simple_token_authentication 1.17.0 → 1.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Appraisals +14 -1
- data/CHANGELOG.md +12 -1
- data/README.md +27 -7
- data/gemfiles/rails_5_devise_4.gemfile +1 -0
- data/gemfiles/rails_6_devise_4.gemfile +4 -0
- data/gemfiles/rails_7_devise_4.gemfile +5 -0
- data/gemfiles/ruby_1.9.3_rails_3.2.gemfile +6 -0
- data/gemfiles/ruby_1.9.3_rails_3.2.gemfile.lock +49 -46
- data/lib/simple_token_authentication/acts_as_token_authenticatable.rb +1 -1
- data/lib/simple_token_authentication/token_authentication_handler.rb +1 -9
- data/lib/simple_token_authentication/version.rb +1 -1
- data/spec/configuration/sign_in_token_option_spec.rb +3 -3
- data/spec/lib/simple_token_authentication/adapters/mongoid_adapter_spec.rb +1 -1
- data/spec/lib/simple_token_authentication/sign_in_handler_spec.rb +1 -1
- data/spec/lib/simple_token_authentication/token_authentication_handler_spec.rb +30 -11
- data/spec/support/specs_for_token_authentication_handler_interface.rb +2 -3
- metadata +42 -41
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cce55a8f3ec6efaf7b97a87960e9dd26fb99f772cc7f4ac4dc8d88ded9cfbba2
|
|
4
|
+
data.tar.gz: 819f681fcd4cc4865e4451726bd751ded237cfed929f8a552afd37a6dc66fd73
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fec02f6a88f35b138bac9d8d0687f03745ce448f8ad0d66c02261af8999c0cf6cdcc82a3a2b4130eea4cb646121c1049361ccdf1cde965870e90a47326875df6
|
|
7
|
+
data.tar.gz: 4f4b5db1dbd67282b31dcd22a8c38039a7901450fa3df49456eca0edb1a789f6df590472c8de8a76e4ff164bfa51e2a4f11c5915c1dfc478540923ffb6d06f11
|
data/Appraisals
CHANGED
|
@@ -1,11 +1,18 @@
|
|
|
1
|
-
appraise '
|
|
1
|
+
appraise 'rails_7_devise_4' do
|
|
2
2
|
# use gemspec constraints
|
|
3
3
|
end
|
|
4
4
|
|
|
5
|
+
appraise 'rails_6_devise_4' do
|
|
6
|
+
gem "actionmailer", "~> 6.0"
|
|
7
|
+
gem "actionpack", "~> 6.0"
|
|
8
|
+
gem "devise", "~> 4.0"
|
|
9
|
+
end
|
|
10
|
+
|
|
5
11
|
appraise 'rails_5_devise_4' do
|
|
6
12
|
gem 'actionmailer', '~> 5.0'
|
|
7
13
|
gem 'actionpack', '~> 5.0'
|
|
8
14
|
gem 'activerecord', '~> 5.0'
|
|
15
|
+
gem "devise", "~> 4.0"
|
|
9
16
|
end
|
|
10
17
|
|
|
11
18
|
appraise 'rails_4_devise_3' do
|
|
@@ -19,8 +26,14 @@ appraise 'ruby_1.9.3_rails_3.2' do
|
|
|
19
26
|
gem 'actionmailer', '>= 3.2.6', '< 4'
|
|
20
27
|
gem 'actionpack', '>= 3.2.6', '< 4'
|
|
21
28
|
gem 'activerecord', '>= 3.2.15', '< 4'
|
|
29
|
+
gem 'appraisal', '< 2.3'
|
|
30
|
+
gem 'concurrent-ruby', '< 1.1.10'
|
|
22
31
|
gem 'mime-types', '< 3'
|
|
32
|
+
gem 'pry', '< 0.13'
|
|
33
|
+
gem 'rack-cache', '< 1.7.2'
|
|
34
|
+
gem 'rake', '< 12.3'
|
|
23
35
|
gem 'term-ansicolor', '~> 1.3.0'
|
|
36
|
+
gem 'thor', '< 1'
|
|
24
37
|
gem 'tins', '< 1.7.0'
|
|
25
38
|
gem 'yard', '<= 0.9.5'
|
|
26
39
|
end
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,16 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
5
5
|
|
|
6
|
+
## [1.18.0] - 2022-12-27
|
|
7
|
+
|
|
8
|
+
### Added
|
|
9
|
+
|
|
10
|
+
- Add Rails 7 support - @OskarEichler
|
|
11
|
+
|
|
12
|
+
### Fixed
|
|
13
|
+
|
|
14
|
+
- Undesirable override of hooks by (no-op) default implementation - @Startouf
|
|
15
|
+
|
|
6
16
|
## [1.17.0] - 2019-09-21
|
|
7
17
|
|
|
8
18
|
### Added
|
|
@@ -284,7 +294,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|
|
284
294
|
This [gist][gist] did refactor the Jose Valim's code into an `ActiveSupport::Concern`.
|
|
285
295
|
|
|
286
296
|
[gist]: https://gist.github.com/gonzalo-bulnes/7659739
|
|
287
|
-
[Unreleased]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.
