token_auth 0.3.0.beta1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 064111700731121265d4aada907cee407a956a06
+  data.tar.gz: d3b86f096bd944e54e154c9da276f304617946e1
+SHA512:
+  metadata.gz: 5bb1c3bf891008100dc89ca0e9996c04b4fe0e1e301a7d9ecc7915e6e73675794ba553d5accaf1750441308caa3116d61a6457eb9001ceb58c82a627f0df364b
+  data.tar.gz: 5a2d00439e671fa715bb52de55a89f5f8146592d922155a81350224af4b52095e434900103e3accd44333637dabd60ca0c43215f072be3412717428069f088df

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2015 Eric Carty-Fickes
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,111 @@
+# Token Authentication
+
+This Rails Engine implements a simple configuration handshake with clients. It
+also provides Controller Concerns for authenticating clients via an API.
+
+## Overview
+
+The basic workflow is as follows:
+
+1. A user generates a Configuration Token within your host application tied to
+   an "entity" within the application. This entity will likely represent a human
+   user.
+1. The Configuration Token is shared with the client you wish to authorize.
+1. If the Configuration Token is transmitted along with a unique client
+   identifier while the Token is still valid, the Configuration Token will be
+   destroyed and an Authentication Token will be created and returned to the
+   client.
+1. The Authentication Token can be used to authenticate subsequent requests, as
+   long as it is accompanied by the unique client identifier.
+1. The Authentication Token can be disabled temporarily or permanently, and it
+   can be destroyed. If it is destroyed, this process must be repeated.
+
+## Installation
+
+Add the gem to your Gemfile:
+
+```ruby
+# Gemfile
+
+gem 'token_auth',
+    git: 'https://github.com/NU-CBITS/token_auth_server_rails',
+    tag: '0.1.1'
+```
+
+Install it:
+
+```
+bundle
+```
+
+Install and run the migrations:
+
+```
+rake token_auth:install:migrations; rake db:migrate
+```
+
+Mount the Engine and make its routes available to the host application:
+
+```ruby
+# config/routes.rb
+
+mount TokenAuth::Engine => '/token_auth'
+```
+
+## Configuration
+
+To customize the behavior of the token management functions, you can override
+the `BaseController` class:
+
+```ruby
+# app/controllers/token_auth/base_controller.rb
+
+module TokenAuth
+  class BaseController < ApplicationController
+    before_action :authenticate_user!
+  end
+end
+```
+
+To authenticate an API controller:
+
+```ruby
+# app/controllers/api/my_controller.rb
+
+module Api
+  class MyController < ActionController::Base
+    include TokenAuth::Concerns::ApiResources
+
+    after_action do |controller|
+      controller.cors_set_access_control_headers(allow_methods: "GET, OPTIONS")
+    end
+
+    def show
+    end
+  end
+end
+```
+
+## Testing
+
+After generating a configuration token, test authentication token generation:
+
+```
+curl --data "data[clientUuid]=asdf&configurationToken=4C3LM9" http://localhost:3000/token_auth/api/authentication_tokens
+```
+
+## Development
+
+Clone the repository and install dependencies:
+
+```
+git clone git@github.com:NU-CBITS/token_auth_server_rails.git
+bundle
+```
+
+Run the unit tests and linters for this Engine:
+
+```
+RAILS_ENV=test bin/rake db:create db:migrate
+bin/rake
+```

data/Rakefile

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+begin
+  require "bundler/setup"
+rescue LoadError
+  puts "You must `gem install bundler` and `bundle install` to run rake tasks"
+end
+
+require "rdoc/task"
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = "rdoc"
+  rdoc.title    = "TokenAuth"
+  rdoc.options << "--line-numbers"
+  rdoc.rdoc_files.include("lib/**/*.rb")
+end
+
+require "rspec/core/rake_task"
+
+desc "Run all specs in spec directory (excluding plugin specs)"
+RSpec::Core::RakeTask.new(:spec)
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load "rails/tasks/engine.rake"
+
+Bundler::GemHelper.install_tasks
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+dir = File.dirname(__FILE__)
+
+desc "Run Brakeman"
+task :brakeman do
+  puts `#{ File.join(dir, "bin", "brakeman") } #{ File.join(dir, ".") }`
+end
+
+desc "Run MarkDown lint"
+task :mdl do
+  results = `#{ File.join(dir, "bin", "mdl") } #{ File.join(dir, "README.md") }`
+  unless results.strip.empty?
+    puts results
+    exit 1
+  end
+end
+
+task :default do
+  Rake::Task["spec"].invoke
+  Rake::Task["rubocop"].invoke
+  Rake::Task["brakeman"].invoke
+  Rake::Task["mdl"].invoke
+end

