tiddle 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: bcae34825a51917726a62d76e0c12f219c3bdaff
+  data.tar.gz: 7a63e0436d50cdddfa99407d87ef89101491043f
+SHA512:
+  metadata.gz: 0506dea0acf421a88fe9b7d225851a095e1095c0d4c69e7e04a0055b92ba2e2945c69f8cf729fe7efdd0c00f3edbad33caebc3c0ef1d2d30977d9bbff3863484
+  data.tar.gz: df27a7199bf7690edd4c6a988e86a9358489ae36f24b07b53f8d8a1121db8069f872ea5a7e9d498744a32848ea9993381b4a3c96f81934b26ffaa0b1648651aa

data/.gitignore

@@ -0,0 +1,18 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+.ruby-gemset
+.ruby-version
+*.sqlite3
+*.log

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in tiddle.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Adam Niedzielski
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,76 @@
+# Tiddle
+
+Tiddle provides Devise strategy for token authentication in API-only Ruby on Rails applications. Its main feature is **support for multiple tokens per user**.
+
+Tiddle is lightweight and non-configurable. It does what it has to do and leaves some manual implementation to you.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'tiddle'
+```
+
+And then execute:
+
+    $ bundle
+
+
+## Usage
+
+1) Add ```:token_authenticatable``` inside your Devise-enabled model:
+
+```ruby
+class User < ActiveRecord::Base
+  devise :database_authenticatable, :registerable,
+         :recoverable, :trackable, :validatable,
+         :token_authenticatable
+end
+```
+
+2) Generate the model which stores authentication tokens. The model name is not important, but the Devise-enabled model should have association called ```authentication_tokens```.
+
+```
+rails g model AuthenticationToken body:string user:references last_used_at:datetime ip_address:string user_agent:string
+```
+
+```ruby
+class User < ActiveRecord::Base
+  has_many :authentication_tokens
+end
+```
+
+```body```, ```last_used_at```, ```ip_address``` and ```user_agent``` fields are required.
+
+3) Customize ```Devise::SessionsController```. You need to create and return token in ```#create``` and expire the token in ```#destroy```.
+
+```ruby
+class Users::SessionsController < Devise::SessionsController
+
+  def create
+    [...]
+    token = Tiddle.create_and_return_token(resource)
+    render json: { authentication_token: token }
+  end
+
+  def destroy
+    Tiddle.expire_token(current_user, request)
+    render json: {}
+  end
+end
+```
+
+4) Require authentication for some controller:
+
+```ruby
+class PostsController < ApplicationController
+  before_action :authenticate_user!
+
+  def index
+    render json: Post.all
+  end
+end
+```
+
+5) Send ```X-USER-EMAIL``` and ```X-USER-TOKEN``` as headers of every request which requires authentication.

data/Rakefile

@@ -0,0 +1,5 @@
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/config/locales/en.yml

@@ -0,0 +1,4 @@
+en:
+  devise:
+    failure:
+      invalid_token: "Invalid email or token"

data/lib/tiddle.rb

@@ -0,0 +1,24 @@
+require "tiddle/version"
+require "tiddle/strategy"
+require "tiddle/rails"
+require "tiddle/token_issuer"
+
+module Tiddle
+
+  def self.create_and_return_token(resource, request)
+    TokenIssuer.build.create_and_return_token(resource, request)
+  end
+
+  def self.expire_token(resource, request)
+    TokenIssuer.build.expire_token(resource, request)
+  end
+
+  def self.purge_old_tokens(resource)
+    TokenIssuer.build.purge_old_tokens(resource)
+  end
+end
+
+Devise::add_module  :token_authenticatable,
+                    model: 'tiddle/model',
+                    strategy: true,
+                    no_input: true

data/lib/tiddle/model.rb

@@ -0,0 +1,6 @@
+module Devise
+  module Models
+    module TokenAuthenticatable
+    end
+  end
+end

data/lib/tiddle/rails.rb

@@ -0,0 +1,4 @@
+module Tiddle
+  class Engine < ::Rails::Engine
+  end
+end

data/lib/tiddle/strategy.rb

@@ -0,0 +1,52 @@
+require 'devise/strategies/authenticatable'
+
+module Devise
+  module Strategies
+    class TokenAuthenticatable < Authenticatable
+
+      def authenticate!
+        env["devise.skip_trackable"] = true
+
+        resource = mapping.to.find_for_authentication(email: email_from_headers)
+        return fail(:invalid_token) unless resource
+
+        resource.authentication_tokens.each do |token|
+          if Devise.secure_compare(token.body, token_from_headers)
+            touch_token(token)
+            return success!(resource)
+          end
+        end
+
+        fail(:invalid_token)
+      end
+
+      def valid?
+        email_from_headers.present? && token_from_headers.present?        
+      end
+
+      def store?
+        false
+      end
+
+      private
+
+        def email_from_headers
+          env["HTTP_X_#{model_name}_EMAIL"]
+        end
+
+        def token_from_headers
+          env["HTTP_X_#{model_name}_TOKEN"]
+        end
+
+        def model_name
+          mapping.to.model_name.to_s.underscore.upcase
+        end
+
+        def touch_token(token)
+          token.update_attribute(:last_used_at, DateTime.current) if token.last_used_at < 1.hour.ago
+        end
+    end
+  end
+end
+
+Warden::Strategies.add(:token_authenticatable, Devise::Strategies::TokenAuthenticatable)

data/lib/tiddle/token_issuer.rb

@@ -0,0 +1,38 @@
+module Tiddle
+  class TokenIssuer
+    MAXIMUM_TOKENS_PER_USER = 20
+
+    def self.build
+      new(MAXIMUM_TOKENS_PER_USER)
+    end
+
+    def initialize(maximum_tokens_per_user)
+      self.maximum_tokens_per_user = maximum_tokens_per_user
+    end
+
+    def create_and_return_token(resource, request)
+      token = resource.authentication_tokens.
+        create! body: generate_token,
+                last_used_at: DateTime.current,
+                ip_address: request.remote_ip,
+                user_agent: request.user_agent
+
+      token.body
+    end
+
+    def expire_token(resource, request)
+      resource.authentication_tokens.where(body: request.headers["X-#{resource.model_name.to_s.upcase}-TOKEN"]).take!.destroy
+    end
+
+    def purge_old_tokens(resource)
+      resource.authentication_tokens.order(last_used_at: :desc).offset(maximum_tokens_per_user).destroy_all
+    end
+
+    private
+      attr_accessor :maximum_tokens_per_user
+
+      def generate_token
+        Devise.friendly_token
+      end
+  end
+end

data/lib/tiddle/version.rb

@@ -0,0 +1,3 @@
+module Tiddle
+  VERSION = "0.1.0"
+end

data/spec/rails_app/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+end

data/spec/rails_app/app/controllers/secrets_controller.rb

@@ -0,0 +1,7 @@
+class SecretsController < ApplicationController
+  before_action :authenticate_user!
+
+  def index
+    head :ok
+  end
+end

data/spec/rails_app/app/models/authentication_token.rb

@@ -0,0 +1,2 @@
+class AuthenticationToken < ActiveRecord::Base
+end

data/spec/rails_app/app/models/user.rb

@@ -0,0 +1,7 @@
+class User < ActiveRecord::Base
+  devise :database_authenticatable, :registerable,
+         :recoverable, :trackable, :validatable,
+         :token_authenticatable
+
+  has_many :authentication_tokens
+end

data/spec/rails_app/config/application.rb

@@ -0,0 +1,16 @@
+require File.expand_path('../boot', __FILE__)
+
+require "active_model/railtie"
+require "active_job/railtie"
+require "active_record/railtie"
+require "action_controller/railtie"
+require "action_mailer/railtie"
+require "action_view/railtie"
+
+module RailsApp
+  class Application < Rails::Application
+    config.eager_load = true
+    config.root =  File.expand_path('../../.', __FILE__)
+  end
+end
+

data/spec/rails_app/config/boot.rb

@@ -0,0 +1,2 @@
+ENV['BUNDLE_GEMFILE'] = File.expand_path('../../../../Gemfile', __FILE__)
+require 'bundler/setup'

data/spec/rails_app/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the Rails application.
+require File.expand_path('../application', __FILE__)
+
+# Initialize the Rails application.
+Rails.application.initialize!

data/spec/rails_app/config/routes.rb

@@ -0,0 +1,4 @@
+Rails.application.routes.draw do
+  devise_for :users
+  resources :secrets, only: [:index], defaults: { format: 'json' }
+end

data/spec/rails_app/config/secrets.yml

@@ -0,0 +1,2 @@
+test:
+  secret_key_base: 01c37cff57639eef8aa511ae6ab64298c1da89dc32dfdda363473716f49e25d2473e48b6253c69d17c8ae8c9b6a027ec5a4ac0ffbd6c06defe1b70dd2ef32df8

data/spec/rails_app/db/migrate/20150217000000_create_tables.rb

@@ -0,0 +1,35 @@
+class CreateTables < ActiveRecord::Migration
+  def change
+    create_table(:users) do |t|
+      ## Database authenticatable
+      t.string :email,              null: false, default: ""
+      t.string :encrypted_password, null: false, default: ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Trackable
+      t.integer  :sign_in_count, default: 0, null: false
+      t.datetime :current_sign_in_at
+      t.datetime :last_sign_in_at
+      t.string   :current_sign_in_ip
+      t.string   :last_sign_in_ip
+
+      t.timestamps null: false
+    end
+
+    add_index :users, :email,                unique: true
+    add_index :users, :reset_password_token, unique: true
+  end
+
+  create_table :authentication_tokens do |t|
+    t.string :body, null: false
+    t.references :user, index: true, null: false
+    t.datetime :last_used_at, null: false
+    t.string :ip_address
+    t.string :user_agent
+
+    t.timestamps null: false
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,111 @@
+ENV["RAILS_ENV"] = 'test'
+ENV["DATABASE_URL"] = "sqlite3:db/test.sqlite3"
+
+require 'rails/all'
+require 'rspec/rails'
+require 'devise'
+require 'devise/orm/active_record'
+require 'tiddle'
+
+require 'rails_app/config/environment'
+
+Dir[__dir__ + "/support/**/*.rb"].each { |f| require f }
+
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause
+# this file to always be loaded, without a need to explicitly require it in any
+# files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need
+# it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    #     be_bigger_than(2).and_smaller_than(4).description
+    #     # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #     # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+  config.before(:suite) do
+    # Do initial migration
+    ActiveRecord::Migrator.migrate(File.expand_path("rails_app/db/migrate/", File.dirname(__FILE__)))
+  end
+
+  config.use_transactional_fixtures = true
+
+# The settings below are suggested to provide a good initial experience
+# with RSpec, but feel free to customize to your heart's content.
+=begin
+  # These two settings work together to allow you to limit a spec run
+  # to individual examples or groups you care about by tagging them with
+  # `:focus` metadata. When nothing is tagged with `:focus`, all examples
+  # get run.
+  config.filter_run :focus
+  config.run_all_when_everything_filtered = true
+
+  # Limits the available syntax to the non-monkey patched syntax that is
+  # recommended. For more details, see:
+  #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
+  #   - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
+  config.disable_monkey_patching!
+
+  # This setting enables warnings. It's recommended, but in some cases may
+  # be too noisy due to issues in dependencies.
+  config.warnings = true
+
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = 'doc'
+  end
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+=end
+end

data/spec/strategy_spec.rb

@@ -0,0 +1,68 @@
+describe "Authentication using Tiddle strategy", type: :request do
+
+  before do
+    @user = User.create!(email: "test@example.com", password: "12345678")
+    @token = Tiddle.create_and_return_token(@user, FakeRequest.new)
+  end
+
+  context "with valid email and token" do
+
+    it "allows to access endpoints which require authentication" do
+      get secrets_path, {}, { "X-USER-EMAIL" => "test@example.com", "X-USER-TOKEN" => @token }
+      expect(response.status).to eq 200
+    end
+
+    describe "touching token" do
+
+      context "when token was last used more than hour ago" do
+
+        before do
+          @user.authentication_tokens.last.update_attribute(:last_used_at, 2.hours.ago)
+        end
+
+        it "updates last_used_at field" do
+          expect do
+            get secrets_path, {}, { "X-USER-EMAIL" => "test@example.com", "X-USER-TOKEN" => @token }
+          end.to change { @user.authentication_tokens.last.last_used_at }
+        end
+      end
+
+      context "when token was last used less than hour ago" do
+
+        before do
+          @user.authentication_tokens.last.update_attribute(:last_used_at, 30.minutes.ago)
+        end
+
+        it "does not update last_used_at field" do
+          expect do
+            get secrets_path, {}, { "X-USER-EMAIL" => "test@example.com", "X-USER-TOKEN" => @token }
+          end.not_to change { @user.authentication_tokens.last.last_used_at }
+        end
+      end
+    end
+
+    context "when email contains uppercase letters" do
+
+      it "converts email to lower case and authenticates user" do
+        get secrets_path, {}, { "X-USER-EMAIL" => "TEST@example.com", "X-USER-TOKEN" => @token }
+        expect(response.status).to eq 200
+      end
+    end
+  end
+
+  context "with invalid email and valid token" do
+
+    it "does not allow to access endpoints which require authentication" do
+      get secrets_path, {}, { "X-USER-EMAIL" => "wrong@example.com", "X-USER-TOKEN" => @token }
+      expect(response.status).to eq 401
+    end
+  end
+
+  context "with valid email and invalid token" do
+
+    it "does not allow to access endpoints which require authentication" do
+      get secrets_path, {}, { "X-USER-EMAIL" => "test@example.com", "X-USER-TOKEN" => "wrong" }
+      expect(response.status).to eq 401
+    end
+  end
+end

data/spec/support/fake_request.rb

@@ -0,0 +1,16 @@
+class FakeRequest
+
+  def initialize(
+    remote_ip: "23.12.54.111",
+    user_agent: "I am not a bot",
+    headers: {}
+  )
+    self.remote_ip = remote_ip
+    self.user_agent = user_agent
+    self.headers = headers
+  end
+
+  attr_accessor :remote_ip
+  attr_accessor :user_agent
+  attr_accessor :headers
+end

data/spec/tiddle_spec.rb

@@ -0,0 +1,70 @@
+describe Tiddle do
+
+  before do
+    @user = User.create!(email: "test@example.com", password: "12345678")
+  end
+
+  describe "create_and_return_token" do
+
+    it "returns string with token" do
+      result = Tiddle.create_and_return_token(@user, FakeRequest.new)
+      expect(result).to be_present
+    end
+
+    it "creates new token in the database" do
+      expect do
+        Tiddle.create_and_return_token(@user, FakeRequest.new)
+      end.to change { @user.authentication_tokens.count }.by(1)
+    end
+
+    it "sets last_used_at field" do
+      Tiddle.create_and_return_token(@user, FakeRequest.new)
+      expect(@user.authentication_tokens.last.last_used_at).to be_within(1).of(DateTime.current)
+    end
+
+    it "saves ip address" do
+      Tiddle.create_and_return_token(@user, FakeRequest.new(remote_ip: "123.101.54.1"))
+      expect(@user.authentication_tokens.last.ip_address).to eq "123.101.54.1"
+    end
+
+    it "saves user agent" do
+      Tiddle.create_and_return_token(@user, FakeRequest.new(user_agent: "Internet Explorer 4.0"))
+      expect(@user.authentication_tokens.last.user_agent).to eq "Internet Explorer 4.0"
+    end
+  end
+
+  describe "expire_token" do
+
+    before do
+      token = Tiddle.create_and_return_token(@user, FakeRequest.new)
+      @request = FakeRequest.new(headers: { "X-USER-TOKEN" => token })
+    end
+
+    it "deletes token from the database" do
+      expect do
+        Tiddle.expire_token(@user, @request)
+      end.to change { @user.authentication_tokens.count }.by(-1)
+    end
+  end
+
+  describe "purge_old_tokens" do
+
+    before do
+      Tiddle.create_and_return_token(@user, FakeRequest.new)
+      @old = @user.authentication_tokens.last
+      @old.update_attribute(:last_used_at, 2.hours.ago)
+
+      Tiddle.create_and_return_token(@user, FakeRequest.new)
+      @new = @user.authentication_tokens.last
+      @new.update_attribute(:last_used_at, 10.minutes.ago)
+    end
+
+    it "deletes old tokens which are over the limit" do
+      expect do
+        Tiddle::TokenIssuer.new(1).purge_old_tokens(@user)
+      end.to change { @user.authentication_tokens.count }.from(2).to(1)
+
+      expect(@user.authentication_tokens.last).to eq @new
+    end
+  end
+end

data/tiddle.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'tiddle/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "tiddle"
+  spec.version       = Tiddle::VERSION
+  spec.authors       = ["Adam Niedzielski"]
+  spec.email         = ["adamsunday@gmail.com"]
+  spec.summary       = %q{Token authentication for Devise which supports multiple tokens per model}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.required_ruby_version = '~> 2.2.0'
+
+  spec.add_dependency "devise", "~> 3.4.1"
+  spec.add_dependency "activerecord", "~> 4.2.0"
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec-rails"
+  spec.add_development_dependency "rails", "~> 4.2.0"
+  spec.add_development_dependency "sqlite3"
+end

metadata

@@ -0,0 +1,184 @@
+--- !ruby/object:Gem::Specification
+name: tiddle
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Adam Niedzielski
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-03-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.4.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.4.1
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- adamsunday@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- config/locales/en.yml
+- lib/tiddle.rb
+- lib/tiddle/model.rb
+- lib/tiddle/rails.rb
+- lib/tiddle/strategy.rb
+- lib/tiddle/token_issuer.rb
+- lib/tiddle/version.rb
+- spec/rails_app/app/controllers/application_controller.rb
+- spec/rails_app/app/controllers/secrets_controller.rb
+- spec/rails_app/app/models/authentication_token.rb
+- spec/rails_app/app/models/user.rb
+- spec/rails_app/config/application.rb
+- spec/rails_app/config/boot.rb
+- spec/rails_app/config/environment.rb
+- spec/rails_app/config/routes.rb
+- spec/rails_app/config/secrets.yml
+- spec/rails_app/db/migrate/20150217000000_create_tables.rb
+- spec/spec_helper.rb
+- spec/strategy_spec.rb
+- spec/support/fake_request.rb
+- spec/tiddle_spec.rb
+- tiddle.gemspec
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: 2.2.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Token authentication for Devise which supports multiple tokens per model
+test_files:
+- spec/rails_app/app/controllers/application_controller.rb
+- spec/rails_app/app/controllers/secrets_controller.rb
+- spec/rails_app/app/models/authentication_token.rb
+- spec/rails_app/app/models/user.rb
+- spec/rails_app/config/application.rb
+- spec/rails_app/config/boot.rb
+- spec/rails_app/config/environment.rb
+- spec/rails_app/config/routes.rb
+- spec/rails_app/config/secrets.yml
+- spec/rails_app/db/migrate/20150217000000_create_tables.rb
+- spec/spec_helper.rb
+- spec/strategy_spec.rb
+- spec/support/fake_request.rb
+- spec/tiddle_spec.rb