simple_token_authentication 1.13.0 → 1.14.0

data/gemfiles/ruby_1.9.3_rails_3.2.gemfile

@@ -3,6 +3,8 @@
 source "https://rubygems.org"
 
 gem "actionmailer", ">= 3.2.6", "< 4"
+gem "actionpack", ">= 3.2.6", "< 4"
+gem "activerecord", ">= 3.2.6", "< 4"
 gem "mime-types", "< 3"
 gem "tins", "< 1.7.0"
 

data/gemfiles/ruby_1.9.3_rails_3.2.gemfile.lock

@@ -0,0 +1,150 @@
+PATH
+  remote: ../
+  specs:
+    simple_token_authentication (1.14.0)
+      actionmailer (>= 3.2.6, < 6)
+      actionpack (>= 3.2.6, < 6)
+      devise (>= 3.2, < 6)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (3.2.22.2)
+      actionpack (= 3.2.22.2)
+      mail (~> 2.5.4)
+    actionpack (3.2.22.2)
+      activemodel (= 3.2.22.2)
+      activesupport (= 3.2.22.2)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.22.2)
+      activesupport (= 3.2.22.2)
+      builder (~> 3.0.0)
+    activerecord (3.2.22.2)
+      activemodel (= 3.2.22.2)
+      activesupport (= 3.2.22.2)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activesupport (3.2.22.2)
+      i18n (~> 0.6, >= 0.6.4)
+      multi_json (~> 1.0)
+    appraisal (2.1.0)
+      bundler
+      rake
+      thor (>= 0.14.0)
+    arel (3.0.3)
+    bcrypt (3.1.11)
+    builder (3.0.4)
+    coderay (1.1.1)
+    devise (3.5.10)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      responders
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
+    diff-lcs (1.2.5)
+    erubis (2.7.0)
+    hike (1.2.3)
+    i18n (0.7.0)
+    inch (0.7.1)
+      pry
+      sparkr (>= 0.2.0)
+      term-ansicolor
+      yard (~> 0.8.7.5)
+    journey (1.0.4)
+    json (1.8.3)
+    mail (2.5.4)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    method_source (0.8.2)
+    mime-types (1.25.1)
+    mongoid (3.1.7)
+      activemodel (~> 3.2)
+      moped (~> 1.4)
+      origin (~> 1.0)
+      tzinfo (~> 0.3.29)
+    moped (1.5.3)
+    multi_json (1.12.1)
+    origin (1.1.0)
+    orm_adapter (0.5.0)
+    polyglot (0.3.5)
+    pry (0.10.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
+    rack (1.4.7)
+    rack-cache (1.6.1)
+      rack (>= 0.4)
+    rack-ssl (1.3.4)
+      rack
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    railties (3.2.22.2)
+      actionpack (= 3.2.22.2)
+      activesupport (= 3.2.22.2)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (11.2.2)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    responders (1.1.2)
+      railties (>= 3.2, < 4.2)
+    rspec (3.5.0)
+      rspec-core (~> 3.5.0)
+      rspec-expectations (~> 3.5.0)
+      rspec-mocks (~> 3.5.0)
+    rspec-core (3.5.0)
+      rspec-support (~> 3.5.0)
+    rspec-expectations (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-mocks (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-support (3.5.0)
+    slop (3.6.0)
+    sparkr (0.4.1)
+    sprockets (2.2.3)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    term-ansicolor (1.3.2)
+      tins (~> 1.0)
+    thor (0.19.1)
+    thread_safe (0.3.5)
+    tilt (1.4.1)
+    tins (1.6.0)
+    treetop (1.4.15)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.51)
+    warden (1.2.6)
+      rack (>= 1.0)
+    yard (0.8.7.6)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  actionmailer (>= 3.2.6, < 4)
+  actionpack (>= 3.2.6, < 4)
+  activerecord (>= 3.2.6, < 4)
+  appraisal (~> 2.0)
+  inch (~> 0.4)
+  mime-types (< 3)
+  mongoid (>= 3.1.0, < 7)
+  rspec (~> 3.0)
+  simple_token_authentication!
+  tins (< 1.7.0)
+
+BUNDLED WITH
+   1.11.2

data/lib/simple_token_authentication.rb

@@ -1,3 +1,4 @@
+require 'active_support/version'
 require 'simple_token_authentication/acts_as_token_authenticatable'
 require 'simple_token_authentication/acts_as_token_authentication_handler'
 require 'simple_token_authentication/configuration'
@@ -46,7 +47,14 @@ module SimpleTokenAuthentication
   end
 
