simple_token_authentication 1.1.1 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a099166750c3ffa7b40f3cb27a8edb3ee77b44b9
-  data.tar.gz: 036ce13c507db9f9565811b26e1208a4cdb124e0
+  metadata.gz: b82f0df25b0b1c4f975fac6ff17ec8baf7bb0d56
+  data.tar.gz: 07648b40370631ec080940103c9e7632639f962b
 SHA512:
-  metadata.gz: 011f771b587175aee878714d5a20f079f482d89b26e5219aa542b1abac9ac1e5be8107ab1f82c4628bf0b5201ecc95e5c89f792934d1386514d8b155174a10af
-  data.tar.gz: 2a1d2ebedb2a333d5cbf9bb47e78e1092da190bbb6937993857f8592e671efdad46d24aedf7a0392ba3a04c4b212039a22d4f34e0483e6aaac7c0a83aaff9ca9
+  metadata.gz: abbb4abba13fbf7f9576462e4dc69f55ce516bb43c6c8e2760d009507c2bda35a4ca114172925c706a32aee4392be98104f765c399652048bbbd5755ae761d2d
+  data.tar.gz: 016afaa432bcde97ca425cd23e574f03369ec45dbf12cefa4f72352bb6b1ce401b17395a7925d234cdcb958bb96f04ffbd1e9ae88b121258b5c32d69372b49da

data/README.md

@@ -70,6 +70,47 @@ class ApplicationController < ActionController::Base
 end
 ```
 
+Configuration
+-------------
+
+Some aspects of the behavior of _Simple Token Authentication_ can be customized with an initializer.
+Below is an example with reasonable defaults:
+
+```ruby
+# config/initializers/simple_token_authentication.rb
+
+SimpleTokenAuthentication.configure do |config|
+
+  # Configure the session persistence policy after a successful sign in,
+  # in other words, if the authentication token acts as a signin token.
+  # If true, user is stored in the session and the authentication token and
+  # email may be provided only once.
+  # If false, users must provide their authentication token and email at every request.
+  # config.sign_in_token = false
+
+  # Configure the name of the HTTP headers watched for authentication.
+  #
+  # Default header names for a given token authenticatable entity follow the pattern:
+  #   { entity: { authentication_token: 'X-Entity-Token', email: 'X-Entity-Email'} }
+  #
+  # When several token authenticatable models are defined, custom header names
+  # can be specified for none, any, or all of them.
+  #
+  # Examples
+  #
+  #   Given User and SuperAdmin are token authenticatable,
+  #   When the following configuration is used:
+  #     `config.header_names = { super_admin: { authentication_token: 'X-Admin-Auth-Token' } }`
+  #   Then the token authentification handler for User watches the following headers:
+  #     `X-User-Token, X-User-Email`
+  #   And the token authentification handler for SuperAdmin watches the following headers:
+  #     `X-Admin-Auth-Token, X-SuperAdmin-Email`
+  #
+  # config.header_names = { user: { authentication_token: 'X-User-Token', email: 'X-User-Email' } }
+
+end
+```
+
 Usage
 -----
 
@@ -102,6 +143,35 @@ In fact, you can mix both methods and provide the `user_email` with one and the
 
 If sign-in is successful, no other authentication method will be run, but if it doesn't (the authentication params were missing, or incorrect) then Devise takes control and tries to `authenticate_user!` with its own modules.
 
+Documentation
+-------------
+
+### Executable documentation
+
+The Cucumber scenarii describe how to setup demonstration applications for different use cases. While you can read the `rake` output, you may prefer to read it in HTML format: see `doc/features.html`. The file is generated automatically by Cucumber, if necessary, you can update it by yourself:
+
+```bash
+cd simple_token_authentication
+rake features_html # generate the features documentation
+
+# Open doc/features.html in your preferred web browser.
+```
+
+I find that HTML output quite enjoyable, I hope you'll do so!
+
+### Frequently Asked Questions
+
+Any question? Please don't hesitate to open a new issue to get help. I keep questions tagged to make possible to [review the open questions][open-questions], while closed questions are organized as a sort of [FAQ][faq].
+
+  [open-questions]: https://github.com/gonzalo-bulnes/simple_token_authentication/issues?labels=question&page=1&state=open
+  [faq]: https://github.com/gonzalo-bulnes/simple_token_authentication/issues?direction=desc&labels=question&page=1&sort=comments&state=closed
+
+### Changelog
+
+Releases are commented to provide a brief [changelog][changelog].
+
+  [changelog]: https://github.com/gonzalo-bulnes/simple_token_authentication/releases
+
 Development
 -----------
 
@@ -109,28 +179,20 @@ Development
 
 Since `v1.0.0`, this gem development is test-driven. Each use case should be described with [RSpec][rspec] within an example app. That app will be created and configured automatically by [Aruba][aruba] as a [Cucumber][cucumber] feature.
 
-The resulting Cucumber features are a bit verbose, and their output when errors occur is not ideal, but their output when they are passing, on the contrary, provides an easy to reproduce recipe to build the example app. I find that useful enough to be patient with red scenarii for now.
+The resulting Cucumber features are a bit verbose, and their output when errors occur is not ideal, but their output when they are passing, on the contrary, provides an easy-to-reproduce recipe to build the example app (see [Executable documentation][exec-doc]). I find that useful enough to be patient with red scenarii for now.
