simple_token_authentication 1.17.0 → 1.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Appraisals +14 -1
- data/CHANGELOG.md +12 -1
- data/README.md +27 -7
- data/gemfiles/rails_5_devise_4.gemfile +1 -0
- data/gemfiles/rails_6_devise_4.gemfile +4 -0
- data/gemfiles/rails_7_devise_4.gemfile +5 -0
- data/gemfiles/ruby_1.9.3_rails_3.2.gemfile +6 -0
- data/gemfiles/ruby_1.9.3_rails_3.2.gemfile.lock +49 -46
- data/lib/simple_token_authentication/acts_as_token_authenticatable.rb +1 -1
- data/lib/simple_token_authentication/token_authentication_handler.rb +1 -9
- data/lib/simple_token_authentication/version.rb +1 -1
- data/spec/configuration/sign_in_token_option_spec.rb +3 -3
- data/spec/lib/simple_token_authentication/adapters/mongoid_adapter_spec.rb +1 -1
- data/spec/lib/simple_token_authentication/sign_in_handler_spec.rb +1 -1
- data/spec/lib/simple_token_authentication/token_authentication_handler_spec.rb +30 -11
- data/spec/support/specs_for_token_authentication_handler_interface.rb +2 -3
- metadata +42 -41
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cce55a8f3ec6efaf7b97a87960e9dd26fb99f772cc7f4ac4dc8d88ded9cfbba2
|
|
4
|
+
data.tar.gz: 819f681fcd4cc4865e4451726bd751ded237cfed929f8a552afd37a6dc66fd73
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fec02f6a88f35b138bac9d8d0687f03745ce448f8ad0d66c02261af8999c0cf6cdcc82a3a2b4130eea4cb646121c1049361ccdf1cde965870e90a47326875df6
|
|
7
|
+
data.tar.gz: 4f4b5db1dbd67282b31dcd22a8c38039a7901450fa3df49456eca0edb1a789f6df590472c8de8a76e4ff164bfa51e2a4f11c5915c1dfc478540923ffb6d06f11
|
data/Appraisals
CHANGED
|
@@ -1,11 +1,18 @@
|
|
|
1
|
-
appraise '
|
|
1
|
+
appraise 'rails_7_devise_4' do
|
|
2
2
|
# use gemspec constraints
|
|
3
3
|
end
|
|
4
4
|
|
|
5
|
+
appraise 'rails_6_devise_4' do
|
|
6
|
+
gem "actionmailer", "~> 6.0"
|
|
7
|
+
gem "actionpack", "~> 6.0"
|
|
8
|
+
gem "devise", "~> 4.0"
|
|
9
|
+
end
|
|
10
|
+
|
|
5
11
|
appraise 'rails_5_devise_4' do
|
|
6
12
|
gem 'actionmailer', '~> 5.0'
|
|
7
13
|
gem 'actionpack', '~> 5.0'
|
|
8
14
|
gem 'activerecord', '~> 5.0'
|
|
15
|
+
gem "devise", "~> 4.0"
|
|
9
16
|
end
|
|
10
17
|
|
|
11
18
|
appraise 'rails_4_devise_3' do
|
|
@@ -19,8 +26,14 @@ appraise 'ruby_1.9.3_rails_3.2' do
|
|
|
19
26
|
gem 'actionmailer', '>= 3.2.6', '< 4'
|
|
20
27
|
gem 'actionpack', '>= 3.2.6', '< 4'
|
|
21
28
|
gem 'activerecord', '>= 3.2.15', '< 4'
|
|
29
|
+
gem 'appraisal', '< 2.3'
|
|
30
|
+
gem 'concurrent-ruby', '< 1.1.10'
|
|
22
31
|
gem 'mime-types', '< 3'
|
|
32
|
+
gem 'pry', '< 0.13'
|
|
33
|
+
gem 'rack-cache', '< 1.7.2'
|
|
34
|
+
gem 'rake', '< 12.3'
|
|
23
35
|
gem 'term-ansicolor', '~> 1.3.0'
|
|
36
|
+
gem 'thor', '< 1'
|
|
24
37
|
gem 'tins', '< 1.7.0'
|
|
25
38
|
gem 'yard', '<= 0.9.5'
|
|
26
39
|
end
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,16 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
5
5
|
|
|
6
|
+
## [1.18.0] - 2022-12-27
|
|
7
|
+
|
|
8
|
+
### Added
|
|
9
|
+
|
|
10
|
+
- Add Rails 7 support - @OskarEichler
|
|
11
|
+
|
|
12
|
+
### Fixed
|
|
13
|
+
|
|
14
|
+
- Undesirable override of hooks by (no-op) default implementation - @Startouf
|
|
15
|
+
|
|
6
16
|
## [1.17.0] - 2019-09-21
|
|
7
17
|
|
|
8
18
|
### Added
|
|
@@ -284,7 +294,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|
|
284
294
|
This [gist][gist] did refactor the Jose Valim's code into an `ActiveSupport::Concern`.
|
|
285
295
|
|
|
286
296
|
[gist]: https://gist.github.com/gonzalo-bulnes/7659739
|
|
287
|
-
[Unreleased]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.
