simple_token_authentication 1.15.1 → 1.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: d1cfc09f9666985881a980d32cbbb8d3de790d30
-  data.tar.gz: 118f740c8c52aa8f235b481036350dee1e0931bc
+SHA256:
+  metadata.gz: cce55a8f3ec6efaf7b97a87960e9dd26fb99f772cc7f4ac4dc8d88ded9cfbba2
+  data.tar.gz: 819f681fcd4cc4865e4451726bd751ded237cfed929f8a552afd37a6dc66fd73
 SHA512:
-  metadata.gz: 7472c87182d13976b07b8345412ee2dfc9b4241f6e5ea057e6d9b130f9925a45e26ba92c226f4288a47d907f38bcc15b90680bdd40a5e15882045295499a8190
-  data.tar.gz: e06669aff3044322ee2777786f26d95f9dd7aedd1500eb7c045c2417c9f47a93688c37226dc359a768923e60a1508b5957e22a9db936a9b2a40e02a8ea39e8ec
+  metadata.gz: fec02f6a88f35b138bac9d8d0687f03745ce448f8ad0d66c02261af8999c0cf6cdcc82a3a2b4130eea4cb646121c1049361ccdf1cde965870e90a47326875df6
+  data.tar.gz: 4f4b5db1dbd67282b31dcd22a8c38039a7901450fa3df49456eca0edb1a789f6df590472c8de8a76e4ff164bfa51e2a4f11c5915c1dfc478540923ffb6d06f11

data/Appraisals

@@ -1,7 +1,20 @@
-appraise 'rails_5_devise_4' do
+appraise 'rails_7_devise_4' do
   # use gemspec constraints
 end
 
+appraise 'rails_6_devise_4' do
+  gem "actionmailer", "~> 6.0"
+  gem "actionpack", "~> 6.0"
+  gem "devise", "~> 4.0"
+end
+
+appraise 'rails_5_devise_4' do
+  gem 'actionmailer', '~> 5.0'
+  gem 'actionpack', '~> 5.0'
+  gem 'activerecord', '~> 5.0'
+  gem "devise", "~> 4.0"
+end
+
 appraise 'rails_4_devise_3' do
   gem 'actionmailer', '~> 4.0'
   gem 'actionpack', '~> 4.0'
@@ -13,7 +26,14 @@ appraise 'ruby_1.9.3_rails_3.2' do
   gem 'actionmailer', '>= 3.2.6', '< 4'
   gem 'actionpack', '>= 3.2.6', '< 4'
   gem 'activerecord', '>= 3.2.15', '< 4'
+  gem 'appraisal', '< 2.3'
+  gem 'concurrent-ruby', '< 1.1.10'
   gem 'mime-types', '< 3'
+  gem 'pry', '< 0.13'
+  gem 'rack-cache', '< 1.7.2'
+  gem 'rake', '< 12.3'
   gem 'term-ansicolor', '~> 1.3.0'
+  gem 'thor', '< 1'
   gem 'tins', '< 1.7.0'
+  gem 'yard', '<= 0.9.5'
 end

data/CHANGELOG.md

@@ -3,9 +3,35 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.18.0] - 2022-12-27
+
+### Added
+
+- Add Rails 7 support - @OskarEichler
+
+### Fixed
+
+- Undesirable override of hooks by (no-op) default implementation - @Startouf
+
+## [1.17.0] - 2019-09-21
+
+### Added
+
+- Add Rails 6 support for Mongoid adapter - @unused
+
+## [1.16.0] - 2019-08-20
+
+### Added
+
+- Add Rails 6 support - @MatthiasRMS
+
+### Fixed
+
+- Removed the `Gemfile.lock` - mostly to acknowledge that it was used only in development and is not really needed.
+
 ## [1.15.1] - 2017-01-26
 
-## Fixed
+### Fixed
 
 - Work around [jbuilder][jbuilder] issues caused by the Rails API adapter - @IvRRimum with help from @Pepan
 
@@ -268,6 +294,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 This [gist][gist] did refactor the Jose Valim's code into an `ActiveSupport::Concern`.
 
 [gist]: https://gist.github.com/gonzalo-bulnes/7659739
+[Unreleased]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.18.0...master
+[1.18.0]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.17.0...v1.18.0
+[1.17.0]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.16.0...v1.17.0
+[1.16.0]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.15.1...v1.16.0
 [1.15.1]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.15.0...v1.15.1
 [1.15.0]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.14.0...v1.15.0
 [1.14.0]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.13.0...v1.14.0
@@ -300,4 +330,3 @@ This [gist][gist] did refactor the Jose Valim's code into an `ActiveSupport::Con
 ## Inspiration
 