|
|
297
|
+
[Unreleased]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.18.0...master
|
|
298
|
+
[1.18.0]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.17.0...v1.18.0
|
|
288
299
|
[1.17.0]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.16.0...v1.17.0
|
|
289
300
|
[1.16.0]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.15.1...v1.16.0
|
|
290
301
|
[1.15.1]: https://github.com/gonzalo-bulnes/simple_token_authentication/compare/v1.15.0...v1.15.1
|
data/README.md
CHANGED
|
@@ -2,12 +2,11 @@ Simple Token Authentication
|
|
|
2
2
|
===========================
|
|
3
3
|
|
|
4
4
|
[](http://badge.fury.io/rb/simple_token_authentication)
|
|
5
|
-
[](https://github.com/gonzalo-bulnes/simple_token_authentication/actions/workflows/test.yml)
|
|
6
6
|
[](https://codeclimate.com/github/gonzalo-bulnes/simple_token_authentication)
|
|
7
|
-
[](https://hakiri.io/github/gonzalo-bulnes/simple_token_authentication/master)
|
|
8
7
|
[](http://inch-ci.org/github/gonzalo-bulnes/simple_token_authentication)
|
|
9
8
|
|
|
10
|
-
Token authentication support has been removed from [Devise][devise] for security reasons. In [this gist][original-gist], Devise's [José Valim][josevalim] explains how token authentication should be performed in order to remain safe.
|
|
9
|
+
Token authentication support has been removed from [Devise][devise] for security reasons. In [this gist][original-gist], Devise's [José Valim][josevalim] explains how token authentication should be performed in order to remain safe (see important warning below).
|
|
11
10
|
|
|
12
11
|
This gem packages the content of the gist and provides a set of convenient options for increased flexibility.
|
|
13
12
|
|
|
@@ -20,6 +19,21 @@ This gem packages the content of the gist and provides a set of convenient optio
|
|
|
20
19
|
[josevalim]: https://github.com/josevalim
|
|
21
20
|
[gonzalo-bulnes]: https://github.com/gonzalo-bulnes
|
|
22
21
|
|
|
22
|
+
Security notice
|
|
23
|
+
---------------
|
|
24
|
+
|
|
25
|
+

|
|
26
|
+
|
|
27
|
+
**Security notice**: As the name of the gem indicates, it provides a very basic mechanism for token authentication. If your tokens are not discarded after a single use, or you don't know how to mitigate [**replay attacks**][replay-attack], then you should look at alternatives. (Simple Token Authentication doesn't mitigate those attacks for you.)
|
|
28
|
+
|
|
29
|
+
In other words: if you don't know why _Simple Token Authentication_ is safe to use in your specific use case, then it probably isn't.
|
|
30
|
+
|
|
31
|
+
**So... what does the gem do?** Simple Token Authentication allows to generate, revoke, and safely compare tokens for authentication purposes. That's not the only thing you need to implement a safe authentication protocol, but it can be a part of it.
|
|
32
|
+
|
|
33
|
+
[replay-attack]: https://en.wikipedia.org/wiki/Replay_attack
|
|
34
|
+
|
|
35
|
+
**Personal note**: I've used the gem to manage single-use sign-in links sent by email (that's what I created it for). I would use it again for that purpose. Please do your research and check carefully if this tool is adequate to your level of experience and threat model. -- [GB][gonzalo-bulnes]
|
|
36
|
+
|
|
23
37
|
Installation
|
|
24
38
|
------------
|
|
25
39
|
|
|
@@ -237,10 +251,16 @@ end
|
|
|
237
251
|
Usage
|
|
238
252
|
-----
|
|
239
253
|
|
|
254
|
+
|
|
240
255
|
### Tokens Generation
|
|
241
256
|
|
|
242
257
|
Assuming `user` is an instance of `User`, which is _token authenticatable_: each time `user` will be saved, and `user.authentication_token.blank?` it receives a new and unique authentication token (via `Devise.friendly_token`).
|
|
243
258
|
|
|
259
|
+
### Token Request
|
|
260
|
+
|
|
261
|
+
Simple Token Authentication only provides the functionality to authenticate a user based on their authentication_token.
|
|
262
|
+
For example how to setup your controller to get the token at first please check this [wiki](https://github.com/gonzalo-bulnes/simple_token_authentication/wiki/Initial-Devise-sign-in)
|
|
263
|
+
|
|
244
264
|
### Authentication Method 1: Query Params
|
|
245
265
|
|
|
246
266
|
You can authenticate passing the `user_email` and `user_token` params as query params:
|
|
@@ -276,7 +296,7 @@ To use no fallback when token authentication fails, set `fallback: :none`.
|
|
|
276
296
|
|
|
277
297
|
### Hooks
|
|
278
298
|
|
|
279
|
-
One hook is currently available to trigger custom behaviour after an user has been successfully authenticated through token authentication. To use it,
|
|
299
|
+
One hook is currently available to trigger custom behaviour after an user has been successfully authenticated through token authentication. To use it, implement or mixin a module with an `after_successful_token_authentication` method that will be ran after authentication from a token authentication handler:
|
|
280
300
|
|
|
281
301
|
```ruby
|
|
282
302
|
# app/controller/application_controller.rb
|
|
@@ -347,7 +367,7 @@ RSpec [tags][tags] are used to categorize the spec examples.
