tok 0.0.1.pre

data/lib/tok/controller.rb

@@ -0,0 +1,64 @@
+module Tok
+  module Controller 
+    extend ActiveSupport::Concern
+
+    helpers = %w(authenticate! current_user model model_name model_class)
+
+    included do
+      helper_method(*helpers) 
+      hide_action(*helpers)
+    end
+
+    def authenticate!
+      authentication_required unless authorized?
+    end
+
+    def current_user
+      model_class.where(authentication_token: token).first
+    end
+
+    def model 
+      Tok.configuration.model.to_s
+    end
+
+    def model_name 
+      model.downcase
+    end
+
+    def model_class 
+      model.constantize
+    end
+
+    private
+
+    def authentication_required
+      self.headers["WWW-Authenticate"] = 'Token realm="Application"'
+      render json: {error: "Access denied."}, status: :unauthorized
+    end
+
+    def authorized?
+      model = model_class.where(authentication_token: token).first
+      model && secure_compare(model.authentication_token, token)
+    end
+
+    def token
+      token_header || params[:token]
+    end
+
+    def token_header
+      request.headers["HTTP_AUTHORIZATION"].tr('"', '').split('=')[1] if request.headers["HTTP_AUTHORIZATION"]
+    end
+
+    # Adopted from Devise, licensed under MIT.
+    # Copyrights 2009 - 2014 Plataformatec.
+    def secure_compare(a, b)
+      return false if a.blank? || b.blank? || a.bytesize != b.bytesize
+
+      l = a.unpack "C#{a.bytesize}"
+
+      res = 0
+      b.each_byte { |byte| res |= byte ^ l.shift }
+      res == 0
+    end
+  end
+end

data/lib/tok/engine.rb

@@ -0,0 +1,26 @@
+require 'tok'
+require 'rails'
+
+module Tok
+  class Engine < Rails::Engine
+    isolate_namespace Tok
+
+    initializer :append_migrations do |app|
+      if model_exist?
+        config.paths["db/migrate"].expanded.each do |expanded_path| 
+          app.config.paths["db/migrate"] << expanded_path
+        end
+      end
+    end
+
+    initializer :filter_params do |app|
+      app.config.filter_parameters += [:encrypted_password, :password, :authentication_token, :token]
+    end
+
+    private
+
+    def model_exist?
+      Rails.env.test? ? true : File.exist?(File.expand_path('app/models/user.rb', Rails.root)) 
+    end
+  end
+end

data/lib/tok/version.rb

@@ -0,0 +1,3 @@
+module Tok
+  VERSION = "0.0.1.pre"
+end

data/spec/controllers/sessions_controller_spec.rb

@@ -0,0 +1,62 @@
+describe Tok::SessionsController do
+  before do
+    class User < ActiveRecord::Base
+      include Tok::Authentication
+    end
+  end
+
+  describe "#create" do
+    context "with valid credentials" do
+      subject { attributes_for(:user) }
+
+      before do
+        @user = create(:user)
+
+        post :create, {user: subject}, {"Accept" => "application/json", "Content-Type" => "application/json"}
+      end
+
+      it { expect(response).to be_success }
+      it { expect(response).to have_http_status :created }
+      it { expect(response.body).to eq ({token: @user.authentication_token}.to_json) } 
+    end
+
+    context "with invalid credentials" do
+      subject { attributes_for(:user) }
+
+      before do
+        post :create, {user: subject}, {"Accept" => "application/json", "Content-Type" => "application/json"}
+      end
+
+      it { expect(response).to_not be_success }
+      it { expect(response).to have_http_status :unprocessable_entity }
+      it { expect(json).to have_key("error") }
+      it { expect(json["error"]).to eq "Invalid email or password!" }
+    end
+  end
+
+  describe "#destroy" do
+    context "when logged in" do
+      let(:user_params) { attributes_for(:user) }
+
+      before do
+        @user = create(:user)
+        @user.class.authenticate(user_params)
+
+        delete :destroy, {token: @user.authentication_token}, {"Accept" => "application/json", "Content-Type" => "application/json"}
+      end
+
+      it { expect(response).to be_success }
+      it { expect(response).to have_http_status :no_content }
+      it { expect{@user.reload}.to change{@user.authentication_token} }
+    end
+
+    context "when not logged in" do
+      before do
+        delete :destroy, {token: "not-valid"}, {"Accept" => "application/json", "Content-Type" => "application/json"}
+      end
+
+      it { expect(response).to be_success }
+      it { expect(response).to have_http_status :no_content } 
+    end
+  end
+end

data/spec/controllers/users_controller_spec.rb

@@ -0,0 +1,28 @@
+describe Tok::UsersController do
+  before do
+    class User < ActiveRecord::Base
+      include Tok::Authentication
+    end
+  end
+
+  describe "#create" do
+    context "with valid parameters" do
+      subject { attributes_for(:user) }
+
+      before do
+        post :create, {user: subject}, {"Accept" => "application/json", "Content-Type" => "application/json"} 
+      end
+
+      it { expect(response).to be_success }
+      it { expect(response).to have_http_status(:created) }
+      it { expect(response.body).to eq User.last.to_json }
+
+      it { expect(assigns(:model)).to be_persisted }
+      it { expect(assigns(:model)).to eq User.last }
+
+      it "should increase users count" do
+        change(User, :count).by(1)
+      end
+    end
+  end
+end

data/spec/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/spec/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails.application.load_tasks

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,2 @@
+class ApplicationController < ActionController::API
+end

data/spec/dummy/bin/bundle

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+load Gem.bin_path('bundler', 'bundle')

data/spec/dummy/bin/rails

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require_relative '../config/boot'
+require 'rails/commands'

data/spec/dummy/bin/rake

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require_relative '../config/boot'
+require 'rake'
+Rake.application.run

data/spec/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Rails.application

data/spec/dummy/config/application.rb

@@ -0,0 +1,30 @@
+require File.expand_path('../boot', __FILE__)
+
+# Pick the frameworks you want:
+require "active_model/railtie"
+require "active_record/railtie"
+require "action_controller/railtie"
+require "action_mailer/railtie"
+# require "action_view/railtie"
+# require "sprockets/railtie"
+# require "rails/test_unit/railtie"
+
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require(*Rails.groups)
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+  end
+end

data/spec/dummy/config/boot.rb

@@ -0,0 +1,4 @@
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])

data/spec/dummy/config/database.yml

@@ -0,0 +1,85 @@
+# PostgreSQL. Versions 8.2 and up are supported.
+#
+# Install the pg driver:
+#   gem install pg
+# On OS X with Homebrew:
+#   gem install pg -- --with-pg-config=/usr/local/bin/pg_config
+# On OS X with MacPorts:
+#   gem install pg -- --with-pg-config=/opt/local/lib/postgresql84/bin/pg_config
+# On Windows:
+#   gem install pg
+#       Choose the win32 build.
+#       Install PostgreSQL and put its /bin directory on your path.
+#
+# Configure Using Gemfile
+# gem 'pg'
+#
+default: &default
+  adapter: postgresql
+  encoding: unicode
+  # For details on connection pooling, see rails configuration guide
+  # http://guides.rubyonrails.org/configuring.html#database-pooling
+  pool: 5
+
+development:
+  <<: *default
+  database: dummy_development
+
+  # The specified database role being used to connect to postgres.
+  # To create additional roles in postgres see `$ createuser --help`.
+  # When left blank, postgres will use the default role. This is
+  # the same name as the operating system user that initialized the database.
+  #username: dummy
+
+  # The password associated with the postgres role (username).
+  #password:
+
+  # Connect on a TCP socket. Omitted by default since the client uses a
+  # domain socket that doesn't need configuration. Windows does not have
+  # domain sockets, so uncomment these lines.
+  #host: localhost
+
+  # The TCP port the server listens on. Defaults to 5432.
+  # If your server runs on a different port number, change accordingly.
+  #port: 5432
+
+  # Schema search path. The server defaults to $user,public
+  #schema_search_path: myapp,sharedapp,public
+
+  # Minimum log levels, in increasing order:
+  #   debug5, debug4, debug3, debug2, debug1,
+  #   log, notice, warning, error, fatal, and panic
+  # Defaults to warning.
+  #min_messages: notice
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  <<: *default
+  database: dummy_test
+
+# As with config/secrets.yml, you never want to store sensitive information,
+# like your database password, in your source code. If your source code is
+# ever seen by anyone, they now have access to your database.
+#
+# Instead, provide the password as a unix environment variable when you boot
+# the app. Read http://guides.rubyonrails.org/configuring.html#configuring-a-database
+# for a full rundown on how to provide these environment variables in a
+# production deployment.
+#
+# On Heroku and other platform providers, you may have a full connection URL
+# available as an environment variable. For example:
+#
+#   DATABASE_URL="postgres://myuser:mypass@localhost/somedatabase"
+#
+# You can use this database configuration with:
+#
+#   production:
+#     url: <%= ENV['DATABASE_URL'] %>
+#
+production:
+  <<: *default
+  database: dummy_production
+  username: dummy
+  password: <%= ENV['DUMMY_DATABASE_PASSWORD'] %>

data/spec/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the Rails application.
+require File.expand_path('../application', __FILE__)
+
+# Initialize the Rails application.
+Rails.application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -0,0 +1,28 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Do not eager load code on boot.
+  config.eager_load = false
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send.
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger.
+  config.active_support.deprecation = :log
+
+  # Raise an error on page load if there are pending migrations.
+  config.active_record.migration_error = :page_load
+
+
+  # Raises error for missing translations
+  # config.action_view.raise_on_missing_translations = true
+end

data/spec/dummy/config/environments/production.rb

@@ -0,0 +1,67 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # Code is not reloaded between requests.
+  config.cache_classes = true
+
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both threaded web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Enable Rack::Cache to put a simple HTTP cache in front of your application
+  # Add `rack-cache` to your Gemfile before enabling this.
+  # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid.
+  # config.action_dispatch.rack_cache = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this).
+  config.serve_static_assets = false
+
+
+  # Specifies the header that your server uses for sending files.
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # Set to :debug to see everything in the log.
+  config.log_level = :info
+
+  # Prepend all log lines with the following tags.
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups.
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production.
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Ignore bad email addresses and do not raise email delivery errors.
+  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation cannot be found).
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners.
+  config.active_support.deprecation = :notify
+
+  # Disable automatic flushing of the log to improve performance.
+  # config.autoflush_log = false
+
+  # Use default logging formatter so that PID and timestamp are not suppressed.
+  config.log_formatter = ::Logger::Formatter.new
+
+  # Do not dump schema after migrations.
+  config.active_record.dump_schema_after_migration = false
+end