simple_token_authentication 1.7.0 → 1.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -2
- data/lib/simple_token_authentication/configuration.rb +4 -0
- data/lib/simple_token_authentication/entity.rb +14 -6
- data/lib/simple_token_authentication/sign_in_handler.rb +1 -1
- data/lib/simple_token_authentication/token_authentication_handler.rb +8 -8
- data/lib/simple_token_authentication/version.rb +1 -1
- data/spec/configuration/skip_devise_trackable_option_spec.rb +94 -0
- data/spec/lib/simple_token_authentication/configuration_spec.rb +9 -0
- data/spec/lib/simple_token_authentication/entity_spec.rb +62 -2
- data/spec/lib/simple_token_authentication/sign_in_handler_spec.rb +31 -6
- data/spec/lib/simple_token_authentication/token_authentication_handler_spec.rb +102 -1
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 899877f6ac2eca79e1be82590f26f325d8f78cdb
|
4
|
+
data.tar.gz: 7c4c175d5c7bc2ee42fa766ba93842fbdeaea4bc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0c6c9e2369c3a66d73e3bb374a8668bbb10453a8fd6096a95dee6b4afbf494cc8d2400752e74844876eccccba04d1f8bb6e8add7bd9e437b676de8f4028578a8
|
7
|
+
data.tar.gz: 51c836d46edb83dec3f98404248c57e2b69604c09522216e5627f2d9a7225241e2471195ec0d9a412e66964b62d45712ad7f02faa0bc9a1c0f9379fbf3bba013
|
data/README.md
CHANGED
@@ -146,6 +146,9 @@ SimpleTokenAuthentication.configure do |config|
|
|
146
146
|
# When several token authenticatable models are defined, custom header names
|
147
147
|
# can be specified for none, any, or all of them.
|
148
148
|
#
|
149
|
+
# Note: when using the identifiers options, this option behaviour is modified.
|
150
|
+
# Please see the example below.
|
151
|
+
#
|
149
152
|
# Examples
|
150
153
|
#
|
151
154
|
# Given User and SuperAdmin are token authenticatable,
|
@@ -156,8 +159,40 @@ SimpleTokenAuthentication.configure do |config|
|
|
156
159
|
# And the token authentification handler for SuperAdmin watches the following headers:
|
157
160
|
# `X-Admin-Auth-Token, X-SuperAdmin-Email`
|
158
161
|
#
|
162
|
+
# When the identifiers option is set:
|
163
|
+
# `config.identifiers = { super_admin: :phone_number }`
|
164
|
+
# Then both the header names identifier key and default value are modified accordingly:
|
165
|
+
# `config.header_names = { super_admin: { phone_number: 'X-SuperAdmin-PhoneNumber' } }`
|
166
|
+
#
|
159
167
|
# config.header_names = { user: { authentication_token: 'X-User-Token', email: 'X-User-Email' } }
|
160
168
|
|
169
|
+
# Configure the name of the attribute used to identify the user for authentication.
|
170
|
+
# That attribute must exist in your model.
|
171
|
+
#
|
172
|
+
# The default identifiers follow the pattern:
|
173
|
+
# { entity: 'email' }
|
174
|
+
#
|
175
|
+
# Note: the identifer must match your Devise configuration,
|
176
|
+
# see https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-sign-in-using-their-username-or-email-address#tell-devise-to-use-username-in-the-authentication_keys
|
177
|
+
#
|
178
|
+
# Note: setting this option does modify the header_names behaviour,
|
179
|
+
# see the header_names section above.
|
180
|
+
#
|
181
|
+
# Example:
|
182
|
+
#
|
183
|
+
# `config.identifiers = { super_admin: 'phone_number', user: 'uuid' }`
|
184
|
+
#
|
185
|
+
# config.identifiers = { user: 'email' }
|
186
|
+
|
187
|
+
# Configure the Devise trackable strategy integration.
|
188
|
+
#
|
189
|
+
# If true, tracking is disabled for token authentication: signing in through
|
190
|
+
# token authentication won't modify the Devise trackable statistics.
|
191
|
+
#
|
192
|
+
# If false, given Devise trackable is configured for the relevant model,
|
193
|
+
# then signing in through token authentication will be tracked as any other sign in.
|
194
|
+
#
|
195
|
+
# config.skip_devise_trackable = true
|
161
196
|
end
|
162
197
|
```
|
163
198
|
|
@@ -193,7 +228,7 @@ In fact, you can mix both methods and provide the `user_email` with one and the
|
|
193
228
|
|
194
229
|
If sign-in is successful, no other authentication method will be run, but if it doesn't (the authentication params were missing, or incorrect) then Devise takes control and tries to `authenticate_user!` with its own modules. That behaviour can however be modified for any controller through the **fallback_to_devise** option.
