stn-simple_token_authentication 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +674 -0
  3. data/README.md +270 -0
  4. data/Rakefile +61 -0
  5. data/doc/README.md +18 -0
  6. data/lib/simple_token_authentication.rb +58 -0
  7. data/lib/simple_token_authentication/acts_as_token_authenticatable.rb +49 -0
  8. data/lib/simple_token_authentication/acts_as_token_authentication_handler.rb +22 -0
  9. data/lib/simple_token_authentication/adapter.rb +7 -0
  10. data/lib/simple_token_authentication/adapters/active_record_adapter.rb +14 -0
  11. data/lib/simple_token_authentication/adapters/mongoid_adapter.rb +14 -0
  12. data/lib/simple_token_authentication/adapters/rails_adapter.rb +14 -0
  13. data/lib/simple_token_authentication/adapters/rails_api_adapter.rb +18 -0
  14. data/lib/simple_token_authentication/configuration.rb +45 -0
  15. data/lib/simple_token_authentication/entities_manager.rb +10 -0
  16. data/lib/simple_token_authentication/entity.rb +64 -0
  17. data/lib/simple_token_authentication/fallback_authentication_handler.rb +11 -0
  18. data/lib/simple_token_authentication/sign_in_handler.rb +19 -0
  19. data/lib/simple_token_authentication/token_authentication_handler.rb +149 -0
  20. data/lib/simple_token_authentication/token_comparator.rb +20 -0
  21. data/lib/simple_token_authentication/token_generator.rb +9 -0
  22. data/lib/simple_token_authentication/version.rb +3 -0
  23. data/lib/tasks/simple_token_authentication_tasks.rake +4 -0
  24. data/spec/configuration/action_controller_callbacks_options_spec.rb +53 -0
  25. data/spec/configuration/fallback_to_devise_option_spec.rb +128 -0
  26. data/spec/configuration/header_names_option_spec.rb +463 -0
  27. data/spec/configuration/sign_in_token_option_spec.rb +92 -0
  28. data/spec/lib/simple_token_authentication/acts_as_token_authenticatable_spec.rb +108 -0
  29. data/spec/lib/simple_token_authentication/acts_as_token_authentication_handler_spec.rb +127 -0
  30. data/spec/lib/simple_token_authentication/adapter_spec.rb +19 -0
  31. data/spec/lib/simple_token_authentication/adapters/active_record_adapter_spec.rb +21 -0
  32. data/spec/lib/simple_token_authentication/adapters/mongoid_adapter_spec.rb +21 -0
  33. data/spec/lib/simple_token_authentication/adapters/rails_adapter_spec.rb +21 -0
  34. data/spec/lib/simple_token_authentication/adapters/rails_api_adapter_spec.rb +43 -0
  35. data/spec/lib/simple_token_authentication/configuration_spec.rb +133 -0
  36. data/spec/lib/simple_token_authentication/entities_manager_spec.rb +67 -0
  37. data/spec/lib/simple_token_authentication/entity_spec.rb +190 -0
  38. data/spec/lib/simple_token_authentication/errors_spec.rb +8 -0
  39. data/spec/lib/simple_token_authentication/fallback_authentication_handler_spec.rb +24 -0
  40. data/spec/lib/simple_token_authentication/sign_in_handler_spec.rb +43 -0
  41. data/spec/lib/simple_token_authentication/token_authentication_handler_spec.rb +351 -0
  42. data/spec/lib/simple_token_authentication/token_comparator_spec.rb +19 -0
  43. data/spec/lib/simple_token_authentication/token_generator_spec.rb +19 -0
  44. data/spec/lib/simple_token_authentication_spec.rb +181 -0
  45. data/spec/spec_helper.rb +15 -0
  46. data/spec/support/dummy_classes_helper.rb +80 -0
  47. data/spec/support/spec_for_adapter.rb +10 -0
  48. data/spec/support/spec_for_authentication_handler_interface.rb +8 -0
  49. data/spec/support/spec_for_configuration_option_interface.rb +28 -0
  50. data/spec/support/spec_for_entities_manager_interface.rb +8 -0
  51. data/spec/support/spec_for_sign_in_handler_interface.rb +8 -0
  52. data/spec/support/spec_for_token_comparator_interface.rb +8 -0
  53. data/spec/support/spec_for_token_generator_interface.rb +8 -0
  54. data/spec/support/specs_for_token_authentication_handler_interface.rb +8 -0
  55. metadata +250 -0