|
|
297
|
+
[Unreleased]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.18.0...master
|
|
298
|
+
[1.18.0]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.17.0...v1.18.0
|
|
288
299
|
[1.17.0]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.16.0...v1.17.0
|
|
289
300
|
[1.16.0]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.15.1...v1.16.0
|
|
290
301
|
[1.15.1]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.15.0...v1.15.1
|
data/README.md
CHANGED
|
@@ -2,12 +2,11 @@ Simple Token Authentication
|
|
|
2
2
|
===========================
|
|
3
3
|
|
|
4
4
|
[](http://badge.fury.io/rb/simple_token_authentication)
|
|
5
|
-
[](https://github.com/gonzalo-bulnes/simple_token_authentication/actions/workflows/test.yml)
|
|
6
6
|
[](https://codeclimate.com/github/gonzalo-bulnes/simple_token_authentication)
|
|
7
|
-
[](https://hakiri.io/github/gonzalo-bulnes/simple_token_authentication/master)
|
|
8
7
|
[](http://inch-ci.org/github/gonzalo-bulnes/simple_token_authentication)
|
|
9
8
|
|
|
10
|
-
Token authentication support has been removed from [Devise][devise] for security reasons. In [this gist][original-gist], Devise's [José Valim][josevalim] explains how token authentication should be performed in order to remain safe.
|
|
9
|
+
Token authentication support has been removed from [Devise][devise] for security reasons. In [this gist][original-gist], Devise's [José Valim][josevalim] explains how token authentication should be performed in order to remain safe (see important warning below).
|
|
11
10
|
|
|
12
11
|
This gem packages the content of the gist and provides a set of convenient options for increased flexibility.
|
|
13
12
|
|
|
@@ -20,6 +19,21 @@ This gem packages the content of the gist and provides a set of convenient optio
|
|
|
20
19
|
[josevalim]: https://github.com/josevalim
|
|
21
20
|
[gonzalo-bulnes]: https://github.com/gonzalo-bulnes
|
|
22
21
|
|
|
22
|
+
Security notice
|
|
23
|
+
---------------
|
|
24
|
+
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
**Security notice**: As the name of the gem indicates, it provides a very basic mechanism for token authentication. If your tokens are not discarded after a single use, or you don't know how to mitigate [**replay attacks**][replay-attack], then you should look at alternatives. (Simple Token Authentication doesn't mitigate those attacks for you.)
|
|
28
|
+
|
|
29
|
+
In other words: if you don't know why _Simple Token Authentication_ is safe to use in your specific use case, then it probably isn't.
|
|
30
|
+
|
|
31
|
+
**So... what does the gem do?** Simple Token Authentication allows to generate, revoke, and safely compare tokens for authentication purposes. That's not the only thing you need to implement a safe authentication protocol, but it can be a part of it.
|
|
32
|
+
|
|
33
|
+
[replay-attack]: https://en.wikipedia.org/wiki/Replay_attack
|
|
34
|
+
|
|
35
|
+
**Personal note**: I've used the gem to manage single-use sign-in links sent by email (that's what I created it for). I would use it again for that purpose. Please do your research and check carefully if this tool is adequate to your level of experience and threat model. -- [GB][gonzalo-bulnes]
|
|
36
|
+
|
|
23
37
|
Installation
|
|
24
38
|
------------
|
|
25
39
|
|
|
@@ -237,10 +251,16 @@ end
|
|
|
237
251
|
Usage
|
|
238
252
|
-----
|
|
239
253
|
|
|
254
|
+
|
|
240
255
|
### Tokens Generation
|
|
241
256
|
|
|
242
257
|
Assuming `user` is an instance of `User`, which is _token authenticatable_: each time `user` will be saved, and `user.authentication_token.blank?` it receives a new and unique authentication token (via `Devise.friendly_token`).
|
|
243
258
|
|
|
259
|
+
### Token Request
|
|
260
|
+
|
|
261
|
+
Simple Token Authentication only provides the functionality to authenticate a user based on their authentication_token.
|
|
262
|
+
For example how to setup your controller to get the token at first please check this [wiki](https://github.com/gonzalo-bulnes/simple_token_authentication/wiki/Initial-Devise-sign-in)
|
|
263
|
+
|
|
244
264
|
### Authentication Method 1: Query Params
|
|
245
265
|
|
|
246
266
|
You can authenticate passing the `user_email` and `user_token` params as query params:
|
|
@@ -276,7 +296,7 @@ To use no fallback when token authentication fails, set `fallback: :none`.
|
|
|
276
296
|
|
|
277
297
|
### Hooks
|
|
278
298
|
|
|
279
|
-
One hook is currently available to trigger custom behaviour after an user has been successfully authenticated through token authentication. To use it,
|
|
299
|
+
One hook is currently available to trigger custom behaviour after an user has been successfully authenticated through token authentication. To use it, implement or mixin a module with an `after_successful_token_authentication` method that will be ran after authentication from a token authentication handler:
|
|
280
300
|
|
|
281
301
|
```ruby
|
|
282
302
|
# app/controller/application_controller.rb
|
|
@@ -347,7 +367,7 @@ RSpec [tags][tags] are used to categorize the spec examples.
