simple_token_authentication 1.13.0 → 1.14.0

data/spec/configuration/header_names_option_spec.rb

@@ -10,7 +10,7 @@ describe 'Simple Token Authentication' do
 
   describe ':header_names option', header_names_option: true do
 
-    describe 'determines which header fields are looked at for authentication credentials' do
+    describe 'determines which header fields are looked at for authentication credentials', before_filter: true, before_action: true do
 
       before(:each) do
         user = double()
@@ -38,6 +38,7 @@ describe 'Simple Token Authentication' do
         # given a controller class which acts as token authentication handler
         @controller_class = Class.new
         allow(@controller_class).to receive(:before_filter)
+        allow(@controller_class).to receive(:before_action)
         @controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
 
         @controller = @controller_class.new
@@ -394,7 +395,7 @@ describe 'Simple Token Authentication' do
       end
     end
 
-    it 'can be modified from an initializer file', public: true do
+    it 'can be modified from an initializer file', public: true, before_filter: true, before_action: true do
       user = double()
       stub_const('User', user)
       allow(user).to receive(:name).and_return('User')
@@ -412,6 +413,7 @@ describe 'Simple Token Authentication' do
       # given a controller class which acts as token authentication handler
       @controller_class = Class.new
       allow(@controller_class).to receive(:before_filter)
+      allow(@controller_class).to receive(:before_action)
       @controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
 
       # INITIALIZATION

data/spec/configuration/sign_in_token_option_spec.rb

@@ -16,6 +16,7 @@ describe 'Simple Token Authentication' do
         # given a controller class which acts as token authentication handler
         controller_class = Class.new
         allow(controller_class).to receive(:before_filter)
+        allow(controller_class).to receive(:before_action)
         controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
         # and handles authentication for a given model
         controller_class.acts_as_token_authentication_handler_for User
@@ -27,7 +28,9 @@ describe 'Simple Token Authentication' do
         # and both identifier and authentication token are correct
         allow(@controller).to receive(:find_record_from_identifier).and_return(@record)
         allow(@controller).to receive(:token_correct?).and_return(true)
-        allow(@controller).to receive(:env).and_return({})
+        request = double()
+        allow(request).to receive(:env).and_return({})
+        allow(@controller).to receive(:request).and_return(request)
       end
 
       context 'when false' do
@@ -61,6 +64,7 @@ describe 'Simple Token Authentication' do
       # given a controller class which acts as token authentication handler
       controller_class = Class.new
       allow(controller_class).to receive(:before_filter)
+      allow(controller_class).to receive(:before_action)
       controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
 
       allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return('initial value')
@@ -78,8 +82,9 @@ describe 'Simple Token Authentication' do
       # and both identifier and authentication token are correct
       allow(@controller).to receive(:find_record_from_identifier).and_return(@record)
       allow(@controller).to receive(:token_correct?).and_return(true)
-      allow(@controller).to receive(:env).and_return({})
-
+      request = double()
+      allow(request).to receive(:env).and_return({})
+      allow(@controller).to receive(:request).and_return(request)
       # even if modified *after* the class was loaded
       allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return('updated value')
 

data/spec/configuration/skip_devise_trackable_option_spec.rb

@@ -4,7 +4,7 @@ describe SimpleTokenAuthentication do
 
   describe ':skip_devise_trackable option', skip_devise_trackable_option: true do
 
-    describe 'determines if token authentication should increment the tracking statistics' do
+    describe 'determines if token authentication should increment the tracking statistics', before_filter: true, before_action: true do
 
       before(:each) do
         user = double()
@@ -16,6 +16,7 @@ describe SimpleTokenAuthentication do
         # given a controller class which acts as token authentication handler
         controller_class = Class.new
         allow(controller_class).to receive(:before_filter)
+        allow(controller_class).to receive(:before_action)
         controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
         controller_class.acts_as_token_authentication_handler_for User
 
@@ -26,7 +27,9 @@ describe SimpleTokenAuthentication do
         # and both identifier and authentication token are correct
         allow(@controller).to receive(:find_record_from_identifier).and_return(@record)
         allow(@controller).to receive(:token_correct?).and_return(true)
-        allow(@controller).to receive(:env).and_return({})
+        request = double()
+        allow(request).to receive(:env).and_return({})
+        allow(@controller).to receive(:request)
         allow(@controller).to receive(:sign_in)
       end
 