|
195
230
|
|
196
|
-
**Important**: Please do notice that controller actions
|
231
|
+
**Important**: Please do notice that controller actions without CSRF protection **must** disable the Devise fallback for [security reasons][csrf]. Since Rails enables CSRF protection by default, this configuration requirement should only affect controllers where you have disabled it, which may be the case of API controllers.
|
197
232
|
|
198
233
|
[csrf]: https://github.com/gonzalo-bulnes/simple_token_authentication/issues/49
|
199
234
|
|
@@ -254,7 +289,7 @@ License
|
|
254
289
|
-------
|
255
290
|
|
256
291
|
Simple Token Authentication
|
257
|
-
Copyright (C) 2013, 2014 Gonzalo Bulnes Guilpain
|
292
|
+
Copyright (C) 2013, 2014, 2015 Gonzalo Bulnes Guilpain
|
258
293
|
|
259
294
|
This program is free software: you can redistribute it and/or modify
|
260
295
|
it under the terms of the GNU General Public License as published by
|
@@ -3,14 +3,17 @@ module SimpleTokenAuthentication
|
|
3
3
|
|
4
4
|
mattr_reader :fallback
|
5
5
|
mattr_accessor :header_names
|
6
|
+
mattr_accessor :identifiers
|
6
7
|
mattr_accessor :sign_in_token
|
7
8
|
mattr_accessor :controller_adapters
|
8
9
|
mattr_accessor :model_adapters
|
9
10
|
mattr_accessor :adapters_dependencies
|
11
|
+
mattr_accessor :skip_devise_trackable
|
10
12
|
|
11
13
|
# Default configuration
|
12
14
|
@@fallback = :devise
|
13
15
|
@@header_names = {}
|
16
|
+
@@identifiers = {}
|
14
17
|
@@sign_in_token = false
|
15
18
|
@@controller_adapters = ['rails', 'rails_api']
|
16
19
|
@@model_adapters = ['active_record', 'mongoid']
|
@@ -18,6 +21,7 @@ module SimpleTokenAuthentication
|
|
18
21
|
'mongoid' => 'Mongoid::Document',
|
19
22
|
'rails' => 'ActionController::Base',
|
20
23
|
'rails_api' => 'ActionController::API' }
|
24
|
+
@@skip_devise_trackable = true
|
21
25
|
|
22
26
|
# Allow the default configuration to be overwritten from initializers
|
23
27
|
def configure
|
@@ -30,10 +30,10 @@ module SimpleTokenAuthentication
|
|
30
30
|
# Private: Return the name of the header to watch for the email param
|
31
31
|
def identifier_header_name
|
32
32
|
if SimpleTokenAuthentication.header_names["#{name_underscore}".to_sym].presence \
|
33
|
-
&& identifier_header_name = SimpleTokenAuthentication.header_names["#{name_underscore}".to_sym][
|
33
|
+
&& identifier_header_name = SimpleTokenAuthentication.header_names["#{name_underscore}".to_sym][identifier]
|
34
34
|
identifier_header_name
|
35
35
|
else
|
36
|
-
"X-#{name}
|
36
|
+
"X-#{name}-#{identifier.to_s.camelize}"
|
37
37
|
end
|
38
38
|
end
|
39
39
|
|
@@ -42,7 +42,15 @@ module SimpleTokenAuthentication
|
|
42
42
|
end
|
43
43
|
|
44
44
|
def identifier_param_name
|
45
|
-
"#{name_underscore}
|
45
|
+
"#{name_underscore}_#{identifier}".to_sym
|
46
|
+
end
|
47
|
+
|
48
|
+
def identifier
|
49
|
+
if custom_identifier = SimpleTokenAuthentication.identifiers["#{name_underscore}".to_sym]
|
50
|
+
custom_identifier.to_sym
|
51
|
+
else
|
52
|
+
:email
|
53
|
+
end
|
46
54
|
end
|
47
55
|
|
48
56
|
def get_token_from_params_or_headers controller
|
@@ -54,9 +62,9 @@ module SimpleTokenAuthentication
|
|
54
62
|
end
|
55
63
|
|
56
64
|
def get_identifier_from_params_or_headers controller
|
57
|
-
# if the identifier
|
58
|
-
if
|
59
|
-
controller.params[identifier_param_name] =
|
65
|
+
# if the identifier is not present among params, get it from headers
|
66
|
+
if identifer_param = controller.params[identifier_param_name].blank? && controller.request.headers[identifier_header_name]
|
67
|
+
controller.params[identifier_param_name] = identifer_param
|
60
68
|
end
|
61
69
|
controller.params[identifier_param_name]
|
62
70
|
end
|
@@ -13,7 +13,7 @@ module SimpleTokenAuthentication
|
|
13
13
|
def integrate_with_devise_trackable!(controller)
|
14
14
|
# Sign in using token should not be tracked by Devise trackable
|
