simple_token_authentication 1.10.0 → 1.10.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +27 -2
- data/lib/simple_token_authentication.rb +2 -4
- data/lib/simple_token_authentication/errors.rb +24 -0
- data/lib/simple_token_authentication/version.rb +1 -1
- data/spec/lib/simple_token_authentication/errors_spec.rb +6 -0
- data/spec/support/spec_for_sign_in_handler_interface.rb +2 -2
- metadata +31 -30
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cc9c3c84827bba7367ebae956b4570eeb08c121c
|
4
|
+
data.tar.gz: 59f9d3ef5ebdd6293a72d5fe1d0032a3154b1ece
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 80c26958d4e2bea406c1d383aa4d1bdc3272f8bb51b988130927bc8a8b1853279ccb92757a0956b491e85cdbfdd4771f78d6331c8b097f949b31cf6894cc9249
|
7
|
+
data.tar.gz: acb6c207ac94633f6ee5df3355768cd153c012566d8045af01bc4d1a9d7ad625d33208d926c04b279320834988cd7948730fdce07ce760cdfb56fa2a832c5e0b
|
data/README.md
CHANGED
@@ -136,7 +136,8 @@ Configuration
|
|
136
136
|
-------------
|
137
137
|
|
138
138
|
Some aspects of the behavior of _Simple Token Authentication_ can be customized with an initializer.
|
139
|
-
|
139
|
+
|
140
|
+
The file below contains examples of the patterns that _token authentication handlers_ will watch for credentials (e.g. `user_email`, `X-SuperAdmin-Token`) and how to customize them:
|
140
141
|
|
141
142
|
```ruby
|
142
143
|
# config/initializers/simple_token_authentication.rb
|
@@ -240,7 +241,7 @@ In fact, you can mix both methods and provide the `user_email` with one and the
|
|
240
241
|
|
241
242
|
If sign-in is successful, no other authentication method will be run, but if it doesn't (the authentication params were missing, or incorrect) then Devise takes control and tries to `authenticate_user!` with its own modules. That behaviour can however be modified for any controller through the **fallback** option (which defaults to `fallback: :devise`).
|
242
243
|
|
243
|
-
When `
|
244
|
+
When `fallback: :exception` is set, then an exception is raised on token authentication failure. The resulting controller behaviour is very similar to the behaviour induced by using the Devise `authenticate_user!` callback instead of `authenticate_user`. That setting allows, for example, to prevent unauthenticated users to accede API controllers while disabling the default fallback to Devise.
|
244
245
|
|
245
246
|
**Important**: Please do notice that controller actions without CSRF protection **must** disable the Devise fallback for [security reasons][csrf] (both `fallback: :exception` and `fallback: :none` will disable the Devise fallback). Since Rails enables CSRF protection by default, this configuration requirement should only affect controllers where you have disabled it specifically, which may be the case of API controllers.
|
246
247
|
|
@@ -248,6 +249,30 @@ To use no fallback when token authentication fails, set `fallback: :none`.
|
|
248
249
|
|
249
250
|
[csrf]: https://github.com/gonzalo-bulnes/simple_token_authentication/issues/49
|
250
251
|
|
252
|
+
### Testing
|
253
|
+
|
254
|
+
Here is an example of how you can test-drive your configuration using [Minitest][minitest]:
|
255
|
+
|
256
|
+
[minitest]: https://github.com/seattlerb/minitest
|
257
|
+
|
258
|
+
```ruby
|
259
|
+
class SomeControllerTest < ActionController::TestCase
|
260
|
+
|
261
|
+
test "index with token authentication via query params" do
|
262
|
+
get :index, { user_email: "alice@example.com", user_token: "1G8_s7P-V-4MGojaKD7a" }
|
263
|
+
assert_response :success
|
264
|
+
end
|
265
|
+
|
266
|
+
test "index with token authentication via request headers" do
|
267
|
+
@request.headers['X-User-Email'] = "alice@example.com"
|
268
|
+
@request.headers['X-User-Token'] = "1G8_s7P-V-4MGojaKD7a"
|
269
|
+
|
270
|
+
get :index
|
271
|
+
assert_response :success
|
272
|
+
end
|
273
|
+
end
|
274
|
+
```
|
275
|
+
|
251
276
|
Documentation
|
252
277
|
-------------
|
253
278
|
|
@@ -1,13 +1,11 @@
|
|
1
1
|
require 'simple_token_authentication/acts_as_token_authenticatable'
|
2
2
|
require 'simple_token_authentication/acts_as_token_authentication_handler'
|
3
3
|
require 'simple_token_authentication/configuration'
|
4
|
+
require 'simple_token_authentication/errors'
|
4
5
|
|
5
6
|
module SimpleTokenAuthentication
|
6
7
|
extend Configuration
|
7
8
|
|
8
|
-
NoAdapterAvailableError = Class.new(LoadError)
|
9
|
-
InvalidOptionValue = Class.new(RuntimeError)
|
10
|
-
|
11
9
|
private
|
12
10
|
|
13
11
|
def self.ensure_models_can_act_as_token_authenticatables model_adapters
|
@@ -42,7 +40,7 @@ module SimpleTokenAuthentication
|
|
42
40
|
available_adapters.compact!
