simple_token_authentication 1.0.1 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +25 -14
- data/Rakefile +4 -0
- data/lib/simple_token_authentication/acts_as_token_authenticatable.rb +1 -1
- data/lib/simple_token_authentication/acts_as_token_authentication_handler.rb +39 -18
- data/lib/simple_token_authentication/version.rb +1 -1
- data/spec/dummy/config/initializers/devise.rb +2 -2
- data/spec/dummy/db/migrate/{20140126083109_devise_create_users.rb → 20140220080143_devise_create_users.rb} +0 -0
- data/spec/dummy/db/migrate/{20140126083111_add_authentication_token_to_users.rb → 20140220080144_add_authentication_token_to_users.rb} +0 -0
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fe0b202d3e751ee7f584656ac3e1e5bf980ddc46
|
|
4
|
+
data.tar.gz: e579242f74cee8914dfbd2459b0078f1f487a80a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7b77aed745f0220f4238c25f37be4bc68349288728acd91d11176abe3d34b7a7e510d493dff95be815986cac6375a0be4e629e508036d2e2f33a532bba98078c
|
|
7
|
+
data.tar.gz: bbd38d859ca4bbc6260851fbb8e9084da32d87e40af83afeeb0dacb7594235e4a814547114d622f3d96bc88ad4ce643afb446baabf4fc21c8ea1ec6e33792c07
|
data/README.md
CHANGED
|
@@ -28,20 +28,7 @@ Install [Devise][devise] with any modules you want, then add the gem to your `Ge
|
|
|
28
28
|
gem 'simple_token_authentication'
|
|
29
29
|
```
|
|
30
30
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
```ruby
|
|
34
|
-
# app/controllers/application_controller.rb
|
|
35
|
-
|
|
36
|
-
class ApplicationController < ActionController::Base
|
|
37
|
-
# ...
|
|
38
|
-
acts_as_token_authentication_handler
|
|
39
|
-
|
|
40
|
-
# ...
|
|
41
|
-
end
|
|
42
|
-
```
|
|
43
|
-
|
|
44
|
-
Define which model or models will be token authenticatable (typ. `User`):
|
|
31
|
+
First define which model or models will be token authenticatable (typ. `User`):
|
|
45
32
|
|
|
46
33
|
```ruby
|
|
47
34
|
# app/models/user.rb
|
|
@@ -70,6 +57,19 @@ rails g migration add_authentication_token_to_users authentication_token:string:
|
|
|
70
57
|
rake db:migrate
|
|
71
58
|
```
|
|
72
59
|
|
|
60
|
+
Finally define which controller will handle authentication (typ. `ApplicationController`) for which _token authenticatable_ model:
|
|
61
|
+
|
|
62
|
+
```ruby
|
|
63
|
+
# app/controllers/application_controller.rb
|
|
64
|
+
|
|
65
|
+
class ApplicationController < ActionController::Base
|
|
66
|
+
# ...
|
|
67
|
+
acts_as_token_authentication_handler_for User
|
|
68
|
+
|
|
69
|
+
# ...
|
|
70
|
+
end
|
|
71
|
+
```
|
|
72
|
+
|
|
73
73
|
Usage
|
|
74
74
|
-----
|
|
75
75
|
|
|
@@ -117,6 +117,17 @@ The resulting Cucumber features are a bit verbose, and their output when errors
|
|
|
117
117
|
|
|
118
118
|
You can run the full test suite with `cd simple_token_authentication && rake`.
|
|
119
119
|
|
|
120
|
+
### Executable documentation
|
|
121
|
+
|
|
122
|
+
The Cucumber scenarii describe how to setup demonstration applications for different use cases. While you can read the `rake` output, you may prefer to read it in HTML format:
|
|
123
|
+
|
|
124
|
+
```bash
|
|
125
|
+
cd simple_token_authentication
|
|
126
|
+
rake features_html # generate the features documentation
|
|
127
|
+
|
|
128
|
+
# Open doc/features.html in your preferred web browser.
|
|
129
|
+
```
|
|
130
|
+
|
|
120
131
|
### Contributions
|
|
121
132
|
|
|
122
133
|
Contributions are welcome! I'm not keeping a list of contributors for now, but any PR which references us all will be welcome.