 
   [aruba]: https://github.com/cucumber/aruba
   [cucumber]: https://github.com/cucumber/cucumber-rails
   [rspec]: https://www.relishapp.com/rspec/rspec-rails/docs
+  [exec-doc]: https://github.com/gonzalo-bulnes/simple_token_authentication#executable-documentation
 
 You can run the full test suite with `cd simple_token_authentication && rake`.
 
-### Executable documentation
-
-The Cucumber scenarii describe how to setup demonstration applications for different use cases. While you can read the `rake` output, you may prefer to read it in HTML format:
-
-```bash
-cd simple_token_authentication
-rake features_html # generate the features documentation
-
-# Open doc/features.html in your preferred web browser.
-```
-
 ### Contributions
 
-Contributions are welcome! I'm not keeping a list of contributors for now, but any PR which references us all will be welcome.
+Contributions are welcome! I'm not personally maintaining any [list of contributors][contributors] for now, but any PR which references us all will be welcome.
+
+  [contributors]: https://github.com/gonzalo-bulnes/simple_token_authentication/graphs/contributors
 
 Credits
 -------

data/lib/simple_token_authentication.rb

@@ -1,5 +1,7 @@
 require 'simple_token_authentication/acts_as_token_authenticatable'
 require 'simple_token_authentication/acts_as_token_authentication_handler'
+require 'simple_token_authentication/configuration'
 
 module SimpleTokenAuthentication
+  extend Configuration
 end

data/lib/simple_token_authentication/acts_as_token_authentication_handler.rb

@@ -7,10 +7,17 @@ module SimpleTokenAuthentication
 
     included do
       private :authenticate_entity_from_token!
+      private :header_token_name
+      private :header_email_name
       # This is our new function that comes before Devise's one
       before_filter :authenticate_entity_from_token!
       # This is Devise's authentication
       before_filter :authenticate_entity!
+
+      # This is necessary to test which arguments were passed to sign_in
+      # from authenticate_entity_from_token!
+      # See https://github.com/gonzalo-bulnes/simple_token_authentication/pull/32
+      ActionController::Base.send :include, Devise::Controllers::SignInOut if Rails.env.test?
     end
 
     def authenticate_entity!
@@ -27,8 +34,6 @@ module SimpleTokenAuthentication
       # see http://stackoverflow.com/questions/11017348/rails-api-authentication-by-headers-token
       params_token_name = "#{@@entity.name.singularize.underscore}_token".to_sym
       params_email_name = "#{@@entity.name.singularize.underscore}_email".to_sym
-      header_token_name = "X-#{@@entity.name.singularize.camelize}-Token"
-      header_email_name = "X-#{@@entity.name.singularize.camelize}-Email"
       if token = params[params_token_name].blank? && request.headers[header_token_name]
         params[params_token_name] = token
       end
@@ -53,7 +58,25 @@ module SimpleTokenAuthentication
         # actually stored in the session and a token is needed
         # for every request. If you want the token to work as a
         # sign in token, you can simply remove store: false.
-        sign_in entity, store: false
+        sign_in entity, store: SimpleTokenAuthentication.sign_in_token
+      end
+    end
+
+    # Private: Return the name of the header to watch for the token authentication param
+    def header_token_name
+      if SimpleTokenAuthentication.header_names["#{@@entity.name.singularize.underscore}".to_sym].presence
+        SimpleTokenAuthentication.header_names["#{@@entity.name.singularize.underscore}".to_sym][:authentication_token]
+      else
+        "X-#{@@entity.name.singularize.camelize}-Token"
+      end
+    end
+
+    # Private: Return the name of the header to watch for the email param
+    def header_email_name
+      if SimpleTokenAuthentication.header_names["#{@@entity.name.singularize.underscore}".to_sym].presence
+        SimpleTokenAuthentication.header_names["#{@@entity.name.singularize.underscore}".to_sym][:email]
+      else
+        "X-#{@@entity.name.singularize.camelize}-Email"
       end
     end
 

data/lib/simple_token_authentication/configuration.rb

@@ -0,0 +1,15 @@
+module SimpleTokenAuthentication
+  module Configuration
+
+    mattr_accessor :header_names
+    mattr_accessor :sign_in_token
+
+    # Default configuration
+    @@header_names = {}
+    @@sign_in_token = false
+
+    def configure
+      yield self if block_given?
+    end
+  end
+end

data/lib/simple_token_authentication/version.rb

@@ -1,3 +1,3 @@
 module SimpleTokenAuthentication
-  VERSION = "1.1.1"
+  VERSION = "1.2.0"
 end

data/spec/dummy/app/assets/javascripts/private_posts.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/spec/dummy/app/assets/stylesheets/private_posts.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/spec/dummy/app/assets/stylesheets/scaffold.css

@@ -0,0 +1,56 @@
+body { background-color: #fff; color: #333; }
+
+body, p, ol, ul, td {
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size:   13px;
+  line-height: 18px;
+}
+
+pre {
+  background-color: #eee;
+  padding: 10px;
+  font-size: 11px;
+}
+
+a { color: #000; }
+a:visited { color: #666; }
+a:hover { color: #fff; background-color:#000; }
+
+div.field, div.actions {
+  margin-bottom: 10px;
+}
+
+#notice {
+  color: green;
+}
+
+.field_with_errors {
+  padding: 2px;
+  background-color: red;
+  display: table;
+}
+
+#error_explanation {
+  width: 450px;
+  border: 2px solid red;
+  padding: 7px;
+  padding-bottom: 0;
+  margin-bottom: 20px;
+  background-color: #f0f0f0;
+}
+
+#error_explanation h2 {
+  text-align: left;
+  font-weight: bold;
+  padding: 5px 5px 5px 15px;
+  font-size: 12px;
+  margin: -7px;
+  margin-bottom: 0px;
+  background-color: #c00;
+  color: #fff;
+}
+
+#error_explanation ul li {
+  font-size: 12px;
+  list-style: square;
+}

data/spec/dummy/app/controllers/private_posts_controller.rb

@@ -0,0 +1,63 @@
+class PrivatePostsController < ApplicationController
+
+  # Please do notice that this controller DOES call `acts_as_authentication_handler`.