|
43
41
|
|
44
42
|
# stop here if dependencies are missing or no adequate adapters are present
|
45
|
-
raise
|
43
|
+
raise NoAdapterAvailableError.new if available_adapters.empty?
|
46
44
|
|
47
45
|
available_adapters
|
48
46
|
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module SimpleTokenAuthentication
|
2
|
+
|
3
|
+
class NoAdapterAvailableError < LoadError
|
4
|
+
|
5
|
+
def to_s
|
6
|
+
message = <<-HELP.gsub(/^ {8}/, '')
|
7
|
+
No adapter could be loaded, probably because of unavailable dependencies.
|
8
|
+
|
9
|
+
Please make sure that Simple Token Authentication is declared after your adapters' dependencies in your Gemfile.
|
10
|
+
|
11
|
+
Example:
|
12
|
+
|
13
|
+
# Gemfile
|
14
|
+
|
15
|
+
gem 'mongoid', '~> 4.0' # for example
|
16
|
+
gem 'simple_token_authentication', '~> 1.0'
|
17
|
+
|
18
|
+
See https://github.com/gonzalo-bulnes/simple_token_authentication/issues/158
|
19
|
+
HELP
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
InvalidOptionValue = Class.new(RuntimeError)
|
24
|
+
end
|
@@ -5,4 +5,10 @@ describe SimpleTokenAuthentication::NoAdapterAvailableError do
|
|
5
5
|
it 'is a kind of LoadError', public: true do
|
6
6
|
expect(subject).to be_kind_of LoadError
|
7
7
|
end
|
8
|
+
|
9
|
+
it 'provides a pointer to its most common cause', public: true do
|
10
|
+
expect(subject.to_s).to match("adapters' dependencies")
|
11
|
+
expect(subject.to_s).to match('Gemfile')
|
12
|
+
expect(subject.to_s).to match('issues/158')
|
13
|
+
end
|
8
14
|
end
|
@@ -1,8 +1,8 @@
|
|
1
1
|
RSpec.shared_examples 'a sign in handler' do
|
2
2
|
|
3
|
-
let(:
|
3
|
+
let(:sign_in_handler) { described_class.new() }
|
4
4
|
|
5
5
|
it 'responds to :sign_in', private: true do
|
6
|
-
expect(
|
6
|
+
expect(sign_in_handler).to respond_to :sign_in
|
7
7
|
end
|
8
8
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: simple_token_authentication
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.10.
|
4
|
+
version: 1.10.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Gonzalo Bulnes Guilpain
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-11-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: actionmailer
|
@@ -155,6 +155,7 @@ files:
|
|
155
155
|
- lib/simple_token_authentication/devise_fallback_handler.rb
|
156
156
|
- lib/simple_token_authentication/entities_manager.rb
|
157
157
|
- lib/simple_token_authentication/entity.rb
|
158
|
+
- lib/simple_token_authentication/errors.rb
|
158
159
|
- lib/simple_token_authentication/exception_fallback_handler.rb
|
159
160
|
- lib/simple_token_authentication/sign_in_handler.rb
|
160
161
|
- lib/simple_token_authentication/token_authentication_handler.rb
|
@@ -215,43 +216,43 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
215
216
|
version: '0'
|
216
217
|
requirements: []
|
217
218
|
rubyforge_project:
|
218
|
-
rubygems_version: 2.
|
219
|
+
rubygems_version: 2.5.0
|
219
220
|
signing_key:
|
220
221
|
specification_version: 4
|
221
222
|
summary: Simple (but safe) token authentication for Rails apps or API with Devise.