   def self.adapter_dependency_fulfilled? adapter_short_name
-    qualified_const_defined?(SimpleTokenAuthentication.adapters_dependencies[adapter_short_name])
+    dependency = SimpleTokenAuthentication.adapters_dependencies[adapter_short_name]
+
+    if !respond_to?(:qualified_const_defined?) || (ActiveSupport.respond_to?(:version) && ActiveSupport.version.to_s =~ /^5\.0/)
+      # See https://github.com/gonzalo-bulnes/simple_token_authentication/pull/229/commits/74eda6c28cd0b45636c466de56f2dbaca5c5b629#r57507423
+      const_defined?(dependency)
+    else
+      qualified_const_defined?(dependency)
+    end
   end
 
   available_model_adapters = load_available_adapters SimpleTokenAuthentication.model_adapters

data/lib/simple_token_authentication/sign_in_handler.rb

@@ -15,7 +15,7 @@ module SimpleTokenAuthentication
     def integrate_with_devise_trackable!(controller)
       # Sign in using token should not be tracked by Devise trackable
       # See https://github.com/plataformatec/devise/issues/953
-      controller.env["devise.skip_trackable"] = SimpleTokenAuthentication.skip_devise_trackable
+      controller.request.env["devise.skip_trackable"] = SimpleTokenAuthentication.skip_devise_trackable
     end
   end
 end

data/lib/simple_token_authentication/token_authentication_handler.rb

@@ -144,7 +144,13 @@ module SimpleTokenAuthentication
         else
           :"authenticate_#{entity.name_underscore}_from_token"
         end
-        before_filter authenticate_method, options.slice(:only, :except, :if, :unless)
+
+        if respond_to?(:before_action)
+          # See https://github.com/rails/rails/commit/9d62e04838f01f5589fa50b0baa480d60c815e2c
+          before_action authenticate_method, options.slice(:only, :except, :if, :unless)
+        else
+          before_filter authenticate_method, options.slice(:only, :except, :if, :unless)
+        end
       end
     end
   end

data/lib/simple_token_authentication/version.rb

@@ -1,3 +1,3 @@
 module SimpleTokenAuthentication
-  VERSION = "1.13.0"
+  VERSION = "1.14.0"
 end

data/spec/configuration/action_controller_callbacks_options_spec.rb

@@ -11,7 +11,7 @@ describe 'ActionController', action_controller_callbacks_options: true do
     define_test_subjects_for_extension_of(SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler)
   end
 
-  describe ':only option' do
+  describe ':only option', before_filter: true do
 
     context 'when provided to `acts_as_token_authentication_hanlder_for`' do
 
@@ -31,7 +31,7 @@ describe 'ActionController', action_controller_callbacks_options: true do
     end
   end
 
-  describe ':except option' do
+  describe ':except option', before_filter: true do
 
     context 'when provided to `acts_as_token_authentication_hanlder_for`' do
 
@@ -51,7 +51,7 @@ describe 'ActionController', action_controller_callbacks_options: true do
     end
   end
 
-  describe ':if option' do
+  describe ':if option', before_filter: true do
 
     context 'when provided to `acts_as_token_authentication_hanlder_for`' do
 
@@ -71,7 +71,7 @@ describe 'ActionController', action_controller_callbacks_options: true do
     end
   end
 
-  describe ':unless option' do
+  describe ':unless option', before_filter: true do
 