15
15
|
# See https://github.com/plataformatec/devise/issues/953
|
16
|
-
controller.env["devise.skip_trackable"] =
|
16
|
+
controller.env["devise.skip_trackable"] = SimpleTokenAuthentication.skip_devise_trackable
|
17
17
|
end
|
18
18
|
end
|
19
19
|
end
|
@@ -52,26 +52,26 @@ module SimpleTokenAuthentication
|
|
52
52
|
end
|
53
53
|
|
54
54
|
def find_record_from_identifier(entity)
|
55
|
-
|
55
|
+
identifier_param_value = entity.get_identifier_from_params_or_headers(self).presence
|
56
56
|
|
57
|
-
|
57
|
+
identifier_param_value = integrate_with_devise_case_insensitive_keys(identifier_param_value, entity)
|
58
58
|
|
59
59
|
# The finder method should be compatible with all the model adapters,
|
60
60
|
# namely ActiveRecord and Mongoid in all their supported versions.
|
61
61
|
record = nil
|
62
|
-
record =
|
62
|
+
record = identifier_param_value && entity.model.where(entity.identifier => identifier_param_value).first
|
63
63
|
end
|
64
64
|
|
65
65
|
# Private: Take benefit from Devise case-insensitive keys
|
66
66
|
#
|
67
67
|
# See https://github.com/plataformatec/devise/blob/v3.4.1/lib/generators/templates/devise.rb#L45-L48
|
68
68
|
#
|
69
|
-
#
|
69
|
+
# identifier_value - the original identifier_value String
|
70
70
|
#
|
71
|
-
# Returns an
|
72
|
-
def integrate_with_devise_case_insensitive_keys(
|
73
|
-
|
74
|
-
|
71
|
+
# Returns an identifier String value which case follows the Devise case-insensitive keys policy
|
72
|
+
def integrate_with_devise_case_insensitive_keys(identifier_value, entity)
|
73
|
+
identifier_value.downcase! if identifier_value && Devise.case_insensitive_keys.include?(entity.identifier)
|
74
|
+
identifier_value
|
75
75
|
end
|
76
76
|
|
77
77
|
# Private: Get one (always the same) object which behaves as a token comprator
|
@@ -0,0 +1,94 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe SimpleTokenAuthentication do
|
4
|
+
|
5
|
+
describe ':skip_devise_trackable option', skip_devise_trackable_option: true do
|
6
|
+
|
7
|
+
describe 'determines if token authentication should increment the tracking statistics' do
|
8
|
+
|
9
|
+
before(:each) do
|
10
|
+
user = double()
|
11
|
+
stub_const('User', user)
|
12
|
+
allow(user).to receive(:name).and_return('User')
|
13
|
+
@record = double()
|
14
|
+
allow(user).to receive(:find_by).and_return(@record)
|
15
|
+
|
16
|
+
# given a controller class which acts as token authentication handler
|
17
|
+
controller_class = Class.new
|
18
|
+
allow(controller_class).to receive(:before_filter)
|
19
|
+
controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
|
20
|
+
controller_class.acts_as_token_authentication_handler_for User
|
21
|
+
|
22
|
+
@controller = controller_class.new
|
23
|
+
allow(@controller).to receive(:params)
|
24
|
+
# and there are credentials for a record of that model in params or headers
|
25
|
+
allow(@controller).to receive(:get_identifier_from_params_or_headers)
|
26
|
+
# and both identifier and authentication token are correct
|
27
|
+
allow(@controller).to receive(:find_record_from_identifier).and_return(@record)
|
28
|
+
allow(@controller).to receive(:token_correct?).and_return(true)
|
29
|
+
allow(@controller).to receive(:env).and_return({})
|
30
|
+
allow(@controller).to receive(:sign_in)
|
31
|
+
end
|
32
|
+
|
33
|
+
context 'when true', public: true do
|
34
|
+
|
35
|
+
it 'instructs Devise to track token-authentication-related signins' do
|
36
|
+
allow(SimpleTokenAuthentication).to receive(:skip_devise_trackable).and_return(true)
|
37
|
+
|
38
|
+
expect(@controller).to receive_message_chain(:env, :[]=).with('devise.skip_trackable', true)
|
39
|
+
@controller.authenticate_user_from_token
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
context 'when false', public: true do
|
44
|
+
|
45
|
+
it 'instructs Devise not to track token-authentication-related signins' do