 Thanks to @nTraum for pointing me at http://keepachangelog.com and to @olivierlacan for writing it in the first place!
-

data/README.md

@@ -2,13 +2,11 @@ Simple Token Authentication
 ===========================
 
 [![Gem Version](https://badge.fury.io/rb/simple_token_authentication.svg)](http://badge.fury.io/rb/simple_token_authentication)
-[![Build Status](https://travis-ci.org/gonzalo-bulnes/simple_token_authentication.svg?branch=master)](https://travis-ci.org/gonzalo-bulnes/simple_token_authentication)
+[![Build Status](https://github.com/gonzalo-bulnes/simple_token_authentication/actions/workflows/test.yml/badge.svg?branch=master)](https://github.com/gonzalo-bulnes/simple_token_authentication/actions/workflows/test.yml)
 [![Code Climate](https://codeclimate.com/github/gonzalo-bulnes/simple_token_authentication.svg)](https://codeclimate.com/github/gonzalo-bulnes/simple_token_authentication)
-[![Dependency Status](https://gemnasium.com/gonzalo-bulnes/simple_token_authentication.svg)](https://gemnasium.com/gonzalo-bulnes/simple_token_authentication)
-[![security](https://hakiri.io/github/gonzalo-bulnes/simple_token_authentication/master.svg)](https://hakiri.io/github/gonzalo-bulnes/simple_token_authentication/master)
 [![Inline docs](http://inch-ci.org/github/gonzalo-bulnes/simple_token_authentication.svg?branch=master)](http://inch-ci.org/github/gonzalo-bulnes/simple_token_authentication)
 
-Token authentication support has been removed from [Devise][devise] for security reasons. In [this gist][original-gist], Devise's [José Valim][josevalim] explains how token authentication should be performed in order to remain safe.
+Token authentication support has been removed from [Devise][devise] for security reasons. In [this gist][original-gist], Devise's [José Valim][josevalim] explains how token authentication should be performed in order to remain safe (see important warning below).
 
 This gem packages the content of the gist and provides a set of convenient options for increased flexibility.
 
@@ -21,6 +19,21 @@ This gem packages the content of the gist and provides a set of convenient optio
   [josevalim]: https://github.com/josevalim
   [gonzalo-bulnes]: https://github.com/gonzalo-bulnes
 
+Security notice
+---------------
+
+![Last independent audit](https://img.shields.io/badge/Last%20independent%20audit-never-red)
+
+**Security notice**: As the name of the gem indicates, it provides a very basic mechanism for token authentication. If your tokens are not discarded after a single use, or you don't know how to mitigate [**replay attacks**][replay-attack], then you should look at alternatives. (Simple Token Authentication doesn't mitigate those attacks for you.)
+
+In other words: if you don't know why _Simple Token Authentication_ is safe to use in your specific use case, then it probably isn't.
+
+**So... what does the gem do?** Simple Token Authentication allows to generate, revoke, and safely compare tokens for authentication purposes. That's not the only thing you need to implement a safe authentication protocol, but it can be a part of it.
+
+  [replay-attack]: https://en.wikipedia.org/wiki/Replay_attack
+
+**Personal note**: I've used the gem to manage single-use sign-in links sent by email (that's what I created it for). I would use it again for that purpose. Please do your research and check carefully if this tool is adequate to your level of experience and threat model. -- [GB][gonzalo-bulnes]
+
 Installation
 ------------
 
@@ -238,10 +251,16 @@ end
 Usage
 -----
 
+
 ### Tokens Generation
 
 Assuming `user` is an instance of `User`, which is _token authenticatable_: each time `user` will be saved, and `user.authentication_token.blank?` it receives a new and unique authentication token (via `Devise.friendly_token`).
 
+### Token Request
+
+Simple Token Authentication only provides the functionality to authenticate a user based on their authentication_token.
+For example how to setup your controller to get the token at first please check this [wiki](https://github.com/gonzalo-bulnes/simple_token_authentication/wiki/Initial-Devise-sign-in)
+
 ### Authentication Method 1: Query Params
 
 You can authenticate passing the `user_email` and `user_token` params as query params:
@@ -277,7 +296,7 @@ To use no fallback when token authentication fails, set `fallback: :none`.
 
