tag_auth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7c3ca5e97dcc7a1d2471e08f61a4e0d1b74205e9c4ed5372b3a552f78c502838
+  data.tar.gz: f3747cbe921547000af1c96dd98fbd334ae2f2b09f75d3fe74ef7f24d84ad6c5
+SHA512:
+  metadata.gz: 4724e36fbe82a42cbfb4361735475adbd1ad33f9f4c9595f3640c9db140f4bb3ee35a3748ced569e856143639f00604cf4b345b71ecedad134a85e38077406be
+  data.tar.gz: 36e3afacddd03e57d5a672d637a2ec5f030ef4521b48f2b517097869092c2b1c7f6d79ac91576d3a5fdcc86d8756e6950ded002811eec6275d024b7b46b5f2eb

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2023-09-22
+
+- Initial release

data/README.md

@@ -0,0 +1,75 @@
+# TagAuth 
+
+TagAuth is a Ruby gem designed to integrate tag-based authentication into Rails applications using Devise. This gem is particularly suitable for web applications deployed on kiosks.
+
+TagAuth supports two methods of tag-based authentication:
+
+1. **Direct Input (Ideal for Keyboard-Emulating Readers)**:
+    - For kiosks with readers acting as keyboards, tags can be directly input into a designated field (to be implemented by the user of this gem).
+    - This method utilizes the custom Devise strategy generated by TagAuth.
+
+
+2. **External Reader Endpoint (For Serial Readers)**:
+    - For kiosks where the reader cannot directly communicate with the web application, TagAuth provides an endpoint in the generated controller.
+    - An external client or script operating the reader can access this endpoint to receive a one-time authentication token linked to a user's tag.
+    - The client can then open a browser with a URL in the format `www.some-web-app.com/tag_auth_tokens?token=received_token` to authenticate the user.
+    - TagAuth includes a sample Powershell script for Windows kiosks, demonstrating how to listen to a reader communicating via a serial port.
+
+
+### Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'tag_auth'
+```
+
+And then execute:
+
+```bash
+bundle install
+```
+
+### Usage
+
+TagAuth provides generators to set up the necessary components for tag-based authentication. Ensure you have Devise installed and configured in your Rails application before proceeding.
+
+1. **TagAuth Generator**: Generates a migration to add `auth_tag`, `authentication_token`, and `authentication_token_valid_to` columns to your model, along with necessary indexes.
+
+   ```bash
+   rails generate tag_auth:tag_auth [MODEL_NAME]
+   ```
+
+   Replace `[MODEL_NAME]` with the name of your model (e.g., `User`) you wish to authenticate with a tag..
+
+
+2. **TagAuthenticable Generator**: Generates a custom Devise strategy for tag-based authentication. It is used for the direct inputs readers described above.
+
+   ```bash
+   rails generate tag_auth:tag_authenticable [MODEL_NAME]
+   ```
+
+   Again, replace `[MODEL_NAME]` with the model name.
+
+
+3. **Controller Generator**: Generates a controller and initializer to handle tag-based authentication. It is the center point handling the authentication. To integrate with external readers, it uses the `simple_token_authentication` gem. It enhances token validation of the gem to include time-based validity checks.
+
+   ```bash
+   rails generate tag_auth:controller [MODEL_NAME]
+   ```
+
+   Replace `[MODEL_NAME]` with the model name. Make sure you call it on the same model each time.
+
+### Authentication middleware
+In the `scripts` directory, there is an example Powershell script that demonstrates how to connect the reader with the web application. 
+In the script, replace the example URI with your own. Alternatively, adjust the reader properties to fit your usage. 
+This script can be inserted into Windows Task that starts running after the user login. To register the task, open the Task scheduler and create a new task.
+Set up the trigger for the task ("At user log on" is recommended) and add new Action that will run the Powershell script. In the Program/Script option, insert `PowerShell -File "path-to-your-ps-script"`.
+
+### Contributing
+
+Contributions to TagAuth are welcome! Please follow the standard procedures for contributing to open-source projects.
+
+### License
+
+TagAuth is released under [MIT License](LICENSE.txt).