|
data/Rakefile
CHANGED
|
@@ -26,6 +26,10 @@ begin
|
|
|
26
26
|
t.cucumber_opts = "--format pretty"
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
+
Cucumber::Rake::Task.new(:features_html) do |t|
|
|
30
|
+
t.cucumber_opts = "--format html --out doc/features.html"
|
|
31
|
+
end
|
|
32
|
+
|
|
29
33
|
rescue LoadError
|
|
30
34
|
desc 'Cucumber rake task not available'
|
|
31
35
|
task :features do
|
|
@@ -18,7 +18,7 @@ module SimpleTokenAuthentication
|
|
|
18
18
|
def generate_authentication_token
|
|
19
19
|
loop do
|
|
20
20
|
token = Devise.friendly_token
|
|
21
|
-
break token unless
|
|
21
|
+
break token unless self.class.where(authentication_token: token).first
|
|
22
22
|
end
|
|
23
23
|
end
|
|
24
24
|
|
|
@@ -6,52 +6,67 @@ module SimpleTokenAuthentication
|
|
|
6
6
|
# before editing this file, the discussion is very interesting.
|
|
7
7
|
|
|
8
8
|
included do
|
|
9
|
-
private :
|
|
9
|
+
private :authenticate_entity_from_token!
|
|
10
10
|
# This is our new function that comes before Devise's one
|
|
11
|
-
before_filter :
|
|
11
|
+
before_filter :authenticate_entity_from_token!
|
|
12
12
|
# This is Devise's authentication
|
|
13
|
-
before_filter :
|
|
13
|
+
before_filter :authenticate_entity!
|
|
14
14
|
end
|
|
15
15
|
|
|
16
|
+
def authenticate_entity!
|
|
17
|
+
# Caution: entity should be a singular camel-cased name but could be pluralized or underscored.
|
|
18
|
+
self.method("authenticate_#{@@entity.name.singularize.underscore}!".to_sym).call
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
|
|
16
22
|
# For this example, we are simply using token authentication
|
|
17
23
|
# via parameters. However, anyone could use Rails's token
|
|
18
24
|
# authentication features to get the token from a header.
|
|
19
|
-
def
|
|
25
|
+
def authenticate_entity_from_token!
|
|
20
26
|
# Set the authentication token params if not already present,
|
|
21
27
|
# see http://stackoverflow.com/questions/11017348/rails-api-authentication-by-headers-token
|
|
22
|
-
|
|
23
|
-
|
|
28
|
+
params_token_name = "#{@@entity.name.singularize.underscore}_token".to_sym
|
|
29
|
+
params_email_name = "#{@@entity.name.singularize.underscore}_email".to_sym
|
|
30
|
+
header_token_name = "X-#{@@entity.name.singularize.camelize}-Token"
|
|
31
|
+
header_email_name = "X-#{@@entity.name.singularize.camelize}-Email"
|
|
32
|
+
if token = params[params_token_name].blank? && request.headers[header_token_name]
|
|
33
|
+
params[params_token_name] = token
|
|
24
34
|
end
|
|
25
|
-
if
|
|
26
|
-
params[
|
|
35
|
+
if email = params[params_email_name].blank? && request.headers[header_email_name]
|
|
36
|
+
params[params_email_name] = email
|
|
27
37
|
end
|
|
28
38
|
|
|
29
|
-
|
|
39
|
+
email = params[params_email_name].presence
|
|
30
40
|
# See https://github.com/ryanb/cancan/blob/1.6.10/lib/cancan/controller_resource.rb#L108-L111
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
41
|
+
entity = nil
|
|
42
|
+
if @@entity.respond_to? "find_by"
|
|
43
|
+
entity = email && @@entity.find_by(email: email)
|
|
44
|
+
elsif @@entity.respond_to? "find_by_email"
|
|
45
|
+
entity = email && @@entity.find_by_email(email)
|
|
35
46
|
end
|
|
36
47
|
|
|
37
48
|
# Notice how we use Devise.secure_compare to compare the token
|
|
38
49
|
# in the database with the token given in the params, mitigating
|
|
39
50
|
# timing attacks.
|
|
40
|
-
if
|
|
41
|
-
# Notice we are passing store false, so the
|
|
51
|
+
if entity && Devise.secure_compare(entity.authentication_token, params[params_token_name])