|
46
|
+
allow(SimpleTokenAuthentication).to receive(:skip_devise_trackable).and_return(false)
|
47
|
+
|
48
|
+
expect(@controller).to receive_message_chain(:env, :[]=).with('devise.skip_trackable', false)
|
49
|
+
@controller.authenticate_user_from_token
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
it 'can be modified from an initializer file', public: true do
|
55
|
+
user = double()
|
56
|
+
stub_const('User', user)
|
57
|
+
allow(user).to receive(:name).and_return('User')
|
58
|
+
@record = double()
|
59
|
+
allow(user).to receive(:find_by).and_return(@record)
|
60
|
+
|
61
|
+
# given a controller class which acts as token authentication handler
|
62
|
+
controller_class = Class.new
|
63
|
+
allow(controller_class).to receive(:before_filter)
|
64
|
+
controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
|
65
|
+
|
66
|
+
allow(SimpleTokenAuthentication).to receive(:skip_devise_trackable).and_return('initial value')
|
67
|
+
# INITIALIZATION
|
68
|
+
# this step occurs when 'simple_token_authentication' is required
|
69
|
+
#
|
70
|
+
# given the controller class handles token authentication for a model
|
71
|
+
controller_class.acts_as_token_authentication_handler_for User
|
72
|
+
|
73
|
+
# RUNTIME
|
74
|
+
@controller = controller_class.new
|
75
|
+
allow(@controller).to receive(:params)
|
76
|
+
# and there are credentials for a record of that model in params or headers
|
77
|
+
allow(@controller).to receive(:get_identifier_from_params_or_headers)
|
78
|
+
# and both identifier and authentication token are correct
|
79
|
+
allow(@controller).to receive(:find_record_from_identifier).and_return(@record)
|
80
|
+
allow(@controller).to receive(:token_correct?).and_return(true)
|
81
|
+
allow(@controller).to receive(:env).and_return({})
|
82
|
+
allow(@controller).to receive(:sign_in)
|
83
|
+
|
84
|
+
# even if modified *after* the class was loaded
|
85
|
+
allow(SimpleTokenAuthentication).to receive(:skip_devise_trackable).and_return('updated value')
|
86
|
+
|
87
|
+
# the option updated value is taken into account
|
88
|
+
# when token authentication is performed
|
89
|
+
expect(@controller).to receive_message_chain(:env, :[]=).with('devise.skip_trackable', 'updated value')
|
90
|
+
@controller.authenticate_user_from_token
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
@@ -79,6 +79,15 @@ describe SimpleTokenAuthentication::Configuration do
|
|
79
79
|
end
|
80
80
|
end
|
81
81
|
|
82
|
+
describe 'provides #skip_devise_trackable which', skip_devise_trackable_option: true do
|
83
|
+
|
84
|
+
it_behaves_like 'a configuration option', 'skip_devise_trackable'
|
85
|
+
|
86
|
+
it "defaults to true", public: true do
|
87
|
+
expect(@subject.skip_devise_trackable).to eq true
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
82
91
|
describe 'provides #parse_options which' do
|
83
92
|
|
84
93
|
describe 'replaces :fallback_to_devise by :fallback' do
|
@@ -76,7 +76,8 @@ describe SimpleTokenAuthentication::Entity do
|
|
76
76
|
end
|
77
77
|
end
|
78
78
|
|
79
|
-
describe '#identifier_header_name', protected: true do
|
79
|
+
describe '#identifier_header_name', protected: true, identifiers_option: true do
|
80
|
+
|
80
81
|
it 'is a String' do
|
81
82
|
expect(@subject.identifier_header_name).to be_instance_of String
|
82
83
|
end
|
@@ -84,6 +85,31 @@ describe SimpleTokenAuthentication::Entity do
|
|
84
85
|
it 'defines a non-standard header field' do
|
85
86
|
expect(@subject.identifier_header_name[0..1]).to eq 'X-'
|
86
87
|
end
|
88
|
+
|
89
|
+
it 'returns the default header for the default identifier' do
|
90
|
+
expect(@subject.identifier_header_name).to eq 'X-SuperUser-Email'
|
91
|
+
end
|
92
|
+
|
93
|
+
context 'when a custom identifier is defined' do
|
94
|
+
|
95
|
+
before(:each) do
|
96
|
+
allow(SimpleTokenAuthentication).to receive(:identifiers).