data/lib/generators/tag_auth/controller_generator.rb

@@ -0,0 +1,34 @@
+require 'rails/generators/active_record'
+
+module TagAuth
+  module Generators
+    class ControllerGenerator < Rails::Generators::Base
+      source_root File.expand_path('templates', __dir__)
+
+      desc 'Generates a controller responsible for creating one time sign in tokens' \
+      "based on model's authentication tag"
+
+      argument :scope, required: true,
+                       desc: 'The scope in which controller will be created, e.g. users.' \
+                       'It should be compatible with the model provided in other generators'
+
+      def create_controller
+        @model = scope.camelize.singularize
+        @instance = scope.downcase.singularize
+        @scope = scope.blank? ? 'Users' : scope.camelize
+
+        template 'tag_auth_controller.rb.erb',
+                 'app/controllers/tag_auth_tokens_controller.rb'
+      end
+
+      def add_routes
+        route 'resources :tag_auth_tokens, only: [:index, :create]'
+      end
+
+      def create_initializer
+        template 'tag_auth_initializer.rb',
+                 'config/initializers/tag_auth_initializer.rb'
+      end
+    end
+  end
+end

data/lib/generators/tag_auth/tag_auth_generator.rb

@@ -0,0 +1,29 @@
+require 'rails/generators/active_record'
+require 'rails/version'
+
+module TagAuth
+  module Generators
+    class TagAuthGenerator < ActiveRecord::Generators::Base
+      source_root File.expand_path('templates', __dir__)
+
+      desc 'Generates a migration modifying a table with the given NAME which ' \
+           "adds two new columns for storing user's tag value and a one time authentication token."
+
+      def copy_tag_auth_migration
+        migration_template 'add_auth_tag_and_token_migration.rb.erb',
+                           "#{migration_path}/add_auth_tag_and_token_to_#{file_path.pluralize}.rb",
+                           migration_version: migration_version
+      end
+
+      def migration_path
+        File.join('db', 'migrate')
+      end
+
+      def migration_version
+        return unless Rails::VERSION::MAJOR >= 5
+
+        "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
+      end
+    end
+  end
+end

data/lib/generators/tag_auth/tag_authenticable_generator.rb

@@ -0,0 +1,24 @@
+require 'rails/generators/active_record'
+
+module TagAuth
+  module Generators
+    class TagAuthenticableGenerator < Rails::Generators::Base
+      source_root File.expand_path('templates', __dir__)
+
+      desc 'Generates a Devise strategy for authenticating a user by tag'
+
+      argument :scope, required: true,
+                       desc: 'The scope in which strategy will be created, e.g. users.' \
+                       'It should be compatible with the model provided in other generators'
+
+      def create_controller
+        @model = scope.camelize.singularize
+        @instance = scope.downcase.singularize
+        @scope = scope.blank? ? 'Users' : scope.camelize
+
+        template 'tag_authenticable.rb.erb',
+                 'config/initializers/tag_authenticable.rb'
+      end
+    end
+  end
+end

data/lib/generators/tag_auth/templates/add_auth_tag_and_token_migration.rb.erb

@@ -0,0 +1,32 @@
+class AddAuthTagAndTokenTo<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
+  disable_ddl_transaction!
+
+  def up
+    unless column_exists?(:<%= table_name %>, :auth_tag)
+      add_column :<%= table_name %>, :auth_tag, :string
+      add_index :<%= table_name %>, :auth_tag, algorithm: :concurrently, unique: true
+    end
+
+    unless column_exists?(:<%= table_name %>, :authentication_token)
+      add_column :<%= table_name %>, :authentication_token, :string, limit: 30
+      add_index :<%= table_name %>, :authentication_token, algorithm: :concurrently, unique: true
+    end
+
+    unless column_exists?(:<%= table_name %>, :authentication_token_valid_to)
+      add_column :<%= table_name %>, :authentication_token_valid_to, :datetime
+      add_index :<%= table_name %>, :authentication_token_valid_to, algorithm: :concurrently, unique: true
+    end
+  end
+
+  def down
+    safety_assured do
+      remove_column :<%= table_name %>, :auth_tag
+
+      remove_column :<%= table_name %>, :authentication_token
+      remove_index :<%= table_name %>, :authentication_token if index_exists? :<%= table_name %>, :authentication_token
+
+      remove_column :<%= table_name %>, :authentication_token_valid_to
+      remove_index :<%= table_name %>, :authentication_token_valid_to if index_exists? :<%= table_name %>, :authentication_token_valid_to
+    end
+  end
+end