 ### Hooks
 
-One hook is currently available to trigger custom behaviour after an user has been successfully authenticated through token authentication. To use it, override the `after_successful_token_authentication` method in the corresponding token authentication handler:
+One hook is currently available to trigger custom behaviour after an user has been successfully authenticated through token authentication. To use it, implement or mixin a module with an `after_successful_token_authentication` method that will be ran after authentication from a token authentication handler:
 
 ```ruby
 # app/controller/application_controller.rb
@@ -348,7 +367,7 @@ RSpec [tags][tags] are used to categorize the spec examples.
 
 Spec examples that are tagged as `public` describe aspects of the gem public API, and MAY be considered as the gem documentation.
 
-The `private` or `protected` specs are written for development purpose only. Because they describe internal behaviour which may change at any moment without notice, they are only executed as a secondary task by the [continuous integration service][travis] and SHOULD be ignored.
+The `private` or `protected` specs are written for development purpose only. Because they describe internal behaviour which may change at any moment without notice, they are only executed as a secondary task by the [continuous integration service][ci] and SHOULD be ignored.
 
 Run `rake spec:public` to print the gem public documentation.
 
@@ -358,7 +377,7 @@ Run `rake spec:public` to print the gem public documentation.
   [regression]: https://github.com/gonzalo-bulnes/simple_token_authentication/wiki/Regression-Testing
   [rspec]: https://www.relishapp.com/rspec/rspec-rails/docs
   [tags]: https://www.relishapp.com/rspec/rspec-core/v/3-1/docs/command-line/tag-option
-  [travis]: https://travis-ci.org/gonzalo-bulnes/simple_token_authentication/builds
+  [ci]: https://github.com/gonzalo-bulnes/simple_token_authentication/actions
 
 ### Contributions
 
@@ -384,7 +403,7 @@ License
 -------
 
     Simple Token Authentication
-    Copyright (C) 2013, 2014, 2015, 2016, 2017 Gonzalo Bulnes Guilpain
+    Copyright (C) 2013‒2022 Gonzalo Bulnes Guilpain
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by

data/gemfiles/rails_4_devise_3.gemfile

@@ -7,4 +7,4 @@ gem "actionpack", "~> 4.0"
 gem "activerecord", "~> 4.0"
 gem "devise", "~> 3.2"
 
-gemspec :path => "../"
+gemspec path: "../"

data/gemfiles/rails_5_devise_4.gemfile

@@ -2,4 +2,9 @@
 
 source "https://rubygems.org"
 
-gemspec :path => "../"
+gem "actionmailer", "~> 5.0"
+gem "actionpack", "~> 5.0"
+gem "activerecord", "~> 5.0"
+gem "devise", "~> 4.0"
+
+gemspec path: "../"

data/gemfiles/rails_6_devise_4.gemfile

@@ -0,0 +1,9 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "actionmailer", "~> 6.0"
+gem "actionpack", "~> 6.0"
+gem "devise", "~> 4.0"
+
+gemspec path: "../"

data/gemfiles/rails_7_devise_4.gemfile

@@ -0,0 +1,5 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gemspec path: "../"

data/gemfiles/ruby_1.9.3_rails_3.2.gemfile

@@ -5,8 +5,15 @@ source "https://rubygems.org"
 gem "actionmailer", ">= 3.2.6", "< 4"
 gem "actionpack", ">= 3.2.6", "< 4"
 gem "activerecord", ">= 3.2.15", "< 4"
+gem "appraisal", "< 2.3"
+gem "concurrent-ruby", "< 1.1.10"
 gem "mime-types", "< 3"
+gem "pry", "< 0.13"
+gem "rack-cache", "< 1.7.2"
+gem "rake", "< 12.3"
 gem "term-ansicolor", "~> 1.3.0"
+gem "thor", "< 1"
 gem "tins", "< 1.7.0"
+gem "yard", "<= 0.9.5"
 
-gemspec :path => "../"
+gemspec path: "../"

data/gemfiles/ruby_1.9.3_rails_3.2.gemfile.lock

@@ -0,0 +1,154 @@
+PATH
+  remote: ../
+  specs:
+    simple_token_authentication (1.17.0)
+      actionmailer (>= 3.2.6, < 8)
+      actionpack (>= 3.2.6, < 8)
+      devise (>= 3.2, < 6)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (3.2.22.5)
+      actionpack (= 3.2.22.5)
+      mail (~> 2.5.4)
+    actionpack (3.2.22.5)
+      activemodel (= 3.2.22.5)
+      activesupport (= 3.2.22.5)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.22.5)
+      activesupport (= 3.2.22.5)
+      builder (~> 3.0.0)
+    activerecord (3.2.22.5)
+      activemodel (= 3.2.22.5)
+      activesupport (= 3.2.22.5)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activesupport (3.2.22.5)
+      i18n (~> 0.6, >= 0.6.4)
+      multi_json (~> 1.0)
+    appraisal (2.2.0)
+      bundler
+      rake
+      thor (>= 0.14.0)
+    arel (3.0.3)
+    bcrypt (3.1.18)
+    builder (3.0.4)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.9)
+    devise (3.5.10)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      responders
