RubyGems - token_authenticate_me - Versions diffs - 0.5.3 → 0.5.4 - Mend

token_authenticate_me 0.5.3 → 0.5.4

Files changed (18) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c1f54dbd7d8eb742f1e9c70eff54faf8e1e540e5
-  data.tar.gz: 551e27d482158cfd41ff0edbb52d4c1e0405951d
+  metadata.gz: 014ea05ef85b51fefd546c3810d22ceb01c1949a
+  data.tar.gz: 32299428b5e1198b06350a8b3cc5c6e9ca56e291
 SHA512:
-  metadata.gz: 58504a64583a11e34883a2f09b30913c7db1ef2a06516679f3c4b3d17f76424c328308677b4b38a0d5f5a69a27e0007793ece766c4dad174dfd5e63f527d6264
-  data.tar.gz: 94460e4e5dcfefdd1fbc93bce5142e49c74143bc8ab9bae610b6fd35b7622ebc0e585b85ea78dad424641103fc3868e028630246078def05c3c16dc5a8863f7a
+  metadata.gz: 77265c9a971f4cd560dc6cf6ce3272d86c42ebba02d29714147e34f59f047ede1227ef88bb52a38beabc3a8541fcf6867fec752a415848afc160ba45e3593c5b
+  data.tar.gz: fe1899c608ce5be093d59417eb03beaf2431e7c3807637bb8a43897aa693ee95e1a18310fb5564655496795ee0339e95145892162ca18ea6ae5efff7f09ec248

data/README.md CHANGED Viewed

@@ -10,25 +10,31 @@ Add the gem to your Gemfile:
 Run `bundle install` to install it.
-To add or create a user with token authentication run:
-`rails generate token_authenticate_me:install <model>`
+To install run the following:
+`rails generate token_authenticate_me:install`
-Replace `<model>` with the class name used for users. This will create the necessary migration files, and optionally create the model file if it does not exist.
+Include `TokenAuthenticateMe::Concerns::Controllers::TokenAuthenticateable` into api controllers that require authorization:
+````rb
+require 'token_authenticate_me/concerns/controllers/token_authenticateable'
-**Right now this gem only supports creating the authentication model `User`, so it is recommended to call `rails generate token_authenticate_me:install user`**
+class ApiController < ApplicationController
+  include TokenAuthenticateMe::Concerns::Controllers::TokenAuthenticateable
-Include TokenAuthenticateMe::TokenAuthentication into the application controller or any controllers that require authorization:
-````rb
-require 'token_authenticate_me/controllers/token_authenticateable'
+  skip_before_filter :verify_authenticity_token # CSRF is not needed for header or param based auth
+  #...
+end
+````
-class ApplicationController < ActionController::Base
-  force_ssl if Rails.env.production?
+Include `TokenAuthenticateMe::Concerns::Controllers::SessionAuthenticateable` into server rendered page controllers that require authorization:
+````rb
+require 'token_authenticate_me/concerns/controllers/session_authenticateable'
+class AuthenticatedController < ApplicationController
   # Prevent CSRF attacks by raising an exception.
-  # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
-  include TokenAuthenticateMe::Controllers::TokenAuthenticateable
+  include TokenAuthenticateMe::Concerns::Controllers::SessionAuthenticateable
   #...
 end
@@ -44,16 +50,10 @@ end
 ````
 ## Authentication Model
-The model that is used for authentication will need to have `include TokenAuthenticateMe::Models::Authenticatable`. This will automatically happen if you use the generator.
-If you did not use the generator, this module expects the model to have the following attributes:
-* `email:string`
-* `password_digest:string`
-* `username:string`
-* `reset_password_token:string`
-* `reset_password_token_exp:datetime`
-This model will have a set of [validators](https://github.com/inigo-llc/token_authenticate_me/blob/master/lib/token_authenticate_me/models/authenticatable.rb#L11) added to it.
