tiddle 1.7.0 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d20d30a11350b4ee5ffe3a9c6ba9640afa90c13ddf87dac2c9bf6d4160339627
-  data.tar.gz: fcd8811ba7c94de4accbf4a7920e6903f780707d5af858c7e9a153691ec53351
+  metadata.gz: 30c0de8dba83157b465e1455956272549e210830cc8fe296aec744b0d046ca1c
+  data.tar.gz: 53652aefc5c51511b5f43df0c598ae6754e596e78a4be02aa01fa7e3dd40b95b
 SHA512:
-  metadata.gz: baf2289d634255233c6efe5c2988789a63ca05bdf1c278be92d500e50a5009e6875b29ef15c7e1cbb9bd03f131349bcf11757938f166a329389fa3cc720a7399
-  data.tar.gz: b972e36c75bb0b1c3bc5f21ef9977d5d9f93e595dfaef6905bd59f458079b9b4f7fb6e5068e35fd6b1aaa6e4e63740c62609db68c89bb87a0353bddf1c702721
+  metadata.gz: 1ac88d0e37967ad77c5f6b7ffa96646910c90be6cc8fc2d6adead616e73673b8601b2664a0851eec3fbc0eaa2e968a7b5cce7b5ffb89187ca4c77bb12ae6d875
+  data.tar.gz: 55ceda21948c6ca6c872b863e22da925d00014625075a77e195f877f154b00ce31fe0a4e63c18a7e0c43b015a023617b4a33c6d4c23da95bee6f6652cc371a88

data/.github/workflows/ruby.yml

@@ -15,16 +15,23 @@ jobs:
           - rails5.2
           - rails6.0
           - rails6.1
+          - rails7.0
         ruby:
-          - 2.6
-          - 2.7
-          - 3.0
+          - "2.7"
+          - "3.0"
+          - "3.1"
         backend:
           - active_record
           - mongoid
         exclude:
           - gemfile: rails5.2
-            ruby: 3.0
+            ruby: "3.0"
+          - gemfile: rails5.2
+            ruby: "3.1"
+          - gemfile: rails6.0
+            ruby: "3.1"
+          - gemfile: rails6.1
+            ruby: "3.1"
     name: ${{ matrix.gemfile }}, ruby ${{ matrix.ruby }}, ${{ matrix.backend }}
     runs-on: ubuntu-latest
     env:

data/.rubocop.yml

@@ -26,7 +26,7 @@ Metrics/BlockLength:
 Metrics/MethodLength:
   Max: 15
 
-Gemspec/DateAssignment:
+Gemspec/DeprecatedAttributeAssignment:
   Enabled: true
 Layout/SpaceBeforeBrackets:
   Enabled: true

data/CHANGELOG.md

@@ -1,3 +1,17 @@
+### 1.8.0
+
+Support different touch interval based on expiration time (Daniel André da Silva)
+
+### 1.7.1
+
+Fix invalid headers generated when model is namespaced (Ariel Agne da Silveira)
+
+Add Rails 7.0 support
+
+Add Ruby 3.1 support
+
+Remove Ruby 2.6 support
+
 ### 1.7.0
 
 Add ability to track additional info in tokens (Marcelo Silveira)

data/CONTRIBUTING.md

@@ -4,9 +4,30 @@
 2. Run the tests:
 
   ```
-  appraisal install
-  rake
+  BUNDLE_GEMFILE=gemfiles/<PICK YOUR FAVOURITE>.gemfile rake
   ```
 3. Introduce your change. If it's a new feature then write a test for it as well.
 4. Make sure that tests are passing.
 5. Push to your fork and submit a pull request.
+
+#### Docker for development
+
+Alternatively you can use Docker for the development setup. This requires Docker
+and Docker Compose installed.
+
+```
+make build
+make bundle
+```
+
+And in order to run the tests and linter checks:
+
+```
+make test
+```
+
+After you're done, cleanup leftover containers:
+
+```
+make cleanup
+```

data/Dockerfile

@@ -0,0 +1,12 @@
+FROM ruby:3.1-alpine
+
+RUN apk add build-base sqlite-dev tzdata git bash
+RUN gem update --system && gem install bundler
+
+WORKDIR /library
+
+ENV BUNDLE_PATH=/vendor/bundle \
+    BUNDLE_BIN=/vendor/bundle/bin \
+    GEM_HOME=/vendor/bundle
+
+ENV PATH="${BUNDLE_BIN}:${PATH}"