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
+    diff-lcs (1.5.0)
+    erubis (2.7.0)
+    hike (1.2.3)
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
+    inch (0.7.1)
+      pry
+      sparkr (>= 0.2.0)
+      term-ansicolor
+      yard (~> 0.8.7.5)
+    journey (1.0.4)
+    json (1.8.6)
+    mail (2.5.5)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    method_source (0.9.2)
+    mime-types (1.25.1)
+    mongoid (3.1.7)
+      activemodel (~> 3.2)
+      moped (~> 1.4)
+      origin (~> 1.0)
+      tzinfo (~> 0.3.29)
+    moped (1.5.3)
+    multi_json (1.15.0)
+    origin (1.1.0)
+    orm_adapter (0.5.0)
+    polyglot (0.3.5)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    rack (1.4.7)
+    rack-cache (1.7.1)
+      rack (>= 0.4)
+    rack-ssl (1.3.4)
+      rack
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    railties (3.2.22.5)
+      actionpack (= 3.2.22.5)
+      activesupport (= 3.2.22.5)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (12.2.1)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    responders (1.1.2)
+      railties (>= 3.2, < 4.2)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.0)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.0)
+    sparkr (0.4.1)
+    sprockets (2.2.3)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    term-ansicolor (1.3.2)
+      tins (~> 1.0)
+    thor (0.20.3)
+    thread_safe (0.3.6)
+    tilt (1.4.1)
+    tins (1.6.0)
+    treetop (1.4.15)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.61)
+    warden (1.2.7)
+      rack (>= 1.0)
+    yard (0.8.7.6)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  actionmailer (>= 3.2.6, < 4)
+  actionpack (>= 3.2.6, < 4)
+  activerecord (>= 3.2.15, < 4)
+  appraisal (< 2.3)
+  concurrent-ruby (< 1.1.10)
+  inch (~> 0.4)
+  mime-types (< 3)
+  mongoid (>= 3.1.0, < 9)
+  pry (< 0.13)
+  rack-cache (< 1.7.2)
+  rake (< 12.3)
+  rspec (~> 3.0)
+  simple_token_authentication!
+  term-ansicolor (~> 1.3.0)
+  thor (< 1)
+  tins (< 1.7.0)
+  yard (<= 0.9.5)

data/lib/simple_token_authentication/acts_as_token_authenticatable.rb

@@ -32,7 +32,7 @@ module SimpleTokenAuthentication
     end
 
     def token_suitable?(token)
-      self.class.where(authentication_token: token).count == 0
+      self.class.unscoped.where(authentication_token: token).count == 0
     end
 
     def token_generator

data/lib/simple_token_authentication/errors.rb

@@ -12,7 +12,7 @@ module SimpleTokenAuthentication
 
             # Gemfile
 
-            gem 'mongoid', '~> 4.0' # for example
+            gem 'mongoid', '~> 7.0.5' # for example
             gem 'simple_token_authentication', '~> 1.0'
 
         See https://github.com/gonzalo-bulnes/simple_token_authentication/issues/158

data/lib/simple_token_authentication/token_authentication_handler.rb

@@ -27,20 +27,12 @@ module SimpleTokenAuthentication
       private :integrate_with_devise_case_insensitive_keys
     end
 
-    # This method is a hook and is meant to be overridden.
-    #
-    # It is not expected to return anything special,
-    # only its side effects will be used.
-    def after_successful_token_authentication
-      # intentionally left blank
-    end
-
     def authenticate_entity_from_token!(entity)
       record = find_record_from_identifier(entity)
 
       if token_correct?(record, entity, token_comparator)
         perform_sign_in!(record, sign_in_handler)
-        after_successful_token_authentication
+        after_successful_token_authentication if respond_to?(:after_successful_token_authentication)
       end
     end
 

data/lib/simple_token_authentication/version.rb

@@ -1,3 +1,3 @@
 module SimpleTokenAuthentication
-  VERSION = "1.15.1".freeze
+  VERSION = "1.18.0".freeze
 end

data/spec/configuration/sign_in_token_option_spec.rb

@@ -38,7 +38,7 @@ describe 'Simple Token Authentication' do
         it 'does instruct Devise not to store the session', public: true do
           allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return(false)
 
-          expect(@controller).to receive(:sign_in).with(@record, store: false)
+          expect(@controller).to receive(:sign_in).with(@record, { store: false })
           @controller.authenticate_user_from_token
         end
       end
@@ -48,7 +48,7 @@ describe 'Simple Token Authentication' do
         it 'does instruct Devise to store the session', public: true do
           allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return(true)
 
-          expect(@controller).to receive(:sign_in).with(@record, store: true)
+          expect(@controller).to receive(:sign_in).with(@record, { store: true })