|
|
|
347
367
|
|
|
348
368
|
Spec examples that are tagged as `public` describe aspects of the gem public API, and MAY be considered as the gem documentation.
|
|
349
369
|
|
|
350
|
-
The `private` or `protected` specs are written for development purpose only. Because they describe internal behaviour which may change at any moment without notice, they are only executed as a secondary task by the [continuous integration service][
|
|
370
|
+
The `private` or `protected` specs are written for development purpose only. Because they describe internal behaviour which may change at any moment without notice, they are only executed as a secondary task by the [continuous integration service][ci] and SHOULD be ignored.
|
|
351
371
|
|
|
352
372
|
Run `rake spec:public` to print the gem public documentation.
|
|
353
373
|
|
|
@@ -357,7 +377,7 @@ Run `rake spec:public` to print the gem public documentation.
|
|
|
357
377
|
[regression]: https://github.com/gonzalo-bulnes/simple_token_authentication/wiki/Regression-Testing
|
|
358
378
|
[rspec]: https://www.relishapp.com/rspec/rspec-rails/docs
|
|
359
379
|
[tags]: https://www.relishapp.com/rspec/rspec-core/v/3-1/docs/command-line/tag-option
|
|
360
|
-
[
|
|
380
|
+
[ci]: https://github.com/gonzalo-bulnes/simple_token_authentication/actions
|
|
361
381
|
|
|
362
382
|
### Contributions
|
|
363
383
|
|
|
@@ -383,7 +403,7 @@ License
|
|
|
383
403
|
-------
|
|
384
404
|
|
|
385
405
|
Simple Token Authentication
|
|
386
|
-
Copyright (C) 2013
|
|
406
|
+
Copyright (C) 2013‒2022 Gonzalo Bulnes Guilpain
|
|
387
407
|
|
|
388
408
|
This program is free software: you can redistribute it and/or modify
|
|
389
409
|
it under the terms of the GNU General Public License as published by
|
|
@@ -5,8 +5,14 @@ source "https://rubygems.org"
|
|
|
5
5
|
gem "actionmailer", ">= 3.2.6", "< 4"
|
|
6
6
|
gem "actionpack", ">= 3.2.6", "< 4"
|
|
7
7
|
gem "activerecord", ">= 3.2.15", "< 4"
|
|
8
|
+
gem "appraisal", "< 2.3"
|
|
9
|
+
gem "concurrent-ruby", "< 1.1.10"
|
|
8
10
|
gem "mime-types", "< 3"
|
|
11
|
+
gem "pry", "< 0.13"
|
|
12
|
+
gem "rack-cache", "< 1.7.2"
|
|
13
|
+
gem "rake", "< 12.3"
|
|
9
14
|
gem "term-ansicolor", "~> 1.3.0"
|
|
15
|
+
gem "thor", "< 1"
|
|
10
16
|
gem "tins", "< 1.7.0"
|
|
11
17
|
gem "yard", "<= 0.9.5"
|
|
12
18
|
|
|
@@ -1,36 +1,36 @@
|
|
|
1
1
|
PATH
|
|
2
|
-
remote:
|
|
2
|
+
remote: ../
|
|
3
3
|
specs:
|
|
4
|
-
simple_token_authentication (1.
|
|
5
|
-
actionmailer (>= 3.2.6, <
|
|
6
|
-
actionpack (>= 3.2.6, <
|
|
4
|
+
simple_token_authentication (1.17.0)
|
|
5
|
+
actionmailer (>= 3.2.6, < 8)
|
|
6
|
+
actionpack (>= 3.2.6, < 8)
|
|
7
7
|
devise (>= 3.2, < 6)
|
|
8
8
|
|
|
9
9
|
GEM
|
|
10
10
|
remote: https://rubygems.org/
|
|
11
11
|
specs:
|
|
12
|
-
actionmailer (3.2.22.
|
|
13
|
-
actionpack (= 3.2.22.
|
|
12
|
+
actionmailer (3.2.22.5)
|
|
13
|
+
actionpack (= 3.2.22.5)
|
|
14
14
|
mail (~> 2.5.4)
|
|
15
|
-
actionpack (3.2.22.
|
|
16
|
-
activemodel (= 3.2.22.
|
|
17
|
-
activesupport (= 3.2.22.
|
|
18
|
-
builder (~> 3.0)
|
|
15
|
+
actionpack (3.2.22.5)
|
|
16
|
+
activemodel (= 3.2.22.5)
|
|
17
|
+
activesupport (= 3.2.22.5)
|
|
18
|
+
builder (~> 3.0.0)
|
|
19
19
|
erubis (~> 2.7.0)
|
|
20
20
|
journey (~> 1.0.4)
|
|
21
21
|
rack (~> 1.4.5)
|
|
22
22
|
rack-cache (~> 1.2)
|
|
23
23
|
rack-test (~> 0.6.1)
|
|
24
24
|
sprockets (~> 2.2.1)
|
|
25
|
-
activemodel (3.2.22.