@@ -35,7 +38,7 @@ describe SimpleTokenAuthentication do
         it 'instructs Devise to track token-authentication-related signins' do
           allow(SimpleTokenAuthentication).to receive(:skip_devise_trackable).and_return(true)
 
-          expect(@controller).to receive_message_chain(:env, :[]=).with('devise.skip_trackable', true)
+          expect(@controller).to receive_message_chain(:request,:env, :[]=).with('devise.skip_trackable', true)
           @controller.authenticate_user_from_token
         end
       end
@@ -45,13 +48,13 @@ describe SimpleTokenAuthentication do
         it 'instructs Devise not to track token-authentication-related signins' do
           allow(SimpleTokenAuthentication).to receive(:skip_devise_trackable).and_return(false)
 
-          expect(@controller).to receive_message_chain(:env, :[]=).with('devise.skip_trackable', false)
+          expect(@controller).to receive_message_chain(:request,:env, :[]=).with('devise.skip_trackable', false)
           @controller.authenticate_user_from_token
         end
       end
     end
 
-    it 'can be modified from an initializer file', public: true do
+    it 'can be modified from an initializer file', public: true, before_filter: true, before_action: true do
       user = double()
       stub_const('User', user)
       allow(user).to receive(:name).and_return('User')
@@ -61,6 +64,7 @@ describe SimpleTokenAuthentication do
       # given a controller class which acts as token authentication handler
       controller_class = Class.new
       allow(controller_class).to receive(:before_filter)
+      allow(controller_class).to receive(:before_action)
       controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
 
       allow(SimpleTokenAuthentication).to receive(:skip_devise_trackable).and_return('initial value')
@@ -78,7 +82,7 @@ describe SimpleTokenAuthentication do
       # and both identifier and authentication token are correct
       allow(@controller).to receive(:find_record_from_identifier).and_return(@record)
       allow(@controller).to receive(:token_correct?).and_return(true)
-      allow(@controller).to receive(:env).and_return({})
+      allow(@controller).to receive(:request).and_return({})
       allow(@controller).to receive(:sign_in)
 
       # even if modified *after* the class was loaded
@@ -86,7 +90,7 @@ describe SimpleTokenAuthentication do
 
       # the option updated value is taken into account
       # when token authentication is performed
-      expect(@controller).to receive_message_chain(:env, :[]=).with('devise.skip_trackable', 'updated value')
+      expect(@controller).to receive_message_chain(:request,:env, :[]=).with('devise.skip_trackable', 'updated value')
       @controller.authenticate_user_from_token
     end
   end

data/spec/lib/simple_token_authentication/sign_in_handler_spec.rb

@@ -10,8 +10,11 @@ describe SimpleTokenAuthentication::SignInHandler do
 
     it 'delegates sign in to Devise::Controllers::SignInOut#sign_in through a controller', private: true do
       controller = double()
+      env = double()
+      request = double()
+      allow(request).to receive(:env).and_return({})
+      allow(controller).to receive(:request).and_return(request)
       allow(controller).to receive(:sign_in).with(:record, option: 'some_value').and_return('Devise response.')
-      allow(controller).to receive(:env).and_return({})
 
       # delegating consists in sending the message
       expect(controller).to receive(:sign_in)
@@ -42,7 +45,9 @@ describe SimpleTokenAuthentication::SignInHandler do
       it 'ensures Devise trackable statistics are kept untouched', private: true do
         controller = double()
         env = double()
-        allow(controller).to receive(:env).and_return(env)
+        request = double()
+        allow(request).to receive(:env).and_return(env)
+        allow(controller).to receive(:request).and_return(request)
         expect(env).to receive(:[]=).with('devise.skip_trackable', true)
 
         sign_in_handler.send :integrate_with_devise_trackable!, controller
@@ -59,7 +64,9 @@ describe SimpleTokenAuthentication::SignInHandler do
       it 'ensures Devise trackable statistics are updated', private: true do
         controller = double()
         env = double()
-        allow(controller).to receive(:env).and_return(env)
+        request = double()
+        allow(request).to receive(:env).and_return(env)
+        allow(controller).to receive(:request).and_return(request)
         expect(env).to receive(:[]=).with('devise.skip_trackable', false)
 
         sign_in_handler.send :integrate_with_devise_trackable!, controller

data/spec/lib/simple_token_authentication/token_authentication_handler_spec.rb

@@ -348,7 +348,7 @@ describe 'Any class which includes SimpleTokenAuthentication::TokenAuthenticatio
     end
   end
 