+  # See test/dummy/spec/requests/posts_specs.rb
+  acts_as_token_authentication_handler_for User
+
+  before_action :set_private_post, only: [:show, :edit, :update, :destroy]
+
+  # GET /private_posts
+  def index
+    @private_posts = PrivatePost.all
+  end
+
+  # GET /private_posts/1
+  def show
+  end
+
+  # GET /private_posts/new
+  def new
+    @private_post = PrivatePost.new
+  end
+
+  # GET /private_posts/1/edit
+  def edit
+  end
+
+  # POST /private_posts
+  def create
+    @private_post = PrivatePost.new(private_post_params)
+
+    if @private_post.save
+      redirect_to @private_post, notice: 'Private post was successfully created.'
+    else
+      render action: 'new'
+    end
+  end
+
+  # PATCH/PUT /private_posts/1
+  def update
+    if @private_post.update(private_post_params)
+      redirect_to @private_post, notice: 'Private post was successfully updated.'
+    else
+      render action: 'edit'
+    end
+  end
+
+  # DELETE /private_posts/1
+  def destroy
+    @private_post.destroy
+    redirect_to private_posts_url, notice: 'Private post was successfully destroyed.'
+  end
+
+  private
+    # Use callbacks to share common setup or constraints between actions.
+    def set_private_post
+      @private_post = PrivatePost.find(params[:id])
+    end
+
+    # Only allow a trusted parameter "white list" through.
+    def private_post_params
+      params.require(:private_post).permit(:title, :body)
+    end
+end

data/spec/dummy/app/helpers/private_posts_helper.rb

@@ -0,0 +1,2 @@
+module PrivatePostsHelper
+end

data/spec/dummy/app/models/private_post.rb

@@ -0,0 +1,2 @@
+class PrivatePost < ActiveRecord::Base
+end

data/spec/dummy/app/models/user.rb

@@ -3,4 +3,6 @@ class User < ActiveRecord::Base
   # :confirmable, :lockable, :timeoutable and :omniauthable
   devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable
-end
+
+  acts_as_token_authenticatable
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -2,8 +2,8 @@
 <html>
 <head>
   <title>Dummy</title>
-  <%= stylesheet_link_tag    "application", media: "all" %>
-  <%= javascript_include_tag "application" %>
+  <%= stylesheet_link_tag    "application", media: "all", "data-turbolinks-track" => true %>
+  <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
   <%= csrf_meta_tags %>
 </head>
 <body>

data/spec/dummy/app/views/private_posts/_form.html.erb

@@ -0,0 +1,25 @@
+<%= form_for(@private_post) do |f| %>
+  <% if @private_post.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(@private_post.errors.count, "error") %> prohibited this private_post from being saved:</h2>
+
+      <ul>
+      <% @private_post.errors.full_messages.each do |msg| %>
+        <li><%= msg %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <div class="field">
+    <%= f.label :title %><br>
+    <%= f.text_field :title %>
+  </div>
+  <div class="field">
+    <%= f.label :body %><br>
+    <%= f.text_area :body %>
+  </div>
+  <div class="actions">
+    <%= f.submit %>
+  </div>
+<% end %>

data/spec/dummy/app/views/private_posts/edit.html.erb

@@ -0,0 +1,6 @@
+<h1>Editing private_post</h1>
+
+<%= render 'form' %>
+
+<%= link_to 'Show', @private_post %> |
+<%= link_to 'Back', private_posts_path %>

data/spec/dummy/app/views/private_posts/index.html.erb

@@ -0,0 +1,29 @@
+<h1>Listing private_posts</h1>
+
+<table>
+  <thead>
+    <tr>
+      <th>Title</th>
+      <th>Body</th>
+      <th></th>
+      <th></th>
+      <th></th>
+    </tr>
+  </thead>
+
+  <tbody>
+    <% @private_posts.each do |private_post| %>
+      <tr>
+        <td><%= private_post.title %></td>
+        <td><%= private_post.body %></td>
+        <td><%= link_to 'Show', private_post %></td>
+        <td><%= link_to 'Edit', edit_private_post_path(private_post) %></td>
+        <td><%= link_to 'Destroy', private_post, method: :delete, data: { confirm: 'Are you sure?' } %></td>
+      </tr>
+    <% end %>
+  </tbody>
+</table>
+
+<br>
+
+<%= link_to 'New Private post', new_private_post_path %>

data/spec/dummy/app/views/private_posts/new.html.erb

@@ -0,0 +1,5 @@
+<h1>New private_post</h1>
+
+<%= render 'form' %>
+
+<%= link_to 'Back', private_posts_path %>

data/spec/dummy/app/views/private_posts/show.html.erb

@@ -0,0 +1,14 @@
+<p id="notice"><%= notice %></p>
+
+<p>
+  <strong>Title:</strong>
+  <%= @private_post.title %>
+</p>
+
+<p>
+  <strong>Body:</strong>
+  <%= @private_post.body %>
+</p>
+
+<%= link_to 'Edit', edit_private_post_path(@private_post) %> |
+<%= link_to 'Back', private_posts_path %>

data/spec/dummy/config/application.rb

@@ -1,15 +1,9 @@
 require File.expand_path('../boot', __FILE__)
 
-# Pick the frameworks you want:
-require "active_record/railtie"
-require "action_controller/railtie"
-require "action_mailer/railtie"
-require "sprockets/railtie"
-# require "rails/test_unit/railtie"
+require 'rails/all'
 
-# Require the gems listed in Gemfile, including any gems
-# you've limited to :test, :development, or :production.