data/app/controllers/token_auth/api/authentication_tokens_controller.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module TokenAuth
+  module Api
+    # API to manage Authentication Tokens.
+    class AuthenticationTokensController < ::TokenAuth::Api::BaseController
+      RESOURCE_TYPE = "authenticationTokens"
+
+      include Concerns::CorsSettings
+
+      after_action do |controller|
+        controller.cors_set_access_control_headers(
+          allow_methods: "POST, OPTIONS"
+        )
+      end
+
+      def options
+        render json: {}, status: 200
+      end
+
+      def create
+        if configuration_token && authentication_token
+          render(json: {
+                   data: {
+                     type: RESOURCE_TYPE,
+                     id: authentication_token.uuid,
+                     value: authentication_token.value
+                   }
+                 },
+                 status: 201)
+        else
+          render json: {}, status: 400
+        end
+      end
+
+      private
+
+      def authentication_token
+        @authentication_token ||=
+          configuration_token.make_authentication_token(token_params)
+      end
+
+      def token_params
+        { client_uuid: (params[:data] || {})[:clientUuid] }
+      end
+
+      def configuration_token
+        @configuration_token ||=
+          ConfigurationToken.find_match(params[:configurationToken])
+      end
+    end
+  end
+end

data/app/controllers/token_auth/api/base_controller.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module TokenAuth
+  module Api
+    class BaseController < ActionController::Base
+    end
+  end
+end

data/app/controllers/token_auth/api/payloads_controller.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+require "openssl"
+
+module TokenAuth
+  module Api
+    # Processes inbound and outbound resources.
+    class PayloadsController < ActionController::Base
+      include TokenAuth::Concerns::CorsSettings
+
+      attr_reader :authentication_token
+
+      rescue_from TokenAuth::Concerns::ApiResources::Api::Unauthorized,
+                  with: :unauthorized
+
+      before_action do |controller|
+        controller.cors_set_access_control_headers(
+          allow_methods: "GET, POST, OPTIONS",
+          allow_headers: "Authorization"
+        )
+      end
+
+      def index
+        authenticate!
+        render json: pullable_records,
+               meta: { timestamp: Time.zone.now.iso8601 }
+      end
+
+      def options
+        render json: {}, status: 200
+      end
+
+      def create
+        authenticate!
+        payload = Payload.new(entity_id: authentication_token.entity_id)
+        payload.save request_data
+
+        headers["Errors"] = payload.errors.join(", ")
+        render json: payload.valid_resources, status: 201
+      rescue TokenAuth::Payload::MalformedPayloadError
+        render json: {}, status: 400
+      end
+
+      private
+
+      def find_token!
+        @authentication_token = TokenAuth::AuthenticationToken.find_by(
+          client_uuid: @metadata[:key],
+          is_enabled: true
+        )
+
+        return if @authentication_token
+
+        raise TokenAuth::Concerns::ApiResources::Api::Unauthorized
+      end
+
+      def request_data
+        return nil unless request.post?
+
+        params[:data] || []
+      end
+
+      def calculate_signature
+        OpenSSL::Digest::MD5.hexdigest([
+          request_data ? request_data.to_json : nil,
+          @metadata[:key],
+          @metadata[:nonce],
+          @metadata[:timestamp],
+          @metadata[:url],
+          @metadata[:method],
+          authentication_token.value
+        ].compact.join)
+      end
+
+      def split_header
+        if request.headers[:Authorization].nil?
+          raise TokenAuth::Concerns::ApiResources::Api::Unauthorized
+        end
+
+        auth_headers = request.headers[:Authorization].split(",")
+        @metadata = auth_headers.each_with_object({}) do |h, metadata|
+          p = h.split("=")
+          metadata[p[0].to_sym] = p[1].gsub(/(^")|("$)/m, "")
+        end
+      end
+
+      def authenticate!
+        split_header
+        find_token!
+
+        return if @metadata[:signature] == calculate_signature
+
+        raise TokenAuth::Concerns::ApiResources::Api::Unauthorized
+      end
+
+      def pullable_records
+        entity_id = authentication_token.entity_id
+        SynchronizableResource.pullable_records_for(
+          entity_id: entity_id,
+          filter: params[:filter]
+        )
+      end
+
+      def unauthorized
+        render json: {}, status: 401
+      end
+    end
+  end
+end