|
|
|
347
367
|
|
|
348
368
|
Spec examples that are tagged as `public` describe aspects of the gem public API, and MAY be considered as the gem documentation.
|
|
349
369
|
|
|
350
|
-
The `private` or `protected` specs are written for development purpose only. Because they describe internal behaviour which may change at any moment without notice, they are only executed as a secondary task by the [continuous integration service][
|
|
370
|
+
The `private` or `protected` specs are written for development purpose only. Because they describe internal behaviour which may change at any moment without notice, they are only executed as a secondary task by the [continuous integration service][ci] and SHOULD be ignored.
|
|
351
371
|
|
|
352
372
|
Run `rake spec:public` to print the gem public documentation.
|
|
353
373
|
|
|
@@ -357,7 +377,7 @@ Run `rake spec:public` to print the gem public documentation.
|
|
|
357
377
|
[regression]: https://github.com/gonzalo-bulnes/simple_token_authentication/wiki/Regression-Testing
|
|
358
378
|
[rspec]: https://www.relishapp.com/rspec/rspec-rails/docs
|
|
359
379
|
[tags]: https://www.relishapp.com/rspec/rspec-core/v/3-1/docs/command-line/tag-option
|
|
360
|
-
[
|
|
380
|
+
[ci]: https://github.com/gonzalo-bulnes/simple_token_authentication/actions
|
|
361
381
|
|
|
362
382
|
### Contributions
|
|
363
383
|
|
|
@@ -383,7 +403,7 @@ License
|
|
|
383
403
|
-------
|
|
384
404
|
|
|
385
405
|
Simple Token Authentication
|
|
386
|
-
Copyright (C) 2013
|
|
406
|
+
Copyright (C) 2013‒2022 Gonzalo Bulnes Guilpain
|
|
387
407
|
|
|
388
408
|
This program is free software: you can redistribute it and/or modify
|
|
389
409
|
it under the terms of the GNU General Public License as published by
|
|
@@ -5,8 +5,14 @@ source "https://rubygems.org"
|
|
|
5
5
|
gem "actionmailer", ">= 3.2.6", "< 4"
|
|
6
6
|
gem "actionpack", ">= 3.2.6", "< 4"
|
|
7
7
|
gem "activerecord", ">= 3.2.15", "< 4"
|
|
8
|
+
gem "appraisal", "< 2.3"
|
|
9
|
+
gem "concurrent-ruby", "< 1.1.10"
|
|
8
10
|
gem "mime-types", "< 3"
|
|
11
|
+
gem "pry", "< 0.13"
|
|
12
|
+
gem "rack-cache", "< 1.7.2"
|
|
13
|
+
gem "rake", "< 12.3"
|
|
9
14
|
gem "term-ansicolor", "~> 1.3.0"
|
|
15
|
+
gem "thor", "< 1"
|
|
10
16
|
gem "tins", "< 1.7.0"
|
|
11
17
|
gem "yard", "<= 0.9.5"
|
|
12
18
|
|
|
@@ -1,36 +1,36 @@
|
|
|
1
1
|
PATH
|
|
2
|
-
remote:
|
|
2
|
+
remote: ../
|
|
3
3
|
specs:
|
|
4
|
-
simple_token_authentication (1.
|
|
5
|
-
actionmailer (>= 3.2.6, <
|
|
6
|
-
actionpack (>= 3.2.6, <
|
|
4
|
+
simple_token_authentication (1.17.0)
|
|
5
|
+
actionmailer (>= 3.2.6, < 8)
|
|
6
|
+
actionpack (>= 3.2.6, < 8)
|
|
7
7
|
devise (>= 3.2, < 6)
|
|
8
8
|
|
|
9
9
|
GEM
|
|
10
10
|
remote: https://rubygems.org/
|
|
11
11
|
specs:
|
|
12
|
-
actionmailer (3.2.22.
|
|
13
|
-
actionpack (= 3.2.22.
|
|
12
|
+
actionmailer (3.2.22.5)
|
|
13
|
+
actionpack (= 3.2.22.5)
|
|
14
14
|
mail (~> 2.5.4)
|
|
15
|
-
actionpack (3.2.22.
|
|
16
|
-
activemodel (= 3.2.22.
|
|
17
|
-
activesupport (= 3.2.22.
|
|
18
|
-
builder (~> 3.0)
|
|
15
|
+
actionpack (3.2.22.5)
|
|
16
|
+
activemodel (= 3.2.22.5)
|
|
17
|
+
activesupport (= 3.2.22.5)
|
|
18
|
+
builder (~> 3.0.0)
|
|
19
19
|
erubis (~> 2.7.0)
|
|
20
20
|
journey (~> 1.0.4)
|
|
21
21
|
rack (~> 1.4.5)
|
|
22
22
|
rack-cache (~> 1.2)
|
|
23
23
|
rack-test (~> 0.6.1)
|
|
24
24
|
sprockets (~> 2.2.1)
|
|
25
|
-
activemodel (3.2.22.