data/Makefile

@@ -0,0 +1,16 @@
+.PHONY: build bundle test bash cleanup
+
+build:
+	docker-compose build
+
+bundle:
+	docker-compose run --rm library bundle install
+
+test:
+	docker-compose run --rm library bundle exec rake
+
+bash:
+	docker-compose run --rm library bash
+
+cleanup:
+	docker-compose down

data/README.md

@@ -1,7 +1,5 @@
 # Tiddle
 
-[![Code Climate](https://codeclimate.com/github/adamniedzielski/tiddle/badges/gpa.svg)](https://codeclimate.com/github/adamniedzielski/tiddle)
-
 Tiddle provides Devise strategy for token authentication in API-only Ruby on Rails applications. Its main feature is **support for multiple tokens per user**.
 
 Tiddle is lightweight and non-configurable. It does what it has to do and leaves some manual implementation to you.
@@ -83,7 +81,7 @@ end
 
 5) Send ```X-USER-EMAIL``` and ```X-USER-TOKEN``` as headers of every request which requires authentication.
 
-You can read more in a blog post dedicated to Tiddle - http://adamniedzielski.github.io/blog/2015/04/04/token-authentication-with-tiddle/
+You can read more in a blog post dedicated to Tiddle - https://blog.sundaycoding.com/blog/2015/04/04/token-authentication-with-tiddle/
 
 ## Note on Rails session
 
@@ -93,7 +91,7 @@ The safest solution in API-only application is not to rely on Rails session at a
 config.middleware.delete ActionDispatch::Session::CookieStore
 ```
 
-More: http://adamniedzielski.github.io/blog/2015/04/04/token-authentication-with-tiddle/#rails-session
+More: https://blog.sundaycoding.com/blog/2015/04/04/token-authentication-with-tiddle/#rails-session
 
 ## Using field other than email
 

data/Rakefile

@@ -1,13 +1,8 @@
 require "bundler/gem_tasks"
 require 'rspec/core/rake_task'
 require 'rubocop/rake_task'
-require 'appraisal'
 
 RSpec::Core::RakeTask.new(spec: :rubocop)
 RuboCop::RakeTask.new(:rubocop)
 
-if !ENV["APPRAISAL_INITIALIZED"]
-  task default: :appraisal
-else
-  task default: :spec
-end
+task default: :spec

data/docker-compose.yml

@@ -0,0 +1,23 @@
+version: "3.9"
+services:
+  library:
+    build:
+      context: .
+    stdin_open: true
+    tty: true
+    volumes:
+      - ".:/library"
+      - vendor:/vendor
+    depends_on:
+      - redis
+    environment:
+      - REDIS_URL=redis://redis:6379/1
+      - BUNDLE_GEMFILE=gemfiles/rails7.0.gemfile
+  redis:
+    image: "redis:6-alpine"
+    command: redis-server
+    volumes:
+      - "redis:/data"
+volumes:
+  vendor:
+  redis:

data/gemfiles/rails5.2.gemfile

@@ -1,5 +1,3 @@
-# This file was generated by Appraisal
-
 source "https://rubygems.org"
 
 gem "rails", "~> 5.2.1"

data/gemfiles/rails6.0.gemfile

@@ -1,5 +1,3 @@
-# This file was generated by Appraisal
-
 source "https://rubygems.org"
 
 gem "rails", "~> 6.0.0"

data/gemfiles/rails6.1.gemfile

@@ -1,5 +1,3 @@
-# This file was generated by Appraisal
-
 source "https://rubygems.org"
 
 gem "rails", "~> 6.1.0"

data/gemfiles/rails7.0.gemfile

@@ -0,0 +1,7 @@
+source "https://rubygems.org"
+
+gem "rails", "~> 7.0.2"
+gem "mongoid"
+gem "sqlite3"
+
+gemspec path: "../"

data/lib/tiddle/model_name.rb

@@ -1,11 +1,17 @@
 module Tiddle
   class ModelName
     def with_underscores(model)
-      model.model_name.to_s.underscore.upcase
+      colon_to_underscore(model).underscore.upcase
     end
 
     def with_dashes(model)
       with_underscores(model).dasherize
     end
+
+    private
+
+    def colon_to_underscore(model)
+      model.model_name.to_s.tr(':', '_')
+    end
   end
 end

data/lib/tiddle/strategy.rb

@@ -57,15 +57,30 @@ module Devise
       end
 
       def touch_token(token)
-        token.update_attribute(:last_used_at, Time.current) if token.last_used_at < 1.hour.ago
+        return unless token.last_used_at < touch_token_interval(token).ago
+
+        token.update_attribute(:last_used_at, Time.current)
       end
 
       def unexpired?(token)
-        return true unless token.respond_to?(:expires_in)
-        return true if token.expires_in.blank? || token.expires_in.zero?
+        return true if expiration_disabled?(token)
 
         Time.current <= token.last_used_at + token.expires_in
       end
+
+      def touch_token_interval(token)
+        return 1.hour if expiration_disabled?(token) || token.expires_in >= 24.hours
+
+        return 5.minutes if token.expires_in >= 1.hour
+
+        1.minute
+      end
+
+      def expiration_disabled?(token)
+        !token.respond_to?(:expires_in) ||
+          token.expires_in.blank? ||
+          token.expires_in.zero?
+      end
     end
   end
 end

data/lib/tiddle/version.rb

@@ -1,3 +1,3 @@
 module Tiddle
-  VERSION = "1.7.0".freeze
+  VERSION = "1.8.0".freeze
 end

data/spec/rails_app_active_record/app/controllers/namespaced_users_controller.rb

@@ -0,0 +1,7 @@
+class NamespacedUsersController < ApplicationController
+  before_action :authenticate_namespaced_user!
+
+  def index
+    head :ok
+  end
+end

data/spec/rails_app_active_record/app/models/namespace/namespaced_user.rb

@@ -0,0 +1,9 @@
+module Namespace
+  class NamespacedUser < ActiveRecord::Base
+    devise :database_authenticatable, :registerable,
+           :recoverable, :trackable, :validatable,
+           :token_authenticatable
+
+    has_many :authentication_tokens, as: :authenticatable
+  end
+end

data/spec/rails_app_active_record/config/application.rb

@@ -4,6 +4,7 @@ require "active_model/railtie"
 require "active_record/railtie"
 require "action_controller/railtie"
 require "action_view/railtie"
+require "action_mailer/railtie"
 
 module RailsApp
   class Application < Rails::Application

data/spec/rails_app_active_record/config/routes.rb

@@ -1,6 +1,8 @@
 Rails.application.routes.draw do
   devise_for :users
   devise_for :admin_users
+  devise_for :namespaced_user, class_name: 'Namespace::NamespacedUser'
   resources :secrets, only: [:index], defaults: { format: 'json' }
   resources :long_secrets, only: [:index], defaults: { format: 'json' }
+  resources :namespaced_users, only: [:index], defaults: { format: 'json' }
 end

data/spec/rails_app_active_record/db/migrate/20150217000000_create_tables.rb

@@ -59,6 +59,27 @@ class CreateTables < ActiveRecord::Migration[4.2]
 
       t.timestamps null: false
     end
+
+    create_table(:namespaced_users) do |t|
+      ## Database authenticatable
+      t.string :email,              null: false, default: ""
+      t.string :encrypted_password, null: false, default: ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Trackable
+      t.integer  :sign_in_count, default: 0, null: false
+      t.datetime :current_sign_in_at
+      t.datetime :last_sign_in_at
+      t.string   :current_sign_in_ip
+      t.string   :last_sign_in_ip
+
+      t.string :nick_name
+
+      t.timestamps null: false
+    end
   end
   # rubocop:enable Metrics/AbcSize
   # rubocop:enable Metrics/MethodLength

data/spec/rails_app_mongoid/app/controllers/namespaced_users_controller.rb

@@ -0,0 +1,7 @@
+class NamespacedUsersController < ApplicationController
+  before_action :authenticate_namespaced_user!
+
+  def index
+    head :ok
+  end
+end

data/spec/rails_app_mongoid/app/models/namespace/namespaced_user.rb

@@ -0,0 +1,4 @@
+module Namespace
+  class NamespacedUser < User
+  end
+end

data/spec/rails_app_mongoid/config/routes.rb

@@ -1,6 +1,8 @@
 Rails.application.routes.draw do
   devise_for :users
   devise_for :admin_users
+  devise_for :namespaced_user, class_name: 'Namespace::NamespacedUser'
   resources :secrets, only: [:index], defaults: { format: 'json' }
   resources :long_secrets, only: [:index], defaults: { format: 'json' }
+  resources :namespaced_users, only: [:index], defaults: { format: 'json' }
 end

data/spec/strategy_spec.rb

@@ -130,6 +130,27 @@ describe "Authentication using Tiddle strategy", type: :request do
     end
   end
 
+  context "when the model name is composed of a namespace" do
+    before do
+      @user = Namespace::NamespacedUser.create!(
+        email: "test@example.com",
+        password: "12345678"
+      )
+      @token = Tiddle.create_and_return_token(@user, FakeRequest.new)
+    end
+
+    it "allows to access endpoints which require authentication" do
+      get(
+        namespaced_users_path,
+        headers: {
+          "X-NAMESPACE--NAMESPACED-USER-EMAIL" => "test@example.com",
+          "X-NAMESPACE--NAMESPACED-USER-TOKEN" => @token
+        }
+      )
+      expect(response.status).to eq 200
+    end
+  end
+
   describe "using field other than email" do
     before do
       Devise.setup do |config|
@@ -196,5 +217,89 @@ describe "Authentication using Tiddle strategy", type: :request do
         expect(response.status).to eq 401
       end
     end
+
+    context "with value lower than 24 hours" do
+      before do
+        @token = Tiddle.create_and_return_token(@user, FakeRequest.new, expires_in: 1.hour)
+      end
+
+      context "and token was last used a minute ago" do
+        before do
+          @user.authentication_tokens.last.update_attribute(:last_used_at, 1.minute.ago)
+        end
+
+        it "does not update last_used_at field" do
+          expect do
+            get(
+              secrets_path,
+              headers: {
+                "X-USER-EMAIL" => "test@example.com",
+                "X-USER-TOKEN" => @token
+              }
+            )
+          end.not_to(change { @user.authentication_tokens.last.reload.last_used_at })
+        end
+      end
+
+      context "and token was last used 5 minutes ago" do
+        before do
+          @user.authentication_tokens.last.update_attribute(:last_used_at, 5.minute.ago)
+        end
+
+        it "updates last_used_at field" do
+          expect do
+            get(
+              secrets_path,
+              headers: {
+                "X-USER-EMAIL" => "test@example.com",
+                "X-USER-TOKEN" => @token
+              }
+            )
+          end.to(change { @user.authentication_tokens.last.reload.last_used_at })
+        end
+      end
+    end
+
+    context "with value lower than 1 hour" do
+      before do
+        @token = Tiddle.create_and_return_token(@user, FakeRequest.new, expires_in: 30.minutes)
+      end
+
+      context "and token was last used less than a minute ago" do
+        before do
+          @user.authentication_tokens.last.update_attribute(:last_used_at, 30.seconds.ago)
+        end
+
+        it "does not update last_used_at field" do
+          expect do
+            get(
+              secrets_path,
+              headers: {
+                "X-USER-EMAIL" => "test@example.com",
+                "X-USER-TOKEN" => @token
+              }
+            )
+          end.not_to(change { @user.authentication_tokens.last.reload.last_used_at })
+        end
+      end
+
+      context "and token was last used a minute ago" do
+        before do
+          @user.authentication_tokens.last.update_attribute(:last_used_at, 1.minute.ago)
+        end
+
+        it "updates last_used_at field" do
+          expect do
+            get(
+              secrets_path,
+              headers: {
+                "X-USER-EMAIL" => "test@example.com",
+                "X-USER-TOKEN" => @token
+              }
+            )
+          end.to(change { @user.authentication_tokens.last.reload.last_used_at })
+        end
+      end
+    end
   end
 end

data/tiddle.gemspec

@@ -16,13 +16,12 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = '>= 2.6.0'
+  spec.required_ruby_version = '>= 2.7.0'
 
   spec.add_dependency "devise", ">= 4.0.0.rc1", "< 5"
   spec.add_dependency "activerecord", ">= 5.2.0"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rspec-rails"
-  spec.add_development_dependency "appraisal"
   spec.add_development_dependency "simplecov"
   spec.add_development_dependency "rubocop"
   spec.add_development_dependency "database_cleaner-active_record"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tiddle
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.8.0
 platform: ruby
 authors:
 - Adam Niedzielski
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-09 00:00:00.000000000 Z
+date: 2023-04-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -72,20 +72,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: appraisal
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -153,17 +139,19 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- Appraisals
 - CHANGELOG.md
 - CONTRIBUTING.md
-- Gemfile
+- Dockerfile
 - LICENSE.txt
+- Makefile
 - README.md
 - Rakefile
 - config/locales/en.yml
+- docker-compose.yml
 - gemfiles/rails5.2.gemfile
 - gemfiles/rails6.0.gemfile
 - gemfiles/rails6.1.gemfile
+- gemfiles/rails7.0.gemfile
 - lib/tiddle.rb
 - lib/tiddle/model.rb
 - lib/tiddle/model_name.rb
@@ -173,9 +161,11 @@ files:
 - lib/tiddle/version.rb
 - spec/rails_app_active_record/app/controllers/application_controller.rb
 - spec/rails_app_active_record/app/controllers/long_secrets_controller.rb
+- spec/rails_app_active_record/app/controllers/namespaced_users_controller.rb
 - spec/rails_app_active_record/app/controllers/secrets_controller.rb
 - spec/rails_app_active_record/app/models/admin_user.rb
 - spec/rails_app_active_record/app/models/authentication_token.rb
+- spec/rails_app_active_record/app/models/namespace/namespaced_user.rb
 - spec/rails_app_active_record/app/models/user.rb
 - spec/rails_app_active_record/config/application.rb
 - spec/rails_app_active_record/config/boot.rb
@@ -185,9 +175,11 @@ files:
 - spec/rails_app_active_record/db/migrate/20150217000000_create_tables.rb
 - spec/rails_app_mongoid/app/controllers/application_controller.rb
 - spec/rails_app_mongoid/app/controllers/long_secrets_controller.rb
+- spec/rails_app_mongoid/app/controllers/namespaced_users_controller.rb
 - spec/rails_app_mongoid/app/controllers/secrets_controller.rb
 - spec/rails_app_mongoid/app/models/admin_user.rb
 - spec/rails_app_mongoid/app/models/authentication_token.rb
+- spec/rails_app_mongoid/app/models/namespace/namespaced_user.rb
 - spec/rails_app_mongoid/app/models/user.rb
 - spec/rails_app_mongoid/config/application.rb
 - spec/rails_app_mongoid/config/boot.rb
@@ -213,23 +205,25 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.6.0
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Token authentication for Devise which supports multiple tokens per model
 test_files:
 - spec/rails_app_active_record/app/controllers/application_controller.rb
 - spec/rails_app_active_record/app/controllers/long_secrets_controller.rb
+- spec/rails_app_active_record/app/controllers/namespaced_users_controller.rb
 - spec/rails_app_active_record/app/controllers/secrets_controller.rb
 - spec/rails_app_active_record/app/models/admin_user.rb
 - spec/rails_app_active_record/app/models/authentication_token.rb
+- spec/rails_app_active_record/app/models/namespace/namespaced_user.rb
 - spec/rails_app_active_record/app/models/user.rb
 - spec/rails_app_active_record/config/application.rb
 - spec/rails_app_active_record/config/boot.rb
@@ -239,9 +233,11 @@ test_files:
 - spec/rails_app_active_record/db/migrate/20150217000000_create_tables.rb
 - spec/rails_app_mongoid/app/controllers/application_controller.rb
 - spec/rails_app_mongoid/app/controllers/long_secrets_controller.rb
+- spec/rails_app_mongoid/app/controllers/namespaced_users_controller.rb
 - spec/rails_app_mongoid/app/controllers/secrets_controller.rb
 - spec/rails_app_mongoid/app/models/admin_user.rb
 - spec/rails_app_mongoid/app/models/authentication_token.rb
+- spec/rails_app_mongoid/app/models/namespace/namespaced_user.rb
 - spec/rails_app_mongoid/app/models/user.rb
 - spec/rails_app_mongoid/config/application.rb
 - spec/rails_app_mongoid/config/boot.rb

data/Appraisals

@@ -1,17 +0,0 @@
-appraise "rails5.2" do
-  gem "rails", "~> 5.2.1"
-  gem "mongoid", "~> 6"
-  gem "sqlite3", "~> 1.3.13"
-end
-
-appraise "rails6.0" do
-  gem "rails", "~> 6.0.0"
-  gem "mongoid", "~> 7"
-  gem "sqlite3"
-end
-
-appraise "rails6.1" do
-  gem "rails", "~> 6.1.0"
-  gem "mongoid"
-  gem "sqlite3"
-end

data/Gemfile

@@ -1,4 +0,0 @@
-source 'https://rubygems.org'
-
-# Specify your gem's dependencies in tiddle.gemspec
-gemspec