|
97
|
+
and_return({ super_user: :phone_number })
|
98
|
+
end
|
99
|
+
|
100
|
+
it 'returns the default header name for that custom identifier' do
|
101
|
+
expect(@subject.identifier_header_name).to eq 'X-SuperUser-PhoneNumber'
|
102
|
+
end
|
103
|
+
|
104
|
+
context 'when a custom header name is defined for that custom identifer' do
|
105
|
+
|
106
|
+
it 'returns the custom header name for that custom identifier' do
|
107
|
+
allow(SimpleTokenAuthentication).to receive(:header_names).
|
108
|
+
and_return({ super_user: { phone_number: 'X-Custom' } })
|
109
|
+
expect(@subject.identifier_header_name).to eq 'X-Custom'
|
110
|
+
end
|
111
|
+
end
|
112
|
+
end
|
87
113
|
end
|
88
114
|
|
89
115
|
describe '#token_param_name', protected: true do
|
@@ -92,10 +118,44 @@ describe SimpleTokenAuthentication::Entity do
|
|
92
118
|
end
|
93
119
|
end
|
94
120
|
|
95
|
-
describe '#identifier_param_name', protected: true do
|
121
|
+
describe '#identifier_param_name', protected: true, identifiers_option: true do
|
122
|
+
|
96
123
|
it 'is a Symbol' do
|
97
124
|
expect(@subject.identifier_param_name).to be_instance_of Symbol
|
98
125
|
end
|
126
|
+
|
127
|
+
it 'returns the default param name for the default identifier' do
|
128
|
+
expect(@subject.identifier_param_name).to eq :super_user_email
|
129
|
+
end
|
130
|
+
|
131
|
+
context 'when a custom identifier is defined' do
|
132
|
+
|
133
|
+
it 'returns the custom param name for that identifier' do
|
134
|
+
allow(SimpleTokenAuthentication).to receive(:identifiers).
|
135
|
+
and_return({ super_user: 'phone_number' })
|
136
|
+
expect(@subject.identifier_param_name).to eq :super_user_phone_number
|
137
|
+
end
|
138
|
+
end
|
139
|
+
end
|
140
|
+
|
141
|
+
describe '#identifier', protected: true, identifiers_option: true do
|
142
|
+
|
143
|
+
it 'is a Symbol' do
|
144
|
+
expect(@subject.identifier).to be_instance_of Symbol
|
145
|
+
end
|
146
|
+
|
147
|
+
it 'returns :email' do
|
148
|
+
expect(@subject.identifier).to eq :email
|
149
|
+
end
|
150
|
+
|
151
|
+
context 'when a custom identifier is defined' do
|
152
|
+
|
153
|
+
it 'returns the custom identifier' do
|
154
|
+
allow(SimpleTokenAuthentication).to receive(:identifiers).