data/lib/generators/tag_auth/templates/tag_auth_controller.rb.erb

@@ -0,0 +1,74 @@
+require 'tag_auth/tag_auth_token_authentication_handler'
+require 'tag_auth/token_assigner'
+require 'tag_auth/encryption_helper'
+
+class TagAuthTokensController < ApplicationController
+#   skip_before_action :verify_authenticity_token
+#   skip_before_action :authenticate_<%= @instance %>!
+
+#   before_action :set_encryption_helper
+#   before_action :decrypt_params, only: [:index]
+#   before_action :register_as_tag_auth_attempt, only: [:index]
+
+#   prepend TagAuthTokenAuthenticationHandler
+#   acts_as_token_authentication_handler_for <%= @instance %>, fallback: :none
+
+#   # GET /tag_auth_tokens
+#   def index
+#    # TODO: insert the logic for fallback when user is not authenticated
+#     redirect_to root_path
+#   end
+
+#   # POST /tag_auth_tokens
+#   def create
+#     # TODO: update to conform your needs
+#     if <%= @instance %>_params[:auth_tag].present?
+#       @<%= @instance %> = <%= @model %>.find_by(auth_tag: <%= @instance %>_params[:auth_tag])
+#     end
+
+#     if @<%= @instance %>
+#       token_assigner = TagAuth::TokenAssigner.new(@<%= @instance %>)
+#       token = token_assigner.assign_token
+
+#       response_string = { token: token, email: @<%= @instance %>.email }.to_json
+
+#       encrypted_token = @encryption_helper.encrypt(response_string)
+#       uri_token = URI.encode_www_form_component(encrypted_token)
+
+#       render json: { token: uri_token }, status: :ok
+#     else
+#       render json: { error: 'Not found' }, status: :not_found
+#     end
+#   end
+
+#   private
+
+#   def <%= @instance %>_params
+#     params.require(:<%= @instance %>).permit(:auth_tag)
+#   end
+
+#   def after_successful_token_authentication
+#      renew_authentication_token!
+#      redirect_to after_sign_in_path_for(<%= @model %>)
+#   end
+
+#   def renew_authentication_token!
+#     @<%= @instance %>.update(authentication_token: nil, authentication_token_valid_to: nil)
+#   end
+
+#   def decrypt_params
+#     decrypted_params_string = @encryption_helper.decrypt(params[:token])
+#     decrypted_params = JSON.parse(decrypted_params_string).with_indifferent_access
+#     params[:<%= @instance %>_token] = decrypted_params[:token]
+#     params[:<%= @instance %>_email] = decrypted_params[:email]
+#   end
+
+#   def register_as_tag_auth_attempt
+#     # To register this authentication attempt as tag authentication, e.g. for AuthTrail
+#     request.env['warden'].winning_strategy = Devise::Strategies::TagAuthenticable.new(request.env['warden'].env, :<%= @instance %>)
+#   end
+
+#   def set_encryption_helper
+#     @encryption_helper = TagAuth::EncryptionHelper.new(Rails.application.config.tag_auth_encryption_algorithm, Rails.application.config.tag_auth_encryption_key)
+#   end
+end

data/lib/generators/tag_auth/templates/tag_auth_initializer.rb

@@ -0,0 +1,13 @@
+require 'openssl'
+
+Rails.application.config.tag_auth_encryption_algorithm = 'AES-256-CBC'
+
+# TODO: change for ENV stored key if you are running multiple instances of your app because of load balancing
+# Generate the key using the OpenSSL::Cipher.new with your chosen algorithm and use Base64.strict_encode64(your_key) to
+# store it in ENV. Then uncomment the row below and delete the existing initialization of the tag_auth_encryption_key.
+# Rails.application.config.tag_auth_encryption_key = Base64.strict_decode64(ENV['TAG_AUTH_KEY'])
+Rails.application.config.tag_auth_encryption_key = OpenSSL::Cipher.new(Rails.application.config.tag_auth_encryption_algorithm).random_key
+
+TagAuth.configure do |config|
+  config.token_validity_duration = 5.minutes
+end