|
|
26
|
-
activesupport (= 3.2.22.
|
|
27
|
-
builder (~> 3.0)
|
|
28
|
-
activerecord (3.2.22.
|
|
29
|
-
activemodel (= 3.2.22.
|
|
30
|
-
activesupport (= 3.2.22.
|
|
25
|
+
activemodel (3.2.22.5)
|
|
26
|
+
activesupport (= 3.2.22.5)
|
|
27
|
+
builder (~> 3.0.0)
|
|
28
|
+
activerecord (3.2.22.5)
|
|
29
|
+
activemodel (= 3.2.22.5)
|
|
30
|
+
activesupport (= 3.2.22.5)
|
|
31
31
|
arel (~> 3.0.2)
|
|
32
32
|
tzinfo (~> 0.3.29)
|
|
33
|
-
activesupport (3.2.22.
|
|
33
|
+
activesupport (3.2.22.5)
|
|
34
34
|
i18n (~> 0.6, >= 0.6.4)
|
|
35
35
|
multi_json (~> 1.0)
|
|
36
36
|
appraisal (2.2.0)
|
|
@@ -38,10 +38,10 @@ GEM
|
|
|
38
38
|
rake
|
|
39
39
|
thor (>= 0.14.0)
|
|
40
40
|
arel (3.0.3)
|
|
41
|
-
bcrypt (3.1.
|
|
42
|
-
builder (3.
|
|
43
|
-
coderay (1.1.
|
|
44
|
-
concurrent-ruby (1.1.
|
|
41
|
+
bcrypt (3.1.18)
|
|
42
|
+
builder (3.0.4)
|
|
43
|
+
coderay (1.1.3)
|
|
44
|
+
concurrent-ruby (1.1.9)
|
|
45
45
|
devise (3.5.10)
|
|
46
46
|
bcrypt (~> 3.0)
|
|
47
47
|
orm_adapter (~> 0.1)
|
|
@@ -49,16 +49,16 @@ GEM
|
|
|
49
49
|
responders
|
|
50
50
|
thread_safe (~> 0.1)
|
|
51
51
|
warden (~> 1.2.3)
|
|
52
|
-
diff-lcs (1.
|
|
52
|
+
diff-lcs (1.5.0)
|
|
53
53
|
erubis (2.7.0)
|
|
54
54
|
hike (1.2.3)
|
|
55
55
|
i18n (0.9.5)
|
|
56
56
|
concurrent-ruby (~> 1.0)
|
|
57
|
-
inch (0.
|
|
57
|
+
inch (0.7.1)
|
|
58
58
|
pry
|
|
59
59
|
sparkr (>= 0.2.0)
|
|
60
60
|
term-ansicolor
|
|
61
|
-
yard (~> 0.
|
|
61
|
+
yard (~> 0.8.7.5)
|
|
62
62
|
journey (1.0.4)
|
|
63
63
|
json (1.8.6)
|
|
64
64
|
mail (2.5.5)
|
|
@@ -72,7 +72,7 @@ GEM
|
|
|
72
72
|
origin (~> 1.0)
|
|
73
73
|
tzinfo (~> 0.3.29)
|
|
74
74
|
moped (1.5.3)
|
|
75
|
-
multi_json (1.
|
|
75
|
+
multi_json (1.15.0)
|
|
76
76
|
origin (1.1.0)
|
|
77
77
|
orm_adapter (0.5.0)
|
|
78
78
|
polyglot (0.3.5)
|
|
@@ -86,9 +86,9 @@ GEM
|
|
|
86
86
|
rack
|
|
87
87
|
rack-test (0.6.3)
|
|
88
88
|
rack (>= 1.0)
|
|
89
|
-
railties (3.2.22.
|
|
90
|
-
actionpack (= 3.2.22.
|
|
91
|
-
activesupport (= 3.2.22.
|
|
89
|
+
railties (3.2.22.5)
|
|
90
|
+
actionpack (= 3.2.22.5)
|
|
91
|
+
activesupport (= 3.2.22.5)
|
|
92
92
|
rack-ssl (~> 1.3.2)
|
|
93
93
|
rake (>= 0.8.7)
|
|
94
94
|
rdoc (~> 3.4)
|
|
@@ -98,19 +98,19 @@ GEM
|
|
|
98
98
|
json (~> 1.4)
|
|
99
99
|
responders (1.1.2)
|
|
100
100
|
railties (>= 3.2, < 4.2)
|
|
101
|
-
rspec (3.
|
|
102
|
-
rspec-core (~> 3.
|
|
103
|
-
rspec-expectations (~> 3.
|
|
104
|
-
rspec-mocks (~> 3.
|
|
105
|
-
rspec-core (3.
|
|
106
|
-
rspec-support (~> 3.
|
|
107
|
-
rspec-expectations (3.