@@ -0,0 +1,92 @@
1
+ require 'spec_helper'
2
+
3
+ describe 'Simple Token Authentication' do
4
+
5
+ describe ':sign_in_token option', sign_in_token_option: true do
6
+
7
+ describe 'determines if the session will be stored' do
8
+
9
+ before(:each) do
10
+ user = double()
11
+ stub_const('User', user)
12
+ allow(user).to receive(:name).and_return('User')
13
+ @record = double()
14
+ allow(user).to receive(:find_by).and_return(@record)
15
+
16
+ # given a controller class which acts as token authentication handler
17
+ controller_class = Class.new
18
+ allow(controller_class).to receive(:before_filter)
19
+ controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
20
+ # and handles authentication for a given model
21
+ controller_class.acts_as_token_authentication_handler_for User
22
+
23
+ @controller = controller_class.new
24
+ allow(@controller).to receive(:params)
25
+ # and there are credentials for a record of that model in params or headers
26
+ allow(@controller).to receive(:get_identifier_from_params_or_headers)
27
+ # and both identifier and authentication token are correct
28
+ allow(@controller).to receive(:find_record_from_identifier).and_return(@record)
29
+ allow(@controller).to receive(:token_correct?).and_return(true)
30
+ allow(@controller).to receive(:env).and_return({})
31
+ end
32
+
33
+ context 'when false' do
34
+
35
+ it 'does instruct Devise not to store the session', public: true do
36
+ allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return(false)
37
+
38
+ expect(@controller).to receive(:sign_in).with(@record, store: false)
39
+ @controller.authenticate_user_from_token
40
+ end
41
+ end
42
+
43
+ context 'when true' do
44
+
45
+ it 'does instruct Devise to store the session', public: true do
46
+ allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return(true)
47
+
48
+ expect(@controller).to receive(:sign_in).with(@record, store: true)
49
+ @controller.authenticate_user_from_token
50
+ end
51
+ end
52
+ end
53
+
54
+ it 'can be modified from an initializer file', public: true do
55
+ user = double()
56
+ stub_const('User', user)
57
+ allow(user).to receive(:name).and_return('User')
58
+ @record = double()
59
+ allow(user).to receive(:find_by).and_return(@record)
60
+
61
+ # given a controller class which acts as token authentication handler
62
+ controller_class = Class.new
63
+ allow(controller_class).to receive(:before_filter)
64
+ controller_class.send :extend, SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler
65
+
66
+ allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return('initial value')
67
+ # INITIALIZATION
68
+ # this step occurs when 'simple_token_authentication' is required
69
+ #
70
+ # given the controller class handles token authentication for a model
71
+ controller_class.acts_as_token_authentication_handler_for User
72
+
73
+ # RUNTIME
74
+ @controller = controller_class.new
75
+ allow(@controller).to receive(:params)
76
+ # and there are credentials for a record of that model in params or headers
77
+ allow(@controller).to receive(:get_identifier_from_params_or_headers)
78
+ # and both identifier and authentication token are correct
79
+ allow(@controller).to receive(:find_record_from_identifier).and_return(@record)
80
+ allow(@controller).to receive(:token_correct?).and_return(true)
81
+ allow(@controller).to receive(:env).and_return({})
82
+
83
+ # even if modified *after* the class was loaded
84
+ allow(SimpleTokenAuthentication).to receive(:sign_in_token).and_return('updated value')
85
+
86
+ # the option updated value is taken into account
87
+ # when token authentication is performed
88
+ expect(@controller).to receive(:sign_in).with(@record, store: 'updated value')
89
+ @controller.authenticate_user_from_token
90
+ end
91
+ end
92
+ end
@@ -0,0 +1,108 @@
1
+ require 'spec_helper'
2
+
3
+
