stn-simple_token_authentication 1.7.1

data/lib/simple_token_authentication/acts_as_token_authentication_handler.rb

@@ -0,0 +1,22 @@
+require 'active_support/deprecation'
+require 'simple_token_authentication/token_authentication_handler'
+
+module SimpleTokenAuthentication
+  module ActsAsTokenAuthenticationHandler
+
+    # This module ensures that no TokenAuthenticationHandler behaviour
+    # is added before the class actually `acts_as_token_authentication_handler_for`
+    # some token authenticatable model.
+    # See https://github.com/gonzalo-bulnes/simple_token_authentication/issues/8#issuecomment-31707201
+
+    def acts_as_token_authentication_handler_for(model, options = {})
+      include SimpleTokenAuthentication::TokenAuthenticationHandler
+      handle_token_authentication_for(model, options)
+    end
+
+    def acts_as_token_authentication_handler
+      ::ActiveSupport::Deprecation.warn "`acts_as_token_authentication_handler()` is deprecated and may be removed from future releases, use `acts_as_token_authentication_handler_for(User)` instead.", caller
+      acts_as_token_authentication_handler_for User
+    end
+  end
+end

data/lib/simple_token_authentication/adapter.rb

@@ -0,0 +1,7 @@
+module SimpleTokenAuthentication
+  module Adapter
+    def base_class
+      raise NotImplementedError
+    end
+  end
+end

data/lib/simple_token_authentication/adapters/active_record_adapter.rb

@@ -0,0 +1,14 @@
+require 'active_record'
+require 'simple_token_authentication/adapter'
+
+module SimpleTokenAuthentication
+  module Adapters
+    class ActiveRecordAdapter
+      extend SimpleTokenAuthentication::Adapter
+
+      def self.base_class
+        ::ActiveRecord::Base
+      end
+    end
+  end
+end

data/lib/simple_token_authentication/adapters/mongoid_adapter.rb

@@ -0,0 +1,14 @@
+require 'mongoid'
+require 'simple_token_authentication/adapter'
+
+module SimpleTokenAuthentication
+  module Adapters
+    class MongoidAdapter
+      extend SimpleTokenAuthentication::Adapter
+
+      def self.base_class
+        ::Mongoid::Document
+      end
+    end
+  end
+end

data/lib/simple_token_authentication/adapters/rails_adapter.rb

@@ -0,0 +1,14 @@
+require 'action_controller'
+require 'simple_token_authentication/adapter'
+
+module SimpleTokenAuthentication
+  module Adapters
+    class RailsAdapter
+      extend SimpleTokenAuthentication::Adapter
+
+      def self.base_class
+        ::ActionController::Base
+      end
+    end
+  end
+end

data/lib/simple_token_authentication/adapters/rails_api_adapter.rb

@@ -0,0 +1,18 @@
+require 'action_controller'
+require 'simple_token_authentication/adapter'
+
+module SimpleTokenAuthentication
+  module Adapters
+    class RailsAPIAdapter
+      extend SimpleTokenAuthentication::Adapter
+
+      def self.base_class
+        ::ActionController::API
+      end
+    end
+
+    # make the adpater available even if the 'API' acronym is not defined
+    RailsApiAdapter = RailsAPIAdapter
+  end
+end
+

data/lib/simple_token_authentication/configuration.rb

@@ -0,0 +1,45 @@
+module SimpleTokenAuthentication
+  module Configuration
+
+    mattr_reader   :fallback
+    mattr_accessor :header_names
+    mattr_accessor :sign_in_token
+    mattr_accessor :controller_adapters
+    mattr_accessor :model_adapters
+    mattr_accessor :adapters_dependencies
+
+    # Default configuration
+    @@fallback = :devise
+    @@header_names = {}
+    @@sign_in_token = false
+    @@controller_adapters = ['rails', 'rails_api']
+    @@model_adapters = ['active_record', 'mongoid']
+    @@adapters_dependencies = { 'active_record' => 'ActiveRecord::Base',
+                                'mongoid'       => 'Mongoid::Document',
+                                'rails'         => 'ActionController::Base',
+                                'rails_api'     => 'ActionController::API' }
+
+    # Allow the default configuration to be overwritten from initializers
+    def configure
+      yield self if block_given?
+    end
+
+    def parse_options(options)
+      unless options[:fallback].presence
+        if options[:fallback_to_devise]
+          options[:fallback] = :devise
+        elsif options[:fallback_to_devise] == false
+          if SimpleTokenAuthentication.fallback == :devise
+              options[:fallback] = :none
+          else
+            options[:fallback] = SimpleTokenAuthentication.fallback
+          end
+        else
+          options[:fallback] = SimpleTokenAuthentication.fallback
+        end
+      end
+      options.reject! { |k,v| k == :fallback_to_devise }
+      options
+    end
+  end
+end