|
|
101
|
+
rspec (3.12.0)
|
|
102
|
+
rspec-core (~> 3.12.0)
|
|
103
|
+
rspec-expectations (~> 3.12.0)
|
|
104
|
+
rspec-mocks (~> 3.12.0)
|
|
105
|
+
rspec-core (3.12.0)
|
|
106
|
+
rspec-support (~> 3.12.0)
|
|
107
|
+
rspec-expectations (3.12.1)
|
|
108
108
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
109
|
-
rspec-support (~> 3.
|
|
110
|
-
rspec-mocks (3.
|
|
109
|
+
rspec-support (~> 3.12.0)
|
|
110
|
+
rspec-mocks (3.12.1)
|
|
111
111
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
112
|
-
rspec-support (~> 3.
|
|
113
|
-
rspec-support (3.
|
|
112
|
+
rspec-support (~> 3.12.0)
|
|
113
|
+
rspec-support (3.12.0)
|
|
114
114
|
sparkr (0.4.1)
|
|
115
115
|
sprockets (2.2.3)
|
|
116
116
|
hike (~> 1.2)
|
|
@@ -126,10 +126,10 @@ GEM
|
|
|
126
126
|
treetop (1.4.15)
|
|
127
127
|
polyglot
|
|
128
128
|
polyglot (>= 0.3.1)
|
|
129
|
-
tzinfo (0.3.
|
|
129
|
+
tzinfo (0.3.61)
|
|
130
130
|
warden (1.2.7)
|
|
131
131
|
rack (>= 1.0)
|
|
132
|
-
yard (0.
|
|
132
|
+
yard (0.8.7.6)
|
|
133
133
|
|
|
134
134
|
PLATFORMS
|
|
135
135
|
ruby
|
|
@@ -138,14 +138,17 @@ DEPENDENCIES
|
|
|
138
138
|
actionmailer (>= 3.2.6, < 4)
|
|
139
139
|
actionpack (>= 3.2.6, < 4)
|
|
140
140
|
activerecord (>= 3.2.15, < 4)
|
|
141
|
-
appraisal (
|
|
141
|
+
appraisal (< 2.3)
|
|
142
|
+
concurrent-ruby (< 1.1.10)
|
|
142
143
|
inch (~> 0.4)
|
|
143
144
|
mime-types (< 3)
|
|
144
|
-
mongoid (>= 3.1.0, <
|
|
145
|
+
mongoid (>= 3.1.0, < 9)
|
|
146
|
+
pry (< 0.13)
|
|
147
|
+
rack-cache (< 1.7.2)
|
|
148
|
+
rake (< 12.3)
|
|
145
149
|
rspec (~> 3.0)
|
|
146
150
|
simple_token_authentication!
|
|
147
151
|
term-ansicolor (~> 1.3.0)
|
|
152
|
+
thor (< 1)
|
|
148
153
|
tins (< 1.7.0)
|
|
149
|
-
|
|
150
|
-
BUNDLED WITH
|
|
151
|
-
1.16.1
|
|
154
|
+
yard (<= 0.9.5)
|
|
@@ -27,20 +27,12 @@ module SimpleTokenAuthentication
|
|
|
27
27
|
private :integrate_with_devise_case_insensitive_keys
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
-
# This method is a hook and is meant to be overridden.
|
|
31
|
-
#
|
|
32
|
-
# It is not expected to return anything special,
|
|
33
|
-
# only its side effects will be used.
|
|
34
|
-
def after_successful_token_authentication
|
|
35
|
-
# intentionally left blank
|
|
36
|
-
end
|
|
37
|
-
|
|
38
30
|
def authenticate_entity_from_token!(entity)
|
|
39
31
|
record = find_record_from_identifier(entity)
|
|
40
32
|
|
|
41
33
|
if token_correct?(record, entity, token_comparator)
|
|
42
34
|
perform_sign_in!(record, sign_in_handler)
|
|
43
|
-
after_successful_token_authentication
|
|
35
|
+
after_successful_token_authentication if respond_to?(:after_successful_token_authentication)
|
|
44
36
|
end
|
|
45
37
|
end
|
|
46
38
|
|
|
@@ -38,7 +38,7 @@ describe 'Simple Token Authentication' do
|
|
|
38
38
|
it 'does instruct Devise not to store the session', public: true do
|
|
39
39
|
allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return(false)
|
|
40
40
|
|
|
41
|
-
expect(@controller).to receive(:sign_in).with(@record, store: false)
|
|
41
|
+
expect(@controller).to receive(:sign_in).with(@record, { store: false })
|
|
42
42
|
@controller.authenticate_user_from_token
|
|
43
43
|
end
|
|
44
44
|
end
|
|
@@ -48,7 +48,7 @@ describe 'Simple Token Authentication' do
|
|
|
48
48
|
it 'does instruct Devise to store the session', public: true do
|
|
49
49
|
allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return(true)
|
|
50
50
|
|
|
51
|
-
expect(@controller).to receive(:sign_in).with(@record, store: true)
|
|
51
|
+
expect(@controller).to receive(:sign_in).with(@record, { store: true })
|
|
52
52
|
@controller.authenticate_user_from_token
|
|
53
53
|
end
|
|
54
54
|
end
|
|
@@ -90,7 +90,7 @@ describe 'Simple Token Authentication' do
|
|
|
90
90
|
|
|
91
91
|
# the option updated value is taken into account
|
|
92
92
|
# when token authentication is performed
|
|
93
|
-
expect(@controller).to receive(:sign_in).with(@record, store: 'updated value')
|
|
93
|
+
expect(@controller).to receive(:sign_in).with(@record, { store: 'updated value' })
|
|
94
94
|
@controller.authenticate_user_from_token
|
|
95
95
|
end
|
|
96
96
|
end
|
|
@@ -14,7 +14,7 @@ describe SimpleTokenAuthentication::SignInHandler do
|
|
|
14
14
|
request = double()
|
|
15
15
|
allow(request).to receive(:env).and_return({})
|
|
16
16
|
allow(controller).to receive(:request).and_return(request)
|
|
17
|
-
allow(controller).to receive(:sign_in).with(:record, option: 'some_value').and_return('Devise response.')