           @controller.authenticate_user_from_token
         end
       end
@@ -90,7 +90,7 @@ describe 'Simple Token Authentication' do
 
       # the option updated value is taken into account
       # when token authentication is performed
-      expect(@controller).to receive(:sign_in).with(@record, store: 'updated value')
+      expect(@controller).to receive(:sign_in).with(@record, { store: 'updated value' })
       @controller.authenticate_user_from_token
     end
   end

data/spec/lib/simple_token_authentication/sign_in_handler_spec.rb

@@ -14,7 +14,7 @@ describe SimpleTokenAuthentication::SignInHandler do
       request = double()
       allow(request).to receive(:env).and_return({})
       allow(controller).to receive(:request).and_return(request)
-      allow(controller).to receive(:sign_in).with(:record, option: 'some_value').and_return('Devise response.')
+      allow(controller).to receive(:sign_in).with(:record, { option: 'some_value' }).and_return('Devise response.')
 
       # delegating consists in sending the message
       expect(controller).to receive(:sign_in)

data/spec/lib/simple_token_authentication/token_authentication_handler_spec.rb

@@ -697,25 +697,44 @@ describe 'Any class which includes SimpleTokenAuthentication::TokenAuthenticatio
     let(:token_authentication_handler) { described_class.new }
 
     before(:each) do
-        allow(token_authentication_handler).to receive(:find_record_from_identifier)
-        allow(token_authentication_handler).to receive(:perform_sign_in!)
-        allow(token_authentication_handler).to receive(:token_correct?).and_return(false)
+      allow(token_authentication_handler).to receive(:find_record_from_identifier)
+      allow(token_authentication_handler).to receive(:perform_sign_in!)
+      allow(token_authentication_handler).to receive(:token_correct?).and_return(false)
     end
 
-    it 'does not trigger the :after_successful_token_authentication hook', hooks: true, private: true do
-      expect(token_authentication_handler).not_to receive(:after_successful_token_authentication)
-      token_authentication_handler.send(:authenticate_entity_from_token!, double)
-    end
+    context 'when authentication is not succesful and the handler implements the :after_successful_token_authentication hook', private: true do
+      before(:each) do
+        allow(token_authentication_handler).to receive(:token_correct?).and_return(false)
+        allow(token_authentication_handler).to receive(:after_successful_token_authentication)
+      end
 
-    context 'after successful authentication' do
+      it 'does not trigger the :after_successful_token_authentication hook' do
+        token_authentication_handler.send(:authenticate_entity_from_token!, double)
+        expect(token_authentication_handler).not_to have_received(:after_successful_token_authentication)
+      end
+    end
 
+    context 'when authentication is succesful' do
       before(:each) do
         allow(token_authentication_handler).to receive(:token_correct?).and_return(true)
       end
 
-      it 'calls the :after_successful_token_authentication hook', hooks: true, protected: true do
-        expect(token_authentication_handler).to receive(:after_successful_token_authentication).once
-        token_authentication_handler.send(:authenticate_entity_from_token!, double)
+      context 'when the handler does not implement :after_successful_token_authentication', protected: true do
+        it 'does not trigger the :after_successful_token_authentication hook' do
+          expect(token_authentication_handler).not_to respond_to(:after_successful_token_authentication)
+          expect { token_authentication_handler.send(:authenticate_entity_from_token!, double) }.not_to raise_error
+        end
+      end
+
+      context 'when the handler implements :after_successful_token_authentication', protected: true do
+        before(:each) do
+          allow(token_authentication_handler).to receive(:after_successful_token_authentication)
+        end
+
+        it 'calls the :after_successful_token_authentication hook' do
+          token_authentication_handler.send(:authenticate_entity_from_token!, double)
+          expect(token_authentication_handler).to have_received(:after_successful_token_authentication).once
+        end
       end
     end
   end

data/spec/spec_helper.rb

@@ -3,7 +3,6 @@ Bundler.setup
 
 require 'action_controller'
 require 'active_record'
-require 'mongoid'
 require 'active_support'
 
 require 'simple_token_authentication'

data/spec/support/specs_for_token_authentication_handler_interface.rb