|
155
|
+
and_return({ super_user: 'phone_number' })
|
156
|
+
expect(@subject.identifier).to eq :phone_number
|
157
|
+
end
|
158
|
+
end
|
99
159
|
end
|
100
160
|
|
101
161
|
describe '#get_token_from_params_or_headers', protected: true do
|
@@ -31,13 +31,38 @@ describe SimpleTokenAuthentication::SignInHandler do
|
|
31
31
|
|
32
32
|
describe '#integrate_with_devise_trackable!' do
|
33
33
|
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
34
|
+
context 'when the :skip_devise_trackable option is true', skip_devise_trackable_option: true do
|
35
|
+
|
36
|
+
before(:each) do
|
37
|
+
allow(SimpleTokenAuthentication).to receive(:skip_devise_trackable).and_return(true)
|
38
|
+
end
|
39
|
+
|
40
|
+
it 'ensures Devise trackable statistics are kept untouched', private: true do
|
41
|
+
controller = double()
|
42
|
+
env = double()
|
43
|
+
allow(controller).to receive(:env).and_return(env)
|
44
|
+
expect(env).to receive(:[]=).with('devise.skip_trackable', true)
|
45
|
+
|
46
|
+
subject.send :integrate_with_devise_trackable!, controller
|
47
|
+
end
|
48
|
+
end
|
39
49
|
|
40
|
-
|
50
|
+
|
51
|
+
context 'when the :skip_devise_trackable option is false', skip_devise_trackable_option: true do
|
52
|
+
|
53
|
+
before(:each) do
|
54
|
+
allow(SimpleTokenAuthentication).to receive(:skip_devise_trackable).and_return(false)
|
55
|
+
end
|
56
|
+
|
57
|
+
it 'ensures Devise trackable statistics are updated', private: true do
|
58
|
+
controller = double()
|
59
|
+
env = double()
|
60
|
+
allow(controller).to receive(:env).and_return(env)
|
61
|
+
expect(env).to receive(:[]=).with('devise.skip_trackable', false)
|
62
|
+
|
63
|
+
subject.send :integrate_with_devise_trackable!, controller
|
64
|
+
end
|
41
65
|
end
|
42
66
|
end
|
43
67
|
end
|
68
|
+
|
@@ -139,6 +139,8 @@ describe 'Any class which includes SimpleTokenAuthentication::TokenAuthenticatio
|
|
139
139
|
|
140
140
|
before(:each) do
|
141
141
|
@entity = double()
|
142
|
+
# default identifer is :email
|
143
|
+
allow(@entity).to receive(:identifier).and_return(:email)
|
142
144
|
end
|
143
145
|
|
144
146
|
context 'when the Devise config. does not defines the identifier as a case-insentitive key' do
|
@@ -187,7 +189,6 @@ describe 'Any class which includes SimpleTokenAuthentication::TokenAuthenticatio
|
|
187
189
|
end
|
188
190
|
end
|
189
191
|
|
190
|
-
|
191
192
|
context 'when the Devise config. defines the identifier as a case-insentitive key' do
|
192
193
|
|
193
194
|
before(:each) do
|
@@ -234,6 +235,106 @@ describe 'Any class which includes SimpleTokenAuthentication::TokenAuthenticatio
|
|
234
235
|
end
|
235
236
|
end
|
236
237
|
end
|
238
|
+
|
239
|
+
context 'when a custom identifier was defined', identifiers_option: true do
|
240
|
+
|
241
|
+
before(:each) do
|
242
|
+
allow(@entity).to receive(:identifier).and_return(:phone_number)
|
243
|
+
end
|
244
|
+
|
245
|
+
context 'when the Devise config. does not defines the identifier as a case-insentitive key' do
|
246
|
+
|
247
|
+
before(:each) do
|
248
|
+
allow(Devise).to receive_message_chain(:case_insensitive_keys, :include?)
|
249
|
+
.with(:phone_number).and_return(false)
|
250
|
+
end
|
251
|
+
|
252
|
+
context 'when a downcased identifier was provided' do
|
253
|
+
|
254
|
+
before(:each) do
|
255
|
+
allow(@entity).to receive(:get_identifier_from_params_or_headers)
|
256
|
+
.and_return('alice@example.com')
|
257
|
+
end
|
258
|
+
|
259
|
+
it 'returns the proper record if any' do
|
260
|
+
# let's say there is a record
|
261
|
+
record = double()
|
262
|
+
allow(@entity).to receive_message_chain(:model, :where).with(phone_number: 'alice@example.com')
|
263
|
+
.and_return([record])
|
264
|
+
|
265
|
+
expect(subject.new.send(:find_record_from_identifier, @entity)).to eq record
|
266
|
+
end
|
267
|
+
end
|
268
|
+
|
269
|
+
context 'when a upcased identifier was provided' do
|
270
|
+
|
271
|
+
before(:each) do
|
272
|
+
allow(@entity).to receive(:get_identifier_from_params_or_headers)
|
273
|
+
.and_return('AliCe@ExampLe.Com')
|
274
|
+
end
|
275
|
+
|
276
|
+
it 'does not return any record' do
|
277
|
+
# let's say there is a record...
|
278
|
+
record = double()