|
|
17
|
+
allow(controller).to receive(:sign_in).with(:record, { option: 'some_value' }).and_return('Devise response.')
|
|
18
18
|
|
|
19
19
|
# delegating consists in sending the message
|
|
20
20
|
expect(controller).to receive(:sign_in)
|
|
@@ -697,25 +697,44 @@ describe 'Any class which includes SimpleTokenAuthentication::TokenAuthenticatio
|
|
|
697
697
|
let(:token_authentication_handler) { described_class.new }
|
|
698
698
|
|
|
699
699
|
before(:each) do
|
|
700
|
-
|
|
701
|
-
|
|
702
|
-
|
|
700
|
+
allow(token_authentication_handler).to receive(:find_record_from_identifier)
|
|
701
|
+
allow(token_authentication_handler).to receive(:perform_sign_in!)
|
|
702
|
+
allow(token_authentication_handler).to receive(:token_correct?).and_return(false)
|
|
703
703
|
end
|
|
704
704
|
|
|
705
|
-
|
|
706
|
-
|
|
707
|
-
|
|
708
|
-
|
|
705
|
+
context 'when authentication is not succesful and the handler implements the :after_successful_token_authentication hook', private: true do
|
|
706
|
+
before(:each) do
|
|
707
|
+
allow(token_authentication_handler).to receive(:token_correct?).and_return(false)
|
|
708
|
+
allow(token_authentication_handler).to receive(:after_successful_token_authentication)
|
|
709
|
+
end
|
|
709
710
|
|
|
710
|
-
|
|
711
|
+
it 'does not trigger the :after_successful_token_authentication hook' do
|
|
712
|
+
token_authentication_handler.send(:authenticate_entity_from_token!, double)
|
|
713
|
+
expect(token_authentication_handler).not_to have_received(:after_successful_token_authentication)
|
|
714
|
+
end
|
|
715
|
+
end
|
|
711
716
|
|
|
717
|
+
context 'when authentication is succesful' do
|
|
712
718
|
before(:each) do
|
|
713
719
|
allow(token_authentication_handler).to receive(:token_correct?).and_return(true)
|
|
714
720
|
end
|
|
715
721
|
|
|
716
|
-
|
|
717
|
-
|
|
718
|
-
|
|
722
|
+
context 'when the handler does not implement :after_successful_token_authentication', protected: true do
|
|
723
|
+
it 'does not trigger the :after_successful_token_authentication hook' do
|
|
724
|
+
expect(token_authentication_handler).not_to respond_to(:after_successful_token_authentication)
|
|
725
|
+
expect { token_authentication_handler.send(:authenticate_entity_from_token!, double) }.not_to raise_error
|
|
726
|
+
end
|
|
727
|
+
end
|
|
728
|
+
|
|
729
|
+
context 'when the handler implements :after_successful_token_authentication', protected: true do
|
|
730
|
+
before(:each) do
|
|
731
|
+
allow(token_authentication_handler).to receive(:after_successful_token_authentication)
|
|
732
|
+
end
|
|
733
|
+
|
|
734
|
+
it 'calls the :after_successful_token_authentication hook' do
|
|
735
|
+
token_authentication_handler.send(:authenticate_entity_from_token!, double)
|
|
736
|
+
expect(token_authentication_handler).to have_received(:after_successful_token_authentication).once
|
|
737
|
+
end
|
|
719
738
|
end
|
|
720
739
|
end
|
|
721
740
|
end
|
|
@@ -7,9 +7,8 @@ RSpec.shared_examples 'a token authentication handler' do
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
describe 'instance' do
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
expect(token_authentication_handler.new).to respond_to :after_successful_token_authentication
|
|
10
|
+
it 'does not implement :after_successful_token_authentication by default', private: true do
|
|
11
|
+
expect(token_authentication_handler.new).not_to respond_to :after_successful_token_authentication
|
|
13
12
|
end
|
|
14
13
|
end
|
|
15
14