@@ -7,9 +7,8 @@ RSpec.shared_examples 'a token authentication handler' do
   end
 
   describe 'instance' do
-
-    it 'responds to :after_successful_token_authentication', hooks: true, private: true do
-      expect(token_authentication_handler.new).to respond_to :after_successful_token_authentication
+    it 'does not implement :after_successful_token_authentication by default', private: true do
+      expect(token_authentication_handler.new).not_to respond_to :after_successful_token_authentication
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: simple_token_authentication
 version: !ruby/object:Gem::Version
-  version: 1.15.1
+  version: 1.18.0
 platform: ruby
 authors:
 - Gonzalo Bulnes Guilpain
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-26 00:00:00.000000000 Z
+date: 2022-12-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer
@@ -19,7 +19,7 @@ dependencies:
         version: 3.2.6
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: 3.2.6
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '8'
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
@@ -39,7 +39,7 @@ dependencies:
         version: 3.2.6
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -49,7 +49,7 @@ dependencies:
         version: 3.2.6
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '8'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
@@ -107,7 +107,7 @@ dependencies:
         version: 3.2.6
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -117,7 +117,7 @@ dependencies:
         version: 3.2.6
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '8'
 - !ruby/object:Gem::Dependency
   name: mongoid
   requirement: !ruby/object:Gem::Requirement
@@ -127,7 +127,7 @@ dependencies:
         version: 3.1.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7'
+        version: '9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -137,7 +137,7 @@ dependencies:
         version: 3.1.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7'
+        version: '9'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -166,10 +166,11 @@ files:
 - Rakefile
 - doc/README.md
 - gemfiles/rails_4_devise_3.gemfile
-- gemfiles/rails_4_devise_3.gemfile.lock
 - gemfiles/rails_5_devise_4.gemfile
-- gemfiles/rails_5_devise_4.gemfile.lock
+- gemfiles/rails_6_devise_4.gemfile
+- gemfiles/rails_7_devise_4.gemfile
 - gemfiles/ruby_1.9.3_rails_3.2.gemfile
+- gemfiles/ruby_1.9.3_rails_3.2.gemfile.lock
 - lib/simple_token_authentication.rb
 - lib/simple_token_authentication/acts_as_token_authenticatable.rb
 - lib/simple_token_authentication/acts_as_token_authentication_handler.rb
@@ -244,51 +245,50 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Simple (but safe) token authentication for Rails apps or API with Devise.
 test_files:
-- spec/configuration/action_controller_callbacks_options_spec.rb
-- spec/configuration/fallback_to_devise_option_spec.rb
-- spec/configuration/header_names_option_spec.rb
+- spec/support/spec_for_entities_manager_interface.rb
+- spec/support/dummy_classes_helper.rb
+- spec/support/spec_for_adapter.rb
+- spec/support/spec_for_configuration_option_interface.rb
+- spec/support/spec_for_sign_in_handler_interface.rb
+- spec/support/spec_for_authentication_handler_interface.rb
+- spec/support/spec_for_token_generator_interface.rb
+- spec/support/spec_for_fallback_handler_interface.rb
+- spec/support/specs_for_token_authentication_handler_interface.rb
+- spec/support/spec_for_token_comparator_interface.rb
 - spec/configuration/sign_in_token_option_spec.rb
+- spec/configuration/header_names_option_spec.rb
 - spec/configuration/skip_devise_trackable_option_spec.rb
-- spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb
-- spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb
-- spec/lib/simple_token_authentication/adapter_spec.rb
+- spec/configuration/fallback_to_devise_option_spec.rb
+- spec/configuration/action_controller_callbacks_options_spec.rb
+- spec/lib/simple_token_authentication/adapters/rails_metal_adapter_spec.rb
+- spec/lib/simple_token_authentication/adapters/rails_api_adapter_spec.rb
 - spec/lib/simple_token_authentication/adapters/active_record_adapter_spec.rb
 - spec/lib/simple_token_authentication/adapters/mongoid_adapter_spec.rb
 - spec/lib/simple_token_authentication/adapters/rails_adapter_spec.rb
-- spec/lib/simple_token_authentication/adapters/rails_api_adapter_spec.rb
-- spec/lib/simple_token_authentication/adapters/rails_metal_adapter_spec.rb
+- spec/lib/simple_token_authentication/sign_in_handler_spec.rb
+- spec/lib/simple_token_authentication/token_comparator_spec.rb
+- spec/lib/simple_token_authentication/token_generator_spec.rb
