tiddle 0.5.1 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -0
- data/.travis.yml +1 -1
- data/CHANGELOG.md +4 -0
- data/README.md +14 -0
- data/lib/tiddle/strategy.rb +10 -4
- data/lib/tiddle/version.rb +1 -1
- data/spec/rails_app/db/migrate/20150217000000_create_tables.rb +2 -0
- data/spec/spec_helper.rb +2 -2
- data/spec/strategy_spec.rb +29 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: eaff93a07c995f50d6ae7e23358251bb42ca4c35
|
4
|
+
data.tar.gz: 80b8e889d5d7a6de30608c75255ad4b9f755b926
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 80f288aa4a372315323403cb1aa4fb49287e5b77170f878e4f9fe5c768b67795c72f8e31e18deab4794cde388dc55d86a4fefb4d77b23a4e7c832479f3fecaa8
|
7
|
+
data.tar.gz: 56f5082287e45019a3c42adfa36dc49749a1098884ac1907f60cde950c9fec44e13895ffe79639400d20fd76861bc56a732d8b40f8c772c491884d919a167184
|
data/.rubocop.yml
CHANGED
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
### 0.6.0
|
2
|
+
|
3
|
+
Adds support for authentication keys other than email.
|
4
|
+
|
1
5
|
### 0.5.0
|
2
6
|
|
3
7
|
Breaking changes. Token digest is stored in the database, not the actual token. This will invalidate all your existing tokens (logging users out) unless you migrate existing tokens. In order to migrate execute:
|
data/README.md
CHANGED
@@ -86,3 +86,17 @@ end
|
|
86
86
|
5) Send ```X-USER-EMAIL``` and ```X-USER-TOKEN``` as headers of every request which requires authentication.
|
87
87
|
|
88
88
|
You can read more in a blog post dedicated to Tiddle - http://adamniedzielski.github.io/blog/2015/04/04/token-authentication-with-tiddle/
|
89
|
+
|
90
|
+
## Note on Rails session
|
91
|
+
|
92
|
+
The safest solution in API-only application is not to rely on Rails session at all and disable it. Put this line in your ```application.rb```:
|
93
|
+
|
94
|
+
```ruby
|
95
|
+
config.middleware.delete ActionDispatch::Session::CookieStore
|
96
|
+
```
|
97
|
+
|
98
|
+
More: http://adamniedzielski.github.io/blog/2015/04/04/token-authentication-with-tiddle/#rails-session
|
99
|
+
|
100
|
+
## Using field other than email
|
101
|
+
|
102
|
+
Change ```config.authentication_keys``` in Devise intitializer and Tiddle will use this value.
|
data/lib/tiddle/strategy.rb
CHANGED
@@ -9,7 +9,7 @@ module Devise
|
|
9
9
|
def authenticate!
|
10
10
|
env["devise.skip_trackable"] = true
|
11
11
|
|
12
|
-
resource = mapping.to.find_for_authentication(
|
12
|
+
resource = mapping.to.find_for_authentication(authentication_keys_from_headers)
|
13
13
|
return fail(:invalid_token) unless resource
|
14
14
|
|
15
15
|
token = Tiddle::TokenIssuer.build.find_token(resource, token_from_headers)
|
@@ -22,7 +22,7 @@ module Devise
|
|
22
22
|
end
|
23
23
|
|
24
24
|
def valid?
|
25
|
-
|
25
|
+
authentication_keys_from_headers.present? && token_from_headers.present?
|
26
26
|
end
|
27
27
|
|
28
28
|
def store?
|
@@ -31,8 +31,10 @@ module Devise
|
|
31
31
|
|
32
32
|
private
|
33
33
|
|
34
|
-
def
|
35
|
-
|
34
|
+
def authentication_keys_from_headers
|
35
|
+
authentication_keys.map do |key|
|
36
|
+
{ key => env["HTTP_X_#{model_name}_#{key.upcase}"] }
|
37
|
+
end.reduce(:merge)
|
36
38
|
end
|
37
39
|
|
38
40
|
def token_from_headers
|
@@ -43,6 +45,10 @@ module Devise
|
|
43
45
|
Tiddle::ModelName.new.with_underscores(mapping.to)
|
44
46
|
end
|
45
47
|
|
48
|
+
def authentication_keys
|
49
|
+
mapping.to.authentication_keys
|
50
|
+
end
|
51
|
+
|
46
52
|
def touch_token(token)
|
47
53
|
token.update_attribute(:last_used_at, DateTime.current) if token.last_used_at < 1.hour.ago
|
48
54
|
end
|
data/lib/tiddle/version.rb
CHANGED
data/spec/spec_helper.rb
CHANGED
@@ -2,10 +2,10 @@ require 'bundler/setup'
|
|
2
2
|
require 'simplecov'
|
3
3
|
require 'coveralls'
|
4
4
|
|
5
|
-
SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
|
5
|
+
SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new([
|
6
6
|
SimpleCov::Formatter::HTMLFormatter,
|
7
7
|
Coveralls::SimpleCov::Formatter
|
8
|
-
]
|
8
|
+
])
|
9
9
|
SimpleCov.start do
|
10
10
|
add_filter "/spec/"
|
11
11
|
end
|
data/spec/strategy_spec.rb
CHANGED
@@ -104,4 +104,33 @@ describe "Authentication using Tiddle strategy", type: :request do
|
|
104
104
|
expect(response.status).to eq 200
|
105
105
|
end
|
106
106
|
end
|
107
|
+
|
108
|
+
describe "using field other than email" do
|
109
|
+
|
110
|
+
before do
|
111
|
+
Devise.setup do |config|
|
112
|
+
config.authentication_keys = [:nick_name]
|
113
|
+
end
|
114
|
+
|
115
|
+
@user = User.create!(
|
116
|
+
email: "test@example.com",
|
117
|
+
password: "12345678",
|
118
|
+
nick_name: "test"
|
119
|
+
)
|
120
|
+
@token = Tiddle.create_and_return_token(@user, FakeRequest.new)
|
121
|
+
end
|
122
|
+
|
123
|
+
after do
|
124
|
+
Devise.setup do |config|
|
125
|
+
config.authentication_keys = [:email]
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
129
|
+
it "allows to access endpoints which require authentication with valid \
|
130
|
+
nick name and token" do
|
131
|
+
get secrets_path, {},
|
132
|
+
{ "X-USER-NICK-NAME" => "test", "X-USER-TOKEN" => @token }
|
133
|
+
expect(response.status).to eq 200
|
134
|
+
end
|
135
|
+
end
|
107
136
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tiddle
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Niedzielski
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-12-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: devise
|
@@ -217,7 +217,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
217
217
|
version: '0'
|
218
218
|
requirements: []
|
219
219
|
rubyforge_project:
|
220
|
-
rubygems_version: 2.4.
|
220
|
+
rubygems_version: 2.4.8
|
221
221
|
signing_key:
|
222
222
|
specification_version: 4
|
223
223
|
summary: Token authentication for Devise which supports multiple tokens per model
|