-Bundler.require(:default, Rails.env)
+Bundler.require(*Rails.groups)
+require "simple_token_authentication"
 
 module Dummy
   class Application < Rails::Application
@@ -26,3 +20,4 @@ module Dummy
     # config.i18n.default_locale = :de
   end
 end
+

data/spec/dummy/config/boot.rb

@@ -1,4 +1,5 @@
 # Set up gems listed in the Gemfile.
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
 
 require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
+$LOAD_PATH.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/initializers/devise.rb

@@ -4,7 +4,7 @@ Devise.setup do |config|
   # The secret key used by Devise. Devise uses this key to generate
   # random tokens. Changing this key will render invalid all existing
   # confirmation, reset password and unlock tokens in the database.
-  config.secret_key = '17ac00ffe0e45f31487ee0fd5ec4fb184c49a1ad66a6015b0644251a5222e6f86434cebd4acc3ff8f8b1d5f38b81924b9cbe71a89edfe9eb9ea7d3fed4e75ed1'
+  config.secret_key = 'f4566668fa384a9f77aa48c780d2889849f31fccda7ec17e009f0bdb29d236727aa710290892c43457946a068bb1974879409493b97c8c2a08dc5a1243d0fdf8'
 
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in Devise::Mailer,
@@ -95,7 +95,7 @@ Devise.setup do |config|
   config.stretches = Rails.env.test? ? 1 : 10
 
   # Setup a pepper to generate the encrypted password.
-  # config.pepper = '0be7c2c95a314c66232b85242185fd6b67ce21d61a299ddfa24d8a2d46b7cce2f7c8362d5c56aa0ef1691c477b704377c8be75c8f1dd86c70c72b80a0cf8af90'
+  # config.pepper = '4b8340c47cadf669bea0c43bb407c78d17fe599fc807427b00c08e55529022bfe33e8bfa3e1037de2d52a7f2b8d4f3b117564e6dbc200ea8ab9cb3f402516ba6'
 
   # ==> Configuration for :confirmable
   # A period that the user is allowed to access the website even without

data/spec/dummy/config/initializers/secret_token.rb

@@ -9,4 +9,4 @@
 
 # Make sure your secret_key_base is kept private
 # if you're sharing your code publicly.
-Dummy::Application.config.secret_key_base = 'd7175da7f9364b2a21cb81fe670d12715c99eb61626e8e57f2c47143cf7b6bc349ee3445a044843c3f519e283d6f266acbab9b8a069791d685480d8f17f831d1'
+Dummy::Application.config.secret_key_base = '5b33a3481820c1078cd7c24d57cf444c8826f12a36e1cabfafe516e2fb622f1f471c08e8f95e89bf24eb09b7060ef28f3387fbb3908485df2a282fd04731d35f'

data/spec/dummy/config/initializers/simple_token_authentication.rb

@@ -1 +1,23 @@
-require 'simple_token_authentication'
+SimpleTokenAuthentication.configure do |config|
+
+  # Configure the name of the HTTP headers watched for authentication.
+  #
+  # Default header names for a given token authenticatable entity follow the pattern:
+  #   { entity: { authentication_token: 'X-Entity-Token', email: 'X-Entity-Email'} }
+  #
+  # When several token authenticatable models are defined, custom header names
+  # can be specified for none, any, or all of them.
+  #
+  # Examples
+  #
+  #   Given User and SuperAdmin are token authenticatable,
+  #   When the following configuration is used:
+  #     `config.header_names = { super_admin: { authentication_token: 'X-Admin-Auth-Token' } }`
+  #   Then the token authentification handler for User watches the following headers:
+  #     `X-User-Token, X-User-Email`
+  #   And the token authentification handler for SuperAdmin watches the following headers:
+  #     `X-Admin-Auth-Token, X-SuperAdmin-Email`
+  #
+  config.header_names = { user: { authentication_token: 'X-User-Auth-Token', email: 'X-User-Email' } }
+
+end

data/spec/dummy/config/routes.rb