+The model has 3 concerns:
+* [Authenticatable](https://github.com/wildland/token_authenticate_me/blob/master/lib/token_authenticate_me/concerns/models/authenticatable.rb)
+* [Invitable](https://github.com/wildland/token_authenticate_me/blob/master/lib/token_authenticate_me/concerns/models/invitable.rb)
+* [Sessionable](https://github.com/wildland/token_authenticate_me/blob/master/lib/token_authenticate_me/concerns/models/sessionable.rb)
 *tl;dr*:
 * `email` is required, can't be blank, is unique (case insensitive), and must look like an email address.
@@ -61,10 +61,5 @@ This model will have a set of [validators](https://github.com/inigo-llc/token_au
 * `username` is required, can't be blank, is unique (case insensitive), and only allows alphanumeric values.
 * To change the `password` or `email` after the model has been persisted, you will need to provide the current password as `current_password`.
-#### TODO:
-- [ ] Make it so any resource name can be used for authentication (initial thought is either specify the default or pass resource name in token string?).
-- [ ] Allow users to specify the API namespace default.
-- [ ] Add a way to override/change/configure validations.
 ## Code Of Conduct
 Wildland Open Source [Code Of Conduct](https://github.com/wildland/code-of-conduct)

data/app/controllers/token_authenticate_me/api/v1/base_controller.rb CHANGED Viewed

@@ -1,8 +1,7 @@
 module TokenAuthenticateMe
   module Api
     module V1
-      class BaseController < TokenAuthenticateMe::ApplicationController
-        skip_before_action :verify_authenticity_token
+      class BaseController < ActionController::Base
       end
     end
   end

data/app/controllers/token_authenticate_me/api/v1/sessions_controller.rb CHANGED Viewed

@@ -1,10 +1,12 @@
-require 'token_authenticate_me/concerns/controllers/sessionable'
+require 'token_authenticate_me/concerns/controllers/token_authenticateable'
+require 'token_authenticate_me/concerns/controllers/token_sessionable'
 module TokenAuthenticateMe
   module Api
     module V1
       class SessionsController < BaseController
-        include TokenAuthenticateMe::Concerns::Controllers::Sessionable
+        include TokenAuthenticateMe::Concerns::Controllers::TokenAuthenticateable
+        include TokenAuthenticateMe::Concerns::Controllers::TokenSessionable
       end
     end
   end

data/app/models/token_authenticate_me/default_token_handler.rb ADDED Viewed

File without changes

data/app/views/token_authenticate_me_mailer/session/new.html.erb ADDED Viewed

File without changes

data/lib/token_authenticate_me/authentication.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module TokenAuthenticateMe
+  class Authentication
+    def self.default_token_handler(token, _options)
+      session = TokenAuthenticateMe::Session.find_by_key(token)
+      if session && session.expiration > DateTime.now
+        session
+      else
+        false
+      end
+    end
+    attr_reader :token, :token_handler
+    def initialize(token:, token_handler: TokenAuthenticateMe::Authentication.method(:default_token_handler))
+      @token = token
+      @token_handler = token_handler
+    end
+    def authenticate(options = {})
+      token_handler.call(token, options)
+    end
+  end
+end

data/lib/token_authenticate_me/concerns/controllers/authenticateable.rb ADDED Viewed

@@ -0,0 +1,33 @@
+require 'active_support/concern'
+require 'token_authenticate_me/authentication'
+module TokenAuthenticateMe
+  module Concerns
+    module Controllers
+      module Authenticateable
+        extend ActiveSupport::Concern
+        # Standard authentication routine, override to implement different auth strategies.
+        def token_handler(token, options)
+          authentication = TokenAuthenticateMe::Authentication.new(token: token)
+          authentication.authenticate(options)
+        end
+        protected
+        # `authenticated_session` and `render_unauthorized` are specific to controllers.
+        # Ex:
+        # Could render json or http status code for unauthorized, or could redirect to a different url for server rendered pages.
+        # Could authenticate using headers or params, or cookie sessions depending on controller type.
+        def authenticate
+          authenticated_session || render_unauthorized
+        end
+        def current_user
+          return unless authenticated_session
+          @current_user ||= User.find_by_id(authenticated_session.user_id)
+        end
+      end
+    end
+  end
+end

data/lib/token_authenticate_me/concerns/controllers/session_authenticateable.rb ADDED Viewed

@@ -0,0 +1,47 @@
+require 'active_support/concern'
+require 'token_authenticate_me/concerns/controllers/authenticateable'
+require 'token_authenticate_me/session_authentication'
+# This module provides cookie based session authentication for server rendered pages.
+# If using this module, make sure CSRF is enabled to prevent CSRF attacks.
+module TokenAuthenticateMe
+  module Concerns
+    module Controllers
+      module SessionAuthenticateable
+        extend ActiveSupport::Concern
+        include TokenAuthenticateMe::Concerns::Controllers::Authenticateable
+        protected
+        def authenticated_session
+          @session ||= authenticate_with_session
+        end
+        def authenticate_with_session
+          session_authentication = TokenAuthenticateMe::SessionAuthentication.new(controller: self)
+          session_authentication.authenticate
+        end
+        def return_to_url
+          session[:return_to]
+        end
+        def save_return_to_url
+          session[:return_to] = request.url
+        end
+        def redirect_to_login
+          redirect_to login_url
+        end
+        def render_unauthorized
+          save_return_to_url
+          flash.now[:error] = "You must be logged in to access this section"
+          redirect_to_login
+        end
+      end
+    end
+  end
+end

data/lib/token_authenticate_me/concerns/controllers/session_sessionable.rb ADDED Viewed

@@ -0,0 +1,50 @@
+require 'active_support/concern'
+require 'token_authenticate_me/concerns/controllers/sessionable'
+module TokenAuthenticateMe
+  module Concerns
+    module Controllers
+      module SessionSessionable
+        extend ActiveSupport::Concern
+        include Sessionable
+        included do
+          skip_before_action :authenticate, only: [:new, :create]
+          def new
+          end
+          def create
+            if authenticate_resource
+              @session = create_session!(resource)
+              session[:key] = @session.key
+              if return_to_url
+                redirect_to_login
+              else
+                redirect_to root_url
+              end
+            else
+              flash.now[:error] = "Invalid username or password"
+              redirect_to_login
+            end
+          end
+          def destroy
+            unauthenticate_resource
+            redirect_to return_to_url
+          rescue
+            render_unauthorized
+          end
+          protected
+          def session_params
+            params.require(:session).permit(:username, :password)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/token_authenticate_me/concerns/controllers/sessionable.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 require 'active_support/concern'
 require 'token_authenticate_me/concerns/controllers/token_authenticateable'
 module TokenAuthenticateMe
@@ -8,43 +7,33 @@ module TokenAuthenticateMe
       module Sessionable
         extend ActiveSupport::Concern
-        include TokenAuthenticateMe::Concerns::Controllers::TokenAuthenticateable
         included do
-          skip_before_action :authenticate, only: [:create]
-          after_action :cleanup_sessions, only: [:destroy]
-          def create
-            resource = User.where('username=? OR email=?', params[:username], params[:username]).first
-            if resource && resource.authenticate(params[:password])
-              @session = Session.create(user_id: resource.id)
-              render json: @session, status: 201
-            else
-              render json: { message: 'Bad credentials' }, status: 401
-            end
-          end
+          after_action :cleanup_sessions, only: [:create, :destroy]
-          def show
-            @session = authenticate_token
-            render json: @session
-          end
+          protected
-          def destroy
-            authenticate_token.destroy
+          def unauthenticate_resource
+            authenticated_session.destroy!
+          end
-            render status: 204, nothing: true
-          rescue
-            render_unauthorized
+          def create_session!(authenticated_resource)
+            Session.create!(user_id: authenticated_resource.id)
           end
-          private
+          def resource
+            @resource ||= User.where('username=? OR email=?', session_params[:username], session_params[:username]).first
+          end
-          def session_params
-            params.permit(:username, :email, :password)
+          def authenticate_resource
+            if resource && resource.authenticate(session_params[:password])
+              resource
+            else
+              nil
+            end
           end
           def cleanup_sessions
-            ApiSession.where('expiration < ?', DateTime.now).delete_all
+            Session.where('expiration < ?', DateTime.now).delete_all
           rescue
             Rails.logger.warn 'Error cleaning up old authentication sessions'
           end

data/lib/token_authenticate_me/concerns/controllers/token_authenticateable.rb CHANGED Viewed

@@ -1,4 +1,6 @@
 require 'active_support/concern'
+require 'token_authenticate_me/concerns/controllers/authenticateable'
+require 'token_authenticate_me/header_authentication'
 module TokenAuthenticateMe
   module Concerns
@@ -6,25 +8,22 @@ module TokenAuthenticateMe
       module TokenAuthenticateable
         extend ActiveSupport::Concern
+        include TokenAuthenticateMe::Concerns::Controllers::Authenticateable
         included do
-          before_action :authenticate
+          before_action :authenticate # By default authenticate every action
         end
-        protected
-        def authenticate
-          authenticate_token || render_unauthorized
-        end
+        protected
-        def current_user
-          return unless authenticate_token
-          @current_user ||= User.find_by_id(authenticate_token.user_id)
+        def authenticated_session
+          @session ||= authenticate_with_header
         end
-        def authenticate_token
-          @session ||= (
-            authenticate_with_http_token(&method(:token_handler)) || authenticate_with_params
-          )
+        def authenticate_with_header
+          header_authentication = TokenAuthenticateMe::HeaderAuthentication.new(controller: self)
+          header_authentication.authenticate
         end
         def authenticate_with_params
@@ -36,15 +35,6 @@ module TokenAuthenticateMe
           headers['WWW-Authenticate'] = 'Token realm="Application"'
           render json: 'Bad credentials', status: 401
         end
-        def token_handler(token, _options)
-          session = TokenAuthenticateMe::Session.find_by_key(token)
-          if session && session.expiration > DateTime.now
-            session
-          else
-            false
-          end
-        end
       end
     end
   end

data/lib/token_authenticate_me/concerns/controllers/token_sessionable.rb ADDED Viewed

@@ -0,0 +1,47 @@
+require 'active_support/concern'
+require 'token_authenticate_me/concerns/controllers/sessionable'
+module TokenAuthenticateMe
+  module Concerns
+    module Controllers
+      module TokenSessionable
+        extend ActiveSupport::Concern
+        include Sessionable
+        included do
+          skip_before_action :authenticate, only: [:create]
+          def create
+            if authenticate_resource
+              @session = create_session!(resource)
+              render json: @session, status: 201
+            else
+              render json: { message: 'Bad credentials' }, status: 401
+            end
+          end
+          def show
+            @session = authenticated_session
+            render json: @session
+          end
+          def destroy
+            unauthenticate_resource
+            render status: 204, nothing: true
+          rescue
+            render_unauthorized
+          end
+          protected
+          def session_params
+            params.permit(:username, :password)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/token_authenticate_me/header_authentication.rb ADDED Viewed

@@ -0,0 +1,20 @@
+module TokenAuthenticateMe
+  class HeaderAuthentication
+    attr :controller
+    def initialize(controller:)
+      @controller = controller
+    end
+    def authenticate(options = {})
+      controller.authenticate_with_http_token(&method(:token_handler))
+    end
+    private
+    def token_handler(token, options)
+      token_handler = controller.token_handler(token, options)
+    end
+  end
+end

data/lib/token_authenticate_me/session_authentication.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module TokenAuthenticateMe
+  class SessionAuthentication
+    attr :controller
+    def initialize(controller:)
+      @controller = controller
+    end
+    def authenticate(options = {})
+      token = session_key
+      token_handler(token, options)
+    end
+    private
+    def token_handler(token, options)
+      controller.token_handler(token, options)
+    end
+    def session_key
+      controller.session[:key]
+    end
+  end
+end

data/lib/token_authenticate_me/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module TokenAuthenticateMe
-  VERSION = '0.5.3'.freeze
+  VERSION = '0.5.4'.freeze
 end

data/lib/token_authenticate_me.rb CHANGED Viewed

@@ -7,6 +7,24 @@ module TokenAuthenticateMe
   UUID_REGEX = /([a-f0-9]){32}/
+  module Concerns
+    module Controllers
+      autoload :Authenticatable, 'token_authenticate_me/concerns/controllers/authenticateable'
+      autoload :Invitable, 'token_authenticate_me/concerns/controllers/invitable'
+      autoload :PasswordResetable, 'token_authenticate_me/concerns/controllers/password_resetable'
+      autoload :SessionAuthenticateable, 'token_authenticate_me/concerns/controllers/session_authenticateable'
+      autoload :Sessionable, 'token_authenticate_me/concerns/controllers/sessionable'
+      autoload :TokenAuthenticateable, 'token_authenticate_me/concerns/controllers/token_authenticateable'
+      autoload :TokenSessionable, 'token_authenticate_me/concerns/controllers/token_sessionable'
+    end
+    module Models
+      autoload :Authenticatable, 'token_authenticate_me/concerns/models/authenticatable'
+      autoload :Invitable, 'token_authenticate_me/concerns/models/invitable'
+      autoload :Sessionable, 'token_authenticate_me/concerns/models/sessionable'
+    end
+  end
   def configure
     yield configuration
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: token_authenticate_me
 version: !ruby/object:Gem::Version
-  version: 0.5.3
+  version: 0.5.4
 platform: ruby
 authors:
 - Sam Clopton
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-09-13 00:00:00.000000000 Z
+date: 2016-10-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -71,12 +71,14 @@ files:
 - app/controllers/token_authenticate_me/application_controller.rb
 - app/helpers/token_authenticate_me/application_helper.rb
 - app/mailers/token_authenticate_me_mailer.rb
+- app/models/token_authenticate_me/default_token_handler.rb
 - app/models/token_authenticate_me/invite.rb
 - app/models/token_authenticate_me/session.rb
 - app/models/token_authenticate_me/user.rb
 - app/views/token_authenticate_me_mailer/invalid_user_reset_password_email.html.erb
 - app/views/token_authenticate_me_mailer/invalid_user_reset_password_email.text.erb
 - app/views/token_authenticate_me_mailer/invite_user_email.html.erb
+- app/views/token_authenticate_me_mailer/session/new.html.erb
 - app/views/token_authenticate_me_mailer/valid_user_reset_password_email.html.erb
 - app/views/token_authenticate_me_mailer/valid_user_reset_password_email.text.erb
 - config/routes.rb
@@ -91,16 +93,23 @@ files:
 - lib/generators/token_authenticate_me/policies/templates/user_policy.rb
 - lib/tasks/token_authenticate_me_tasks.rake
 - lib/token_authenticate_me.rb
+- lib/token_authenticate_me/authentication.rb
+- lib/token_authenticate_me/concerns/controllers/authenticateable.rb
 - lib/token_authenticate_me/concerns/controllers/invitable.rb
 - lib/token_authenticate_me/concerns/controllers/password_resetable.rb
+- lib/token_authenticate_me/concerns/controllers/session_authenticateable.rb
+- lib/token_authenticate_me/concerns/controllers/session_sessionable.rb
 - lib/token_authenticate_me/concerns/controllers/sessionable.rb
 - lib/token_authenticate_me/concerns/controllers/token_authenticateable.rb
+- lib/token_authenticate_me/concerns/controllers/token_sessionable.rb
 - lib/token_authenticate_me/concerns/models/authenticatable.rb
 - lib/token_authenticate_me/concerns/models/invitable.rb
 - lib/token_authenticate_me/concerns/models/sessionable.rb
 - lib/token_authenticate_me/configuration.rb
 - lib/token_authenticate_me/engine.rb
+- lib/token_authenticate_me/header_authentication.rb
 - lib/token_authenticate_me/models.rb
+- lib/token_authenticate_me/session_authentication.rb
 - lib/token_authenticate_me/version.rb
 - test/dummy/README.rdoc
 - test/dummy/Rakefile