|
|
52
|
+
# Notice we are passing store false, so the entity is not
|
|
42
53
|
# actually stored in the session and a token is needed
|
|
43
54
|
# for every request. If you want the token to work as a
|
|
44
55
|
# sign in token, you can simply remove store: false.
|
|
45
|
-
sign_in
|
|
56
|
+
sign_in entity, store: false
|
|
46
57
|
end
|
|
47
58
|
end
|
|
59
|
+
|
|
60
|
+
def self.set_entity entity
|
|
61
|
+
@@entity = entity
|
|
62
|
+
end
|
|
48
63
|
end
|
|
49
64
|
|
|
50
65
|
module ActsAsTokenAuthenticationHandler
|
|
51
66
|
extend ActiveSupport::Concern
|
|
52
67
|
|
|
53
68
|
# I have insulated the methods into an additional module to avoid before_filters
|
|
54
|
-
# to be applied by the `included` block before
|
|
69
|
+
# to be applied by the `included` block before acts_as_token_authentication_handler_for was called.
|
|
55
70
|
# See https://github.com/gonzalo-bulnes/simple_token_authentication/issues/8#issuecomment-31707201
|
|
56
71
|
|
|
57
72
|
included do
|
|
@@ -59,9 +74,15 @@ module SimpleTokenAuthentication
|
|
|
59
74
|
end
|
|
60
75
|
|
|
61
76
|
module ClassMethods
|
|
62
|
-
def
|
|
77
|
+
def acts_as_token_authentication_handler_for(entity, options = {})
|
|
78
|
+
SimpleTokenAuthentication::ActsAsTokenAuthenticationHandlerMethods.set_entity entity
|
|
63
79
|
include SimpleTokenAuthentication::ActsAsTokenAuthenticationHandlerMethods
|
|
64
80
|
end
|
|
81
|
+
|
|
82
|
+
def acts_as_token_authentication_handler
|
|
83
|
+
ActiveSupport::Deprecation.warn "`acts_as_token_authentication_handler()` is deprecated and may be removed from future releases, use `acts_as_token_authentication_handler_for(User)` instead.", caller
|
|
84
|
+
acts_as_token_authentication_handler_for User
|
|
85
|
+
end
|
|
65
86
|
end
|
|
66
87
|
end
|
|
67
88
|
end
|
|
@@ -4,7 +4,7 @@ Devise.setup do |config|
|
|
|
4
4
|
# The secret key used by Devise. Devise uses this key to generate
|
|
5
5
|
# random tokens. Changing this key will render invalid all existing
|
|
6
6
|
# confirmation, reset password and unlock tokens in the database.
|
|
7
|
-
config.secret_key = '
|
|
7
|
+
config.secret_key = '67fdb5ef83612b1c364294f2650098154c98ab478e115e6cac5da51f57c2847e4c2ae4706be212db4a74f4947cb151b7d5ffb409b424799ccedf2a67b48ddeb6'
|
|
8
8
|
|
|
9
9
|
# ==> Mailer Configuration
|
|
10
10
|
# Configure the e-mail address which will be shown in Devise::Mailer,
|
|
@@ -95,7 +95,7 @@ Devise.setup do |config|
|
|
|
95
95
|
config.stretches = Rails.env.test? ? 1 : 10
|
|
96
96
|
|
|
97
97
|
# Setup a pepper to generate the encrypted password.
|
|
98
|
-
# config.pepper = '
|
|
98
|
+
# config.pepper = '4a1413e8413a51d2dd28e92b9b0414ee0b6ecffc3dd3ce0dfe7b226805efe51d78e61e2121bea905ef76782159c8bec605915af0e25255946459747d3d5ea7bc'
|
|
99
99
|
|
|
100
100
|
# ==> Configuration for :confirmable
|
|
101
101
|
# A period that the user is allowed to access the website even without
|
|
File without changes
|
|
File without changes
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: simple_token_authentication
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gonzalo Bulnes Guilpain
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-02-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|
|
@@ -170,8 +170,8 @@ files:
|
|
|
170
170
|
- spec/dummy/bin/rails
|
|
171
171
|
- spec/dummy/bin/rake
|
|
172
172
|
- spec/dummy/db/seeds.rb
|
|
173
|
-
- spec/dummy/db/migrate/
|
|
174
|
-
- spec/dummy/db/migrate/
|
|
173
|
+
- spec/dummy/db/migrate/20140220080144_add_authentication_token_to_users.rb
|
|
174
|
+
- spec/dummy/db/migrate/20140220080143_devise_create_users.rb
|
|
175
175
|
- spec/dummy/log/test.log
|
|
176
176
|
- spec/dummy/README.rdoc
|
|
177
177
|
- spec/dummy/config/initializers/wrap_parameters.rb
|
|
@@ -237,8 +237,8 @@ test_files:
|
|
|
237
237
|
- spec/dummy/bin/rails
|
|
238
238
|
- spec/dummy/bin/rake
|
|
239
239
|
- spec/dummy/db/seeds.rb
|
|
240
|
-
- spec/dummy/db/migrate/
|
|
241
|
-
- spec/dummy/db/migrate/
|
|
240
|
+
- spec/dummy/db/migrate/20140220080144_add_authentication_token_to_users.rb
|
|
241
|
+
- spec/dummy/db/migrate/20140220080143_devise_create_users.rb
|
|
242
242
|
- spec/dummy/log/test.log
|
|
243
243
|
- spec/dummy/README.rdoc
|
|
244
244
|
- spec/dummy/config/initializers/wrap_parameters.rb
|