+- spec/lib/simple_token_authentication/exception_fallback_handler_spec.rb
 - spec/lib/simple_token_authentication/configuration_spec.rb
+- spec/lib/simple_token_authentication/errors_spec.rb
+- spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb
 - spec/lib/simple_token_authentication/devise_fallback_handler_spec.rb
+- spec/lib/simple_token_authentication/token_authentication_handler_spec.rb
 - spec/lib/simple_token_authentication/entities_manager_spec.rb
+- spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb
+- spec/lib/simple_token_authentication/adapter_spec.rb
 - spec/lib/simple_token_authentication/entity_spec.rb
-- spec/lib/simple_token_authentication/errors_spec.rb
-- spec/lib/simple_token_authentication/exception_fallback_handler_spec.rb
-- spec/lib/simple_token_authentication/sign_in_handler_spec.rb
-- spec/lib/simple_token_authentication/token_authentication_handler_spec.rb
-- spec/lib/simple_token_authentication/token_comparator_spec.rb
-- spec/lib/simple_token_authentication/token_generator_spec.rb
 - spec/lib/simple_token_authentication_spec.rb
 - spec/spec_helper.rb
-- spec/support/dummy_classes_helper.rb
-- spec/support/spec_for_adapter.rb
-- spec/support/spec_for_authentication_handler_interface.rb
-- spec/support/spec_for_configuration_option_interface.rb
-- spec/support/spec_for_entities_manager_interface.rb
-- spec/support/spec_for_fallback_handler_interface.rb
-- spec/support/spec_for_sign_in_handler_interface.rb
-- spec/support/spec_for_token_comparator_interface.rb
-- spec/support/spec_for_token_generator_interface.rb
-- spec/support/specs_for_token_authentication_handler_interface.rb
-- gemfiles/rails_4_devise_3.gemfile
 - gemfiles/rails_5_devise_4.gemfile
+- gemfiles/rails_4_devise_3.gemfile
+- gemfiles/rails_6_devise_4.gemfile
+- gemfiles/rails_7_devise_4.gemfile
 - gemfiles/ruby_1.9.3_rails_3.2.gemfile
-- gemfiles/rails_4_devise_3.gemfile.lock
-- gemfiles/rails_5_devise_4.gemfile.lock
+- gemfiles/ruby_1.9.3_rails_3.2.gemfile.lock
 - Appraisals
-has_rdoc: 

data/gemfiles/rails_4_devise_3.gemfile.lock

@@ -1,159 +0,0 @@
-PATH
-  remote: ../
-  specs:
-    simple_token_authentication (1.15.0)
-      actionmailer (>= 3.2.6, < 6)
-      actionpack (>= 3.2.6, < 6)
-      devise (>= 3.2, < 6)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actionmailer (4.2.7.1)
-      actionpack (= 4.2.7.1)
-      actionview (= 4.2.7.1)
-      activejob (= 4.2.7.1)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.7.1)
-      actionview (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
-      rack (~> 1.6)
-      rack-test (~> 0.6.2)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.7.1)
-      activesupport (= 4.2.7.1)
-      builder (~> 3.1)
-      erubis (~> 2.7.0)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activejob (4.2.7.1)
-      activesupport (= 4.2.7.1)
-      globalid (>= 0.3.0)
-    activemodel (4.2.7.1)
-      activesupport (= 4.2.7.1)
-      builder (~> 3.1)
-    activerecord (4.2.7.1)
-      activemodel (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
-      arel (~> 6.0)
-    activesupport (4.2.7.1)
-      i18n (~> 0.7)
-      json (~> 1.7, >= 1.7.7)
-      minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
-      tzinfo (~> 1.1)
-    appraisal (2.1.0)
-      bundler
-      rake
-      thor (>= 0.14.0)
-    arel (6.0.4)
-    bcrypt (3.1.11)
-    bson (4.2.1)
-    builder (3.2.3)
-    coderay (1.1.1)
-    devise (3.5.10)
-      bcrypt (~> 3.0)
-      orm_adapter (~> 0.1)
-      railties (>= 3.2.6, < 5)
-      responders
-      thread_safe (~> 0.1)
-      warden (~> 1.2.3)
-    diff-lcs (1.2.5)
-    erubis (2.7.0)
-    globalid (0.3.7)
-      activesupport (>= 4.1.0)
-    i18n (0.7.0)
-    inch (0.7.1)
-      pry
-      sparkr (>= 0.2.0)
-      term-ansicolor
-      yard (~> 0.8.7.5)
-    json (1.8.6)
-    loofah (2.0.3)
-      nokogiri (>= 1.5.9)
-    mail (2.6.4)
-      mime-types (>= 1.16, < 4)
-    method_source (0.8.2)
-    mime-types (3.1)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0521)
-    mini_portile2 (2.1.0)
-    minitest (5.10.1)
-    mongo (2.4.1)
-      bson (>= 4.2.1, < 5.0.0)
-    mongoid (5.1.6)
-      activemodel (~> 4.0)
-      mongo (~> 2.1)
-      origin (~> 2.2)
-      tzinfo (>= 0.3.37)
-    nokogiri (1.7.0.1)
-      mini_portile2 (~> 2.1.0)
-    origin (2.3.0)
-    orm_adapter (0.5.0)
-    pry (0.10.4)
-      coderay (~> 1.1.0)
-      method_source (~> 0.8.1)
-      slop (~> 3.4)
-    rack (1.6.5)
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rails-deprecated_sanitizer (1.0.3)
-      activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.8)