4
+ class DummyTokenGenerator
5
+ def initialize(args={})
6
+ @tokens_to_be_generated = args[:tokens_to_be_generated]
7
+ end
8
+
9
+ def generate_token
10
+ @tokens_to_be_generated.shift
11
+ end
12
+ end
13
+
14
+ describe DummyTokenGenerator do
15
+ it_behaves_like 'a token generator'
16
+ end
17
+
18
+ describe 'A token authenticatable class (or one of its children)' do
19
+
20
+ after(:each) do
21
+ ensure_examples_independence
22
+ end
23
+
24
+ before(:each) do
25
+ define_test_subjects_for_inclusion_of(SimpleTokenAuthentication::ActsAsTokenAuthenticatable)
26
+ end
27
+
28
+ it 'responds to :acts_as_token_authenticatable', public: true do
29
+ @subjects.each do |subject|
30
+ expect(subject).to respond_to :acts_as_token_authenticatable
31
+ end
32
+ end
33
+
34
+ describe 'which supports the :before_save hook' do
35
+
36
+ context 'when it acts as token authenticatable' do
37
+ it 'ensures its instances have an authentication token before being saved (1)', rspec_3_error: true, public: true do
38
+ some_class = @subjects.first
39
+
40
+ expect(some_class).to receive(:before_save).with(:ensure_authentication_token)
41
+ some_class.acts_as_token_authenticatable
42
+ end
43
+
44
+ it 'ensures its instances have an authentication token before being saved (2)', rspec_3_error: true, public: true do
45
+ some_child_class = @subjects.last
46
+
47
+ expect(some_child_class).to receive(:before_save).with(:ensure_authentication_token)
48
+ some_child_class.acts_as_token_authenticatable
49
+ end
50
+ end
51
+ end
52
+
53
+ describe 'instance' do
54
+
55
+ it 'responds to :ensure_authentication_token', protected: true do
56
+ @subjects.map!{ |subject| subject.new }
57
+ @subjects.each do |subject|
58
+ expect(subject).to respond_to :ensure_authentication_token
59
+ end
60
+ end
61
+
62
+ context 'when some authentication tokens are already in use' do
63
+
64
+ before(:each) do
65
+ TOKENS_IN_USE = ['ExampleTok3n', '4notherTokeN']
66
+
67
+ @subjects.each do |k|
68
+ k.class_eval do
69
+
70
+ def initialize(args={})
71
+ @authentication_token = args[:authentication_token]
72
+ @token_generator = DummyTokenGenerator.new(
73
+ tokens_to_be_generated: TOKENS_IN_USE + ['Dist1nCt-Tok3N'])
74
+ end
75
+
76
+ def authentication_token=(value)
77
+ @authentication_token = value
78
+ end
79
+
80
+ def authentication_token
81
+ @authentication_token
82
+ end
83
+
84
+ # the 'ExampleTok3n' is already in use
85
+ def token_suitable?(token)
86
+ not TOKENS_IN_USE.include? token
87
+ end
88
+
89
+ def token_generator
90
+ @token_generator
91
+ end
92
+ end
93
+ end
94
+ @subjects.map!{ |subject| subject.new }
95
+ end
96
+
97
+ it 'ensures its authentication token is unique', public: true do
98
+ @subjects.each do |subject|
99
+ subject.ensure_authentication_token
100
+
101
+ expect(subject.authentication_token).not_to eq 'ExampleTok3n'
102
+ expect(subject.authentication_token).not_to eq '4notherTokeN'
103
+ expect(subject.authentication_token).to eq 'Dist1nCt-Tok3N'
104
+ end
105
+ end
106
+ end
107
+ end
108
+ end
@@ -0,0 +1,127 @@
1
+ require 'spec_helper'
2
+
3
+ def ignore_cucumber_hack
4
+ skip_rails_test_environment_code
5
+ end
6
+
7
+ # Skip the code intended to be run in the Rails test environment
8
+ def skip_rails_test_environment_code
9
+ rails = double()
10
+ stub_const('Rails', rails)
11
+ allow(rails).to receive_message_chain(:env, :test?).and_return(false)
12
+ end
13
+
14
+ describe 'Any class which extends SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler (or any if its children)' do
15
+
16
+ after(:each) do
17
+ ensure_examples_independence
18
+ end
19
+
20
+ before(:each) do
21
+ define_test_subjects_for_extension_of(SimpleTokenAuthentication::ActsAsTokenAuthenticationHandler)
22
+ end
23
+
24
+ it 'responds to :acts_as_token_authentication_handler_for', public: true do
25
+ @subjects.each do |subject|
26
+ expect(subject).to respond_to :acts_as_token_authentication_handler_for
27
+ end
28
+ end
29
+
30
+ it 'responds to :acts_as_token_authentication_handler', public: true, deprecated: true do
31
+ @subjects.each do |subject|
32
+ expect(subject).to respond_to :acts_as_token_authentication_handler
33
+ end
34
+ end
35
+
36
+ it 'doesn\'t behave like a token authentication handler', public: true do
37
+ stub_const('SimpleTokenAuthentication::TokenAuthenticationHandler', Module.new)
38
+
39
+ @subjects.each do |subject|
40
+ expect(subject).not_to be_include SimpleTokenAuthentication::TokenAuthenticationHandler
41
+ end
42
+ end
43
+
44
+ context 'when it explicitely acts as a token authentication handler' do
45
+
46
+ it 'behaves like a token authentication handler (1)', rspec_3_error: true, public: true do
47
+ double_user_model
48
+ stub_const('SimpleTokenAuthentication::TokenAuthenticationHandler', Module.new)
49
+
50
+ some_class = @subjects.first
51
+ allow(some_class).to receive(:handle_token_authentication_for)
52
+
53
+ some_class.acts_as_token_authentication_handler_for User
54
+ expect(some_class).to be_include SimpleTokenAuthentication::TokenAuthenticationHandler
55
+ end
56
+
57
+ it 'behaves like a token authentication handler (2)', rspec_3_error: true, public: true do
58
+ double_user_model
59
+ stub_const('SimpleTokenAuthentication::TokenAuthenticationHandler', Module.new)
60
+
61
+ some_child_class = @subjects.last
62
+ allow(some_child_class).to receive(:handle_token_authentication_for)
63
+
64
+ some_child_class.acts_as_token_authentication_handler_for User
65
+ expect(some_child_class).to be_include SimpleTokenAuthentication::TokenAuthenticationHandler
66
+ end
67
+ end
68
+
69
+ describe '.acts_as_token_authentication_handler_for', rspec_3_error: true do
70
+
71
+ it 'ensures the receiver class does handle token authentication for a given (token authenticatable) model (1)', public: true do
72
+ double_user_model
73
+
74
+ some_class = @subjects.first
75
+ allow(some_class).to receive(:before_filter)
76
+
77
+ expect(some_class).to receive(:include).with(SimpleTokenAuthentication::TokenAuthenticationHandler)
78
+ expect(some_class).to receive(:handle_token_authentication_for).with(User, { option: 'value' })
79
+
80
+ some_class.acts_as_token_authentication_handler_for User, { option: 'value' }
81
+ end
82
+
83
+ it 'ensures the receiver class does handle token authentication for a given (token authenticatable) model (2)', public: true do
84
+ double_user_model
85
+
86
+ some_child_class = @subjects.last
87
+ allow(some_child_class).to receive(:before_filter)
88
+
89
+ expect(some_child_class).to receive(:include).with(SimpleTokenAuthentication::TokenAuthenticationHandler)
90
+ expect(some_child_class).to receive(:handle_token_authentication_for).with(User, { option: 'value' })
91
+
92
+ some_child_class.acts_as_token_authentication_handler_for User, { option: 'value' }
93
+ end
94
+ end
95
+
96
+ describe '.acts_as_token_authentication_handler', deprecated: true do
97
+
98
+ it 'issues a deprecation warning', public: true do
99
+ double_user_model
100
+
101
+ @subjects.each do |subject|
102
+ deprecation_handler = double()
103
+ stub_const('ActiveSupport::Deprecation', deprecation_handler)
104
+ allow(subject).to receive(:acts_as_token_authentication_handler_for)
105
+
106
+ expect(deprecation_handler).to receive(:warn)
107
+
108
+ subject.acts_as_token_authentication_handler
109
+ end
110
+ end
111
+
112
+ it 'is replaced by .acts_as_token_authentication_handler_for', public: true do
113
+ double_user_model
114
+
115
+ @subjects.each do |subject|
116
+ deprecation_handler = double()
117
+ allow(deprecation_handler).to receive(:warn)
118
+ stub_const('ActiveSupport::Deprecation', deprecation_handler)
119