data/lib/generators/tag_auth/templates/tag_authenticable.rb.erb

@@ -0,0 +1,27 @@
+module Devise
+  module Strategies
+    class TagAuthenticable < Authenticatable
+      def valid?
+        params[:<%= @instance %>].present? && params[:<%= @instance %>][:auth_tag].present?
+      end
+
+      def authenticate!
+        <%= @instance %> = <%= @model %>.unscoped.find_by(auth_tag: params[:<%= @instance %>][:auth_tag].to_s.downcase.strip)
+
+        if <%= @instance %>.present?
+          remember_me(<%= @instance %>)
+
+          return success!(<%= @instance %>)
+        end
+
+        fail!
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:tag_authenticable, Devise::Strategies::TagAuthenticable)
+
+Warden::Manager.before_logout do |record, _warden, _options|
+  record.invalidate_session! if record.respond_to?(:invalidate_session!)
+end

data/lib/tag_auth/configuration.rb

@@ -0,0 +1,13 @@
+module TagAuth
+  class Configuration
+    attr_accessor :token_validity_duration
+
+    def initialize
+      @token_validity_duration = 5.minutes
+    end
+
+    def configure
+      yield self if block_given?
+    end
+  end
+end

data/lib/tag_auth/encryption_helper.rb

@@ -0,0 +1,54 @@
+module TagAuth
+  class EncryptionHelper
+    require 'openssl'
+    require 'base64'
+
+    def initialize(algorithm, key)
+      raise ArgumentError, 'Invalid algorithm' unless valid_algorithm?(algorithm.downcase)
+      raise ArgumentError, 'Invalid key length' unless valid_key?(key, algorithm)
+
+      @algorithm = algorithm.downcase
+      @key = key
+    end
+
+    def encrypt(data)
+      cipher = OpenSSL::Cipher.new(@algorithm)
+      cipher.encrypt
+      cipher.key = @key
+      iv = cipher.random_iv
+
+      encrypted_data = cipher.update(data) + cipher.final
+
+      Base64.encode64(encrypted_data + iv)
+    end
+
+    def decrypt(encrypted_string)
+      decipher = OpenSSL::Cipher.new(@algorithm)
+      decipher.decrypt
+      decipher.key = @key
+
+      decoded_data = Base64.decode64(encrypted_string)
+
+      iv_len = decipher.iv_len
+      data_len = decoded_data.length - iv_len
+
+      encrypted_data = decoded_data[0, data_len]
+      iv = decoded_data[data_len, iv_len]
+
+      decipher.iv = iv
+      decipher.update(encrypted_data) + decipher.final
+    end
+
+    private
+
+    def valid_algorithm?(algorithm)
+      OpenSSL::Cipher.ciphers.include?(algorithm)
+    end
+
+    def valid_key?(key, algorithm)
+      cipher = OpenSSL::Cipher.new(algorithm)
+      key_length = key.bytesize * 8 # Convert byte length to bit length
+      key_length == cipher.key_len * 8
+    end
+  end
+end

data/lib/tag_auth/tag_auth_token_authentication_handler.rb

@@ -0,0 +1,13 @@
+module TagAuthTokenAuthenticationHandler
+  private
+
+  def token_correct?(record, entity, token_comparator)
+    token_not_expired?(record) && super
+  end
+
+  def token_not_expired?(record)
+    return false unless record&.authentication_token_valid_to
+
+    Time.now <= record.authentication_token_valid_to
+  end
+end

data/lib/tag_auth/token_assigner.rb

@@ -0,0 +1,30 @@
+require 'devise'
+
+module TagAuth
+  class TokenAssigner
+    def initialize(model_instance)
+      @model_instance = model_instance
+    end
+
+    def assign_token
+      token = generate_token
+      @model_instance.update(authentication_token: token, 
+                             authentication_token_valid_to: DateTime.current + TagAuth.configuration.token_validity_duration)
+
+      token
+    end
+
+    private
+
+    def generate_token
+      loop do
+        token = Devise.friendly_token
+        break token if token_suitable?(token)
+      end
+    end
+
+    def token_suitable?(token)
+      @model_instance.class.where(authentication_token: token).empty?
+    end
+  end
+end