@@ -1,5 +1,4 @@
 Dummy::Application.routes.draw do
-  devise_for :users
   # The priority is based upon order of creation: first created -> highest priority.
   # See how all your routes lay out with "rake routes".
 

data/spec/dummy/db/migrate/20140223182312_create_private_posts.rb

@@ -0,0 +1,10 @@
+class CreatePrivatePosts < ActiveRecord::Migration
+  def change
+    create_table :private_posts do |t|
+      t.string :title
+      t.text :body
+
+      t.timestamps
+    end
+  end
+end

data/spec/dummy/db/schema.rb

@@ -0,0 +1,43 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 20140223182312) do
+
+  create_table "private_posts", force: true do |t|
+    t.string   "title"
+    t.text     "body"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  create_table "users", force: true do |t|
+    t.string   "email",                  default: "", null: false
+    t.string   "encrypted_password",     default: "", null: false
+    t.string   "reset_password_token"
+    t.datetime "reset_password_sent_at"
+    t.datetime "remember_created_at"
+    t.integer  "sign_in_count",          default: 0,  null: false
+    t.datetime "current_sign_in_at"
+    t.datetime "last_sign_in_at"
+    t.string   "current_sign_in_ip"
+    t.string   "last_sign_in_ip"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+    t.string   "authentication_token"
+  end
+
+  add_index "users", ["authentication_token"], name: "index_users_on_authentication_token"
+  add_index "users", ["email"], name: "index_users_on_email", unique: true
+  add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
+
+end

data/spec/dummy/log/test.log

@@ -0,0 +1,75 @@
+   (123.9ms)  CREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) 
+   (120.5ms)  CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version")
+  ActiveRecord::SchemaMigration Load (0.5ms)  SELECT "schema_migrations".* FROM "schema_migrations"
+Migrating to DeviseCreateUsers (20140223182309)
+   (0.1ms)  begin transaction
+   (0.5ms)  CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "email" varchar(255) DEFAULT '' NOT NULL, "encrypted_password" varchar(255) DEFAULT '' NOT NULL, "reset_password_token" varchar(255), "reset_password_sent_at" datetime, "remember_created_at" datetime, "sign_in_count" integer DEFAULT 0 NOT NULL, "current_sign_in_at" datetime, "last_sign_in_at" datetime, "current_sign_in_ip" varchar(255), "last_sign_in_ip" varchar(255), "created_at" datetime, "updated_at" datetime) 
+   (0.2ms)  CREATE UNIQUE INDEX "index_users_on_email" ON "users" ("email")
+   (0.1ms)  CREATE UNIQUE INDEX "index_users_on_reset_password_token" ON "users" ("reset_password_token")
+  SQL (0.4ms)  INSERT INTO "schema_migrations" ("version") VALUES (?)  [["version", "20140223182309"]]
+   (108.2ms)  commit transaction
+Migrating to AddAuthenticationTokenToUsers (20140223182310)
+   (0.3ms)  begin transaction
+   (0.6ms)  ALTER TABLE "users" ADD "authentication_token" varchar(255)
+   (0.3ms)  CREATE INDEX "index_users_on_authentication_token" ON "users" ("authentication_token")
+  SQL (0.3ms)  INSERT INTO "schema_migrations" ("version") VALUES (?)  [["version", "20140223182310"]]
+   (127.5ms)  commit transaction
+Migrating to CreatePrivatePosts (20140223182312)
+   (0.1ms)  begin transaction
+   (0.6ms)  CREATE TABLE "private_posts" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "title" varchar(255), "body" text, "created_at" datetime, "updated_at" datetime) 
+  SQL (0.5ms)  INSERT INTO "schema_migrations" ("version") VALUES (?)  [["version", "20140223182312"]]
+   (84.8ms)  commit transaction
+  ActiveRecord::SchemaMigration Load (0.1ms)  SELECT "schema_migrations".* FROM "schema_migrations"
+  ActiveRecord::SchemaMigration Load (0.1ms)  SELECT "schema_migrations".* FROM "schema_migrations"
+   (0.1ms)  begin transaction
+Processing by PrivatePostsController#index as HTML
+Completed 500 Internal Server Error in 1ms
+Processing by PrivatePostsController#new as HTML
+Completed 500 Internal Server Error in 0ms
+   (0.1ms)  rollback transaction
+   (0.1ms)  begin transaction
+  Rendered private_posts/_form.html.erb (39.6ms)
+   (0.1ms)  rollback transaction
+   (0.1ms)  begin transaction
+   (0.1ms)  SAVEPOINT active_record_1
+  User Exists (0.2ms)  SELECT 1 AS one FROM "users" WHERE "users"."email" = 'alice@example.com' LIMIT 1
+Binary data inserted for `string` type on column `encrypted_password`
+  SQL (3.1ms)  INSERT INTO "users" ("authentication_token", "created_at", "email", "encrypted_password", "updated_at") VALUES (?, ?, ?, ?, ?)  [["authentication_token", "ExaMpLeTokEn"], ["created_at", Sun, 23 Feb 2014 18:23:19 UTC +00:00], ["email", "alice@example.com"], ["encrypted_password", "$2a$04$tjMkNZ6xLjEZBvO8NFGVzOBCNhhW7xFEQYQmfoSuWnbF9aaibtdYW"], ["updated_at", Sun, 23 Feb 2014 18:23:19 UTC +00:00]]
+   (0.1ms)  RELEASE SAVEPOINT active_record_1
+Started GET "/private_posts" for 127.0.0.1 at 2014-02-23 15:23:19 -0300