|
279
|
+
# ...whose identifier is downcased...
|
280
|
+
allow(@entity).to receive_message_chain(:model, :where).with(phone_number: 'alice@example.com')
|
281
|
+
.and_return([record])
|
282
|
+
# ...not upcased
|
283
|
+
allow(@entity).to receive_message_chain(:model, :where).with(phone_number: 'AliCe@ExampLe.Com')
|
284
|
+
.and_return([])
|
285
|
+
|
286
|
+
expect(subject.new.send(:find_record_from_identifier, @entity)).to be_nil
|
287
|
+
end
|
288
|
+
end
|
289
|
+
end
|
290
|
+
|
291
|
+
context 'when the Devise config. defines the identifier as a case-insentitive key' do
|
292
|
+
|
293
|
+
before(:each) do
|
294
|
+
allow(Devise).to receive_message_chain(:case_insensitive_keys, :include?)
|
295
|
+
.with(:phone_number).and_return(true)
|
296
|
+
end
|
297
|
+
|
298
|
+
context 'and a downcased identifier was provided' do
|
299
|
+
|
300
|
+
before(:each) do
|
301
|
+
allow(@entity).to receive(:get_identifier_from_params_or_headers)
|
302
|
+
.and_return('alice@example.com')
|
303
|
+
end
|
304
|
+
|
305
|
+
it 'returns the proper record if any' do
|
306
|
+
# let's say there is a record
|
307
|
+
record = double()
|
308
|
+
allow(@entity).to receive_message_chain(:model, :where).with(phone_number: 'alice@example.com')
|
309
|
+
.and_return([record])
|
310
|
+
|
311
|
+
expect(subject.new.send(:find_record_from_identifier, @entity)).to eq record
|
312
|
+
end
|
313
|
+
end
|
314
|
+
|
315
|
+
context 'and a upcased identifier was provided' do
|
316
|
+
|
317
|
+
before(:each) do
|
318
|
+
allow(@entity).to receive(:get_identifier_from_params_or_headers)
|
319
|
+
.and_return('AliCe@ExampLe.Com')
|
320
|
+
end
|
321
|
+
|
322
|
+
it 'returns the proper record if any' do
|
323
|
+
# let's say there is a record...
|
324
|
+
record = double()
|
325
|
+
# ...whose identifier is downcased...
|
326
|
+
allow(@entity).to receive_message_chain(:model, :where)
|
327
|
+
allow(@entity).to receive_message_chain(:model, :where).with(phone_number: 'alice@example.com')
|
328
|
+
.and_return([record])
|
329
|
+
# ...not upcased
|
330
|
+
allow(@entity).to receive_message_chain(:model, :where).with(phone_number: 'AliCe@ExampLe.Com')
|
331
|
+
.and_return([])
|
332
|
+
|
333
|
+
expect(subject.new.send(:find_record_from_identifier, @entity)).to eq record
|
334
|
+
end
|
335
|
+
end
|
336
|
+
end
|
337
|
+
end
|
237
338
|
end
|
238
339
|
|
239
340
|
describe 'and which supports the :before_filter hook' do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: simple_token_authentication
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.8.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Gonzalo Bulnes Guilpain
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2015-02-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: actionmailer
|
@@ -165,6 +165,7 @@ files:
|
|
165
165
|
- spec/configuration/fallback_to_devise_option_spec.rb
|
166
166
|
- spec/configuration/header_names_option_spec.rb
|
167
167
|
- spec/configuration/sign_in_token_option_spec.rb
|
168
|
+
- spec/configuration/skip_devise_trackable_option_spec.rb
|
168
169
|
- spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb
|
169
170
|
- spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb
|
170
171
|
- spec/lib/simple_token_authentication/adapter_spec.rb
|
@@ -212,11 +213,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
212
213
|
version: '0'
|
213
214
|
requirements: []
|
214
215
|
rubyforge_project:
|
215
|
-
rubygems_version: 2.4.
|
216
|
+
rubygems_version: 2.4.6
|
216
217
|
signing_key:
|
217
218
|
specification_version: 4
|
218
219
|
summary: Simple (but safe) token authentication for Rails apps or API with Devise.
|
219
220
|
test_files:
|
221
|
+
- spec/configuration/skip_devise_trackable_option_spec.rb
|
220
222
|
- spec/configuration/header_names_option_spec.rb
|
221
223
|
- spec/configuration/sign_in_token_option_spec.rb
|
222
224
|
- spec/configuration/action_controller_callbacks_options_spec.rb
|