data/lib/tag_auth/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module TagAuth
+  VERSION = '0.1.0'
+end

data/lib/tag_auth.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require_relative 'tag_auth/version'
+require 'tag_auth/encryption_helper'
+require 'tag_auth/token_assigner'
+require 'tag_auth/configuration'
+
+module TagAuth
+  class << self
+    attr_writer :configuration
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def configure
+      yield(configuration)
+    end
+  end
+end

data/spec/dummy_app_files/routes.rb

@@ -0,0 +1,4 @@
+# Mock routes
+Rails.application.routes.draw do
+  root to: "home#index"
+end

data/spec/lib/generators/tag_auth/controller_generator_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+require 'generator_spec'
+require 'generators/tag_auth/controller_generator'
+
+RSpec.describe TagAuth::Generators::ControllerGenerator, type: :generator do
+  destination File.expand_path('../../../tmp', __dir__)
+
+  let(:controller_file) { 'app/controllers/tag_auth_tokens_controller.rb' }
+  let(:initializer_file) { 'config/initializers/tag_auth_initializer.rb' }
+  let(:routes_file) { 'config/routes.rb' }
+
+  before do
+    prepare_destination
+    copy_routes
+    run_generator ['users']
+  end
+
+  after do
+    FileUtils.rm_rf(destination_root)
+  end
+
+  it 'creates a controller file' do
+    expected_file = File.join(destination_root, controller_file)
+    expect(File.exist?(expected_file)).to be true
+
+    content = File.read(expected_file)
+    expect(content).to include('class TagAuthTokensController < ApplicationController')
+  end
+
+  it 'creates an initializer file' do
+    expected_file = File.join(destination_root, initializer_file)
+    expect(File.exist?(expected_file)).to be true
+
+    # Add content checks for initializer if necessary
+  end
+
+  it 'adds routes to the routes file' do
+    expected_file = File.join(destination_root, routes_file)
+    expect(File.exist?(expected_file)).to be true
+
+    content = File.read(expected_file)
+    expect(content).to include('resources :tag_auth_tokens, only: [:index, :create]')
+  end
+
+  def copy_routes
+    routes = File.expand_path('../../../dummy_app_files/routes.rb', __dir__)
+    destination = File.join(destination_root, 'config')
+
+    FileUtils.mkdir_p(destination)
+    FileUtils.cp routes, destination
+  end
+end

data/spec/lib/generators/tag_auth/tag_auth_generator_spec.rb

@@ -0,0 +1,42 @@
+require 'spec_helper'
+require 'generator_spec'
+require 'generators/tag_auth/tag_auth_generator'
+
+RSpec.describe TagAuth::Generators::TagAuthGenerator, type: :generator do
+  destination File.expand_path('../../../tmp', __dir__)
+
+  let(:timestamp_regex) { /\d{14}/ }
+  let(:migration_name) { "add_auth_tag_and_token_to_#{@table_name}" }
+
+  before(:all) do
+    prepare_destination
+
+    model_name = 'User'
+    @table_name = model_name.downcase.pluralize
+
+    run_generator [model_name]
+  end
+
+  after(:all) do
+    FileUtils.rm_rf(destination_root)
+  end
+
+  it 'generates a migration file' do
+    generated_migration_files = Dir.glob(File.join(destination_root, 'db/migrate/*.rb'))
+
+    generated_migration_file = generated_migration_files.find do |file|
+      File.basename(file) =~ /^#{timestamp_regex}_#{migration_name}\.rb$/
+    end
+
+    expect(generated_migration_file).not_to be_nil
+
+    migration_content = File.read(generated_migration_file)
+    expect(migration_content).to include("class #{migration_name.camelize}")
+
+    expect(migration_content).to include('def up')
+    expect(migration_content).to include("add_column :#{@table_name}, :auth_tag, :string")
+
+    expect(migration_content).to include('def down')
+    expect(migration_content).to include("remove_column :#{@table_name}, :auth_tag")
+  end
+end