+Processing by PrivatePostsController#index as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'alice@example.com' LIMIT 1
+Completed 500 Internal Server Error in 3ms
+   (0.2ms)  rollback transaction
+   (0.1ms)  begin transaction
+   (0.1ms)  SAVEPOINT active_record_1
+  User Exists (0.1ms)  SELECT 1 AS one FROM "users" WHERE "users"."email" = 'alice@example.com' LIMIT 1
+Binary data inserted for `string` type on column `encrypted_password`
+  SQL (1.1ms)  INSERT INTO "users" ("authentication_token", "created_at", "email", "encrypted_password", "updated_at") VALUES (?, ?, ?, ?, ?)  [["authentication_token", "ExaMpLeTokEn"], ["created_at", Sun, 23 Feb 2014 18:23:19 UTC +00:00], ["email", "alice@example.com"], ["encrypted_password", "$2a$04$AHYqxgr1.sE5iZF7dvLGLuDigz/DhW9DcHkCfE.Qhj.sae1kLsqWa"], ["updated_at", Sun, 23 Feb 2014 18:23:19 UTC +00:00]]
+   (0.1ms)  RELEASE SAVEPOINT active_record_1
+Started GET "/private_posts" for 127.0.0.1 at 2014-02-23 15:23:19 -0300
+Processing by PrivatePostsController#index as HTML
+  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'alice@example.com' LIMIT 1
+Completed 500 Internal Server Error in 2ms
+   (0.1ms)  rollback transaction
+   (0.1ms)  begin transaction
+   (0.1ms)  rollback transaction
+   (0.1ms)  begin transaction
+   (0.1ms)  rollback transaction
+   (0.1ms)  begin transaction
+  Rendered private_posts/_form.html.erb (2.4ms)
+   (0.1ms)  rollback transaction
+   (0.1ms)  begin transaction
+   (0.1ms)  rollback transaction
+   (0.1ms)  begin transaction
+   (0.6ms)  rollback transaction
+   (0.1ms)  begin transaction
+   (0.1ms)  rollback transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  rollback transaction
+   (0.1ms)  begin transaction
+   (0.1ms)  rollback transaction
+   (0.0ms)  begin transaction
+   (0.1ms)  rollback transaction
+   (0.1ms)  begin transaction
+   (0.1ms)  rollback transaction

data/spec/dummy/spec/controllers/private_posts_controller_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+describe PrivatePostsController do
+
+  # This should return the minimal set of attributes required to create a valid
+  # PrivatePost. As you add validations to PrivatePost, be sure to
+  # adjust the attributes here as well.
+  let(:valid_attributes) { { "title" => "MyString" } }
+
+  # This should return the minimal set of values that should be in the session
+  # in order to pass any filters (e.g. authentication) defined in
+  # PrivatePostsController. Be sure to keep this updated too.
+  let(:valid_session) { {} }
+
+  describe "actions" do
+    it "all require authentication" do
+      # That's true for all actions, yet I think there's no need to repeat them all here.
+      lambda { get :index, {}, valid_session }.should raise_exception(RuntimeError)
+      lambda { get :new, {}, valid_session }.should raise_exception(RuntimeError)
+    end
+  end
+end

data/spec/dummy/spec/factories/users.rb

@@ -0,0 +1,11 @@
+FactoryGirl.define do
+  sequence :email do |n|
+    "user#{n}@factory.com"
+  end
+
+  factory :user do
+    email
+    password  "password"
+    password_confirmation "password"
+  end
+end

data/spec/dummy/spec/helpers/private_posts_helper_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+# Specs in this file have access to a helper object that includes
+# the PrivatePostsHelper. For example:
+#
+# describe PrivatePostsHelper do
+#   describe "string concat" do
+#     it "concats two strings with spaces" do
+#       expect(helper.concat_strings("this","that")).to eq("this that")
+#     end
+#   end
+# end
+describe PrivatePostsHelper do
+  pending "add some examples to (or delete) #{__FILE__}"
+end

data/spec/dummy/spec/models/private_post_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe PrivatePost do
+  pending "add some examples to (or delete) #{__FILE__}"
+end

data/spec/dummy/spec/requests/private_posts_controller_spec.rb

@@ -0,0 +1,47 @@
+require 'spec_helper'
+
+describe "PrivatePostsController" do
+  describe "GET /private_posts" do
+
+    context "when an initializer overrides the header_names default value" do
+
+      # See config/initializers/simple_token_authentication.rb
+
+      context "and the custom headers are set in the request" do
+
+        it "performs token authentication" do
+          user = FactoryGirl.create(:user \
+                             ,email: 'alice@example.com' \
+                             ,authentication_token: 'ExaMpLeTokEn' )
+
+          # `sign_in` is configured to raise an exception when called,
+          # see spec/dummy/app/controllers/application_controller.rb
+          lambda do
+            # see https://github.com/rspec/rspec-rails/issues/65
+            # and http://guides.rubyonrails.org/testing.html#helpers-available-for-integration-tests
+            request_via_redirect 'GET', private_posts_path, nil, { 'X-User-Email' => user.email, 'X-User-Auth-Token' => user.authentication_token }
+          end.should raise_exception(RuntimeError, "`sign_in` was called.")