data/lib/simple_token_authentication/entities_manager.rb

@@ -0,0 +1,10 @@
+require 'simple_token_authentication/entity'
+
+module SimpleTokenAuthentication
+  class EntitiesManager
+    def find_or_create_entity(model, name)
+      @entities ||= {}
+      @entities[name] ||= Entity.new(model, name)
+    end
+  end
+end

data/lib/simple_token_authentication/entity.rb

@@ -0,0 +1,64 @@
+module SimpleTokenAuthentication
+  class Entity
+    def initialize model, name=nil
+      @model = model
+      @name = name || model.name
+    end
+
+    def model
+      @model
+    end
+
+    def name
+      @name
+    end
+
+    def name_underscore
+      name.underscore
+    end
+
+    # Private: Return the name of the header to watch for the token authentication param
+    def token_header_name
+      if SimpleTokenAuthentication.header_names["#{name_underscore}".to_sym].presence \
+        && token_header_name = SimpleTokenAuthentication.header_names["#{name_underscore}".to_sym][:authentication_token]
+        token_header_name
+      else
+        "X-#{name}-Token"
+      end
+    end
+
+    # Private: Return the name of the header to watch for the email param
+    def identifier_header_name
+      if SimpleTokenAuthentication.header_names["#{name_underscore}".to_sym].presence \
+        && identifier_header_name = SimpleTokenAuthentication.header_names["#{name_underscore}".to_sym][:email]
+        identifier_header_name
+      else
+        "X-#{name}-Email"
+      end
+    end
+
+    def token_param_name
+      "#{name_underscore}_token".to_sym
+    end
+
+    def identifier_param_name
+      "#{name_underscore}_email".to_sym
+    end
+
+    def get_token_from_params_or_headers controller
+      # if the token is not present among params, get it from headers
+      if token = controller.params[token_param_name].blank? && controller.request.headers[token_header_name]
+        controller.params[token_param_name] = token
+      end
+      controller.params[token_param_name]
+    end
+
+    def get_identifier_from_params_or_headers controller
+      # if the identifier (email) is not present among params, get it from headers
+      if email = controller.params[identifier_param_name].blank? && controller.request.headers[identifier_header_name]
+        controller.params[identifier_param_name] = email
+      end
+      controller.params[identifier_param_name]
+    end
+  end
+end

data/lib/simple_token_authentication/fallback_authentication_handler.rb

@@ -0,0 +1,11 @@
+module SimpleTokenAuthentication
+  class FallbackAuthenticationHandler
+    # Devise authentication is performed through a controller
+    # which includes Devise::Controllers::Helpers
+    # See http://rdoc.info/github/plataformatec/devise/master/\
+    #            Devise/Controllers/Helpers#define_helpers-class_method
+    def authenticate_entity!(controller, entity)
+      controller.send("authenticate_#{entity.name_underscore}!".to_sym)
+    end
+  end
+end

data/lib/simple_token_authentication/sign_in_handler.rb

@@ -0,0 +1,19 @@
+module SimpleTokenAuthentication
+  class SignInHandler
+    # Devise sign in is performed through a controller
+    # which includes Devise::Controllers::SignInOut
+    def sign_in(controller, record, *args)
+      integrate_with_devise_trackable!(controller)
+
+      controller.send(:sign_in, record, *args)
+    end
+
+    private
+
+    def integrate_with_devise_trackable!(controller)
+      # Sign in using token should not be tracked by Devise trackable
+      # See https://github.com/plataformatec/devise/issues/953
+      controller.env["devise.skip_trackable"] = true
+    end
+  end
+end