data/spec/lib/generators/tag_auth/tag_authenticable_generator_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+require 'generator_spec'
+require 'generators/tag_auth/tag_authenticable_generator'
+
+RSpec.describe TagAuth::Generators::TagAuthenticableGenerator, type: :generator do
+  destination File.expand_path('../../../tmp', __dir__)
+
+  let(:initializer_file) { 'config/initializers/tag_authenticable.rb' }
+
+  before do
+    prepare_destination
+    run_generator ['users']
+  end
+
+  after do
+    FileUtils.rm_rf(destination_root)
+  end
+
+  it 'creates a tag authenticable initializer file' do
+    expected_file = File.join(destination_root, initializer_file)
+    expect(File.exist?(expected_file)).to be true
+
+    content = File.read(expected_file)
+    expect(content).to include('module Devise')
+    expect(content).to include('class TagAuthenticable')
+  end
+end

data/spec/lib/tag_auth/encryption_helper_spec.rb

@@ -0,0 +1,73 @@
+require 'spec_helper'
+
+RSpec.describe TagAuth::EncryptionHelper do
+  let(:algorithm) { 'AES-256-CBC' }
+  let(:key) { OpenSSL::Cipher.new(algorithm).random_key }
+  let(:encryption_helper) { TagAuth::EncryptionHelper.new(algorithm, key) }
+  let(:data) { "Test data" }
+
+  describe '#encrypt' do
+    it 'encrypts the data' do
+      encrypted_data = encryption_helper.encrypt(data)
+      expect(encrypted_data).not_to eq(data)
+      expect(encrypted_data).to be_a(String)
+    end
+  end
+
+  describe '#decrypt' do
+    it 'decrypts the data back to the original' do
+      encrypted_data = encryption_helper.encrypt(data)
+      decrypted_data = encryption_helper.decrypt(encrypted_data)
+      expect(decrypted_data).to eq(data)
+    end
+
+    it 'raises an error with invalid data' do
+      invalid_data = 'invalid data'
+      expect { encryption_helper.decrypt(invalid_data) }.to raise_error(ArgumentError)
+    end
+  end
+
+  describe '#encrypt with various data types' do
+    it 'correctly encrypts an empty string' do
+      encrypted_data = encryption_helper.encrypt('')
+      expect(encrypted_data).not_to be_empty
+    end
+
+    it 'correctly encrypts numeric data' do
+      encrypted_data = encryption_helper.encrypt('12345')
+      expect(encrypted_data).to be_a(String)
+    end
+
+    it 'correctly encrypts binary data' do
+      binary_data = "\x00\x01\x02\x03"
+      encrypted_data = encryption_helper.encrypt(binary_data)
+      expect(encrypted_data).to be_a(String)
+    end
+  end
+
+  describe '#decrypt with incorrect key' do
+    let(:wrong_key) { OpenSSL::Cipher.new(algorithm).random_key }
+
+    it 'raises an error with a wrong key' do
+      encrypted_data = encryption_helper.encrypt(data)
+      wrong_encryption_helper = TagAuth::EncryptionHelper.new(algorithm, wrong_key)
+      expect { wrong_encryption_helper.decrypt(encrypted_data) }.to raise_error(OpenSSL::Cipher::CipherError)
+    end
+  end
+
+  describe '#initialize with incorrect algorithm' do
+    it 'raises an error with an unknown algorithm' do
+      expect { TagAuth::EncryptionHelper.new('unknown-algorithm', key) }.to raise_error(ArgumentError)
+    end
+  end
+
+  describe '#encrypt and #decrypt idempotency' do
+    it 'returns to original state after consecutive encrypt and decrypt' do
+      3.times do
+        encrypted_data = encryption_helper.encrypt(data)
+        decrypted_data = encryption_helper.decrypt(encrypted_data)
+        expect(decrypted_data).to eq(data)
+      end
+    end
+  end
+end