+        end
+      end
+      context "and the custom headers are missing in the request (and no query params are used)" do
+        context "even if the default headers are set in the request" do
+
+          it "does not perform token authentication" do
+            user = FactoryGirl.create(:user \
+                               ,email: 'alice@example.com' \
+                               ,authentication_token: 'ExaMpLeTokEn' )
+
+            # `authenticate_user!` is configured to raise an exception when called,
+            # see spec/dummy/app/controllers/application_controller.rb
+            lambda do
+              # see https://github.com/rspec/rspec-rails/issues/65
+              # and http://guides.rubyonrails.org/testing.html#helpers-available-for-integration-tests
+              request_via_redirect 'GET', private_posts_path, nil, { 'X-User-Email' => user.email, 'X-User-Token' => user.authentication_token }
+            end.should raise_exception(RuntimeError, "`authenticate_user!` was called.")
+          end
+        end
+      end
+
+    end
+  end
+end

data/spec/dummy/spec/routing/private_posts_routing_spec.rb

@@ -0,0 +1,35 @@
+require "spec_helper"
+
+describe PrivatePostsController do
+  describe "routing" do
+
+    it "routes to #index" do
+      get("/private_posts").should route_to("private_posts#index")
+    end
+
+    it "routes to #new" do
+      get("/private_posts/new").should route_to("private_posts#new")
+    end
+
+    it "routes to #show" do
+      get("/private_posts/1").should route_to("private_posts#show", :id => "1")
+    end
+
+    it "routes to #edit" do
+      get("/private_posts/1/edit").should route_to("private_posts#edit", :id => "1")
+    end
+
+    it "routes to #create" do
+      post("/private_posts").should route_to("private_posts#create")
+    end
+
+    it "routes to #update" do
+      put("/private_posts/1").should route_to("private_posts#update", :id => "1")
+    end
+
+    it "routes to #destroy" do
+      delete("/private_posts/1").should route_to("private_posts#destroy", :id => "1")
+    end
+
+  end
+end

data/spec/dummy/spec/support/factory_girl.rb

@@ -0,0 +1 @@
+require 'factory_girl_rails'

data/spec/dummy/spec/views/private_posts/edit.html.erb_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe "private_posts/edit" do
+  before(:each) do
+    @private_post = assign(:private_post, stub_model(PrivatePost,
+      :title => "MyString",
+      :body => "MyText"
+    ))
+  end
+
+  it "renders the edit private_post form" do
+    render
+
+    # Run the generator again with the --webrat flag if you want to use webrat matchers
+    assert_select "form[action=?][method=?]", private_post_path(@private_post), "post" do
+      assert_select "input#private_post_title[name=?]", "private_post[title]"
+      assert_select "textarea#private_post_body[name=?]", "private_post[body]"
+    end
+  end
+end

data/spec/dummy/spec/views/private_posts/index.html.erb_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe "private_posts/index" do
+  before(:each) do
+    assign(:private_posts, [
+      stub_model(PrivatePost,
+        :title => "Title",
+        :body => "MyText"
+      ),
+      stub_model(PrivatePost,
+        :title => "Title",
+        :body => "MyText"
+      )
+    ])
+  end
+
+  it "renders a list of private_posts" do
+    render
+    # Run the generator again with the --webrat flag if you want to use webrat matchers
+    assert_select "tr>td", :text => "Title".to_s, :count => 2
+    assert_select "tr>td", :text => "MyText".to_s, :count => 2
+  end
+end

data/spec/dummy/spec/views/private_posts/new.html.erb_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe "private_posts/new" do
+  before(:each) do
+    assign(:private_post, stub_model(PrivatePost,
+      :title => "MyString",
+      :body => "MyText"
+    ).as_new_record)
+  end
+
+  it "renders new private_post form" do
+    render
+
+    # Run the generator again with the --webrat flag if you want to use webrat matchers
+    assert_select "form[action=?][method=?]", private_posts_path, "post" do
+      assert_select "input#private_post_title[name=?]", "private_post[title]"
+      assert_select "textarea#private_post_body[name=?]", "private_post[body]"
+    end
+  end
+end

data/spec/dummy/spec/views/private_posts/show.html.erb_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe "private_posts/show" do
+  before(:each) do
+    @private_post = assign(:private_post, stub_model(PrivatePost,
+      :title => "Title",
+      :body => "MyText"
+    ))
+  end
+
+  it "renders attributes in <p>" do
+    render
+    # Run the generator again with the --webrat flag if you want to use webrat matchers
+    rendered.should match(/Title/)
+    rendered.should match(/MyText/)
+  end
+end

data/spec/dummy/test/factories/private_posts.rb

@@ -0,0 +1,8 @@
+# Read about factories at https://github.com/thoughtbot/factory_girl
+
+FactoryGirl.define do
+  factory :private_post do
+    title "MyString"
+    body "MyText"
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: simple_token_authentication
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.2.0