     context 'when provided to `acts_as_token_authentication_hanlder_for`' do
 
@@ -90,4 +90,87 @@ describe 'ActionController', action_controller_callbacks_options: true do
       end
     end
   end
+
+  context "which supports the :before_action hook", before_action: true do
+
+    describe ':only option' do
+
+      context 'when provided to `acts_as_token_authentication_hanlder_for`' do
+
+        it 'is applied to the corresponding callback (1)', rspec_3_error: true, private: true do
+          some_class = @subjects.first
+
+          expect(some_class).to receive(:before_action).with(:authenticate_user_from_token!, { only: ['some_action', :some_other_action] })
+          some_class.acts_as_token_authentication_handler_for User, only: ['some_action', :some_other_action]
+        end
+
+        it 'is applied to the corresponding callback (2)', rspec_3_error: true, private: true do
+          some_child_class = @subjects.last
+
+          expect(some_child_class).to receive(:before_action).with(:authenticate_user_from_token!, { only: ['some_action', :some_other_action] })
+          some_child_class.acts_as_token_authentication_handler_for User, only: ['some_action', :some_other_action]
+        end
+      end
+    end
+
+    describe ':except option' do
+
+      context 'when provided to `acts_as_token_authentication_hanlder_for`' do
+
+        it 'is applied to the corresponding callback (1)', rspec_3_error: true, private: true do
+          some_class = @subjects.first
+
+          expect(some_class).to receive(:before_action).with(:authenticate_user_from_token!, { except: ['some_action', :some_other_action] })
+          some_class.acts_as_token_authentication_handler_for User, except: ['some_action', :some_other_action]
+        end
+
+        it 'is applied to the corresponding callback (2)', rspec_3_error: true, private: true do
+          some_child_class = @subjects.last
+
+          expect(some_child_class).to receive(:before_action).with(:authenticate_user_from_token!, { except: ['some_action', :some_other_action] })
+          some_child_class.acts_as_token_authentication_handler_for User, except: ['some_action', :some_other_action]
+        end
+      end
+    end
+
+    describe ':if option' do
+
+      context 'when provided to `acts_as_token_authentication_hanlder_for`' do
+
+        it 'is applied to the corresponding callback (1)', rspec_3_error: true, private: true do
+          some_class = @subjects.first
+
+          expect(some_class).to receive(:before_action).with(:authenticate_user_from_token!, { if: lambda { |controller| 'some condition' } })
+          some_class.acts_as_token_authentication_handler_for User, if: lambda { |controller| 'some condition' }
+        end
+
+        it 'is applied to the corresponding callback (2)', rspec_3_error: true, private: true do
+          some_child_class = @subjects.last
+
+          expect(some_child_class).to receive(:before_action).with(:authenticate_user_from_token!, { if: lambda { |controller| 'some condition' } })
+          some_child_class.acts_as_token_authentication_handler_for User, if: lambda { |controller| 'some condition' }
+        end
+      end
+    end
+
+    describe ':unless option' do
+
+      context 'when provided to `acts_as_token_authentication_hanlder_for`' do
+
+        it 'is applied to the corresponding callback (1)', rspec_3_error: true, private: true do
+          some_class = @subjects.first
+
+          expect(some_class).to receive(:before_action).with(:authenticate_user_from_token!, { unless: lambda { |controller| 'some condition' } })
+          some_class.acts_as_token_authentication_handler_for User, unless: lambda { |controller| 'some condition' }
+        end
+
+        it 'is applied to the corresponding callback (2)', rspec_3_error: true, private: true do
+          some_child_class = @subjects.last
+
+          expect(some_child_class).to receive(:before_action).with(:authenticate_user_from_token!, { unless: lambda { |controller| 'some condition' } })
+          some_child_class.acts_as_token_authentication_handler_for User, unless: lambda { |controller| 'some condition' }
+        end
+      end
+    end
+  end
 end

data/spec/configuration/fallback_to_devise_option_spec.rb

@@ -19,7 +19,7 @@ describe 'Simple Token Authentication' do
 
       context 'when true' do
 
-        it 'delegates authentication to Devise strategies', protected: true do
+        it 'delegates authentication to Devise strategies', protected: true, before_filter: true do
           @controller = @controller_class.new
           allow(@controller).to receive(:params)
           allow(@controller).to receive(:find_record_from_identifier)
@@ -39,7 +39,7 @@ describe 'Simple Token Authentication' do
 
       context 'when false' do
 
-        it 'does nothing after token authentication fails', protected: true do
+        it 'does nothing after token authentication fails', protected: true, before_filter: true do
           @controller = @controller_class.new
           allow(@controller).to receive(:params)
           allow(@controller).to receive(:find_record_from_identifier)
@@ -59,7 +59,7 @@ describe 'Simple Token Authentication' do
 
       context 'when omitted' do
 
-        it 'delegates authentication to Devise strategies', protected: true do
+        it 'delegates authentication to Devise strategies', protected: true, before_filter: true do
           @controller = @controller_class.new
           allow(@controller).to receive(:params)
           allow(@controller).to receive(:find_record_from_identifier)
@@ -85,7 +85,7 @@ describe 'Simple Token Authentication' do
           allow(admin).to receive(:name).and_return('Admin')
         end
 