data/app/controllers/token_auth/authentication_tokens_controller.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+module TokenAuth
+  # Manages Authentication Tokens.
+  class AuthenticationTokensController < ::TokenAuth::BaseController
+    def update
+      token = AuthenticationToken.find_by_entity_id(params[:entity_id])
+
+      if token.update(token_params)
+        redirect_to tokens_url(token.entity_id),
+                    notice: t("activerecord.success_saving",
+                              name: token.class.model_name.human)
+      else
+        redirect_to tokens_url(token.entity_id),
+                    alert: t("activerecord.failure_saving",
+                             name: token.class.model_name.human,
+                             errors: errors_on(token))
+      end
+    end
+
+    def destroy
+      token = AuthenticationToken.find_by_entity_id(params[:entity_id])
+
+      if token.destroy
+        redirect_to tokens_url(token.entity_id),
+                    notice: t("activerecord.success_destroying",
+                              name: token.class.model_name.human)
+      else
+        redirect_to tokens_url(token.entity_id),
+                    alert: t("activerecord.failure_destroying",
+                             name: token.class.model_name.human,
+                             errors: errors_on(token))
+      end
+    end
+
+    private
+
+    def errors_on(model)
+      model.errors.full_messages.join ", "
+    end
+
+    def token_params
+      params.permit(:is_enabled)
+    end
+  end
+end

data/app/controllers/token_auth/base_controller.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+module TokenAuth
+  class BaseController < ApplicationController
+  end
+end

data/app/controllers/token_auth/concerns/api_resources.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+module TokenAuth
+  module Concerns
+    # Behavior related to authentication and CORS.
+    module ApiResources
+      module Api
+        class Unauthorized < StandardError
+        end
+      end
+
+      extend ActiveSupport::Concern
+
+      include ::TokenAuth::Concerns::CorsSettings
+
+      included do
+        before_action :authenticate_token!
+
+        rescue_from Api::Unauthorized, with: :unauthorized
+      end
+
+      AUTH_HEADER = "X-AUTH-TOKEN"
+
+      def options
+        render nothing: true
+      end
+
+      private
+
+      def authenticate_token!
+        @authentication_token = client_uuid && auth_header &&
+                                ::TokenAuth::AuthenticationToken
+                                .find_enabled(client_uuid: client_uuid,
+                                              value: auth_header)
+
+        raise Api::Unauthorized unless @authentication_token
+      end
+
+      def client_uuid
+        params[:clientUuid]
+      end
+
+      def auth_header
+        request.headers[AUTH_HEADER]
+      end
+
+      def unauthorized
+        render json: {}, status: 401
+      end
+    end
+  end
+end

data/app/controllers/token_auth/concerns/cors_settings.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module TokenAuth
+  module Concerns
+    # Allow cross-domain requests.
+    module CorsSettings
+      def cors_set_access_control_headers(allow_methods:, allow_headers: "")
+        headers["Access-Control-Allow-Origin"] = "*"
+        headers["Access-Control-Allow-Methods"] = allow_methods
+        headers["Access-Control-Allow-Headers"] = [
+          "Content-Type",
+          allow_headers
+        ].join(", ")
+      end
+    end
+  end
+end

data/app/controllers/token_auth/configuration_tokens_controller.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+module TokenAuth
+  # Manages Configuration Tokens.
+  class ConfigurationTokensController < ApplicationController
+    def create
+      token = ConfigurationToken.new(entity_id: params[:entity_id])
+
+      if token.save
+        redirect_to tokens_index,
+                    notice: t("activerecord.success_saving",
+                              name: token.class.model_name.human)
+      else
+        redirect_to tokens_index,
+                    alert: t("activerecord.failure_saving",
+                             name: token.class.model_name.human,
+                             errors: errors_on(token))
+      end
+    end
+
+    def destroy
+      token = ConfigurationToken.find_by_entity_id(params[:entity_id])
+
+      if token.nil?
+        redirect_to tokens_index,
+                    alert: t("activerecord.cannot_find",
+                             name: ConfigurationToken.model_name.human)
+      elsif token.destroy
+        redirect_to tokens_index,
+                    notice: t("activerecord.success_destroying",
+                              name: ConfigurationToken.model_name.human)
+      else
+        redirect_to tokens_index,
+                    alert: t("activerecord.failure_destroying",
+                             name: ConfigurationToken.model_name.human,
+                             errors: errors_on(token))
+      end
+    end
+
+    private
+
+    def tokens_index
+      tokens_url params[:entity_id]
+    end
+
+    def errors_on(model)
+      model.errors.full_messages.join ", "
+    end
+  end
+end

data/app/controllers/token_auth/tokens_controller.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module TokenAuth
+  # Manage configuration and authentication tokens.
+  class TokensController < ::TokenAuth::BaseController
+    def index
+      @entity_id = params[:entity_id]
+      @authentication_token = AuthenticationToken
+                              .find_by_entity_id(@entity_id)
+      @configuration_token = ConfigurationToken
+                             .find_by_entity_id(@entity_id)
+    end
+  end
+end

data/app/models/token_auth/authentication_token.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+module TokenAuth
+  # A key shared with a client for authenticating requests.
+  class AuthenticationToken < ActiveRecord::Base
+    TOKEN_LENGTH = 32
+    UUID_LENGTH = 36
+
+    validates :entity_id, :value, :uuid, :client_uuid, presence: true
+    validates :value, :entity_id, :client_uuid, uniqueness: true
+    validates :value, length: { is: TOKEN_LENGTH }
+    validates :uuid, length: { is: UUID_LENGTH }
+    validates :is_enabled, inclusion: { in: [true, false] }
+
+    before_validation :set_value, :set_uuid, on: :create
+
+    def self.find_enabled(client_uuid:, value:)
+      find_by(client_uuid: client_uuid, value: value, is_enabled: true)
+    end
+
+    private
+
+    def set_value
+      loop do
+        self.value = SecureRandom.hex(TOKEN_LENGTH / 2)
+        break unless self.class.exists?(value: value)
+      end
+    end
+
+    def set_uuid
+      self.uuid = SecureRandom.uuid
+    end
+  end
+end

data/app/models/token_auth/configuration_token.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module TokenAuth
+  # A single use human readable token for use with client configuration.
+  class ConfigurationToken < ActiveRecord::Base
+    mattr_accessor :valid_period
+    self.valid_period = 4.hours
+    SAMPLE_SET = %w( A B C D E F H J K L M N P Q R S T U V W X Y Z
+                     2 3 4 5 7 8 9
+                     # $ ).freeze
+    TOKEN_LENGTH = 6
+
+    validates :expires_at, :entity_id, :value, presence: true
+    validates :value, :entity_id, uniqueness: true
+
+    before_validation :set_value, :set_expires_at, on: :create
+
+    # Returns case insensitive match.
+    # rubocop:disable Rails/FindBy
+    def self.find_match(value)
+      return nil unless value.is_a?(String)
+
+      query = value.gsub(/[\s]+/, "")
+
+      return nil unless query.length == TOKEN_LENGTH
+
+      where(arel_table[:expires_at].gt(Time.zone.now))
+        .where(arel_table[:value].matches(query))
+        .first
+    end
+    # rubocop:enable Rails/FindBy
+
+    def make_authentication_token(client_uuid:)
+      return nil if expired?
+
+      authentication_token = AuthenticationToken
+                             .new(entity_id: entity_id,
+                                  client_uuid: client_uuid)
+      transaction do
+        authentication_token.save! && destroy!
+      end
+
+      authentication_token
+    rescue
+      nil
+    end
+
+    def expired?
+      Time.zone.now > expires_at
+    end
+
+    private
+
+    def set_value
+      loop do
+        self.value = (0...TOKEN_LENGTH).map { SAMPLE_SET.sample }.join
+        break unless self.class.exists?(value: value)
+      end
+    end
+
+    def set_expires_at
+      self.expires_at = Time.zone.now + self.class.valid_period
+    end
+  end
+end

data/app/models/token_auth/payload.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+module TokenAuth
+  # An inbound resource. Inbound resource requests are validated and an
+  # attempt is made to upsert them.
+  class Payload
+    attr_reader :valid_resources, :errors
+
+    class MalformedPayloadError < StandardError
+    end
+
+    def self.resource_type(params)
+      params.extract!(:type)[:type]
+
+    rescue NoMethodError
+      nil
+    end
+
+    def initialize(entity_id:)
+      @entity_id = entity_id
+      @valid_resources = []
+      @errors = []
+    end
+
+    def save(entities_params)
+      raise MalformedPayloadError unless entities_params.respond_to?(:each)
+
+      entities_params.each do |entity_params|
+        type = self.class.resource_type(entity_params)
+        resource = find_pushable_resource(type)
+
+        if resource
+          upsert_resource(
+            klass: resource.klass,
+            params: entity_params.merge(
+              "#{ resource.entity_id_attribute_name }": @entity_id
+            )
+          )
+        else
+          @errors << "invalid resource '#{ type }'"
+        end
+      end
+    end
+
+    private
+
+    def find_pushable_resource(type)
+      SynchronizableResource.find_by(
+        name: type,
+        is_pushable: true,
+        entity_id: @entity_id
+      )
+    end
+
+    def upsert_resource(klass:, params:)
+      attributes = deserialize(params)
+      resource = klass.find_or_initialize_by(uuid: attributes.delete("uuid"))
+
+      if resource.update(attributes)
+        @valid_resources << resource
+      else
+        @errors << resource.errors.full_messages.join(", ")
+      end
+
+    rescue ActiveRecord::UnknownAttributeError => error
+      @errors << error.message
+    end
+
+    def deserialize(params)
+      params.each_with_object({}) do |pair, attrs|
+        name, value = pair
+        name = name.to_s.underscore
+        name = "uuid" if name == "id"
+        attrs[name] = value
+      end
+    end
+  end
+end

data/app/models/token_auth/synchronizable_resource.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+module TokenAuth
+  # A resource that may be pushed and/or pulled by an entity.
+  class SynchronizableResource < ActiveRecord::Base
+    include UuidEnabled
+
+    validates :uuid, :entity_id, :entity_id_attribute_name, :name, :class_name,
+              presence: true
+    validates :is_pullable, :is_pushable, inclusion: { in: [true, false] }
+
+    def self.pullable_records_for(entity_id:, filter:)
+      where(is_pullable: true, entity_id: entity_id)
+        .map { |r| apply_filter(r.records, filter) }
+        .flatten
+    end
+
+    def self.apply_filter(relation, filter)
+      return relation unless filter && filter[:updated_at] &&
+                             filter[:updated_at][:gt]
+
+      timestamp = filter[:updated_at][:gt]
+
+      relation.where(relation.arel_table[:updated_at].gt(timestamp))
+    end
+
+    def records
+      klass.where(entity_id_attribute_name => entity_id)
+    end
+
+    def klass
+      class_name.constantize
+    end
+  end
+end

data/app/models/token_auth/uuid_enabled.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+require "active_support/concern"
+
+module TokenAuth
+  # Create a uuid, and add validation for format and presence of uuid.
+  module UuidEnabled
+    extend ActiveSupport::Concern
+
+    included do
+      before_validation { self.uuid ||= SecureRandom.uuid }
+
+      validates :uuid, length: { is: 36 }, uniqueness: true, presence: true
+    end
+  end
+end

data/app/serializers/token_auth/synchronizable_resource_serializer.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+module TokenAuth
+  # Serializer for SynchronizableResource.
+  class SynchronizableResourceSerializer < ActiveModel::Serializer
+    attributes :name
+    attribute :uuid, key: :id
+  end
+end

data/app/views/token_auth/tokens/index.html.erb

@@ -0,0 +1,55 @@
+<h2><%= t(".manage_tokens_for", default: "Manage tokens for") %> <%= @entity || @entity_id %></h2>
+
+<table class="table">
+  <% unless @authentication_token %>
+    <tr id="config-token">
+      <td class="lead">
+        <%= TokenAuth::ConfigurationToken.model_name.human %>
+      </td>
+      <td>
+        <% if @configuration_token %>
+          <% if @configuration_token.expired? %>
+            <span class="label label-warning"><%= t(".expired", default: "Expired") %></span>
+          <% else %>
+            <%= t(".expires_in", default: "Expires in") %> <%= time_ago_in_words @configuration_token.expires_at %>
+          <% end %>
+        <% else %>
+          <%= button_to t(".create", default: "Create"), configuration_token_path(@entity_id), class: "btn btn-default" %>
+        <% end %>
+      </td>
+      <% if @configuration_token %>
+        <td>
+          <% unless @configuration_token.expired? %>
+            <%= t(".value", default: "Value") %> <mark class="lead"><%= @configuration_token.value %></mark>
+            <p><small><%= t(".case_insensitive", default: "case insensitive") %></small></p>
+          <% end %>
+        </td>
+        <td>
+          <%= button_to t(".destroy", default: "Destroy"), token_auth.configuration_token_path(@entity_id), method: :delete, class: "btn btn-warning" %>
+        </td>
+      <% end %>
+    </tr>
+  <% else %>
+    <tr id="auth-token">
+      <td class="lead">
+        <%= @authentication_token.model_name.human %>
+        <% unless @authentication_token.is_enabled? %>
+          <span class="label label-danger"><%= t(".disabled", default: "Disabled") %></span>
+        <% end %>
+      </td>
+      <td>
+        <%= t("activerecord.attributes.token_auth/authentication_token.client_uuid", default: "Client uuid") %> <%= @authentication_token.client_uuid %>
+      </td>
+      <td>
+        <% if @authentication_token.is_enabled? %>
+          <%= button_to t(".disable", default: "Disable"), authentication_token_path(@entity_id), method: :patch, class: "btn btn-warning", params: { is_enabled: false } %>
+        <% else %>
+          <%= button_to t(".enable", default: "Enable"), authentication_token_path(@entity_id), method: :patch, class: "btn btn-info", params: { is_enabled: true } %>
+        <% end %>
+      </td>
+      <td>
+        <%= button_to t(".destroy", default: "Destroy"), authentication_token_path(@entity_id), method: :delete, class: "btn btn-danger", data: { confirm: t(".are_you_sure", default: "Are you sure?") } %>
+      </td>
+    </tr>
+  <% end %>
+</table>

data/config/locales/en.yml

@@ -0,0 +1,31 @@
+en:
+  activerecord:
+    attributes:
+      token_auth/authentication_token:
+        client_uuid: Client uuid
+    cannot_find: Unable to find %{name}
+    success_saving: Successfully saved %{name}
+    failure_saving: "Unable to save %{name}: %{errors}"
+    success_destroying: Successfully destroyed %{name}
+    failure_destroying: "Unable to destroy %{name}: %{errors}"
+    models:
+      token_auth/authentication_token:
+        one: Authentication token
+        other: Authentication tokens
+      token_auth/configuration_token:
+        one: Configuration token
+        other: Configuration tokens
+  token_auth:
+    tokens:
+      index:
+        are_you_sure: Are you sure?
+        case_insensitive: Case insensitive
+        create: Create
+        disable: Disable
+        disabled: Disabled
+        destroy: Destroy
+        enable: Enable
+        expired: Expired
+        expires_in: Expires in
+        manage_tokens_for: Manage tokens for
+        value: Value

data/config/locales/es-PE.yml

@@ -0,0 +1,31 @@
+es-PE:
+  activerecord:
+    attributes:
+      token_auth/authentication_token:
+        client_uuid: Identificador único universal (uuid) del cliente
+    cannot_find: No se pudo encontrar %{name}
+    success_saving: Guardado exitosamente %{name}
+    failure_saving: "No se pudo guardar %{name}: %{errors}"
+    success_destroying: Destruido exitosamente %{name}
+    failure_destroying: "No se pudo destruir %{name}: %{errors}"
+    models:
+      token_auth/authentication_token:
+        one: Autorizar identificador
+        other: Autorizar identificador
+      token_auth/configuration_token:
+        one: Identificador
+        other: Identificador
+  token_auth:
+    tokens:
+      index:
+        are_you_sure: ¿Estás seguro?
+        case_insensitive: No distingue mayúsculas y minúsculas
+        create: Crear identificador
+        disable: Desactivar
+        disabled: Inhabilitado
+        destroy: Destruir
+        enable: Activar
+        expired: Vencido
+        expires_in: Vence en
+        manage_tokens_for: Administrar identificador para
+        value: Valor

data/config/locales/pt-BR.yml

@@ -0,0 +1,31 @@
+pt-BR:
+  activerecord:
+    attributes:
+      token_auth/authentication_token:
+        client_uuid: Identificador Único Universal (uuid) do cliente
+    cannot_find: Não foi possível encontrar %{name}
+    success_saving: Salvo com sucesso %{name}
+    failure_saving: "Não foi possível salvar %{name}: %{errors}"
+    success_destroying: Destruído com sucesso %{name}
+    failure_destroying: "Não foi possível destruir %{name}: %{errors}"
+    models:
+      token_auth/authentication_token:
+        one: Autorizar Token
+        other: Autorizar Token
+      token_auth/configuration_token:
+        one: Configurar token
+        other: Configurar token
+  token_auth:
+    tokens:
+      index:
+        are_you_sure: Está certo disto?
+        case_insensitive: Não distingue maiúsculas e minúsculas
+        create: Criar token
+        disable: Desativar
+        disabled: Desabilitado
+        destroy: Destruir
+        enable: Ativar
+        expired: Expirado
+        expires_in: Expira em
+        manage_tokens_for: Gerenciar Token para
+        value: Valor

data/config/routes.rb

@@ -0,0 +1,18 @@
+TokenAuth::Engine.routes.draw do
+  scope '/entities/:entity_id' do
+    resource :authentication_token, only: [:update, :destroy]
+    resource :configuration_token, only: [:create, :destroy]
+    resources :tokens, only: :index
+  end
+
+  namespace :api do
+    match 'authentication_tokens',
+      to: 'authentication_tokens#options',
+      via: :options
+    resources :authentication_tokens, only: :create
+    match 'payloads',
+      to: 'payloads#options',
+      via: :options
+    resources :payloads, only: [:index, :create]
+  end
+end

data/db/migrate/20150428210721_create_configuration_tokens.rb

@@ -0,0 +1,21 @@
+module CreateConfigurationTokensMigration
+  def change
+    create_table :token_auth_configuration_tokens do |t|
+      t.datetime :expires_at, null: false
+      t.string :value, null: false
+      t.integer :entity_id, null: false
+    end
+
+    add_index :token_auth_configuration_tokens, :entity_id, unique: true
+  end
+end
+
+if ActiveRecord::Migration.respond_to? :[]
+  class CreateConfigurationTokens < ActiveRecord::Migration[4.2]
+    include CreateConfigurationTokensMigration
+  end
+else
+  class CreateConfigurationTokens < ActiveRecord::Migration
+    include CreateConfigurationTokensMigration
+  end
+end

data/db/migrate/20150428211137_create_authentication_tokens.rb

@@ -0,0 +1,25 @@
+module CreateAuthenticationTokensMigration
+  def change
+    create_table :token_auth_authentication_tokens do |t|
+      t.integer :entity_id, null: false
+      t.string :value, null: false, limit: ::TokenAuth::AuthenticationToken::TOKEN_LENGTH
+      t.boolean :is_enabled, null: false, default: true
+      t.string :uuid, null: false, limit: ::TokenAuth::AuthenticationToken::UUID_LENGTH
+      t.string :client_uuid, null: false
+    end
+
+    add_index :token_auth_authentication_tokens, :entity_id, unique: true
+    add_index :token_auth_authentication_tokens, :value, unique: true
+    add_index :token_auth_authentication_tokens, :client_uuid, unique: true
+  end
+end
+
+if ActiveRecord::Migration.respond_to? :[]
+  class CreateAuthenticationTokens < ActiveRecord::Migration[4.2]
+    include CreateAuthenticationTokensMigration
+  end
+else
+  class CreateAuthenticationTokens < ActiveRecord::Migration
+    include CreateAuthenticationTokensMigration
+  end
+end

data/db/migrate/20151229184253_create_token_auth_synchronizable_resources.rb

@@ -0,0 +1,25 @@
+module CreateTokenAuthSynchronizableResourcesMigration
+  def change
+    create_table :token_auth_synchronizable_resources do |t|
+      t.string :uuid, null: false
+      t.integer :entity_id, null: false
+      t.string :entity_id_attribute_name, null: false
+      t.string :name, null: false
+      t.string :class_name, null: false
+      t.boolean :is_pullable, default: false, null: false
+      t.boolean :is_pushable, default: false, null: false
+
+      t.timestamps null: false
+    end
+  end
+end
+
+if ActiveRecord::Migration.respond_to? :[]
+  class CreateTokenAuthSynchronizableResources < ActiveRecord::Migration[4.2]
+    include CreateTokenAuthSynchronizableResourcesMigration
+  end
+else
+  class CreateTokenAuthSynchronizableResources < ActiveRecord::Migration
+    include CreateTokenAuthSynchronizableResourcesMigration
+  end
+end

data/lib/tasks/token_auth_server_rails_tasks.rake

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+# desc "Explaining what the task does"
+# task :token_auth do
+#   # Task goes here
+# end

data/lib/token_auth/engine.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module TokenAuth
+  # Engine application superclass.
+  class Engine < ::Rails::Engine
+    isolate_namespace TokenAuth
+  end
+end

data/lib/token_auth/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+# Engine version.
+module TokenAuth
+  VERSION = "0.3.0.beta1"
+end

data/lib/token_auth.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+require "token_auth/engine"
+
+require "active_model_serializers"
+ActiveModel::Serializer.config.adapter = :json_api
+
+# nodoc
+module TokenAuth
+end

metadata

@@ -0,0 +1,229 @@
+--- !ruby/object:Gem::Specification
+name: token_auth
+version: !ruby/object:Gem::Version
+  version: 0.3.0.beta1
+platform: ruby
+authors:
+- Eric Carty-Fickes
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-05-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: active_model_serializers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.10.0.rc3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.10.0.rc3
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.0.rc1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.0.rc1
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.0.rc1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.0.rc1
+- !ruby/object:Gem::Dependency
+  name: railties
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.0.rc1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.0.rc1
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.5.0.beta3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.5.0.beta3
+- !ruby/object:Gem::Dependency
+  name: capybara
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: brakeman
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mdl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+description: A Rails engine that allows for configuring secure communication between
+  client and server via a shared human-readable token.
+email:
+- ericcf@northwestern.edu
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/token_auth/api/authentication_tokens_controller.rb
+- app/controllers/token_auth/api/base_controller.rb
+- app/controllers/token_auth/api/payloads_controller.rb
+- app/controllers/token_auth/authentication_tokens_controller.rb
+- app/controllers/token_auth/base_controller.rb
+- app/controllers/token_auth/concerns/api_resources.rb
+- app/controllers/token_auth/concerns/cors_settings.rb
+- app/controllers/token_auth/configuration_tokens_controller.rb
+- app/controllers/token_auth/tokens_controller.rb
+- app/models/token_auth/authentication_token.rb
+- app/models/token_auth/configuration_token.rb
+- app/models/token_auth/payload.rb
+- app/models/token_auth/synchronizable_resource.rb
+- app/models/token_auth/uuid_enabled.rb
+- app/serializers/token_auth/synchronizable_resource_serializer.rb
+- app/views/token_auth/tokens/index.html.erb
+- config/locales/en.yml
+- config/locales/es-PE.yml
+- config/locales/pt-BR.yml
+- config/routes.rb
+- db/migrate/20150428210721_create_configuration_tokens.rb
+- db/migrate/20150428211137_create_authentication_tokens.rb
+- db/migrate/20151229184253_create_token_auth_synchronizable_resources.rb
+- lib/tasks/token_auth_server_rails_tasks.rake
+- lib/token_auth.rb
+- lib/token_auth/engine.rb
+- lib/token_auth/version.rb
+homepage: https://github.com/NU-CBITS/token_auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.4
+signing_key: 
+specification_version: 4
+summary: Rails engine for authenticating clients anonymously.
+test_files: []