../templates", __FILE__)
|
9
|
+
|
10
|
+
desc "Generates a TokenAuth initializer and migrations for api_key"
|
11
|
+
|
12
|
+
def self.orm
|
13
|
+
Rails::Generators.options[:rails][:orm]
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.orm_has_migration?
|
17
|
+
[:active_record].include? orm
|
18
|
+
end
|
19
|
+
|
20
|
+
def self.next_migration_number(path)
|
21
|
+
Time.now.utc.strftime("%Y%m%d%H%M%S")
|
22
|
+
end
|
23
|
+
|
24
|
+
def create_migration_file
|
25
|
+
if self.class.orm_has_migration?
|
26
|
+
migration_template 'migration.rb', 'db/migrate/simple_token_auth_migration.rb'
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def copy_initializer
|
31
|
+
template "simple_token_auth.rb", "config/initializers/simple_token_auth.rb"
|
32
|
+
end
|
33
|
+
|
34
|
+
def copy_api_key_model
|
35
|
+
template "api_key.rb", "app/models/api_key.rb"
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require 'rails/generators/named_base'
|
2
|
+
|
3
|
+
module SimpleTokenAuth
|
4
|
+
module Generators
|
5
|
+
class SimpleTokenAuthGenerator < Rails::Generators::NamedBase
|
6
|
+
include Rails::Generators::ResourceHelpers
|
7
|
+
|
8
|
+
namespace 'simple_token_auth'
|
9
|
+
source_root File.expand_path("../templates", __FILE__)
|
10
|
+
|
11
|
+
desc 'Insert include for given NAME model'
|
12
|
+
hook_for :orm
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
class ApiKey < ActiveRecord::Base
|
2
|
+
belongs_to :token_authenticatable, polymorphic: true
|
3
|
+
before_create :renew
|
4
|
+
|
5
|
+
def expired?
|
6
|
+
expired_at < Time.now.utc
|
7
|
+
end
|
8
|
+
|
9
|
+
def renew!
|
10
|
+
renew
|
11
|
+
save!
|
12
|
+
end
|
13
|
+
|
14
|
+
private
|
15
|
+
|
16
|
+
def renew
|
17
|
+
generate_access_token
|
18
|
+
set_expiry_date
|
19
|
+
end
|
20
|
+
|
21
|
+
def set_expiry_date
|
22
|
+
self.expired_at = SimpleTokenAuth.expire_in.since
|
23
|
+
end
|
24
|
+
|
25
|
+
def generate_access_token
|
26
|
+
begin
|
27
|
+
self.access_token = SecureRandom.hex
|
28
|
+
end while self.class.exists?(access_token: access_token)
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
class SimpleTokenAuthMigration < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table :api_keys do |t|
|
4
|
+
t.integer :token_authenticatable_id, null: false
|
5
|
+
t.string :token_authenticatable_type, null: false
|
6
|
+
t.string :access_token, null: false
|
7
|
+
t.datetime :expired_at
|
8
|
+
t.datetime :created_at
|
9
|
+
end
|
10
|
+
add_index :api_keys, :access_token, unique: true
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
SimpleTokenAuth.configure do |config|
|
2
|
+
config.find_scope_strategy = -> (scope_class, token) do
|
3
|
+
field, token = token.split('.')
|
4
|
+
scope = scope_class.find(field.to_i)
|
5
|
+
[scope, token]
|
6
|
+
end
|
7
|
+
|
8
|
+
config.after_authenticated_strategy = -> (scope, controller) do
|
9
|
+
# Devise way of after authenticated a user
|
10
|
+
controller.sign_in scope, {}
|
11
|
+
end
|
12
|
+
|
13
|
+
config.expire_in = 3.hours
|
14
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
require_relative 'simple_token_auth/configuration'
|
2
|
+
require_relative 'simple_token_auth/helpers'
|
3
|
+
|
4
|
+
module SimpleTokenAuth
|
5
|
+
extend Configuration
|
6
|
+
extend Helpers
|
7
|
+
|
8
|
+
class << self
|
9
|
+
def compare_token(a, b)
|
10
|
+
compare_token_strategy.(a, b)
|
11
|
+
end
|
12
|
+
|
13
|
+
def generate_authentication_token
|
14
|
+
generate_authentication_token_strategy.()
|
15
|
+
end
|
16
|
+
|
17
|
+
def find_scope(scope_class, token)
|
18
|
+
find_scope_strategy.(scope_class, token)
|
19
|
+
end
|
20
|
+
|
21
|
+
def after_authenticated(scope, controller)
|
22
|
+
after_authenticated_strategy.(scope, controller)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
require_relative 'simple_token_auth/authenticate_with_token'
|
28
|
+
require_relative 'simple_token_auth/token_authenticatable'
|
@@ -0,0 +1,54 @@
|
|
1
|
+
# Usage:
|
2
|
+
#
|
3
|
+
# class ApplicationController
|
4
|
+
# include SimpleTokenAuth::AuthenticateWithToken
|
5
|
+
# end
|
6
|
+
#
|
7
|
+
# class UserController < ApplicationController
|
8
|
+
# prepend_before_action :authenticate_user_from_token!
|
9
|
+
# end
|
10
|
+
#
|
11
|
+
module SimpleTokenAuth
|
12
|
+
module AuthenticateWithToken
|
13
|
+
def method_missing(method, *args, &block)
|
14
|
+
if m = method.to_s.match(/authenticate_(.+)_from_token!/)
|
15
|
+
send :authenticate_from_token!, m[1]
|
16
|
+
else
|
17
|
+
super
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
private
|
22
|
+
|
23
|
+
def authenticate_from_token!(scope_name)
|
24
|
+
scope_class = scope_name.camelize.constantize
|
25
|
+
authenticate_or_request_with_http_token do |token, options|
|
26
|
+
return false if token.blank?
|
27
|
+
|
28
|
+
scope, token = *find_scope(scope_class, token)
|
29
|
+
authenticated = false
|
30
|
+
|
31
|
+
if scope
|
32
|
+
api_key = scope.api_key
|
33
|
+
authenticated = api_key && !api_key.expired? && compare_token(api_key.access_token, token)
|
34
|
+
end
|
35
|
+
|
36
|
+
after_authenticated(scope, self) if authenticated
|
37
|
+
|
38
|
+
authenticated
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def after_authenticated(*args)
|
43
|
+
SimpleTokenAuth.after_authenticated(*args)
|
44
|
+
end
|
45
|
+
|
46
|
+
def find_scope(*args)
|
47
|
+
SimpleTokenAuth.find_scope(*args)
|
48
|
+
end
|
49
|
+
|
50
|
+
def compare_token(a, b)
|
51
|
+
SimpleTokenAuth.compare_token(a, b)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module SimpleTokenAuth
|
2
|
+
module Configuration
|
3
|
+
mattr_accessor :generate_authentication_token_strategy
|
4
|
+
mattr_accessor :compare_token_strategy
|
5
|
+
mattr_accessor :find_scope_strategy
|
6
|
+
mattr_accessor :after_authenticated_strategy
|
7
|
+
mattr_accessor :expire_in
|
8
|
+
|
9
|
+
class MissingConfiguration
|
10
|
+
def initialize(message)
|
11
|
+
@message = message
|
12
|
+
end
|
13
|
+
|
14
|
+
def call(*args)
|
15
|
+
raise NotImplementedError, @message
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
# Defaults
|
20
|
+
@@generate_authentication_token_strategy = -> { SimpleTokenAuth.friendly_token }
|
21
|
+
@@compare_token_strategy = -> (a, b) { SimpleTokenAuth.secure_compare(a, b) }
|
22
|
+
@@find_scope_strategy = MissingConfiguration.new("find_scope_strategy needs to be configured")
|
23
|
+
@@after_authenticated_strategy = MissingConfiguration.new("after_authenticated_strategy needs to be configured")
|
24
|
+
|
25
|
+
def configure
|
26
|
+
yield self if block_given?
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# https://github.com/plataformatec/devise
|
2
|
+
#
|
3
|
+
module SimpleTokenAuth
|
4
|
+
module Helpers
|
5
|
+
# Generate a friendly string randomly to be used as token.
|
6
|
+
def friendly_token
|
7
|
+
SecureRandom.urlsafe_base64(15).tr('lIO0', 'sxyz')
|
8
|
+
end
|
9
|
+
|
10
|
+
# constant-time comparison algorithm to prevent timing attacks
|
11
|
+
def secure_compare(a, b)
|
12
|
+
return false if a.blank? || b.blank? || a.bytesize != b.bytesize
|
13
|
+
l = a.unpack "C#{a.bytesize}"
|
14
|
+
|
15
|
+
res = 0
|
16
|
+
b.each_byte { |byte| res |= byte ^ l.shift }
|
17
|
+
res == 0
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# Ensures a token is generated
|
2
|
+
#
|
3
|
+
# class User < ActiveRecord::Base
|
4
|
+
# include SimpleTokenAuth::TokenAuthenticatable
|
5
|
+
# end
|
6
|
+
#
|
7
|
+
module SimpleTokenAuth
|
8
|
+
module TokenAuthenticatable
|
9
|
+
extend ActiveSupport::Concern
|
10
|
+
|
11
|
+
included do
|
12
|
+
before_save :ensure_api_key
|
13
|
+
|
14
|
+
has_one :api_key, as: :token_authenticatable
|
15
|
+
end
|
16
|
+
|
17
|
+
def auth_token
|
18
|
+
api_key.access_token
|
19
|
+
end
|
20
|
+
|
21
|
+
def renew_api_key
|
22
|
+
api_key.renew!
|
23
|
+
end
|
24
|
+
|
25
|
+
private
|
26
|
+
|
27
|
+
def ensure_api_key
|
28
|
+
build_api_key unless api_key.present?
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
== README
|
2
|
+
|
3
|
+
This README would normally document whatever steps are necessary to get the
|
4
|
+
application up and running.
|
5
|
+
|
6
|
+
Things you may want to cover:
|
7
|
+
|
8
|
+
* Ruby version
|
9
|
+
|
10
|
+
* System dependencies
|
11
|
+
|
12
|
+
* Configuration
|
13
|
+
|
14
|
+
* Database creation
|
15
|
+
|
16
|
+
* Database initialization
|
17
|
+
|
18
|
+
* How to run the test suite
|
19
|
+
|
20
|
+
* Services (job queues, cache servers, search engines, etc.)
|
21
|
+
|
22
|
+
* Deployment instructions
|
23
|
+
|
24
|
+
* ...
|
25
|
+
|
26
|
+
|
27
|
+
Please feel free to use a different markup language if you do not plan to run
|
28
|
+
<tt>rake doc:app</tt>.
|
data/test/dummy/Rakefile
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
// This is a manifest file that'll be compiled into application.js, which will include all the files
|
2
|
+
// listed below.
|
3
|
+
//
|
4
|
+
// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
|
5
|
+
// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
|
6
|
+
//
|
7
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
8
|
+
// compiled file.
|
9
|
+
//
|
10
|
+
// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
|
11
|
+
// about supported directives.
|
12
|
+
//
|
13
|
+
//= require_tree .
|
@@ -0,0 +1,15 @@
|
|
1
|
+
/*
|
2
|
+
* This is a manifest file that'll be compiled into application.css, which will include all the files
|
3
|
+
* listed below.
|
4
|
+
*
|
5
|
+
* Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
|
6
|
+
* or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
|
7
|
+
*
|
8
|
+
* You're free to add application-wide styles to this file and they'll appear at the bottom of the
|
9
|
+
* compiled file so the styles you add here take precedence over styles defined in any styles
|
10
|
+
* defined in the other CSS/SCSS files in this directory. It is generally better to create a new
|
11
|
+
* file per style scope.
|
12
|
+
*
|
13
|
+
*= require_tree .
|
14
|
+
*= require_self
|
15
|
+
*/
|