|
222
223
|
test_files:
|
224
|
+
- spec/spec_helper.rb
|
225
|
+
- spec/support/spec_for_authentication_handler_interface.rb
|
226
|
+
- spec/support/spec_for_token_comparator_interface.rb
|
227
|
+
- spec/support/spec_for_token_generator_interface.rb
|
228
|
+
- spec/support/specs_for_token_authentication_handler_interface.rb
|
229
|
+
- spec/support/spec_for_entities_manager_interface.rb
|
230
|
+
- spec/support/spec_for_configuration_option_interface.rb
|
231
|
+
- spec/support/spec_for_adapter.rb
|
232
|
+
- spec/support/dummy_classes_helper.rb
|
233
|
+
- spec/support/spec_for_fallback_handler_interface.rb
|
234
|
+
- spec/support/spec_for_sign_in_handler_interface.rb
|
235
|
+
- spec/configuration/skip_devise_trackable_option_spec.rb
|
236
|
+
- spec/configuration/sign_in_token_option_spec.rb
|
237
|
+
- spec/configuration/fallback_to_devise_option_spec.rb
|
238
|
+
- spec/configuration/header_names_option_spec.rb
|
239
|
+
- spec/configuration/action_controller_callbacks_options_spec.rb
|
223
240
|
- spec/lib/simple_token_authentication_spec.rb
|
241
|
+
- spec/lib/simple_token_authentication/devise_fallback_handler_spec.rb
|
224
242
|
- spec/lib/simple_token_authentication/entities_manager_spec.rb
|
225
243
|
- spec/lib/simple_token_authentication/sign_in_handler_spec.rb
|
226
|
-
- spec/lib/simple_token_authentication/
|
227
|
-
- spec/lib/simple_token_authentication/token_comparator_spec.rb
|
228
|
-
- spec/lib/simple_token_authentication/configuration_spec.rb
|
244
|
+
- spec/lib/simple_token_authentication/adapter_spec.rb
|
229
245
|
- spec/lib/simple_token_authentication/token_generator_spec.rb
|
230
|
-
- spec/lib/simple_token_authentication/
|
246
|
+
- spec/lib/simple_token_authentication/exception_fallback_handler_spec.rb
|
231
247
|
- spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb
|
232
|
-
- spec/lib/simple_token_authentication/devise_fallback_handler_spec.rb
|
233
|
-
- spec/lib/simple_token_authentication/token_authentication_handler_spec.rb
|
234
|
-
- spec/lib/simple_token_authentication/errors_spec.rb
|
235
|
-
- spec/lib/simple_token_authentication/adapters/active_record_adapter_spec.rb
|
236
|
-
- spec/lib/simple_token_authentication/adapters/mongoid_adapter_spec.rb
|
237
|
-
- spec/lib/simple_token_authentication/adapters/rails_adapter_spec.rb
|
238
248
|
- spec/lib/simple_token_authentication/adapters/rails_api_adapter_spec.rb
|
249
|
+
- spec/lib/simple_token_authentication/adapters/rails_adapter_spec.rb
|
250
|
+
- spec/lib/simple_token_authentication/adapters/mongoid_adapter_spec.rb
|
251
|
+
- spec/lib/simple_token_authentication/adapters/active_record_adapter_spec.rb
|
252
|
+
- spec/lib/simple_token_authentication/errors_spec.rb
|
253
|
+
- spec/lib/simple_token_authentication/token_comparator_spec.rb
|
254
|
+
- spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb
|
239
255
|
- spec/lib/simple_token_authentication/entity_spec.rb
|
240
|
-
- spec/lib/simple_token_authentication/
|
241
|
-
- spec/
|
242
|
-
- spec/configuration/header_names_option_spec.rb
|
243
|
-
- spec/configuration/fallback_to_devise_option_spec.rb
|
244
|
-
- spec/configuration/skip_devise_trackable_option_spec.rb
|
245
|
-
- spec/configuration/sign_in_token_option_spec.rb
|
246
|
-
- spec/spec_helper.rb
|
247
|
-
- spec/support/spec_for_authentication_handler_interface.rb
|
248
|
-
- spec/support/spec_for_entities_manager_interface.rb
|
249
|
-
- spec/support/spec_for_adapter.rb
|
250
|
-
- spec/support/specs_for_token_authentication_handler_interface.rb
|
251
|
-
- spec/support/spec_for_token_comparator_interface.rb
|
252
|
-
- spec/support/spec_for_fallback_handler_interface.rb
|
253
|
-
- spec/support/spec_for_configuration_option_interface.rb
|
254
|
-
- spec/support/spec_for_sign_in_handler_interface.rb
|
255
|
-
- spec/support/dummy_classes_helper.rb
|
256
|
-
- spec/support/spec_for_token_generator_interface.rb
|
256
|
+
- spec/lib/simple_token_authentication/configuration_spec.rb
|
257
|
+
- spec/lib/simple_token_authentication/token_authentication_handler_spec.rb
|
257
258
|
has_rdoc:
|