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: simple_token_authentication
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.18.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gonzalo Bulnes Guilpain
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-12-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionmailer
|
|
@@ -19,7 +19,7 @@ dependencies:
|
|
|
19
19
|
version: 3.2.6
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
|
-
version: '
|
|
22
|
+
version: '8'
|
|
23
23
|
type: :runtime
|
|
24
24
|
prerelease: false
|
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -29,7 +29,7 @@ dependencies:
|
|
|
29
29
|
version: 3.2.6
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: '
|
|
32
|
+
version: '8'
|
|
33
33
|
- !ruby/object:Gem::Dependency
|
|
34
34
|
name: actionpack
|
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -39,7 +39,7 @@ dependencies:
|
|
|
39
39
|
version: 3.2.6
|
|
40
40
|
- - "<"
|
|
41
41
|
- !ruby/object:Gem::Version
|
|
42
|
-
version: '
|
|
42
|
+
version: '8'
|
|
43
43
|
type: :runtime
|
|
44
44
|
prerelease: false
|
|
45
45
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -49,7 +49,7 @@ dependencies:
|
|
|
49
49
|
version: 3.2.6
|
|
50
50
|
- - "<"
|
|
51
51
|
- !ruby/object:Gem::Version
|
|
52
|
-
version: '
|
|
52
|
+
version: '8'
|
|
53
53
|
- !ruby/object:Gem::Dependency
|
|
54
54
|
name: devise
|
|
55
55
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -107,7 +107,7 @@ dependencies:
|
|
|
107
107
|
version: 3.2.6
|
|
108
108
|
- - "<"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: '
|
|
110
|
+
version: '8'
|
|
111
111
|
type: :development
|
|
112
112
|
prerelease: false
|
|
113
113
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -117,7 +117,7 @@ dependencies:
|
|
|
117
117
|
version: 3.2.6
|
|
118
118
|
- - "<"
|
|
119
119
|
- !ruby/object:Gem::Version
|
|
120
|
-
version: '
|
|
120
|
+
version: '8'
|
|
121
121
|
- !ruby/object:Gem::Dependency
|
|
122
122
|
name: mongoid
|
|
123
123
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -127,7 +127,7 @@ dependencies:
|
|
|
127
127
|
version: 3.1.0
|
|
128
128
|
- - "<"
|
|
129
129
|
- !ruby/object:Gem::Version
|
|
130
|
-
version: '
|
|
130
|
+
version: '9'
|
|
131
131
|
type: :development
|
|
132
132
|
prerelease: false
|
|
133
133
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -137,7 +137,7 @@ dependencies:
|
|
|
137
137
|
version: 3.1.0
|
|
138
138
|
- - "<"
|
|
139
139
|
- !ruby/object:Gem::Version
|
|
140
|
-
version: '
|
|
140
|
+
version: '9'
|
|
141
141
|
- !ruby/object:Gem::Dependency
|
|
142
142
|
name: appraisal
|
|
143
143
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -168,6 +168,7 @@ files:
|
|
|
168
168
|
- gemfiles/rails_4_devise_3.gemfile
|
|
169
169
|
- gemfiles/rails_5_devise_4.gemfile
|
|
170
170
|
- gemfiles/rails_6_devise_4.gemfile
|
|
171
|
+
- gemfiles/rails_7_devise_4.gemfile
|
|
171
172
|
- gemfiles/ruby_1.9.3_rails_3.2.gemfile
|
|
172
173
|
- gemfiles/ruby_1.9.3_rails_3.2.gemfile.lock
|
|
173
174
|
- lib/simple_token_authentication.rb
|
|
@@ -244,50 +245,50 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
244
245
|
- !ruby/object:Gem::Version
|
|
245
246
|
version: '0'
|
|
246
247
|
requirements: []
|
|
247
|
-
|
|
248
|
-
rubygems_version: 2.7.6
|
|
248
|
+
rubygems_version: 3.1.6
|
|
249
249
|
signing_key:
|
|
250
250
|
specification_version: 4
|
|
251
251
|
summary: Simple (but safe) token authentication for Rails apps or API with Devise.
