tiddle 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b727ff0a1139e48942ba55ed07938a63cf354a58
-  data.tar.gz: 9f0a8b022ea5a4d2b9dcf0a60048bcf01572ca21
+  metadata.gz: aca3f210e267f73c0e067d27533534c9c3f9c683
+  data.tar.gz: 460622c0502eb261e06b2cf617740ef500dbbbf0
 SHA512:
-  metadata.gz: 18ba437e55cf272dca5a8be7cd9a17ed43066645ff201c5f32c8ebc4d57cf58ad33a521a0ba75252908b3c1d05d6e5f77f0fd5087cb3fa59e3c59590d2f1a716
-  data.tar.gz: b0cadfa8495de1e8683abd28e1f31d1b59bda173d49b2bd8797cec305bcfa51eb3962f18e2ff1cb629f26cd96b212482d80e84b569e84244b203ce522d9e49f3
+  metadata.gz: 5d8b78acb6c499efa52fee1f38b639fc1541170badf1ecfbeafa9509677b856ef09a2921637b057f1aa6ba5c383fd5b4a7ebc76105053ff35f7ec2b03f48dd1e
+  data.tar.gz: 1b2f8360d54fb6fac59a42bc90d3340236fb10b7626465afa45ba66bdb6d402bf49d2b96f077f3c63e0493d9787d754f0cd8726ff562776c286f5570fa496e5a

data/.travis.yml

@@ -1,4 +1,5 @@
 language: ruby
 rvm:
+  - "2.1.6"
   - "2.2.0"
   - "2.2.1"

data/README.md

@@ -53,15 +53,21 @@ end
 class Users::SessionsController < Devise::SessionsController
 
   def create
-    [...]
-    token = Tiddle.create_and_return_token(resource, request)
+    user = warden.authenticate!(auth_options)
+    token = Tiddle.create_and_return_token(user, request)
     render json: { authentication_token: token }
   end
 
   def destroy
-    Tiddle.expire_token(current_user, request)
+    Tiddle.expire_token(current_user, request) if current_user
     render json: {}
   end
+
+  private
+
+    # this is invoked before destroy and we have to override it
+    def verify_signed_out_user
+    end
 end
 ```
 
@@ -78,3 +84,5 @@ end
 ```
 
 5) Send ```X-USER-EMAIL``` and ```X-USER-TOKEN``` as headers of every request which requires authentication.
+
+You can read more in a blog post dedicated to Tiddle - http://adamniedzielski.github.io/blog/2015/04/04/token-authentication-with-tiddle/

data/lib/tiddle/model_name.rb

@@ -0,0 +1,12 @@
+module Tiddle
+  class ModelName
+
+    def with_underscores(model)
+      model.model_name.to_s.underscore.upcase
+    end
+
+    def with_dashes(model)
+      with_underscores(model).dasherize
+    end
+  end
+end

data/lib/tiddle/strategy.rb

@@ -1,4 +1,5 @@
 require 'devise/strategies/authenticatable'
+require 'tiddle/model_name'
 
 module Devise
   module Strategies
@@ -39,7 +40,7 @@ module Devise
         end
 
         def model_name
-          mapping.to.model_name.to_s.underscore.upcase
+          Tiddle::ModelName.new.with_underscores(mapping.to)
         end
 
         def touch_token(token)

data/lib/tiddle/token_issuer.rb

@@ -1,3 +1,5 @@
+require 'tiddle/model_name'
+
 module Tiddle
   class TokenIssuer
     MAXIMUM_TOKENS_PER_USER = 20
@@ -22,7 +24,7 @@ module Tiddle
 
     def expire_token(resource, request)
       resource.authentication_tokens
-        .where(body: request.headers["X-#{resource.model_name.to_s.upcase}-TOKEN"])
+        .where(body: request.headers["X-#{ModelName.new.with_dashes(resource)}-TOKEN"])
         .take!
         .destroy
     end

data/lib/tiddle/version.rb

@@ -1,3 +1,3 @@
 module Tiddle
-  VERSION = "0.3.0"
+  VERSION = "0.4.0"
 end

data/spec/rails_app/app/controllers/long_secrets_controller.rb

@@ -0,0 +1,7 @@
+class LongSecretsController < ApplicationController
+  before_action :authenticate_admin_user!
+
+  def index
+    head :ok
+  end
+end

data/spec/rails_app/app/models/admin_user.rb

@@ -0,0 +1,7 @@
+class AdminUser < ActiveRecord::Base
+  devise :database_authenticatable, :registerable,
+         :recoverable, :trackable, :validatable,
+         :token_authenticatable
+
+  has_many :authentication_tokens, as: :authenticatable
+end

data/spec/rails_app/app/models/user.rb

@@ -3,5 +3,5 @@ class User < ActiveRecord::Base
          :recoverable, :trackable, :validatable,
          :token_authenticatable
 
-  has_many :authentication_tokens
+  has_many :authentication_tokens, as: :authenticatable
 end

data/spec/rails_app/config/application.rb

@@ -11,6 +11,7 @@ module RailsApp
   class Application < Rails::Application
     config.eager_load = true
     config.root =  File.expand_path('../../.', __FILE__)
+    config.consider_all_requests_local = true
   end
 end
 

data/spec/rails_app/config/routes.rb

@@ -1,4 +1,6 @@
 Rails.application.routes.draw do
   devise_for :users
+  devise_for :admin_users
   resources :secrets, only: [:index], defaults: { format: 'json' }
+  resources :long_secrets, only: [:index], defaults: { format: 'json' }
 end

data/spec/rails_app/db/migrate/20150217000000_create_tables.rb

@@ -21,15 +21,37 @@ class CreateTables < ActiveRecord::Migration
 
     add_index :users, :email,                unique: true
     add_index :users, :reset_password_token, unique: true
-  end
 
-  create_table :authentication_tokens do |t|
-    t.string :body, null: false
-    t.references :user, index: true, null: false
-    t.datetime :last_used_at, null: false
-    t.string :ip_address
-    t.string :user_agent
+    create_table(:admin_users) do |t|
+      ## Database authenticatable
+      t.string :email,              null: false, default: ""
+      t.string :encrypted_password, null: false, default: ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Trackable
+      t.integer  :sign_in_count, default: 0, null: false
+      t.datetime :current_sign_in_at
+      t.datetime :last_sign_in_at
+      t.string   :current_sign_in_ip
+      t.string   :last_sign_in_ip
+
+      t.timestamps null: false
+    end
+
+    add_index :admin_users, :email,                unique: true
+    add_index :admin_users, :reset_password_token, unique: true
+
+    create_table :authentication_tokens do |t|
+      t.string :body, null: false
+      t.references :authenticatable, null: false, polymorphic: true
+      t.datetime :last_used_at, null: false
+      t.string :ip_address
+      t.string :user_agent
 
-    t.timestamps null: false
+      t.timestamps null: false
+    end
   end
 end

data/spec/strategy_spec.rb

@@ -1,12 +1,12 @@
 describe "Authentication using Tiddle strategy", type: :request do
 
-  before do
-    @user = User.create!(email: "test@example.com", password: "12345678")
-    @token = Tiddle.create_and_return_token(@user, FakeRequest.new)
-  end
-
   context "with valid email and token" do
 
+    before do
+      @user = User.create!(email: "test@example.com", password: "12345678")
+      @token = Tiddle.create_and_return_token(@user, FakeRequest.new)
+    end
+
     it "allows to access endpoints which require authentication" do
       get secrets_path, {},
           { "X-USER-EMAIL" => "test@example.com", "X-USER-TOKEN" => @token }
@@ -57,6 +57,11 @@ describe "Authentication using Tiddle strategy", type: :request do
 
   context "with invalid email and valid token" do
 
+    before do
+      @user = User.create!(email: "test@example.com", password: "12345678")
+      @token = Tiddle.create_and_return_token(@user, FakeRequest.new)
+    end
+
     it "does not allow to access endpoints which require authentication" do
       get secrets_path, {},
           { "X-USER-EMAIL" => "wrong@example.com", "X-USER-TOKEN" => @token }
@@ -66,10 +71,37 @@ describe "Authentication using Tiddle strategy", type: :request do
 
   context "with valid email and invalid token" do
 
+    before do
+      @user = User.create!(email: "test@example.com", password: "12345678")
+      @token = Tiddle.create_and_return_token(@user, FakeRequest.new)
+    end
+
     it "does not allow to access endpoints which require authentication" do
       get secrets_path, {},
           { "X-USER-EMAIL" => "test@example.com", "X-USER-TOKEN" => "wrong" }
       expect(response.status).to eq 401
     end
   end
+
+  context "when no headers are passed" do
+
+    it "does not allow to access endpoints which require authentication" do
+      get secrets_path, {}, {}
+      expect(response.status).to eq 401
+    end
+  end
+
+  context "when model name consists of two words" do
+
+    before do
+      @admin_user = AdminUser.create!(email: "test@example.com", password: "12345678")
+      @token = Tiddle.create_and_return_token(@admin_user, FakeRequest.new)
+    end
+
+    it "allows to access endpoints which require authentication" do
+      get long_secrets_path, {},
+          { "X-ADMIN-USER-EMAIL" => "test@example.com", "X-ADMIN-USER-TOKEN" => @token }
+      expect(response.status).to eq 200
+    end
+  end
 end

data/spec/tiddle_spec.rb

@@ -1,11 +1,11 @@
 describe Tiddle do
 
-  before do
-    @user = User.create!(email: "test@example.com", password: "12345678")
-  end
-
   describe "create_and_return_token" do
 
+    before do
+      @user = User.create!(email: "test@example.com", password: "12345678")
+    end
+
     it "returns string with token" do
       result = Tiddle.create_and_return_token(@user, FakeRequest.new)
       expect(result).to be_present
@@ -39,20 +39,22 @@ describe Tiddle do
   describe "expire_token" do
 
     before do
-      token = Tiddle.create_and_return_token(@user, FakeRequest.new)
-      @request = FakeRequest.new(headers: { "X-USER-TOKEN" => token })
+      @admin_user = AdminUser.create!(email: "test@example.com", password: "12345678")
+      token = Tiddle.create_and_return_token(@admin_user, FakeRequest.new)
+      @request = FakeRequest.new(headers: { "X-ADMIN-USER-TOKEN" => token })
     end
 
     it "deletes token from the database" do
       expect do
-        Tiddle.expire_token(@user, @request)
-      end.to change { @user.authentication_tokens.count }.by(-1)
+        Tiddle.expire_token(@admin_user, @request)
+      end.to change { @admin_user.authentication_tokens.count }.by(-1)
     end
   end
 
   describe "purge_old_tokens" do
 
     before do
+      @user = User.create!(email: "test@example.com", password: "12345678")
       Tiddle.create_and_return_token(@user, FakeRequest.new)
       @old = @user.authentication_tokens.last
       @old.update_attribute(:last_used_at, 2.hours.ago)

data/tiddle.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = '~> 2.2.0'
+  spec.required_ruby_version = '>= 2.1.0'
 
   spec.add_dependency "devise", "~> 3.4.1"
   spec.add_dependency "activerecord", "~> 4.2.0"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tiddle
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Adam Niedzielski
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-04-11 00:00:00.000000000 Z
+date: 2015-05-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -168,12 +168,15 @@ files:
 - config/locales/en.yml
 - lib/tiddle.rb
 - lib/tiddle/model.rb
+- lib/tiddle/model_name.rb
 - lib/tiddle/rails.rb
 - lib/tiddle/strategy.rb
 - lib/tiddle/token_issuer.rb
 - lib/tiddle/version.rb
 - spec/rails_app/app/controllers/application_controller.rb
+- spec/rails_app/app/controllers/long_secrets_controller.rb
 - spec/rails_app/app/controllers/secrets_controller.rb
+- spec/rails_app/app/models/admin_user.rb
 - spec/rails_app/app/models/authentication_token.rb
 - spec/rails_app/app/models/user.rb
 - spec/rails_app/config/application.rb
@@ -197,9 +200,9 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - "~>"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.0
+      version: 2.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -213,7 +216,9 @@ specification_version: 4
 summary: Token authentication for Devise which supports multiple tokens per model
 test_files:
 - spec/rails_app/app/controllers/application_controller.rb
+- spec/rails_app/app/controllers/long_secrets_controller.rb
 - spec/rails_app/app/controllers/secrets_controller.rb
+- spec/rails_app/app/models/admin_user.rb
 - spec/rails_app/app/models/authentication_token.rb
 - spec/rails_app/app/models/user.rb
 - spec/rails_app/config/application.rb