|
|
26
|
-
activesupport (= 3.2.22.
|
|
27
|
-
builder (~> 3.0)
|
|
28
|
-
activerecord (3.2.22.
|
|
29
|
-
activemodel (= 3.2.22.
|
|
30
|
-
activesupport (= 3.2.22.
|
|
25
|
+
activemodel (3.2.22.5)
|
|
26
|
+
activesupport (= 3.2.22.5)
|
|
27
|
+
builder (~> 3.0.0)
|
|
28
|
+
activerecord (3.2.22.5)
|
|
29
|
+
activemodel (= 3.2.22.5)
|
|
30
|
+
activesupport (= 3.2.22.5)
|
|
31
31
|
arel (~> 3.0.2)
|
|
32
32
|
tzinfo (~> 0.3.29)
|
|
33
|
-
activesupport (3.2.22.
|
|
33
|
+
activesupport (3.2.22.5)
|
|
34
34
|
i18n (~> 0.6, >= 0.6.4)
|
|
35
35
|
multi_json (~> 1.0)
|
|
36
36
|
appraisal (2.2.0)
|
|
@@ -38,10 +38,10 @@ GEM
|
|
|
38
38
|
rake
|
|
39
39
|
thor (>= 0.14.0)
|
|
40
40
|
arel (3.0.3)
|
|
41
|
-
bcrypt (3.1.
|
|
42
|
-
builder (3.
|
|
43
|
-
coderay (1.1.
|
|
44
|
-
concurrent-ruby (1.1.
|
|
41
|
+
bcrypt (3.1.18)
|
|
42
|
+
builder (3.0.4)
|
|
43
|
+
coderay (1.1.3)
|
|
44
|
+
concurrent-ruby (1.1.9)
|
|
45
45
|
devise (3.5.10)
|
|
46
46
|
bcrypt (~> 3.0)
|
|
47
47
|
orm_adapter (~> 0.1)
|
|
@@ -49,16 +49,16 @@ GEM
|
|
|
49
49
|
responders
|
|
50
50
|
thread_safe (~> 0.1)
|
|
51
51
|
warden (~> 1.2.3)
|
|
52
|
-
diff-lcs (1.
|
|
52
|
+
diff-lcs (1.5.0)
|
|
53
53
|
erubis (2.7.0)
|
|
54
54
|
hike (1.2.3)
|
|
55
55
|
i18n (0.9.5)
|
|
56
56
|
concurrent-ruby (~> 1.0)
|
|
57
|
-
inch (0.
|
|
57
|
+
inch (0.7.1)
|
|
58
58
|
pry
|
|
59
59
|
sparkr (>= 0.2.0)
|
|
60
60
|
term-ansicolor
|
|
61
|
-
yard (~> 0.
|
|
61
|
+
yard (~> 0.8.7.5)
|
|
62
62
|
journey (1.0.4)
|
|
63
63
|
json (1.8.6)
|
|
64
64
|
mail (2.5.5)
|
|
@@ -72,7 +72,7 @@ GEM
|
|
|
72
72
|
origin (~> 1.0)
|
|
73
73
|
tzinfo (~> 0.3.29)
|
|
74
74
|
moped (1.5.3)
|
|
75
|
-
multi_json (1.
|
|
75
|
+
multi_json (1.15.0)
|
|
76
76
|
origin (1.1.0)
|
|
77
77
|
orm_adapter (0.5.0)
|
|
78
78
|
polyglot (0.3.5)
|
|
@@ -86,9 +86,9 @@ GEM
|
|
|
86
86
|
rack
|
|
87
87
|
rack-test (0.6.3)
|
|
88
88
|
rack (>= 1.0)
|
|
89
|
-
railties (3.2.22.
|
|
90
|
-
actionpack (= 3.2.22.
|
|
91
|
-
activesupport (= 3.2.22.
|
|
89
|
+
railties (3.2.22.5)
|
|
90
|
+
actionpack (= 3.2.22.5)
|
|
91
|
+
activesupport (= 3.2.22.5)
|
|
92
92
|
rack-ssl (~> 1.3.2)
|
|
93
93
|
rake (>= 0.8.7)
|
|
94
94
|
rdoc (~> 3.4)
|
|
@@ -98,19 +98,19 @@ GEM
|
|
|
98
98
|
json (~> 1.4)
|
|
99
99
|
responders (1.1.2)
|
|
100
100
|
railties (>= 3.2, < 4.2)
|
|
101
|
-
rspec (3.
|
|
102
|
-
rspec-core (~> 3.
|
|
103
|
-
rspec-expectations (~> 3.
|
|
104
|
-
rspec-mocks (~> 3.
|
|
105
|
-
rspec-core (3.
|
|
106
|
-
rspec-support (~> 3.
|
|
107
|
-
rspec-expectations (3.