|
|
252
252
|
test_files:
|
|
253
|
+
- spec/support/spec_for_entities_manager_interface.rb
|
|
254
|
+
- spec/support/dummy_classes_helper.rb
|
|
255
|
+
- spec/support/spec_for_adapter.rb
|
|
256
|
+
- spec/support/spec_for_configuration_option_interface.rb
|
|
257
|
+
- spec/support/spec_for_sign_in_handler_interface.rb
|
|
258
|
+
- spec/support/spec_for_authentication_handler_interface.rb
|
|
259
|
+
- spec/support/spec_for_token_generator_interface.rb
|
|
260
|
+
- spec/support/spec_for_fallback_handler_interface.rb
|
|
261
|
+
- spec/support/specs_for_token_authentication_handler_interface.rb
|
|
262
|
+
- spec/support/spec_for_token_comparator_interface.rb
|
|
263
|
+
- spec/configuration/sign_in_token_option_spec.rb
|
|
264
|
+
- spec/configuration/header_names_option_spec.rb
|
|
265
|
+
- spec/configuration/skip_devise_trackable_option_spec.rb
|
|
266
|
+
- spec/configuration/fallback_to_devise_option_spec.rb
|
|
267
|
+
- spec/configuration/action_controller_callbacks_options_spec.rb
|
|
268
|
+
- spec/lib/simple_token_authentication/adapters/rails_metal_adapter_spec.rb
|
|
269
|
+
- spec/lib/simple_token_authentication/adapters/rails_api_adapter_spec.rb
|
|
270
|
+
- spec/lib/simple_token_authentication/adapters/active_record_adapter_spec.rb
|
|
271
|
+
- spec/lib/simple_token_authentication/adapters/mongoid_adapter_spec.rb
|
|
272
|
+
- spec/lib/simple_token_authentication/adapters/rails_adapter_spec.rb
|
|
273
|
+
- spec/lib/simple_token_authentication/sign_in_handler_spec.rb
|
|
274
|
+
- spec/lib/simple_token_authentication/token_comparator_spec.rb
|
|
275
|
+
- spec/lib/simple_token_authentication/token_generator_spec.rb
|
|
276
|
+
- spec/lib/simple_token_authentication/exception_fallback_handler_spec.rb
|
|
253
277
|
- spec/lib/simple_token_authentication/configuration_spec.rb
|
|
254
|
-
- spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb
|
|
255
|
-
- spec/lib/simple_token_authentication/token_authentication_handler_spec.rb
|
|
256
278
|
- spec/lib/simple_token_authentication/errors_spec.rb
|
|
279
|
+
- spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb
|
|
257
280
|
- spec/lib/simple_token_authentication/devise_fallback_handler_spec.rb
|
|
281
|
+
- spec/lib/simple_token_authentication/token_authentication_handler_spec.rb
|
|
282
|
+
- spec/lib/simple_token_authentication/entities_manager_spec.rb
|
|
283
|
+
- spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb
|
|
258
284
|
- spec/lib/simple_token_authentication/adapter_spec.rb
|
|
259
|
-
- spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb
|
|
260
285
|
- spec/lib/simple_token_authentication/entity_spec.rb
|
|
261
|
-
- spec/lib/simple_token_authentication/adapters/rails_adapter_spec.rb
|
|
262
|
-
- spec/lib/simple_token_authentication/adapters/active_record_adapter_spec.rb
|
|
263
|
-
- spec/lib/simple_token_authentication/adapters/rails_api_adapter_spec.rb
|
|
264
|
-
- spec/lib/simple_token_authentication/adapters/rails_metal_adapter_spec.rb
|
|
265
|
-
- spec/lib/simple_token_authentication/adapters/mongoid_adapter_spec.rb
|
|
266
|
-
- spec/lib/simple_token_authentication/exception_fallback_handler_spec.rb
|
|
267
|
-
- spec/lib/simple_token_authentication/token_comparator_spec.rb
|
|
268
|
-
- spec/lib/simple_token_authentication/entities_manager_spec.rb
|
|
269
|
-
- spec/lib/simple_token_authentication/token_generator_spec.rb
|
|
270
|
-
- spec/lib/simple_token_authentication/sign_in_handler_spec.rb
|
|
271
286
|
- spec/lib/simple_token_authentication_spec.rb
|
|
272
287
|
- spec/spec_helper.rb
|
|
273
|
-
- spec/configuration/sign_in_token_option_spec.rb
|
|
274
|
-
- spec/configuration/skip_devise_trackable_option_spec.rb
|
|
275
|
-
- spec/configuration/fallback_to_devise_option_spec.rb
|
|
276
|
-
- spec/configuration/header_names_option_spec.rb
|
|
277
|
-
- spec/configuration/action_controller_callbacks_options_spec.rb
|
|
278
|
-
- spec/support/spec_for_token_generator_interface.rb
|
|
279
|
-
- spec/support/spec_for_authentication_handler_interface.rb
|
|
280
|
-
- spec/support/spec_for_configuration_option_interface.rb
|
|
281
|
-
- spec/support/spec_for_sign_in_handler_interface.rb
|
|
282
|
-
- spec/support/spec_for_fallback_handler_interface.rb
|
|
283
|
-
- spec/support/dummy_classes_helper.rb
|
|
284
|
-
- spec/support/specs_for_token_authentication_handler_interface.rb
|
|
285
|
-
- spec/support/spec_for_token_comparator_interface.rb
|
|
286
|
-
- spec/support/spec_for_entities_manager_interface.rb
|
|
287
|
-
- spec/support/spec_for_adapter.rb
|
|
288
288
|
- gemfiles/rails_5_devise_4.gemfile
|
|
289
|
+
- gemfiles/rails_4_devise_3.gemfile
|
|
289
290
|
- gemfiles/rails_6_devise_4.gemfile
|
|
291
|
+
- gemfiles/rails_7_devise_4.gemfile
|
|
290
292
|
- gemfiles/ruby_1.9.3_rails_3.2.gemfile
|
|
291
|
-
- gemfiles/rails_4_devise_3.gemfile
|
|
292
293
|
- gemfiles/ruby_1.9.3_rails_3.2.gemfile.lock
|
|
293
294
|
- Appraisals
|