-      activesupport (>= 4.2.0.beta, < 5.0)
-      nokogiri (~> 1.6)
-      rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
-    railties (4.2.7.1)
-      actionpack (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rake (12.0.0)
-    responders (2.3.0)
-      railties (>= 4.2.0, < 5.1)
-    rspec (3.5.0)
-      rspec-core (~> 3.5.0)
-      rspec-expectations (~> 3.5.0)
-      rspec-mocks (~> 3.5.0)
-    rspec-core (3.5.4)
-      rspec-support (~> 3.5.0)
-    rspec-expectations (3.5.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-mocks (3.5.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-support (3.5.0)
-    slop (3.6.0)
-    sparkr (0.4.1)
-    term-ansicolor (1.4.0)
-      tins (~> 1.0)
-    thor (0.19.4)
-    thread_safe (0.3.5)
-    tins (1.13.0)
-    tzinfo (1.2.2)
-      thread_safe (~> 0.1)
-    warden (1.2.6)
-      rack (>= 1.0)
-    yard (0.8.7.6)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  actionmailer (~> 4.0)
-  actionpack (~> 4.0)
-  activerecord (~> 4.0)
-  appraisal (~> 2.0)
-  devise (~> 3.2)
-  inch (~> 0.4)
-  mongoid (>= 3.1.0, < 7)
-  rspec (~> 3.0)
-  simple_token_authentication!
-
-BUNDLED WITH
-   1.13.6

data/gemfiles/rails_5_devise_4.gemfile.lock

@@ -1,148 +0,0 @@
-PATH
-  remote: ../
-  specs:
-    simple_token_authentication (1.15.0)
-      actionmailer (>= 3.2.6, < 6)
-      actionpack (>= 3.2.6, < 6)
-      devise (>= 3.2, < 6)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actionmailer (5.0.1)
-      actionpack (= 5.0.1)
-      actionview (= 5.0.1)
-      activejob (= 5.0.1)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
-    actionpack (5.0.1)
-      actionview (= 5.0.1)
-      activesupport (= 5.0.1)
-      rack (~> 2.0)
-      rack-test (~> 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.0.1)
-      activesupport (= 5.0.1)
-      builder (~> 3.1)
-      erubis (~> 2.7.0)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activejob (5.0.1)
-      activesupport (= 5.0.1)
-      globalid (>= 0.3.6)
-    activemodel (5.0.1)
-      activesupport (= 5.0.1)
-    activerecord (5.0.1)
-      activemodel (= 5.0.1)
-      activesupport (= 5.0.1)
-      arel (~> 7.0)
-    activesupport (5.0.1)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    appraisal (2.1.0)
-      bundler
-      rake
-      thor (>= 0.14.0)
-    arel (7.1.4)
-    bcrypt (3.1.11)
-    bson (4.2.1)
-    builder (3.2.3)
-    coderay (1.1.1)
-    concurrent-ruby (1.0.4)
-    devise (4.2.0)
-      bcrypt (~> 3.0)
-      orm_adapter (~> 0.1)
-      railties (>= 4.1.0, < 5.1)
-      responders
-      warden (~> 1.2.3)
-    diff-lcs (1.2.5)
-    erubis (2.7.0)
-    globalid (0.3.7)
-      activesupport (>= 4.1.0)
-    i18n (0.7.0)
-    inch (0.7.1)
-      pry
-      sparkr (>= 0.2.0)
-      term-ansicolor
-      yard (~> 0.8.7.5)
-    loofah (2.0.3)
-      nokogiri (>= 1.5.9)
-    mail (2.6.4)
-      mime-types (>= 1.16, < 4)
-    method_source (0.8.2)
-    mime-types (3.1)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0521)
-    mini_portile2 (2.1.0)
-    minitest (5.10.1)
-    mongo (2.4.1)
-      bson (>= 4.2.1, < 5.0.0)
-    mongoid (6.0.3)
-      activemodel (~> 5.0)
-      mongo (~> 2.3)
-    nokogiri (1.7.0.1)
-      mini_portile2 (~> 2.1.0)
-    orm_adapter (0.5.0)
-    pry (0.10.4)
-      coderay (~> 1.1.0)
-      method_source (~> 0.8.1)
-      slop (~> 3.4)
-    rack (2.0.1)
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rails-dom-testing (2.0.2)
-      activesupport (>= 4.2.0, < 6.0)
-      nokogiri (~> 1.6)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
-    railties (5.0.1)
-      actionpack (= 5.0.1)
-      activesupport (= 5.0.1)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rake (12.0.0)
-    responders (2.3.0)
-      railties (>= 4.2.0, < 5.1)
-    rspec (3.5.0)
-      rspec-core (~> 3.5.0)
-      rspec-expectations (~> 3.5.0)
-      rspec-mocks (~> 3.5.0)
-    rspec-core (3.5.4)
-      rspec-support (~> 3.5.0)
-    rspec-expectations (3.5.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-mocks (3.5.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-support (3.5.0)
-    slop (3.6.0)
-    sparkr (0.4.1)
-    term-ansicolor (1.4.0)
-      tins (~> 1.0)
-    thor (0.19.4)
-    thread_safe (0.3.5)
-    tins (1.13.0)
-    tzinfo (1.2.2)
-      thread_safe (~> 0.1)
-    warden (1.2.6)
-      rack (>= 1.0)
-    yard (0.8.7.6)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  activerecord (>= 3.2.6, < 6)
-  appraisal (~> 2.0)
-  inch (~> 0.4)
-  mongoid (>= 3.1.0, < 7)
-  rspec (~> 3.0)
-  simple_token_authentication!
-
-BUNDLED WITH
-   1.13.6