-  describe 'and which supports the :before_filter hook' do
+  describe 'and which supports the :before_filter hook', before_filter: true do
 
     before(:each) do
       allow(subject).to receive(:before_filter)
@@ -519,4 +519,176 @@ describe 'Any class which includes SimpleTokenAuthentication::TokenAuthenticatio
       end
     end
   end
+
+  describe 'and which supports the :before_action hook', before_action: true do
+
+    before(:each) do
+      allow(subject).to receive(:before_action)
+    end
+
+    # User
+
+    context 'and which handles token authentication for User' do
+
+      before(:each) do
+        double_user_model
+      end
+
+      it 'ensures its instances require user to authenticate from token or any Devise strategy before any action', public: true do
+        expect(subject).to receive(:before_action).with(:authenticate_user_from_token!, {})
+        subject.handle_token_authentication_for User
+      end
+
+      context 'and disables the fallback to Devise authentication' do
+
+        let(:options) do
+          { fallback_to_devise: false }
+        end
+
+        it 'ensures its instances require user to authenticate from token before any action', public: true do
+          expect(subject).to receive(:before_action).with(:authenticate_user_from_token, {})
+          subject.handle_token_authentication_for User, options
+        end
+      end
+
+      describe 'instance' do
+
+        before(:each) do
+          double_user_model
+
+          subject.class_eval do
+            handle_token_authentication_for User
+          end
+        end
+
+        it 'responds to :authenticate_user_from_token', protected: true do
+          expect(subject.new).to respond_to :authenticate_user_from_token
+        end
+
+        it 'responds to :authenticate_user_from_token!', protected: true do
+          expect(subject.new).to respond_to :authenticate_user_from_token!
+        end
+
+        it 'does not respond to :authenticate_super_admin_from_token', protected: true do
+          expect(subject.new).not_to respond_to :authenticate_super_admin_from_token
+        end
+
+        it 'does not respond to :authenticate_super_admin_from_token!', protected: true do
+          expect(subject.new).not_to respond_to :authenticate_super_admin_from_token!
+        end
+      end
+    end
+
+    # SuperAdmin
+
+    context 'and which handles token authentication for SuperAdmin' do
+
+      before(:each) do
+        double_super_admin_model
+      end
+
+      it 'ensures its instances require super_admin to authenticate from token or any Devise strategy before any action', public: true do
+        expect(subject).to receive(:before_action).with(:authenticate_super_admin_from_token!, {})
+        subject.handle_token_authentication_for SuperAdmin
+      end
+
+      context 'and disables the fallback to Devise authentication' do
+
+        let(:options) do
+          { fallback_to_devise: false }
+        end
+
+        it 'ensures its instances require super_admin to authenticate from token before any action', public: true do
+          expect(subject).to receive(:before_action).with(:authenticate_super_admin_from_token, {})
+          subject.handle_token_authentication_for SuperAdmin, options
+        end
+      end
+
+      describe 'instance' do
+
+        before(:each) do
+          double_super_admin_model
+
+          subject.class_eval do
+            handle_token_authentication_for SuperAdmin
+          end
+        end
+
+        it 'responds to :authenticate_super_admin_from_token', protected: true do
+          expect(subject.new).to respond_to :authenticate_super_admin_from_token
+        end
+
+        it 'responds to :authenticate_super_admin_from_token!', protected: true do
+          expect(subject.new).to respond_to :authenticate_super_admin_from_token!
+        end
+
+        it 'does not respond to :authenticate_user_from_token', protected: true do
+          expect(subject.new).not_to respond_to :authenticate_user_from_token
+        end
+
+        it 'does not respond to :authenticate_user_from_token!', protected: true do
+          expect(subject.new).not_to respond_to :authenticate_user_from_token!
+        end
+      end
+
+      context 'with the :admin alias', token_authenticatable_aliases_option: true do
+
+        let(:options) do
+          { 'as' => :admin }
+        end
+
+        it 'ensures its instances require admin to authenticate from token or any Devise strategy before any action', public: true do
+          expect(subject).to receive(:before_action).with(:authenticate_admin_from_token!, {})
+          subject.handle_token_authentication_for SuperAdmin, options
+        end
+
+        context 'and disables the fallback to Devise authentication' do
+
+          let(:options) do
+            { as: 'admin', fallback_to_devise: false }
+          end
+
+          it 'ensures its instances require admin to authenticate from token before any action', public: true do
+            expect(subject).to receive(:before_action).with(:authenticate_admin_from_token, {})
+            subject.handle_token_authentication_for SuperAdmin, options
+          end
+        end
+
+        describe 'instance' do
+
+          before(:each) do
+            double_super_admin_model
+
+            subject.class_eval do
+              handle_token_authentication_for SuperAdmin, as: :admin
+            end
+          end
+
+          it 'responds to :authenticate_admin_from_token', protected: true do
+            expect(subject.new).to respond_to :authenticate_admin_from_token
+          end
+
+          it 'responds to :authenticate_admin_from_token!', protected: true do
+            expect(subject.new).to respond_to :authenticate_admin_from_token!
+          end
+
+          it 'does not respond to :authenticate_super_admin_from_token', protected: true do
+            expect(subject.new).not_to respond_to :authenticate_super_admin_from_token
+          end
+
+          it 'does not respond to :authenticate_super_admin_from_token!', protected: true do
+            expect(subject.new).not_to respond_to :authenticate_super_admin_from_token!
+          end
+
+          it 'does not respond to :authenticate_user_from_token', protected: true do
+            expect(subject.new).not_to respond_to :authenticate_user_from_token
+          end
+
+          it 'does not respond to :authenticate_user_from_token!', protected: true do
+            expect(subject.new).not_to respond_to :authenticate_user_from_token!
+          end
+        end
+      end
+    end
+  end
 end