+ allow(subject).to receive(:acts_as_token_authentication_handler_for)
120
+
121
+ expect(subject).to receive(:acts_as_token_authentication_handler_for).with(User)
122
+
123
+ subject.acts_as_token_authentication_handler
124
+ end
125
+ end
126
+ end
127
+ end
@@ -0,0 +1,19 @@
1
+ require 'spec_helper'
2
+
3
+ describe 'Any class which extends SimpleTokenAuthentication::Adapter' do
4
+
5
+ after(:each) do
6
+ SimpleTokenAuthentication.send(:remove_const, :SomeClass)
7
+ end
8
+
9
+ before(:each) do
10
+ @subject = define_dummy_class_which_extends(SimpleTokenAuthentication::Adapter)
11
+ end
12
+
13
+ describe '.base_class' do
14
+
15
+ it 'raises an error if not overwritten', public: true do
16
+ expect{ @subject.base_class }.to raise_error NotImplementedError
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,21 @@
1
+ require 'spec_helper'
2
+ require 'simple_token_authentication/adapters/active_record_adapter'
3
+
4
+ describe 'SimpleTokenAuthentication::Adapters::ActiveRecordAdapter' do
5
+
6
+ before(:each) do
7
+ stub_const('ActiveRecord', Module.new)
8
+ stub_const('ActiveRecord::Base', double())
9
+
10
+ @subject = SimpleTokenAuthentication::Adapters::ActiveRecordAdapter
11
+ end
12
+
13
+ it_behaves_like 'an adapter'
14
+
15
+ describe '.base_class' do
16
+
17
+ it 'is ActiveRecord::Base', private: true do
18
+ expect(@subject.base_class).to eq ActiveRecord::Base
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,21 @@
1
+ require 'spec_helper'
2
+ require 'simple_token_authentication/adapters/mongoid_adapter'
3
+
4
+ describe 'SimpleTokenAuthentication::Adapters::MongoidAdapter' do
5
+
6
+ before(:each) do
7
+ stub_const('Mongoid', Module.new)
8
+ stub_const('Mongoid::Document', double())
9
+
10
+ @subject = SimpleTokenAuthentication::Adapters::MongoidAdapter
11
+ end
12
+
13
+ it_behaves_like 'an adapter'
14
+
15
+ describe '.base_class' do
16
+
17
+ it 'is Mongoid::Document', private: true do
18
+ expect(@subject.base_class).to eq Mongoid::Document
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,21 @@
1
+ require 'spec_helper'
2
+ require 'simple_token_authentication/adapters/rails_adapter'
3
+
4
+ describe 'SimpleTokenAuthentication::Adapters::RailsAdapter' do
5
+
6
+ before(:each) do
7
+ stub_const('ActionController', Module.new)
8
+ stub_const('ActionController::Base', double())
9
+
10
+ @subject = SimpleTokenAuthentication::Adapters::RailsAdapter
11
+ end
12
+
13
+ it_behaves_like 'an adapter'
14
+
15
+ describe '.base_class' do
16
+
17
+ it 'is ActionController::Base', private: true do
18
+ expect(@subject.base_class).to eq ActionController::Base
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,43 @@
1
+ require 'spec_helper'
2
+ require 'simple_token_authentication/adapters/rails_api_adapter'
3
+
4
+ describe 'SimpleTokenAuthentication::Adapters::RailsAPIAdapter' do
5
+
6
+ before(:each) do
7
+ stub_const('ActionController', Module.new)
8
+ stub_const('ActionController::API', double())
9
+
10
+ @subject = SimpleTokenAuthentication::Adapters::RailsAPIAdapter
11
+ end
12
+
13
+ it_behaves_like 'an adapter'
14
+
15
+ describe '.base_class' do
16
+
17
+ it 'is ActionController::API', private: true do
18
+ expect(@subject.base_class).to eq ActionController::API
19
+ end
20
+ end
21
+ end
22
+
23
+ context 'When the "API" acronym is not defined' do
24
+ describe 'SimpleTokenAuthentication::Adapters::RailsApiAdapter' do
25
+
26
+ before(:each) do
27
+ stub_const('ActionController', Module.new)
28
+ stub_const('ActionController::API', double())
29
+
30
+ @subject = SimpleTokenAuthentication::Adapters::RailsApiAdapter
31
+ end
32
+
33
+ it_behaves_like 'an adapter'
34
+
35
+ describe '.base_class' do
36
+
37
+ it 'is ActionController::API', private: true do
38
+ expect(@subject.base_class).to eq ActionController::API
39
+ end
40
+ end
41
+ end
42
+ end
43
+