|
|
101
|
+
rspec (3.12.0)
|
|
102
|
+
rspec-core (~> 3.12.0)
|
|
103
|
+
rspec-expectations (~> 3.12.0)
|
|
104
|
+
rspec-mocks (~> 3.12.0)
|
|
105
|
+
rspec-core (3.12.0)
|
|
106
|
+
rspec-support (~> 3.12.0)
|
|
107
|
+
rspec-expectations (3.12.1)
|
|
108
108
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
109
|
-
rspec-support (~> 3.
|
|
110
|
-
rspec-mocks (3.
|
|
109
|
+
rspec-support (~> 3.12.0)
|
|
110
|
+
rspec-mocks (3.12.1)
|
|
111
111
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
112
|
-
rspec-support (~> 3.
|
|
113
|
-
rspec-support (3.
|
|
112
|
+
rspec-support (~> 3.12.0)
|
|
113
|
+
rspec-support (3.12.0)
|
|
114
114
|
sparkr (0.4.1)
|
|
115
115
|
sprockets (2.2.3)
|
|
116
116
|
hike (~> 1.2)
|
|
@@ -126,10 +126,10 @@ GEM
|
|
|
126
126
|
treetop (1.4.15)
|
|
127
127
|
polyglot
|
|
128
128
|
polyglot (>= 0.3.1)
|
|
129
|
-
tzinfo (0.3.
|
|
129
|
+
tzinfo (0.3.61)
|
|
130
130
|
warden (1.2.7)
|
|
131
131
|
rack (>= 1.0)
|
|
132
|
-
yard (0.
|
|
132
|
+
yard (0.8.7.6)
|
|
133
133
|
|
|
134
134
|
PLATFORMS
|
|
135
135
|
ruby
|
|
@@ -138,14 +138,17 @@ DEPENDENCIES
|
|
|
138
138
|
actionmailer (>= 3.2.6, < 4)
|
|
139
139
|
actionpack (>= 3.2.6, < 4)
|
|
140
140
|
activerecord (>= 3.2.15, < 4)
|
|
141
|
-
appraisal (
|
|
141
|
+
appraisal (< 2.3)
|
|
142
|
+
concurrent-ruby (< 1.1.10)
|
|
142
143
|
inch (~> 0.4)
|
|
143
144
|
mime-types (< 3)
|
|
144
|
-
mongoid (>= 3.1.0, <
|
|
145
|
+
mongoid (>= 3.1.0, < 9)
|
|
146
|
+
pry (< 0.13)
|
|
147
|
+
rack-cache (< 1.7.2)
|
|
148
|
+
rake (< 12.3)
|
|
145
149
|
rspec (~> 3.0)
|
|
146
150
|
simple_token_authentication!
|
|
147
151
|
term-ansicolor (~> 1.3.0)
|
|
152
|
+
thor (< 1)
|
|
148
153
|
tins (< 1.7.0)
|
|
149
|
-
|
|
150
|
-
BUNDLED WITH
|
|
151
|
-
1.16.1
|
|
154
|
+
yard (<= 0.9.5)
|
|
@@ -27,20 +27,12 @@ module SimpleTokenAuthentication
|
|
|
27
27
|
private :integrate_with_devise_case_insensitive_keys
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
-
# This method is a hook and is meant to be overridden.
|
|
31
|
-
#
|
|
32
|
-
# It is not expected to return anything special,
|
|
33
|
-
# only its side effects will be used.
|
|
34
|
-
def after_successful_token_authentication
|
|
35
|
-
# intentionally left blank
|
|
36
|
-
end
|
|
37
|
-
|
|
38
30
|
def authenticate_entity_from_token!(entity)
|
|
39
31
|
record = find_record_from_identifier(entity)
|
|
40
32
|
|
|
41
33
|
if token_correct?(record, entity, token_comparator)
|
|
42
34
|
perform_sign_in!(record, sign_in_handler)
|
|
43
|
-
after_successful_token_authentication
|
|
35
|
+
after_successful_token_authentication if respond_to?(:after_successful_token_authentication)
|
|
44
36
|
end
|
|
45
37
|
end
|
|
46
38
|
|
|
@@ -38,7 +38,7 @@ describe 'Simple Token Authentication' do
|
|
|
38
38
|
it 'does instruct Devise not to store the session', public: true do
|
|
39
39
|
allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return(false)
|
|
40
40
|
|
|
41
|
-
expect(@controller).to receive(:sign_in).with(@record, store: false)
|
|
41
|
+
expect(@controller).to receive(:sign_in).with(@record, { store: false })
|
|
42
42
|
@controller.authenticate_user_from_token
|
|
43
43
|
end
|
|
44
44
|
end
|
|
@@ -48,7 +48,7 @@ describe 'Simple Token Authentication' do
|
|
|
48
48
|
it 'does instruct Devise to store the session', public: true do
|
|
49
49
|
allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return(true)
|
|
50
50
|
|
|
51
|
-
expect(@controller).to receive(:sign_in).with(@record, store: true)
|
|
51
|
+
expect(@controller).to receive(:sign_in).with(@record, { store: true })
|
|
52
52
|
@controller.authenticate_user_from_token
|
|
53
53
|
end
|
|
54
54
|
end
|
|
@@ -90,7 +90,7 @@ describe 'Simple Token Authentication' do
|
|
|
90
90
|
|
|
91
91
|
# the option updated value is taken into account
|
|
92
92
|
# when token authentication is performed
|
|
93
|
-
expect(@controller).to receive(:sign_in).with(@record, store: 'updated value')
|
|
93
|
+
expect(@controller).to receive(:sign_in).with(@record, { store: 'updated value' })
|
|
94
94
|
@controller.authenticate_user_from_token
|
|
95
95
|
end
|
|
96
96
|
end
|
|
@@ -14,7 +14,7 @@ describe SimpleTokenAuthentication::SignInHandler do
|
|
|
14
14
|
request = double()
|
|
15
15
|
allow(request).to receive(:env).and_return({})
|
|
16
16
|
allow(controller).to receive(:request).and_return(request)
|
|
17
|
-
allow(controller).to receive(:sign_in).with(:record, option: 'some_value').and_return('Devise response.')
|
|
17
|
+
allow(controller).to receive(:sign_in).with(:record, { option: 'some_value' }).and_return('Devise response.')
|
|
18
18
|
|
|
19
19
|
# delegating consists in sending the message
|
|
20
20
|
expect(controller).to receive(:sign_in)
|
|
@@ -697,25 +697,44 @@ describe 'Any class which includes SimpleTokenAuthentication::TokenAuthenticatio
|
|
|
697
697
|
let(:token_authentication_handler) { described_class.new }
|
|
698
698
|
|
|
699
699
|
before(:each) do
|
|
700
|
-
|
|
701
|
-
|
|
702
|
-
|
|
700
|
+
allow(token_authentication_handler).to receive(:find_record_from_identifier)
|
|
701
|
+
allow(token_authentication_handler).to receive(:perform_sign_in!)
|
|
702
|
+
allow(token_authentication_handler).to receive(:token_correct?).and_return(false)
|
|
703
703
|
end
|
|
704
704
|
|
|
705
|
-
|
|
706
|
-
|
|
707
|
-
|
|
708
|
-
|
|
705
|
+
context 'when authentication is not succesful and the handler implements the :after_successful_token_authentication hook', private: true do
|
|
706
|
+
before(:each) do
|
|
707
|
+
allow(token_authentication_handler).to receive(:token_correct?).and_return(false)
|
|
708
|
+
allow(token_authentication_handler).to receive(:after_successful_token_authentication)
|
|
709
|
+
end
|
|
709
710
|
|
|
710
|
-
|
|
711
|
+
it 'does not trigger the :after_successful_token_authentication hook' do
|
|
712
|
+
token_authentication_handler.send(:authenticate_entity_from_token!, double)
|
|
713
|
+
expect(token_authentication_handler).not_to have_received(:after_successful_token_authentication)
|
|
714
|
+
end
|
|
715
|
+
end
|
|
711
716
|
|
|
717
|
+
context 'when authentication is succesful' do
|
|
712
718
|
before(:each) do
|
|
713
719
|
allow(token_authentication_handler).to receive(:token_correct?).and_return(true)
|
|
714
720
|
end
|
|
715
721
|
|
|
716
|
-
|
|
717
|
-
|
|
718
|
-
|
|
722
|
+
context 'when the handler does not implement :after_successful_token_authentication', protected: true do
|
|
723
|
+
it 'does not trigger the :after_successful_token_authentication hook' do
|
|
724
|
+
expect(token_authentication_handler).not_to respond_to(:after_successful_token_authentication)
|
|
725
|
+
expect { token_authentication_handler.send(:authenticate_entity_from_token!, double) }.not_to raise_error
|
|
726
|
+
end
|
|
727
|
+
end
|
|
728
|
+
|
|
729
|
+
context 'when the handler implements :after_successful_token_authentication', protected: true do
|
|
730
|
+
before(:each) do
|
|
731
|
+
allow(token_authentication_handler).to receive(:after_successful_token_authentication)
|
|
732
|
+
end
|
|
733
|
+
|
|
734
|
+
it 'calls the :after_successful_token_authentication hook' do
|
|
735
|
+
token_authentication_handler.send(:authenticate_entity_from_token!, double)
|
|
736
|
+
expect(token_authentication_handler).to have_received(:after_successful_token_authentication).once
|
|
737
|
+
end
|
|
719
738
|
end
|
|
720
739
|
end
|
|
721
740
|
end
|
|
@@ -7,9 +7,8 @@ RSpec.shared_examples 'a token authentication handler' do
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
describe 'instance' do
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
expect(token_authentication_handler.new).to respond_to :after_successful_token_authentication
|
|
10
|
+
it 'does not implement :after_successful_token_authentication by default', private: true do
|
|
11
|
+
expect(token_authentication_handler.new).not_to respond_to :after_successful_token_authentication
|
|
13
12
|
end
|
|
14
13
|
end
|
|
15
14
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: simple_token_authentication
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.18.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gonzalo Bulnes Guilpain
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-12-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: actionmailer
|
|
@@ -19,7 +19,7 @@ dependencies:
|
|
|
19
19
|
version: 3.2.6
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
|
-
version: '
|
|
22
|
+
version: '8'
|
|
23
23
|
type: :runtime
|
|
24
24
|
prerelease: false
|
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -29,7 +29,7 @@ dependencies:
|
|
|
29
29
|
version: 3.2.6
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: '
|
|
32
|
+
version: '8'
|
|
33
33
|
- !ruby/object:Gem::Dependency
|
|
34
34
|
name: actionpack
|
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -39,7 +39,7 @@ dependencies:
|
|
|
39
39
|
version: 3.2.6
|
|
40
40
|
- - "<"
|
|
41
41
|
- !ruby/object:Gem::Version
|
|
42
|
-
version: '
|
|
42
|
+
version: '8'
|
|
43
43
|
type: :runtime
|
|
44
44
|
prerelease: false
|
|
45
45
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -49,7 +49,7 @@ dependencies:
|
|
|
49
49
|
version: 3.2.6
|
|
50
50
|
- - "<"
|
|
51
51
|
- !ruby/object:Gem::Version
|
|
52
|
-
version: '
|
|
52
|
+
version: '8'
|
|
53
53
|
- !ruby/object:Gem::Dependency
|
|
54
54
|
name: devise
|
|
55
55
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -107,7 +107,7 @@ dependencies:
|
|
|
107
107
|
version: 3.2.6
|
|
108
108
|
- - "<"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: '
|
|
110
|
+
version: '8'
|
|
111
111
|
type: :development
|
|
112
112
|
prerelease: false
|
|
113
113
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -117,7 +117,7 @@ dependencies:
|
|
|
117
117
|
version: 3.2.6
|
|
118
118
|
- - "<"
|
|
119
119
|
- !ruby/object:Gem::Version
|
|
120
|
-
version: '
|
|
120
|
+
version: '8'
|
|
121
121
|
- !ruby/object:Gem::Dependency
|
|
122
122
|
name: mongoid
|
|
123
123
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -127,7 +127,7 @@ dependencies:
|
|
|
127
127
|
version: 3.1.0
|
|
128
128
|
- - "<"
|
|
129
129
|
- !ruby/object:Gem::Version
|
|
130
|
-
version: '
|
|
130
|
+
version: '9'
|
|
131
131
|
type: :development
|
|
132
132
|
prerelease: false
|
|
133
133
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -137,7 +137,7 @@ dependencies:
|
|
|
137
137
|
version: 3.1.0
|
|
138
138
|
- - "<"
|
|
139
139
|
- !ruby/object:Gem::Version
|
|
140
|
-
version: '
|
|
140
|
+
version: '9'
|
|
141
141
|
- !ruby/object:Gem::Dependency
|
|
142
142
|
name: appraisal
|
|
143
143
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -168,6 +168,7 @@ files:
|
|
|
168
168
|
- gemfiles/rails_4_devise_3.gemfile
|
|
169
169
|
- gemfiles/rails_5_devise_4.gemfile
|
|
170
170
|
- gemfiles/rails_6_devise_4.gemfile
|
|
171
|
+
- gemfiles/rails_7_devise_4.gemfile
|
|
171
172
|
- gemfiles/ruby_1.9.3_rails_3.2.gemfile
|
|
172
173
|
- gemfiles/ruby_1.9.3_rails_3.2.gemfile.lock
|
|
173
174
|
- lib/simple_token_authentication.rb
|
|
@@ -244,50 +245,50 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
244
245
|
- !ruby/object:Gem::Version
|
|
245
246
|
version: '0'
|
|
246
247
|
requirements: []
|
|
247
|
-
|
|
248
|
-
rubygems_version: 2.7.6
|
|
248
|
+
rubygems_version: 3.1.6
|
|
249
249
|
signing_key:
|
|
250
250
|
specification_version: 4
|
|
251
251
|
summary: Simple (but safe) token authentication for Rails apps or API with Devise.