data/lib/simple_token_authentication/token_authentication_handler.rb

@@ -0,0 +1,149 @@
+require 'active_support/concern'
+require 'devise'
+
+require 'simple_token_authentication/entities_manager'
+require 'simple_token_authentication/fallback_authentication_handler'
+require 'simple_token_authentication/sign_in_handler'
+require 'simple_token_authentication/token_comparator'
+
+module SimpleTokenAuthentication
+  module TokenAuthenticationHandler
+    extend ::ActiveSupport::Concern
+
+    included do
+      private_class_method :define_token_authentication_helpers_for
+      private_class_method :set_token_authentication_hooks
+      private_class_method :entities_manager
+      private_class_method :fallback_authentication_handler
+
+      private :authenticate_entity_from_token!
+      private :authenticate_entity_from_fallback!
+      private :token_correct?
+      private :perform_sign_in!
+      private :token_comparator
+      private :sign_in_handler
+      private :find_record_from_identifier
+      private :integrate_with_devise_case_insensitive_keys
+    end
+
+    def authenticate_entity_from_token!(entity)
+      record = find_record_from_identifier(entity)
+
+      if token_correct?(record, entity, token_comparator)
+        perform_sign_in!(record, sign_in_handler)
+      end
+    end
+
+    def authenticate_entity_from_fallback!(entity, fallback_authentication_handler)
+      fallback_authentication_handler.authenticate_entity!(self, entity)
+    end
+
+    def token_correct?(record, entity, token_comparator)
+      record && token_comparator.compare(record.authentication_token,
+                                         entity.get_token_from_params_or_headers(self))
+    end
+
+    def perform_sign_in!(record, sign_in_handler)
+      # Notice the store option defaults to false, so the record
+      # identifier is not actually stored in the session and a token
+      # is needed for every request. That behaviour can be configured
+      # through the sign_in_token option.
+      sign_in_handler.sign_in self, record, store: SimpleTokenAuthentication.sign_in_token
+    end
+
+    def find_record_from_identifier(entity)
+      email = entity.get_identifier_from_params_or_headers(self).presence
+
+      email = integrate_with_devise_case_insensitive_keys(email)
+
+      # The finder method should be compatible with all the model adapters,
+      # namely ActiveRecord and Mongoid in all their supported versions.
+      record = nil
+      record = email && entity.model.where(email: email).first
+    end
+
+    # Private: Take benefit from Devise case-insensitive keys
+    #
+    # See https://github.com/plataformatec/devise/blob/v3.4.1/lib/generators/templates/devise.rb#L45-L48
+    #
+    # email - the original email String
+    #
+    # Returns an email String which case follows the Devise case-insensitive keys policy
+    def integrate_with_devise_case_insensitive_keys(email)
+      email.downcase! if email && Devise.case_insensitive_keys.include?(:email)
+      email
+    end
+
+    # Private: Get one (always the same) object which behaves as a token comprator
+    def token_comparator
+      @@token_comparator ||= TokenComparator.new
+    end
+
+    # Private: Get one (always the same) object which behaves as a sign in handler
+    def sign_in_handler
+      @@sign_in_handler ||= SignInHandler.new
+    end
+
+    module ClassMethods
+
+      # Provide token authentication handling for a token authenticatable class
+      #
+      # model - the token authenticatable Class
+      #
+      # Returns nothing.
+      def handle_token_authentication_for(model, options = {})
+        name = options[:name] || model.name
+        entity = entities_manager.find_or_create_entity(model, name)
+        options = SimpleTokenAuthentication.parse_options(options)
+        define_token_authentication_helpers_for(entity, fallback_authentication_handler)
+        set_token_authentication_hooks(entity, options)
+      end
+
+      # Private: Get one (always the same) object which behaves as an entities manager
+      def entities_manager
+        if class_variable_defined?(:@@entities_manager)
+          class_variable_get(:@@entities_manager)
+        else
+          class_variable_set(:@@entities_manager, EntitiesManager.new)
+        end
+      end
+
+      # Private: Get one (always the same) object which behaves as a fallback authentication handler
+      def fallback_authentication_handler
+        if class_variable_defined?(:@@fallback_authentication_handler)
+          class_variable_get(:@@fallback_authentication_handler)
+        else
+          class_variable_set(:@@fallback_authentication_handler, FallbackAuthenticationHandler.new)
+        end
+      end
+
+      def define_token_authentication_helpers_for(entity, fallback_authentication_handler)
+
+        method_name = "authenticate_#{entity.name_underscore}_from_token"
+        method_name_bang = method_name + '!'
+
+        class_eval do
+          define_method method_name.to_sym do
+            lambda { |_entity| authenticate_entity_from_token!(_entity) }.call(entity)
+          end
+
+          define_method method_name_bang.to_sym do
+            lambda do |_entity|
+              authenticate_entity_from_token!(_entity)
+              authenticate_entity_from_fallback!(_entity, fallback_authentication_handler)
+            end.call(entity)
+          end
+        end
+      end
+
+      def set_token_authentication_hooks(entity, options)
+        authenticate_method = unless options[:fallback] == :none
+          :"authenticate_#{entity.name_underscore}_from_token!"
+        else
+          :"authenticate_#{entity.name_underscore}_from_token"
+        end
+        before_filter authenticate_method, options.slice(:only, :except)
+      end
+    end
+  end
+end

data/lib/simple_token_authentication/token_comparator.rb

@@ -0,0 +1,20 @@
+require 'devise'
+
+module SimpleTokenAuthentication
+  class TokenComparator
+
+    # Compare two String instances
+    #
+    # Important: this method is cryptographically critical and
+    # must be implemented with care when defining new token comparators.
+    #
+    # Returns true if String instances do match, false otherwise
+    def compare(a, b)
+      # Notice how we use Devise.secure_compare to compare tokens
+      # while mitigating timing attacks.
+      # See http://rubydoc.info/github/plataformatec/\
+      #            devise/master/Devise#secure_compare-class_method
+      Devise.secure_compare(a, b)
+    end
+  end
+end

data/lib/simple_token_authentication/token_generator.rb

@@ -0,0 +1,9 @@
+require 'devise'
+
+module SimpleTokenAuthentication
+  class TokenGenerator
+    def generate_token
+      Devise.friendly_token
+    end
+  end
+end

data/lib/simple_token_authentication/version.rb

@@ -0,0 +1,3 @@
+module SimpleTokenAuthentication
+  VERSION = "1.7.1"
+end

data/lib/tasks/simple_token_authentication_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :simple_token_authentication do
+#   # Task goes here
+# end