data/spec/lib/tag_auth/token_assigner_spec.rb

@@ -0,0 +1,44 @@
+require 'spec_helper'
+require 'devise'
+
+RSpec.describe TagAuth::TokenAssigner do
+  let(:mock_model) { MockModel.new }
+  let(:token_assigner) { described_class.new(mock_model) }
+  let(:token) { 'token123' }
+
+  before do
+    allow(Devise).to receive(:friendly_token).and_return(token)
+
+    TagAuth.configure do |config|
+      config.token_validity_duration = 30.minutes
+    end
+
+    allow(MockModel).to receive(:where).and_return([])
+  end
+
+  describe '#assign_token' do
+    it 'assigns a unique token to the model instance' do
+      token_assigner.assign_token
+      expect(mock_model.authentication_token).to eq(token)
+    end
+
+    it 'sets the token validity duration correctly' do
+      token_assigner.assign_token
+      expect(mock_model.authentication_token_valid_to).to be_within(1.second).of(DateTime.current + 30.minutes)
+    end
+
+    it 'ensures token is regenerated until a unique one is found' do
+      existing_model = MockModel.new
+      existing_model.update(authentication_token: token)
+
+      allow(mock_model.class).to receive(:where).and_return([existing_model], [])
+      new_token = 'token456'
+      allow(Devise).to receive(:friendly_token).and_return(token, new_token)
+
+      token_assigner.assign_token
+      expect(mock_model.authentication_token).not_to eq(token)
+      expect(mock_model.authentication_token).to eq(new_token)
+    end
+  end
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,17 @@
+require 'tag_auth'
+require 'generator_spec'
+require 'rails/generators'
+
+Dir['./spec/support/**/*.rb'].each { |f| require f }
+
+RSpec.configure do |config|
+  # Enable flags like --only-failures and --next-failure
+  config.example_status_persistence_file_path = '.rspec_status'
+
+  # Disable RSpec exposing methods globally on `Module` and `main`
+  config.disable_monkey_patching!
+
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end

data/spec/support/mock_model.rb

@@ -0,0 +1,9 @@
+class MockModel
+  attr_accessor :authentication_token, :authentication_token_valid_to
+
+  def update(attributes)
+    attributes.each do |key, value|
+      send("#{key}=", value)
+    end
+  end
+end

metadata

@@ -0,0 +1,176 @@
+--- !ruby/object:Gem::Specification
+name: tag_auth
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Lucia Lopúchová
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-12-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+- !ruby/object:Gem::Dependency
+  name: simple_token_authentication
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: generator_spec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+description: TagAuth integrates tag-based authentication into Rails applications using
+  Devise.
+email:
+- lucia.lopuchova@muziker.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- README.md
+- lib/generators/tag_auth/controller_generator.rb
+- lib/generators/tag_auth/tag_auth_generator.rb
+- lib/generators/tag_auth/tag_authenticable_generator.rb
+- lib/generators/tag_auth/templates/add_auth_tag_and_token_migration.rb.erb
+- lib/generators/tag_auth/templates/tag_auth_controller.rb.erb
+- lib/generators/tag_auth/templates/tag_auth_initializer.rb
+- lib/generators/tag_auth/templates/tag_authenticable.rb.erb
+- lib/tag_auth.rb
+- lib/tag_auth/configuration.rb
+- lib/tag_auth/encryption_helper.rb
+- lib/tag_auth/tag_auth_token_authentication_handler.rb
+- lib/tag_auth/token_assigner.rb
+- lib/tag_auth/version.rb
+- spec/dummy_app_files/routes.rb
+- spec/lib/generators/tag_auth/controller_generator_spec.rb
+- spec/lib/generators/tag_auth/tag_auth_generator_spec.rb
+- spec/lib/generators/tag_auth/tag_authenticable_generator_spec.rb
+- spec/lib/tag_auth/encryption_helper_spec.rb
+- spec/lib/tag_auth/token_assigner_spec.rb
+- spec/spec_helper.rb
+- spec/support/mock_model.rb
+homepage: https://github.com/lucialopuchova/tag_auth
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/lucialopuchova/tag_auth
+  source_code_uri: https://github.com/lucialopuchova/tag_auth
+  changelog_uri: https://github.com/lucialopuchova/tag_auth/blob/main/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.1
+signing_key:
+specification_version: 4
+summary: TagAuth provides tag authentication method
+test_files:
+- spec/dummy_app_files/routes.rb
+- spec/lib/generators/tag_auth/controller_generator_spec.rb
+- spec/lib/generators/tag_auth/tag_auth_generator_spec.rb
+- spec/lib/generators/tag_auth/tag_authenticable_generator_spec.rb
+- spec/lib/tag_auth/encryption_helper_spec.rb
+- spec/lib/tag_auth/token_assigner_spec.rb
+- spec/spec_helper.rb
+- spec/support/mock_model.rb