metadata

@@ -1,155 +1,155 @@
 --- !ruby/object:Gem::Specification
 name: simple_token_authentication
 version: !ruby/object:Gem::Version
-  version: 1.13.0
+  version: 1.14.0
 platform: ruby
 authors:
 - Gonzalo Bulnes Guilpain
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-04-20 00:00:00.000000000 Z
+date: 2016-07-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 3.2.6
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 3.2.6
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '6'
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 3.2.6
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 3.2.6
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '6'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '3.2'
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '3.2'
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '6'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
   name: inch
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '0.4'
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 3.2.6
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 3.2.6
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '6'
 - !ruby/object:Gem::Dependency
   name: mongoid
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 3.1.0
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 3.1.0
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '7'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '2.0'
 description: 
@@ -166,7 +166,12 @@ files:
 - Rakefile
 - doc/README.md
 - gemfiles/rails_4_devise_3.gemfile
+- gemfiles/rails_4_devise_3.gemfile.lock
+- gemfiles/rails_4_devise_4.gemfile.lock
+- gemfiles/rails_5_devise_4.gemfile
+- gemfiles/rails_5_devise_4.gemfile.lock
 - gemfiles/ruby_1.9.3_rails_3.2.gemfile
+- gemfiles/ruby_1.9.3_rails_3.2.gemfile.lock
 - lib/simple_token_authentication.rb
 - lib/simple_token_authentication/acts_as_token_authenticatable.rb
 - lib/simple_token_authentication/acts_as_token_authentication_handler.rb
@@ -232,17 +237,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.6.6
 signing_key: 
 specification_version: 4
 summary: Simple (but safe) token authentication for Rails apps or API with Devise.
@@ -283,6 +288,10 @@ test_files:
 - spec/support/spec_for_token_generator_interface.rb
 - spec/support/specs_for_token_authentication_handler_interface.rb
 - gemfiles/rails_4_devise_3.gemfile
+- gemfiles/rails_5_devise_4.gemfile
 - gemfiles/ruby_1.9.3_rails_3.2.gemfile
+- gemfiles/rails_4_devise_3.gemfile.lock
+- gemfiles/rails_4_devise_4.gemfile.lock
+- gemfiles/rails_5_devise_4.gemfile.lock
+- gemfiles/ruby_1.9.3_rails_3.2.gemfile.lock
 - Appraisals
-has_rdoc: