simple_token_authentication 1.6.0 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a858d56cf65a5595155ab5b4e593d90c8c52e4b3
-  data.tar.gz: 48005f8c531276fe56de66bb371ad76ae61cd334
+  metadata.gz: d1e730c48d4c9f3816d431719e033c8b295191ef
+  data.tar.gz: 2bf59bfe3dc641daa8ba148b9bd5ac453d240031
 SHA512:
-  metadata.gz: 21405a3b9a7b2728a7de067aa21aac10ab17217c1946bf4b2c980406a56e0af9b815e4f28cfe7f9136ebbfe8890e611d932ef0193a7e110dc296ce4731ff6e0a
-  data.tar.gz: baf60814272483318583370c68e9f21583c81929a4e5c3506cf58c609afe526e2581eaab68c21e3b8975c6928ea3cc1468ec6e03c103037503ac4d12469faaf7
+  metadata.gz: fc2423b6fcf422ecf6d6147a3ea3800015325214446b83423718192178d75e339e17d346f662a28396fe410699b8c0ab264c9a60ed35f8eb163fc5b1f5dbb6f3
+  data.tar.gz: 449f14e10164ed7a2c90a7b99bfe9934ed1f64b2033b31ee8fc84bd919856732ad3d62a78eb44a44471c4417474685b12178b4f5a13f352dd570b0ea5cc80d75

data/README.md

@@ -29,7 +29,7 @@ Install [Devise][devise] with any modules you want, then add the gem to your `Ge
 ```ruby
 # Gemfile
 
-gem 'simple_token_authentication'
+gem 'simple_token_authentication', '~> 1.0' # see semver.org
 ```
 
 ### Make models token authenticatable
@@ -94,7 +94,7 @@ Finally define which controllers will handle token authentication (typ. `Applica
 ```ruby
 # app/controllers/application_controller.rb
 
-class ApplicationController < ActionController::Base
+class ApplicationController < ActionController::Base # or ActionController::API
   # ...
 
   acts_as_token_authentication_handler_for User

data/lib/simple_token_authentication.rb

@@ -34,18 +34,22 @@ module SimpleTokenAuthentication
   def self.load_available_adapters adapters_short_names
     available_adapters = adapters_short_names.collect do |short_name|
       adapter_name = "simple_token_authentication/adapters/#{short_name}_adapter"
-      if const_defined?(short_name.camelize) && require(adapter_name)
+      if adapter_dependency_fulfilled?(short_name) && require(adapter_name)
         adapter_name.camelize.constantize
       end
     end
     available_adapters.compact!
 
-    # stop here if no constants are defined or no adequate adapters are present
+    # stop here if dependencies are missing or no adequate adapters are present
     raise SimpleTokenAuthentication::NoAdapterAvailableError if available_adapters.empty?
 
     available_adapters
   end
 
+  def self.adapter_dependency_fulfilled? adapter_short_name
+    qualified_const_defined?(SimpleTokenAuthentication.adapters_dependencies[adapter_short_name])
+  end
+
   available_model_adapters = load_available_adapters SimpleTokenAuthentication.model_adapters
   ensure_models_can_act_as_token_authenticatables available_model_adapters
 

data/lib/simple_token_authentication/acts_as_token_authenticatable.rb

@@ -14,6 +14,10 @@ module SimpleTokenAuthentication
       private :token_generator
     end
 
+    # Set an authentication token if missing
+    #
+    # Because it is intended to be used as a filter,
+    # this method is -and should be kept- idempotent.
     def ensure_authentication_token
       if authentication_token.blank?
         self.authentication_token = generate_authentication_token(token_generator)
@@ -31,6 +35,7 @@ module SimpleTokenAuthentication
       self.class.where(authentication_token: token).count == 0
     end
 
+    # Private: Get one (always the same) object which behaves as a token generator
     def token_generator
       @token_generator ||= TokenGenerator.new
     end

data/lib/simple_token_authentication/adapters/rails_api_adapter.rb

@@ -0,0 +1,18 @@
+require 'action_controller'
+require 'simple_token_authentication/adapter'
+
+module SimpleTokenAuthentication
+  module Adapters
+    class RailsAPIAdapter
+      extend SimpleTokenAuthentication::Adapter
+
+      def self.base_class
+        ::ActionController::API
+      end
+    end
+
+    # make the adpater available even if the 'API' acronym is not defined
+    RailsApiAdapter = RailsAPIAdapter
+  end
+end
+

data/lib/simple_token_authentication/configuration.rb

@@ -6,13 +6,18 @@ module SimpleTokenAuthentication
     mattr_accessor :sign_in_token
     mattr_accessor :controller_adapters
     mattr_accessor :model_adapters
+    mattr_accessor :adapters_dependencies
 
     # Default configuration
     @@fallback = :devise
     @@header_names = {}
     @@sign_in_token = false
-    @@controller_adapters = ['rails']
+    @@controller_adapters = ['rails', 'rails_api']
     @@model_adapters = ['active_record', 'mongoid']
+    @@adapters_dependencies = { 'active_record' => 'ActiveRecord::Base',
+                                'mongoid'       => 'Mongoid::Document',
+                                'rails'         => 'ActionController::Base',
+                                'rails_api'     => 'ActionController::API' }
 
     # Allow the default configuration to be overwritten from initializers
     def configure

data/lib/simple_token_authentication/token_authentication_handler.rb

@@ -1,5 +1,5 @@
-require 'action_controller/base'
 require 'active_support/concern'
+require 'devise'
 
 require 'simple_token_authentication/entities_manager'
 require 'simple_token_authentication/fallback_authentication_handler'
@@ -13,6 +13,7 @@ module SimpleTokenAuthentication
     included do
       private_class_method :define_token_authentication_helpers_for
       private_class_method :set_token_authentication_hooks
+      private_class_method :entities_manager
       private_class_method :fallback_authentication_handler
 
       private :authenticate_entity_from_token!
@@ -22,6 +23,7 @@ module SimpleTokenAuthentication
       private :token_comparator
       private :sign_in_handler
       private :find_record_from_identifier
+      private :integrate_with_devise_case_insensitive_keys
     end
 
     def authenticate_entity_from_token!(entity)
@@ -52,16 +54,32 @@ module SimpleTokenAuthentication
     def find_record_from_identifier(entity)
       email = entity.get_identifier_from_params_or_headers(self).presence
 
-      # Rails 3 and 4 finder methods are supported,
-      # see https://github.com/ryanb/cancan/blob/1.6.10/lib/cancan/controller_resource.rb#L108-L111
+      email = integrate_with_devise_case_insensitive_keys(email)
+
+      # The finder method should be compatible with all the model adapters,
+      # namely ActiveRecord and Mongoid in all their supported versions.
       record = nil
       record = email && entity.model.where(email: email).first
     end
 
+    # Private: Take benefit from Devise case-insensitive keys
+    #
+    # See https://github.com/plataformatec/devise/blob/v3.4.1/lib/generators/templates/devise.rb#L45-L48
+    #
+    # email - the original email String
+    #
+    # Returns an email String which case follows the Devise case-insensitive keys policy
+    def integrate_with_devise_case_insensitive_keys(email)
+      email.downcase! if email && Devise.case_insensitive_keys.include?(:email)
+      email
+    end
+
+    # Private: Get one (always the same) object which behaves as a token comprator
     def token_comparator
       @@token_comparator ||= TokenComparator.new
     end
 
+    # Private: Get one (always the same) object which behaves as a sign in handler
     def sign_in_handler
       @@sign_in_handler ||= SignInHandler.new
     end
@@ -80,6 +98,7 @@ module SimpleTokenAuthentication
         set_token_authentication_hooks(entity, options)
       end
 
+      # Private: Get one (always the same) object which behaves as an entities manager
       def entities_manager
         if class_variable_defined?(:@@entities_manager)
           class_variable_get(:@@entities_manager)
@@ -88,6 +107,7 @@ module SimpleTokenAuthentication
         end
       end
 
+      # Private: Get one (always the same) object which behaves as a fallback authentication handler
       def fallback_authentication_handler
         if class_variable_defined?(:@@fallback_authentication_handler)
           class_variable_get(:@@fallback_authentication_handler)

data/lib/simple_token_authentication/token_comparator.rb

@@ -2,6 +2,13 @@ require 'devise'
 
 module SimpleTokenAuthentication
   class TokenComparator
+
+    # Compare two String instances
+    #
+    # Important: this method is cryptographically critical and
+    # must be implemented with care when defining new token comparators.
+    #
+    # Returns true if String instances do match, false otherwise
     def compare(a, b)
       # Notice how we use Devise.secure_compare to compare tokens
       # while mitigating timing attacks.

data/lib/simple_token_authentication/version.rb

@@ -1,3 +1,3 @@
 module SimpleTokenAuthentication
-  VERSION = "1.6.0"
+  VERSION = "1.7.0"
 end

data/spec/configuration/header_names_option_spec.rb

@@ -1,5 +1,11 @@
 require 'spec_helper'
 
+def skip_devise_case_insensitive_keys_integration!(controller)
+  allow(controller).to receive(:integrate_with_devise_case_insensitive_keys) do |email|
+    email # return the email without modification
+  end
+end
+
 describe 'Simple Token Authentication' do
 
   describe ':header_names option', header_names_option: true do
@@ -36,6 +42,7 @@ describe 'Simple Token Authentication' do
 
         @controller = @controller_class.new
         allow(@controller).to receive(:sign_in_handler).and_return(:sign_in_handler)
+        skip_devise_case_insensitive_keys_integration!(@controller)
       end
 
 
@@ -442,6 +449,8 @@ describe 'Simple Token Authentication' do
       allow(SimpleTokenAuthentication).to receive(:header_names)
         .and_return({ user: { email: 'X-UpdatedName-User-Email', authentication_token: 'X-UpdatedName-User-Token' }})
 
+      skip_devise_case_insensitive_keys_integration!(@controller)
+
       # the option updated value is taken into account
       # when token authentication is performed
       expect(@controller.request.headers).to receive(:[]).with('X-UpdatedName-User-Email')

data/spec/lib/simple_token_authentication/adapters/rails_api_adapter_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+require 'simple_token_authentication/adapters/rails_api_adapter'
+
+describe 'SimpleTokenAuthentication::Adapters::RailsAPIAdapter' do
+
+  before(:each) do
+    stub_const('ActionController', Module.new)
+    stub_const('ActionController::API', double())
+
+    @subject = SimpleTokenAuthentication::Adapters::RailsAPIAdapter
+  end
+
+  it_behaves_like 'an adapter'
+
+  describe '.base_class' do
+
+    it 'is ActionController::API', private: true do
+      expect(@subject.base_class).to eq ActionController::API
+    end
+  end
+end
+
+context 'When the "API" acronym is not defined' do
+  describe 'SimpleTokenAuthentication::Adapters::RailsApiAdapter' do
+
+    before(:each) do
+      stub_const('ActionController', Module.new)
+      stub_const('ActionController::API', double())
+
+      @subject = SimpleTokenAuthentication::Adapters::RailsApiAdapter
+    end
+
+    it_behaves_like 'an adapter'
+
+    describe '.base_class' do
+
+      it 'is ActionController::API', private: true do
+        expect(@subject.base_class).to eq ActionController::API
+      end
+    end
+  end
+end
+

data/spec/lib/simple_token_authentication/configuration_spec.rb

@@ -20,8 +20,8 @@ describe SimpleTokenAuthentication::Configuration do
 
       it_behaves_like 'a configuration option', 'controller_adapters'
 
-      it "defauts to ['rails']", private: true do
-        expect(@subject.controller_adapters).to eq ['rails']
+      it "defauts to ['rails', 'rails_api']", private: true do
+        expect(@subject.controller_adapters).to eq ['rails', 'rails_api']
       end
     end
 
@@ -34,6 +34,18 @@ describe SimpleTokenAuthentication::Configuration do
       end
     end
 
+    describe 'provides #adapters_dependencies which' do
+
+      it_behaves_like 'a configuration option', 'adapters_dependencies'
+
+      it 'lists the supported adapters dependencies by default', private: true do
+        expect(@subject.adapters_dependencies['active_record']).to eq 'ActiveRecord::Base'
+        expect(@subject.adapters_dependencies['mongoid']).to eq 'Mongoid::Document'
+        expect(@subject.adapters_dependencies['rails']).to eq 'ActionController::Base'
+        expect(@subject.adapters_dependencies['rails_api']).to eq 'ActionController::API'
+      end
+    end
+
     describe 'provides #header_names which', header_names_option: true do
 
       it_behaves_like 'a configuration option', 'header_names'

data/spec/lib/simple_token_authentication/token_authentication_handler_spec.rb

@@ -135,6 +135,107 @@ describe 'Any class which includes SimpleTokenAuthentication::TokenAuthenticatio
     end
   end
 
+  describe '#find_record_from_identifier', private: true do
+
+    before(:each) do
+      @entity = double()
+    end
+
+    context 'when the Devise config. does not defines the identifier as a case-insentitive key' do
+
+      before(:each) do
+        allow(Devise).to receive_message_chain(:case_insensitive_keys, :include?)
+        .with(:email).and_return(false)
+      end
+
+      context 'when a downcased identifier was provided' do
+
+        before(:each) do
+          allow(@entity).to receive(:get_identifier_from_params_or_headers)
+          .and_return('alice@example.com')
+        end
+
+        it 'returns the proper record if any' do
+          # let's say there is a record
+          record = double()
+          allow(@entity).to receive_message_chain(:model, :where).with(email: 'alice@example.com')
+          .and_return([record])
+
+          expect(subject.new.send(:find_record_from_identifier, @entity)).to eq record
+        end
+      end
+
+      context 'when a upcased identifier was provided' do
+
+        before(:each) do
+          allow(@entity).to receive(:get_identifier_from_params_or_headers)
+          .and_return('AliCe@ExampLe.Com')
+        end
+
+        it 'does not return any record' do
+          # let's say there is a record...
+          record = double()
+          # ...whose identifier is downcased...
+          allow(@entity).to receive_message_chain(:model, :where).with(email: 'alice@example.com')
+          .and_return([record])
+          # ...not upcased
+          allow(@entity).to receive_message_chain(:model, :where).with(email: 'AliCe@ExampLe.Com')
+          .and_return([])
+
+          expect(subject.new.send(:find_record_from_identifier, @entity)).to be_nil
+        end
+      end
+    end
+
+
+    context 'when the Devise config. defines the identifier as a case-insentitive key' do
+
+      before(:each) do
+        allow(Devise).to receive_message_chain(:case_insensitive_keys, :include?)
+        .with(:email).and_return(true)
+      end
+
+      context 'and a downcased identifier was provided' do
+
+        before(:each) do
+          allow(@entity).to receive(:get_identifier_from_params_or_headers)
+          .and_return('alice@example.com')
+        end
+
+        it 'returns the proper record if any' do
+          # let's say there is a record
+          record = double()
+          allow(@entity).to receive_message_chain(:model, :where).with(email: 'alice@example.com')
+          .and_return([record])
+
+          expect(subject.new.send(:find_record_from_identifier, @entity)).to eq record
+        end
+      end
+
+      context 'and a upcased identifier was provided' do
+
+        before(:each) do
+          allow(@entity).to receive(:get_identifier_from_params_or_headers)
+          .and_return('AliCe@ExampLe.Com')
+        end
+
+        it 'returns the proper record if any' do
+          # let's say there is a record...
+          record = double()
+          # ...whose identifier is downcased...
+          allow(@entity).to receive_message_chain(:model, :where)
+          allow(@entity).to receive_message_chain(:model, :where).with(email: 'alice@example.com')
+          .and_return([record])
+          # ...not upcased
+          allow(@entity).to receive_message_chain(:model, :where).with(email: 'AliCe@ExampLe.Com')
+          .and_return([])
+
+          expect(subject.new.send(:find_record_from_identifier, @entity)).to eq record
+        end
+      end
+    end
+  end
+
   describe 'and which supports the :before_filter hook' do
 
     before(:each) do

data/spec/lib/simple_token_authentication_spec.rb

@@ -142,4 +142,40 @@ describe SimpleTokenAuthentication do
       end
     end
   end
+
+  context 'when ActionController::API is available' do
+
+    before(:each) do
+      stub_const('ActionController::API', Class.new)
+
+      # define a dummy ActionController::API (a.k.a 'Rails API') adapter
+      dummy_rails_adapter = double()
+      allow(dummy_rails_adapter).to receive(:base_class).and_return(ActionController::API)
+      stub_const('SimpleTokenAuthentication::Adapters::DummyRailsAPIAdapter', dummy_rails_adapter)
+    end
+
+    describe '#ensure_controllers_can_act_as_token_authentication_handlers' do
+
+      before(:each) do
+        class SimpleTokenAuthentication::DummyController < ActionController::API; end
+        @dummy_controller = SimpleTokenAuthentication::DummyController
+
+        expect(@dummy_controller.new).to be_instance_of SimpleTokenAuthentication::DummyController
+        expect(@dummy_controller.new).to be_kind_of ActionController::API
+      end
+
+      after(:each) do
+        SimpleTokenAuthentication.send(:remove_const, :DummyController)
+      end
+
+      it 'allows any kind of ActionController::API to acts as token authentication handler', private: true do
+        expect(@dummy_controller).not_to respond_to :acts_as_token_authentication_handler_for
+
+        subject.ensure_controllers_can_act_as_token_authentication_handlers [
+                          SimpleTokenAuthentication::Adapters::DummyRailsAPIAdapter]
+
+        expect(@dummy_controller).to respond_to :acts_as_token_authentication_handler_for
+      end
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: simple_token_authentication
 version: !ruby/object:Gem::Version
-  version: 1.6.0
+  version: 1.7.0
 platform: ruby
 authors:
 - Gonzalo Bulnes Guilpain
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-24 00:00:00.000000000 Z
+date: 2014-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer
@@ -150,6 +150,7 @@ files:
 - lib/simple_token_authentication/adapters/active_record_adapter.rb
 - lib/simple_token_authentication/adapters/mongoid_adapter.rb
 - lib/simple_token_authentication/adapters/rails_adapter.rb
+- lib/simple_token_authentication/adapters/rails_api_adapter.rb
 - lib/simple_token_authentication/configuration.rb
 - lib/simple_token_authentication/entities_manager.rb
 - lib/simple_token_authentication/entity.rb
@@ -170,6 +171,7 @@ files:
 - spec/lib/simple_token_authentication/adapters/active_record_adapter_spec.rb
 - spec/lib/simple_token_authentication/adapters/mongoid_adapter_spec.rb
 - spec/lib/simple_token_authentication/adapters/rails_adapter_spec.rb
+- spec/lib/simple_token_authentication/adapters/rails_api_adapter_spec.rb
 - spec/lib/simple_token_authentication/configuration_spec.rb
 - spec/lib/simple_token_authentication/entities_manager_spec.rb
 - spec/lib/simple_token_authentication/entity_spec.rb
@@ -210,39 +212,40 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.2
+rubygems_version: 2.4.4
 signing_key: 
 specification_version: 4
 summary: Simple (but safe) token authentication for Rails apps or API with Devise.
 test_files:
+- spec/configuration/header_names_option_spec.rb
+- spec/configuration/sign_in_token_option_spec.rb
+- spec/configuration/action_controller_callbacks_options_spec.rb
+- spec/configuration/fallback_to_devise_option_spec.rb
+- spec/support/spec_for_configuration_option_interface.rb
+- spec/support/spec_for_token_comparator_interface.rb
+- spec/support/spec_for_authentication_handler_interface.rb
+- spec/support/spec_for_entities_manager_interface.rb
+- spec/support/dummy_classes_helper.rb
+- spec/support/specs_for_token_authentication_handler_interface.rb
+- spec/support/spec_for_token_generator_interface.rb
+- spec/support/spec_for_adapter.rb
+- spec/support/spec_for_sign_in_handler_interface.rb
 - spec/lib/simple_token_authentication_spec.rb
-- spec/lib/simple_token_authentication/entities_manager_spec.rb
-- spec/lib/simple_token_authentication/sign_in_handler_spec.rb
 - spec/lib/simple_token_authentication/fallback_authentication_handler_spec.rb
-- spec/lib/simple_token_authentication/token_comparator_spec.rb
-- spec/lib/simple_token_authentication/configuration_spec.rb
 - spec/lib/simple_token_authentication/token_generator_spec.rb
-- spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb
-- spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb
-- spec/lib/simple_token_authentication/token_authentication_handler_spec.rb
-- spec/lib/simple_token_authentication/errors_spec.rb
+- spec/lib/simple_token_authentication/adapter_spec.rb
+- spec/lib/simple_token_authentication/configuration_spec.rb
+- spec/lib/simple_token_authentication/adapters/rails_api_adapter_spec.rb
 - spec/lib/simple_token_authentication/adapters/active_record_adapter_spec.rb
 - spec/lib/simple_token_authentication/adapters/mongoid_adapter_spec.rb
 - spec/lib/simple_token_authentication/adapters/rails_adapter_spec.rb
+- spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb
+- spec/lib/simple_token_authentication/token_authentication_handler_spec.rb
+- spec/lib/simple_token_authentication/sign_in_handler_spec.rb
+- spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb
+- spec/lib/simple_token_authentication/errors_spec.rb
+- spec/lib/simple_token_authentication/entities_manager_spec.rb
+- spec/lib/simple_token_authentication/token_comparator_spec.rb
 - spec/lib/simple_token_authentication/entity_spec.rb
-- spec/lib/simple_token_authentication/adapter_spec.rb
-- spec/configuration/action_controller_callbacks_options_spec.rb
-- spec/configuration/header_names_option_spec.rb
-- spec/configuration/fallback_to_devise_option_spec.rb
-- spec/configuration/sign_in_token_option_spec.rb
 - spec/spec_helper.rb
-- spec/support/spec_for_authentication_handler_interface.rb
-- spec/support/spec_for_entities_manager_interface.rb
-- spec/support/spec_for_adapter.rb
-- spec/support/specs_for_token_authentication_handler_interface.rb
-- spec/support/spec_for_token_comparator_interface.rb
-- spec/support/spec_for_configuration_option_interface.rb
-- spec/support/spec_for_sign_in_handler_interface.rb
-- spec/support/dummy_classes_helper.rb
-- spec/support/spec_for_token_generator_interface.rb
 has_rdoc: