tiddle 0.4.1 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cfe845a06fabc2a40cd22474e1312ca1647b8c0d
-  data.tar.gz: b4fde58413f9050dae56a67864843b82de0f5fa5
+  metadata.gz: bb11f9fb24221e0a377855e9426cfa72741b8278
+  data.tar.gz: bcdaee6428296e950eb30992470db7cfe4ae8f0b
 SHA512:
-  metadata.gz: a348ea2217110695c94bab0d7a2133533854bd0e09d23aceec68cfcd6d51bf1796f4e3bc67755c18f64b7d834e2b3dda69e3320eb7bec7056df168b8cd14b4e8
-  data.tar.gz: a4fb1d612c2e9f675273b184544269de508138e8016f512baba57ac3c551f9e1c5e96e0ce96cbcbad6f999fc9aff61f160dd3d248d96db76770c7a07acf0dd49
+  metadata.gz: 130df0e0d82f29a39751a673ae7136ca51e7b5ddbbb9dedc88d6206d9a549b8e7102cb71d56ba475d300a0f0c3bc66413e079b127f971d8cf55b66e0659cd414
+  data.tar.gz: 284c07e58273115196cdc78646bc2142efad3401c68e2c7624b5b720c32d0d33d259536265007e98a60da3546c6d813bfd63778ea0217b16366dfafa563e38ab

data/CHANGELOG.md

@@ -0,0 +1,12 @@
+### 0.5.0
+
+Breaking changes. Token digest is stored in the database, not the actual token. This will invalidate all your existing tokens (logging users out) unless you migrate existing tokens. In order to migrate execute:
+
+```ruby
+AuthenticationToken.find_each do |token|
+  token.body = Devise.token_generator.digest(AuthenticationToken, :body, token.body)
+  token.save!
+end
+```
+
+assuming that your model which stores tokens is called ```AuthenticationToken```.

data/lib/tiddle/strategy.rb

@@ -13,7 +13,7 @@ module Devise
         return fail(:invalid_token) unless resource
 
         token = Tiddle::TokenIssuer.build.find_token(resource, token_from_headers)
-        if (token)
+        if token
           touch_token(token)
           return success!(resource)
         end

data/lib/tiddle/token_issuer.rb

@@ -13,13 +13,16 @@ module Tiddle
     end
 
     def create_and_return_token(resource, request)
-      token = resource.authentication_tokens
-        .create! body: generate_token,
+      token_class = authentication_token_class(resource)
+      token, token_body = Devise.token_generator.generate(token_class, :body)
+
+      resource.authentication_tokens
+        .create! body: token_body,
                  last_used_at: DateTime.current,
                  ip_address: request.remote_ip,
                  user_agent: request.user_agent
 
-      token.body
+      token
     end
 
     def expire_token(resource, request)
@@ -28,8 +31,10 @@ module Tiddle
     end
 
     def find_token(resource, token_from_headers)
+      token_class = authentication_token_class(resource)
+      token_body = Devise.token_generator.digest(token_class, :body, token_from_headers)
       resource.authentication_tokens.detect do |token|
-        Devise.secure_compare(token.body, token_from_headers)
+        Devise.secure_compare(token.body, token_body)
       end
     end
 
@@ -44,8 +49,8 @@ module Tiddle
 
       attr_accessor :maximum_tokens_per_user
 
-      def generate_token
-        Devise.friendly_token
+      def authentication_token_class(resource)
+        resource.association(:authentication_tokens).klass
       end
   end
 end

data/lib/tiddle/version.rb

@@ -1,3 +1,3 @@
 module Tiddle
-  VERSION = "0.4.1"
+  VERSION = "0.5.0"
 end

data/spec/tiddle_spec.rb

@@ -9,6 +9,12 @@ describe Tiddle do
     it "returns string with token" do
       result = Tiddle.create_and_return_token(@user, FakeRequest.new)
       expect(result).to be_present
+      expect(result).to be_kind_of(String)
+    end
+
+    it "stores a different string to the database" do
+      result = Tiddle.create_and_return_token(@user, FakeRequest.new)
+      expect(result).to_not eq @user.authentication_tokens.last.body
     end
 
     it "creates new token in the database" do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tiddle
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.0
 platform: ruby
 authors:
 - Adam Niedzielski
@@ -167,6 +167,7 @@ files:
 - ".rspec"
 - ".rubocop.yml"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md