-        context 'when false for User and true for Admin' do
+        context 'when false for User and true for Admin', before_filter: true do
 
           before(:each) do
             @controller = @controller_class.new
@@ -124,5 +124,129 @@ describe 'Simple Token Authentication' do
         end
       end
     end
+
+    context "when the token authenticatable supports the :before_action hook", before_action: true do
+
+      describe 'determines what to do if token authentication fails' do
+
+        before(:each) do
+          user = double()
+          stub_const('User', user)
+          allow(user).to receive(:name).and_return('User')
+
+          # given a controller class which acts as token authentication handler
+          @controller_class = Class.new
+          allow(@controller_class).to receive(:before_action)
+          @controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
+        end
+
+        context 'when true' do
+
+          it 'delegates authentication to Devise strategies', protected: true do
+            @controller = @controller_class.new
+            allow(@controller).to receive(:params)
+            allow(@controller).to receive(:find_record_from_identifier)
+
+            # sets :authenticate_user_from_token! (bang) in the before_action
+            expect(@controller_class).to receive(:before_action).with(:authenticate_user_from_token!, {})
+
+            # when falling back to Devise is enabled
+            @controller_class.acts_as_token_authentication_handler_for User, fallback_to_devise: true
+
+            # when the hook is triggered
+            # Devise strategies take control of authentication
+            expect(@controller).to receive(:authenticate_user!)
+            @controller.authenticate_user_from_token! # bang
+          end
+        end
+
+        context 'when false' do
+
+          it 'does nothing after token authentication fails', protected: true do
+            @controller = @controller_class.new
+            allow(@controller).to receive(:params)
+            allow(@controller).to receive(:find_record_from_identifier)
+
+            # sets :authenticate_user_from_token (non-bang) in the before_action
+            expect(@controller_class).to receive(:before_action).with(:authenticate_user_from_token, {})
+
+            # when falling back to Devise is enabled
+            @controller_class.acts_as_token_authentication_handler_for User, fallback_to_devise: false
+
+            # when the hook is triggered
+            # Devise strategies do not take control of authentication
+            expect(@controller).not_to receive(:authenticate_user!)
+            @controller.authenticate_user_from_token # non-bang
+          end
+        end
+
+        context 'when omitted' do
+
+          it 'delegates authentication to Devise strategies', protected: true do
+            @controller = @controller_class.new
+            allow(@controller).to receive(:params)
+            allow(@controller).to receive(:find_record_from_identifier)
+
+            # sets :authenticate_user_from_token! (bang) in the before_action
+            expect(@controller_class).to receive(:before_action).with(:authenticate_user_from_token!, {})
+
+            # when falling back to Devise is enabled
+            @controller_class.acts_as_token_authentication_handler_for User
+
+            # when the hook is triggered
+            # Devise strategies take control of authentication
+            expect(@controller).to receive(:authenticate_user!)
+            @controller.authenticate_user_from_token! # bang
+          end
+        end
+
+        describe 'in a per-model (token authenticatable) way' do
+
+          before(:each) do
+            admin = double()
+            stub_const('Admin', admin)
+            allow(admin).to receive(:name).and_return('Admin')
+          end
+
+          context 'when false for User and true for Admin' do
+
+            before(:each) do
+              @controller = @controller_class.new
+              allow(@controller).to receive(:params)
+              allow(@controller).to receive(:find_record_from_identifier)
+
+              # sets :authenticate_user_from_token (non-bang) in the before_action
+              expect(@controller_class).to receive(:before_action).with(:authenticate_user_from_token, {})
+              # sets :authenticate_admin_from_token! (bang) in the before_action
+              expect(@controller_class).to receive(:before_action).with(:authenticate_admin_from_token!, {})
+
+              # when falling back to Devise is enabled for Admin but not User
+              @controller_class.acts_as_token_authentication_handler_for User, fallback_to_devise: false
+              @controller_class.acts_as_token_authentication_handler_for Admin, fallback_to_devise: true
+            end
+
+            context 'after no user suceeds token authentication' do
+
+              it 'does nothing', protected: true do
+                # when the user hook is triggered
+                # Devise strategies do not take control of authentication
+                expect(@controller).not_to receive(:authenticate_user!)
+                @controller.authenticate_user_from_token
+              end
+            end
+
+            context 'after no admin succeeds token authentication' do
+
+              it 'does delegate authentication to Devise', protected: true do
+                # when the admin hook is triggered
+                # Devise strategies do take control of authentication
+                expect(@controller).to receive(:authenticate_admin!)
+                @controller.authenticate_admin_from_token!
+              end
+            end
+          end
+        end
+      end
+    end
   end
 end