|
|
252
252
|
test_files:
|
|
253
|
+
- spec/support/spec_for_entities_manager_interface.rb
|
|
254
|
+
- spec/support/dummy_classes_helper.rb
|
|
255
|
+
- spec/support/spec_for_adapter.rb
|
|
256
|
+
- spec/support/spec_for_configuration_option_interface.rb
|
|
257
|
+
- spec/support/spec_for_sign_in_handler_interface.rb
|
|
258
|
+
- spec/support/spec_for_authentication_handler_interface.rb
|
|
259
|
+
- spec/support/spec_for_token_generator_interface.rb
|
|
260
|
+
- spec/support/spec_for_fallback_handler_interface.rb
|
|
261
|
+
- spec/support/specs_for_token_authentication_handler_interface.rb
|
|
262
|
+
- spec/support/spec_for_token_comparator_interface.rb
|
|
263
|
+
- spec/configuration/sign_in_token_option_spec.rb
|
|
264
|
+
- spec/configuration/header_names_option_spec.rb
|
|
265
|
+
- spec/configuration/skip_devise_trackable_option_spec.rb
|
|
266
|
+
- spec/configuration/fallback_to_devise_option_spec.rb
|
|
267
|
+
- spec/configuration/action_controller_callbacks_options_spec.rb
|
|
268
|
+
- spec/lib/simple_token_authentication/adapters/rails_metal_adapter_spec.rb
|
|
269
|
+
- spec/lib/simple_token_authentication/adapters/rails_api_adapter_spec.rb
|
|
270
|
+
- spec/lib/simple_token_authentication/adapters/active_record_adapter_spec.rb
|
|
271
|
+
- spec/lib/simple_token_authentication/adapters/mongoid_adapter_spec.rb
|
|
272
|
+
- spec/lib/simple_token_authentication/adapters/rails_adapter_spec.rb
|
|
273
|
+
- spec/lib/simple_token_authentication/sign_in_handler_spec.rb
|
|
274
|
+
- spec/lib/simple_token_authentication/token_comparator_spec.rb
|
|
275
|
+
- spec/lib/simple_token_authentication/token_generator_spec.rb
|
|
276
|
+
- spec/lib/simple_token_authentication/exception_fallback_handler_spec.rb
|
|
253
277
|
- spec/lib/simple_token_authentication/configuration_spec.rb
|
|
254
|
-
- spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb
|
|
255
|
-
- spec/lib/simple_token_authentication/token_authentication_handler_spec.rb
|
|
256
278
|
- spec/lib/simple_token_authentication/errors_spec.rb
|
|
279
|
+
- spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb
|
|
257
280
|
- spec/lib/simple_token_authentication/devise_fallback_handler_spec.rb
|
|
281
|
+
- spec/lib/simple_token_authentication/token_authentication_handler_spec.rb
|
|
282
|
+
- spec/lib/simple_token_authentication/entities_manager_spec.rb
|
|
283
|
+
- spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb
|
|
258
284
|
- spec/lib/simple_token_authentication/adapter_spec.rb
|
|
259
|
-
- spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb
|
|
260
285
|
- spec/lib/simple_token_authentication/entity_spec.rb
|
|
261
|
-
- spec/lib/simple_token_authentication/adapters/rails_adapter_spec.rb
|
|
262
|
-
- spec/lib/simple_token_authentication/adapters/active_record_adapter_spec.rb
|
|
263
|
-
- spec/lib/simple_token_authentication/adapters/rails_api_adapter_spec.rb
|
|
264
|
-
- spec/lib/simple_token_authentication/adapters/rails_metal_adapter_spec.rb
|
|
265
|
-
- spec/lib/simple_token_authentication/adapters/mongoid_adapter_spec.rb
|
|
266
|
-
- spec/lib/simple_token_authentication/exception_fallback_handler_spec.rb
|
|
267
|
-
- spec/lib/simple_token_authentication/token_comparator_spec.rb
|
|
268
|
-
- spec/lib/simple_token_authentication/entities_manager_spec.rb
|
|
269
|
-
- spec/lib/simple_token_authentication/token_generator_spec.rb
|
|
270
|
-
- spec/lib/simple_token_authentication/sign_in_handler_spec.rb
|
|
271
286
|
- spec/lib/simple_token_authentication_spec.rb
|
|
272
287
|
- spec/spec_helper.rb
|
|
273
|
-
- spec/configuration/sign_in_token_option_spec.rb
|
|
274
|
-
- spec/configuration/skip_devise_trackable_option_spec.rb
|
|
275
|
-
- spec/configuration/fallback_to_devise_option_spec.rb
|
|
276
|
-
- spec/configuration/header_names_option_spec.rb
|
|
277
|
-
- spec/configuration/action_controller_callbacks_options_spec.rb
|
|
278
|
-
- spec/support/spec_for_token_generator_interface.rb
|
|
279
|
-
- spec/support/spec_for_authentication_handler_interface.rb
|
|
280
|
-
- spec/support/spec_for_configuration_option_interface.rb
|
|
281
|
-
- spec/support/spec_for_sign_in_handler_interface.rb
|
|
282
|
-
- spec/support/spec_for_fallback_handler_interface.rb
|
|
283
|
-
- spec/support/dummy_classes_helper.rb
|
|
284
|
-
- spec/support/specs_for_token_authentication_handler_interface.rb
|
|
285
|
-
- spec/support/spec_for_token_comparator_interface.rb
|
|
286
|
-
- spec/support/spec_for_entities_manager_interface.rb
|
|
287
|
-
- spec/support/spec_for_adapter.rb
|
|
288
288
|
- gemfiles/rails_5_devise_4.gemfile
|
|
289
|
+
- gemfiles/rails_4_devise_3.gemfile
|
|
289
290
|
- gemfiles/rails_6_devise_4.gemfile
|
|
291
|
+
- gemfiles/rails_7_devise_4.gemfile
|
|
290
292
|
- gemfiles/ruby_1.9.3_rails_3.2.gemfile
|
|
291
|
-
- gemfiles/rails_4_devise_3.gemfile
|
|
292
293
|
- gemfiles/ruby_1.9.3_rails_3.2.gemfile.lock
|
|
293
294
|
- Appraisals
|