 platform: ruby
 authors:
 - Gonzalo Bulnes Guilpain
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-20 00:00:00.000000000 Z
+date: 2014-02-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -157,6 +157,7 @@ extra_rdoc_files: []
 files:
 - lib/tasks/cucumber.rake
 - lib/tasks/simple_token_authentication_tasks.rake
+- lib/simple_token_authentication/configuration.rb
 - lib/simple_token_authentication/acts_as_token_authenticatable.rb
 - lib/simple_token_authentication/acts_as_token_authentication_handler.rb
 - lib/simple_token_authentication/version.rb
@@ -170,8 +171,11 @@ files:
 - spec/dummy/bin/rails
 - spec/dummy/bin/rake
 - spec/dummy/db/seeds.rb
-- spec/dummy/db/migrate/20140220091354_devise_create_users.rb
-- spec/dummy/db/migrate/20140220091355_add_authentication_token_to_users.rb
+- spec/dummy/db/migrate/20140223182312_create_private_posts.rb
+- spec/dummy/db/migrate/20140223182309_devise_create_users.rb
+- spec/dummy/db/migrate/20140223182310_add_authentication_token_to_users.rb
+- spec/dummy/db/test.sqlite3
+- spec/dummy/db/schema.rb
 - spec/dummy/log/test.log
 - spec/dummy/README.rdoc
 - spec/dummy/config/initializers/wrap_parameters.rb
@@ -195,12 +199,35 @@ files:
 - spec/dummy/config/locales/en.yml
 - spec/dummy/Rakefile
 - spec/dummy/spec/spec_helper.rb
+- spec/dummy/spec/views/private_posts/edit.html.erb_spec.rb
+- spec/dummy/spec/views/private_posts/new.html.erb_spec.rb
+- spec/dummy/spec/views/private_posts/index.html.erb_spec.rb
+- spec/dummy/spec/views/private_posts/show.html.erb_spec.rb
+- spec/dummy/spec/support/factory_girl.rb
+- spec/dummy/spec/factories/users.rb
+- spec/dummy/spec/routing/private_posts_routing_spec.rb
+- spec/dummy/spec/models/private_post_spec.rb
+- spec/dummy/spec/controllers/private_posts_controller_spec.rb
+- spec/dummy/spec/requests/private_posts_controller_spec.rb
+- spec/dummy/spec/helpers/private_posts_helper_spec.rb
 - spec/dummy/app/views/layouts/application.html.erb
+- spec/dummy/app/views/private_posts/new.html.erb
+- spec/dummy/app/views/private_posts/index.html.erb
+- spec/dummy/app/views/private_posts/edit.html.erb
+- spec/dummy/app/views/private_posts/_form.html.erb
+- spec/dummy/app/views/private_posts/show.html.erb
+- spec/dummy/app/assets/stylesheets/private_posts.css
 - spec/dummy/app/assets/stylesheets/application.css
+- spec/dummy/app/assets/stylesheets/scaffold.css
+- spec/dummy/app/assets/javascripts/private_posts.js
 - spec/dummy/app/assets/javascripts/application.js
+- spec/dummy/app/models/private_post.rb
 - spec/dummy/app/models/user.rb
+- spec/dummy/app/controllers/private_posts_controller.rb
 - spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
+- spec/dummy/app/helpers/private_posts_helper.rb
+- spec/dummy/test/factories/private_posts.rb
 - spec/dummy/public/robots.txt
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico
@@ -237,8 +264,11 @@ test_files:
 - spec/dummy/bin/rails
 - spec/dummy/bin/rake
 - spec/dummy/db/seeds.rb
-- spec/dummy/db/migrate/20140220091354_devise_create_users.rb
-- spec/dummy/db/migrate/20140220091355_add_authentication_token_to_users.rb
+- spec/dummy/db/migrate/20140223182312_create_private_posts.rb
+- spec/dummy/db/migrate/20140223182309_devise_create_users.rb
+- spec/dummy/db/migrate/20140223182310_add_authentication_token_to_users.rb
+- spec/dummy/db/test.sqlite3
+- spec/dummy/db/schema.rb
 - spec/dummy/log/test.log
 - spec/dummy/README.rdoc
 - spec/dummy/config/initializers/wrap_parameters.rb
@@ -262,12 +292,35 @@ test_files:
 - spec/dummy/config/locales/en.yml
 - spec/dummy/Rakefile
 - spec/dummy/spec/spec_helper.rb
+- spec/dummy/spec/views/private_posts/edit.html.erb_spec.rb
+- spec/dummy/spec/views/private_posts/new.html.erb_spec.rb
+- spec/dummy/spec/views/private_posts/index.html.erb_spec.rb
+- spec/dummy/spec/views/private_posts/show.html.erb_spec.rb
+- spec/dummy/spec/support/factory_girl.rb
+- spec/dummy/spec/factories/users.rb
+- spec/dummy/spec/routing/private_posts_routing_spec.rb
+- spec/dummy/spec/models/private_post_spec.rb
+- spec/dummy/spec/controllers/private_posts_controller_spec.rb
+- spec/dummy/spec/requests/private_posts_controller_spec.rb
+- spec/dummy/spec/helpers/private_posts_helper_spec.rb
 - spec/dummy/app/views/layouts/application.html.erb
+- spec/dummy/app/views/private_posts/new.html.erb
+- spec/dummy/app/views/private_posts/index.html.erb
+- spec/dummy/app/views/private_posts/edit.html.erb
+- spec/dummy/app/views/private_posts/_form.html.erb
+- spec/dummy/app/views/private_posts/show.html.erb
+- spec/dummy/app/assets/stylesheets/private_posts.css
 - spec/dummy/app/assets/stylesheets/application.css
+- spec/dummy/app/assets/stylesheets/scaffold.css
+- spec/dummy/app/assets/javascripts/private_posts.js
 - spec/dummy/app/assets/javascripts/application.js
+- spec/dummy/app/models/private_post.rb
 - spec/dummy/app/models/user.rb
+- spec/dummy/app/controllers/private_posts_controller.rb
 - spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
+- spec/dummy/app/helpers/private_posts_helper.rb
+- spec/dummy/test/factories/private_posts.rb
 - spec/dummy/public/robots.txt
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico