RubyGems - token_authenticate_me - Versions diffs - 0.5.3 → 0.5.4 - Mend

token_authenticate_me 0.5.3 → 0.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c1f54dbd7d8eb742f1e9c70eff54faf8e1e540e5
-  data.tar.gz: 551e27d482158cfd41ff0edbb52d4c1e0405951d
+  metadata.gz: 014ea05ef85b51fefd546c3810d22ceb01c1949a
+  data.tar.gz: 32299428b5e1198b06350a8b3cc5c6e9ca56e291
 SHA512:
-  metadata.gz: 58504a64583a11e34883a2f09b30913c7db1ef2a06516679f3c4b3d17f76424c328308677b4b38a0d5f5a69a27e0007793ece766c4dad174dfd5e63f527d6264
-  data.tar.gz: 94460e4e5dcfefdd1fbc93bce5142e49c74143bc8ab9bae610b6fd35b7622ebc0e585b85ea78dad424641103fc3868e028630246078def05c3c16dc5a8863f7a
+  metadata.gz: 77265c9a971f4cd560dc6cf6ce3272d86c42ebba02d29714147e34f59f047ede1227ef88bb52a38beabc3a8541fcf6867fec752a415848afc160ba45e3593c5b
+  data.tar.gz: fe1899c608ce5be093d59417eb03beaf2431e7c3807637bb8a43897aa693ee95e1a18310fb5564655496795ee0339e95145892162ca18ea6ae5efff7f09ec248

data/README.md CHANGED Viewed

@@ -10,25 +10,31 @@ Add the gem to your Gemfile:
 Run `bundle install` to install it.
-To add or create a user with token authentication run:
-`rails generate token_authenticate_me:install <model>`
+To install run the following:
+`rails generate token_authenticate_me:install`
-Replace `<model>` with the class name used for users. This will create the necessary migration files, and optionally create the model file if it does not exist.
+Include `TokenAuthenticateMe::Concerns::Controllers::TokenAuthenticateable` into api controllers that require authorization:
+````rb
+require 'token_authenticate_me/concerns/controllers/token_authenticateable'
-**Right now this gem only supports creating the authentication model `User`, so it is recommended to call `rails generate token_authenticate_me:install user`**
+class ApiController < ApplicationController
+  include TokenAuthenticateMe::Concerns::Controllers::TokenAuthenticateable
-Include TokenAuthenticateMe::TokenAuthentication into the application controller or any controllers that require authorization:
-````rb
-require 'token_authenticate_me/controllers/token_authenticateable'
+  skip_before_filter :verify_authenticity_token # CSRF is not needed for header or param based auth
+  #...
+end
+````
-class ApplicationController < ActionController::Base
-  force_ssl if Rails.env.production?
+Include `TokenAuthenticateMe::Concerns::Controllers::SessionAuthenticateable` into server rendered page controllers that require authorization:
+````rb
+require 'token_authenticate_me/concerns/controllers/session_authenticateable'
+class AuthenticatedController < ApplicationController
   # Prevent CSRF attacks by raising an exception.
-  # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
-  include TokenAuthenticateMe::Controllers::TokenAuthenticateable
+  include TokenAuthenticateMe::Concerns::Controllers::SessionAuthenticateable
   #...
 end
@@ -44,16 +50,10 @@ end
 ````
 ## Authentication Model
-The model that is used for authentication will need to have `include TokenAuthenticateMe::Models::Authenticatable`. This will automatically happen if you use the generator.
-If you did not use the generator, this module expects the model to have the following attributes:
-* `email:string`
-* `password_digest:string`
-* `username:string`
-* `reset_password_token:string`
-* `reset_password_token_exp:datetime`
-This model will have a set of [validators](https://github.com/inigo-llc/token_authenticate_me/blob/master/lib/token_authenticate_me/models/authenticatable.rb#L11) added to it.
+The model has 3 concerns:
+* [Authenticatable](https://github.com/wildland/token_authenticate_me/blob/master/lib/token_authenticate_me/concerns/models/authenticatable.rb)
+* [Invitable](https://github.com/wildland/token_authenticate_me/blob/master/lib/token_authenticate_me/concerns/models/invitable.rb)
+* [Sessionable](https://github.com/wildland/token_authenticate_me/blob/master/lib/token_authenticate_me/concerns/models/sessionable.rb)
 *tl;dr*:
 * `email` is required, can't be blank, is unique (case insensitive), and must look like an email address.
@@ -61,10 +61,5 @@ This model will have a set of [validators](https://github.com/inigo-llc/token_au
 * `username` is required, can't be blank, is unique (case insensitive), and only allows alphanumeric values.
 * To change the `password` or `email` after the model has been persisted, you will need to provide the current password as `current_password`.
-#### TODO:
-- [ ] Make it so any resource name can be used for authentication (initial thought is either specify the default or pass resource name in token string?).
-- [ ] Allow users to specify the API namespace default.
-- [ ] Add a way to override/change/configure validations.
 ## Code Of Conduct
 Wildland Open Source [Code Of Conduct](https://github.com/wildland/code-of-conduct)

data/app/controllers/token_authenticate_me/api/v1/base_controller.rb CHANGED Viewed

@@ -1,8 +1,7 @@
 module TokenAuthenticateMe
   module Api
     module V1
-      class BaseController < TokenAuthenticateMe::ApplicationController
-        skip_before_action :verify_authenticity_token
+      class BaseController < ActionController::Base
       end
     end
   end

data/app/controllers/token_authenticate_me/api/v1/sessions_controller.rb CHANGED Viewed

@@ -1,10 +1,12 @@
-require 'token_authenticate_me/concerns/controllers/sessionable'
+require 'token_authenticate_me/concerns/controllers/token_authenticateable'
+require 'token_authenticate_me/concerns/controllers/token_sessionable'
 module TokenAuthenticateMe
   module Api
     module V1
       class SessionsController < BaseController
-        include TokenAuthenticateMe::Concerns::Controllers::Sessionable
+        include TokenAuthenticateMe::Concerns::Controllers::TokenAuthenticateable
+        include TokenAuthenticateMe::Concerns::Controllers::TokenSessionable
       end
     end
   end

data/app/models/token_authenticate_me/default_token_handler.rb ADDED Viewed

File without changes

data/app/views/token_authenticate_me_mailer/session/new.html.erb ADDED Viewed

File without changes

data/lib/token_authenticate_me/authentication.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module TokenAuthenticateMe
+  class Authentication
+    def self.default_token_handler(token, _options)
+      session = TokenAuthenticateMe::Session.find_by_key(token)
+      if session && session.expiration > DateTime.now
+        session
+      else
+        false
+      end
+    end
+    attr_reader :token, :token_handler
+    def initialize(token:, token_handler: TokenAuthenticateMe::Authentication.method(:default_token_handler))
+      @token = token
+      @token_handler = token_handler
+    end
+    def authenticate(options = {})
+      token_handler.call(token, options)
+    end
+  end
+end

data/lib/token_authenticate_me/concerns/controllers/authenticateable.rb ADDED Viewed

@@ -0,0 +1,33 @@
+require 'active_support/concern'
+require 'token_authenticate_me/authentication'
+module TokenAuthenticateMe
+  module Concerns
+    module Controllers
+      module Authenticateable
+        extend ActiveSupport::Concern
+        # Standard authentication routine, override to implement different auth strategies.
+        def token_handler(token, options)
+          authentication = TokenAuthenticateMe::Authentication.new(token: token)
+          authentication.authenticate(options)
+        end
+        protected
+        # `authenticated_session` and `render_unauthorized` are specific to controllers.
+        # Ex:
+        # Could render json or http status code for unauthorized, or could redirect to a different url for server rendered pages.
+        # Could authenticate using headers or params, or cookie sessions depending on controller type.
+        def authenticate
+          authenticated_session || render_unauthorized
+        end
+        def current_user
+          return unless authenticated_session
+          @current_user ||= User.find_by_id(authenticated_session.user_id)
+        end
+      end
+    end
+  end
+end

data/lib/token_authenticate_me/concerns/controllers/session_authenticateable.rb ADDED Viewed

@@ -0,0 +1,47 @@
+require 'active_support/concern'
+require 'token_authenticate_me/concerns/controllers/authenticateable'
+require 'token_authenticate_me/session_authentication'
+# This module provides cookie based session authentication for server rendered pages.
+# If using this module, make sure CSRF is enabled to prevent CSRF attacks.
+module TokenAuthenticateMe
+  module Concerns
+    module Controllers
+      module SessionAuthenticateable
+        extend ActiveSupport::Concern
+        include TokenAuthenticateMe::Concerns::Controllers::Authenticateable
+        protected
+        def authenticated_session
+          @session ||= authenticate_with_session
+        end
+        def authenticate_with_session
+          session_authentication = TokenAuthenticateMe::SessionAuthentication.new(controller: self)
+          session_authentication.authenticate
+        end
+        def return_to_url
+          session[:return_to]
+        end
+        def save_return_to_url
+          session[:return_to] = request.url
+        end
+        def redirect_to_login
+          redirect_to login_url
+        end
+        def render_unauthorized
+          save_return_to_url
+          flash.now[:error] = "You must be logged in to access this section"
+          redirect_to_login
+        end
+      end
+    end
+  end
+end

data/lib/token_authenticate_me/concerns/controllers/session_sessionable.rb ADDED Viewed

@@ -0,0 +1,50 @@
+require 'active_support/concern'
+require 'token_authenticate_me/concerns/controllers/sessionable'
+module TokenAuthenticateMe
+  module Concerns
+    module Controllers
+      module SessionSessionable
+        extend ActiveSupport::Concern
+        include Sessionable
+        included do
+          skip_before_action :authenticate, only: [:new, :create]
+          def new
+          end
+          def create
+            if authenticate_resource
+              @session = create_session!(resource)
+              session[:key] = @session.key
+              if return_to_url
+                redirect_to_login
+              else
+                redirect_to root_url
+              end
+            else
+              flash.now[:error] = "Invalid username or password"
+              redirect_to_login
+            end
+          end
+          def destroy
+            unauthenticate_resource
+            redirect_to return_to_url
+          rescue
+            render_unauthorized
+          end
+          protected
+          def session_params
+            params.require(:session).permit(:username, :password)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/token_authenticate_me/concerns/controllers/sessionable.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 require 'active_support/concern'
 require 'token_authenticate_me/concerns/controllers/token_authenticateable'
 module TokenAuthenticateMe
@@ -8,43 +7,33 @@ module TokenAuthenticateMe
       module Sessionable
         extend ActiveSupport::Concern
-        include TokenAuthenticateMe::Concerns::Controllers::TokenAuthenticateable
         included do
-          skip_before_action :authenticate, only: [:create]
-          after_action :cleanup_sessions, only: [:destroy]
-          def create
-            resource = User.where('username=? OR email=?', params[:username], params[:username]).first
-            if resource && resource.authenticate(params[:password])
-              @session = Session.create(user_id: resource.id)
-              render json: @session, status: 201
-            else
-              render json: { message: 'Bad credentials' }, status: 401
-            end
-          end
+          after_action :cleanup_sessions, only: [:create, :destroy]
-          def show
-            @session = authenticate_token
-            render json: @session
-          end
+          protected
-          def destroy
-            authenticate_token.destroy
+          def unauthenticate_resource
+            authenticated_session.destroy!
+          end
-            render status: 204, nothing: true
-          rescue
-            render_unauthorized
+          def create_session!(authenticated_resource)
+            Session.create!(user_id: authenticated_resource.id)
           end
-          private
+          def resource
+            @resource ||= User.where('username=? OR email=?', session_params[:username], session_params[:username]).first
+          end
-          def session_params
-            params.permit(:username, :email, :password)
+          def authenticate_resource
+            if resource && resource.authenticate(session_params[:password])
+              resource
+            else
+              nil
+            end
           end
           def cleanup_sessions
-            ApiSession.where('expiration < ?', DateTime.now).delete_all
+            Session.where('expiration < ?', DateTime.now).delete_all
           rescue
             Rails.logger.warn 'Error cleaning up old authentication sessions'
           end

data/lib/token_authenticate_me/concerns/controllers/token_authenticateable.rb CHANGED Viewed

@@ -1,4 +1,6 @@
 require 'active_support/concern'
+require 'token_authenticate_me/concerns/controllers/authenticateable'
+require 'token_authenticate_me/header_authentication'
 module TokenAuthenticateMe
   module Concerns
@@ -6,25 +8,22 @@ module TokenAuthenticateMe
       module TokenAuthenticateable
         extend ActiveSupport::Concern
+        include TokenAuthenticateMe::Concerns::Controllers::Authenticateable
         included do
-          before_action :authenticate
+          before_action :authenticate # By default authenticate every action
         end
-        protected
-        def authenticate
-          authenticate_token || render_unauthorized
-        end
+        protected
-        def current_user
-          return unless authenticate_token
-          @current_user ||= User.find_by_id(authenticate_token.user_id)
+        def authenticated_session
+          @session ||= authenticate_with_header
         end
-        def authenticate_token
-          @session ||= (
-            authenticate_with_http_token(&method(:token_handler)) || authenticate_with_params
-          )
+        def authenticate_with_header
+          header_authentication = TokenAuthenticateMe::HeaderAuthentication.new(controller: self)
+          header_authentication.authenticate
         end
         def authenticate_with_params
@@ -36,15 +35,6 @@ module TokenAuthenticateMe
           headers['WWW-Authenticate'] = 'Token realm="Application"'
           render json: 'Bad credentials', status: 401
         end
-        def token_handler(token, _options)
-          session = TokenAuthenticateMe::Session.find_by_key(token)
-          if session && session.expiration > DateTime.now
-            session
-          else
-            false
-          end
-        end
       end
     end
   end

data/lib/token_authenticate_me/concerns/controllers/token_sessionable.rb ADDED Viewed

@@ -0,0 +1,47 @@
+require 'active_support/concern'
+require 'token_authenticate_me/concerns/controllers/sessionable'
+module TokenAuthenticateMe
+  module Concerns
+    module Controllers
+      module TokenSessionable
+        extend ActiveSupport::Concern
+        include Sessionable
+        included do
+          skip_before_action :authenticate, only: [:create]
+          def create
+            if authenticate_resource
+              @session = create_session!(resource)
+              render json: @session, status: 201
+            else
+              render json: { message: 'Bad credentials' }, status: 401
+            end
+          end
+          def show
+            @session = authenticated_session
+            render json: @session
+          end
+          def destroy
+            unauthenticate_resource
+            render status: 204, nothing: true
+          rescue
+            render_unauthorized
+          end
+          protected
+          def session_params
+            params.permit(:username, :password)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/token_authenticate_me/header_authentication.rb ADDED Viewed

@@ -0,0 +1,20 @@
+module TokenAuthenticateMe
+  class HeaderAuthentication
+    attr :controller
+    def initialize(controller:)
+      @controller = controller
+    end
+    def authenticate(options = {})
+      controller.authenticate_with_http_token(&method(:token_handler))
+    end
+    private
+    def token_handler(token, options)
+      token_handler = controller.token_handler(token, options)
+    end
+  end
+end

data/lib/token_authenticate_me/session_authentication.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module TokenAuthenticateMe
+  class SessionAuthentication
+    attr :controller
+    def initialize(controller:)
+      @controller = controller
+    end
+    def authenticate(options = {})
+      token = session_key
+      token_handler(token, options)
+    end
+    private
+    def token_handler(token, options)
+      controller.token_handler(token, options)
+    end
+    def session_key
+      controller.session[:key]
+    end
+  end
+end

data/lib/token_authenticate_me/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module TokenAuthenticateMe
-  VERSION = '0.5.3'.freeze
+  VERSION = '0.5.4'.freeze
 end

data/lib/token_authenticate_me.rb CHANGED Viewed

@@ -7,6 +7,24 @@ module TokenAuthenticateMe
   UUID_REGEX = /([a-f0-9]){32}/
+  module Concerns
+    module Controllers
+      autoload :Authenticatable, 'token_authenticate_me/concerns/controllers/authenticateable'
+      autoload :Invitable, 'token_authenticate_me/concerns/controllers/invitable'
+      autoload :PasswordResetable, 'token_authenticate_me/concerns/controllers/password_resetable'
+      autoload :SessionAuthenticateable, 'token_authenticate_me/concerns/controllers/session_authenticateable'
+      autoload :Sessionable, 'token_authenticate_me/concerns/controllers/sessionable'
+      autoload :TokenAuthenticateable, 'token_authenticate_me/concerns/controllers/token_authenticateable'
+      autoload :TokenSessionable, 'token_authenticate_me/concerns/controllers/token_sessionable'
+    end
+    module Models
+      autoload :Authenticatable, 'token_authenticate_me/concerns/models/authenticatable'
+      autoload :Invitable, 'token_authenticate_me/concerns/models/invitable'
+      autoload :Sessionable, 'token_authenticate_me/concerns/models/sessionable'
+    end
+  end
   def configure
     yield configuration
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: token_authenticate_me
 version: !ruby/object:Gem::Version
-  version: 0.5.3
+  version: 0.5.4
 platform: ruby
 authors:
 - Sam Clopton
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-09-13 00:00:00.000000000 Z
+date: 2016-10-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -71,12 +71,14 @@ files:
 - app/controllers/token_authenticate_me/application_controller.rb
 - app/helpers/token_authenticate_me/application_helper.rb
 - app/mailers/token_authenticate_me_mailer.rb
+- app/models/token_authenticate_me/default_token_handler.rb
 - app/models/token_authenticate_me/invite.rb
 - app/models/token_authenticate_me/session.rb
 - app/models/token_authenticate_me/user.rb
 - app/views/token_authenticate_me_mailer/invalid_user_reset_password_email.html.erb
 - app/views/token_authenticate_me_mailer/invalid_user_reset_password_email.text.erb
 - app/views/token_authenticate_me_mailer/invite_user_email.html.erb
+- app/views/token_authenticate_me_mailer/session/new.html.erb
 - app/views/token_authenticate_me_mailer/valid_user_reset_password_email.html.erb
 - app/views/token_authenticate_me_mailer/valid_user_reset_password_email.text.erb
 - config/routes.rb
@@ -91,16 +93,23 @@ files:
 - lib/generators/token_authenticate_me/policies/templates/user_policy.rb
 - lib/tasks/token_authenticate_me_tasks.rake
 - lib/token_authenticate_me.rb
+- lib/token_authenticate_me/authentication.rb
+- lib/token_authenticate_me/concerns/controllers/authenticateable.rb
 - lib/token_authenticate_me/concerns/controllers/invitable.rb
 - lib/token_authenticate_me/concerns/controllers/password_resetable.rb
+- lib/token_authenticate_me/concerns/controllers/session_authenticateable.rb
+- lib/token_authenticate_me/concerns/controllers/session_sessionable.rb
 - lib/token_authenticate_me/concerns/controllers/sessionable.rb
 - lib/token_authenticate_me/concerns/controllers/token_authenticateable.rb
+- lib/token_authenticate_me/concerns/controllers/token_sessionable.rb
 - lib/token_authenticate_me/concerns/models/authenticatable.rb
 - lib/token_authenticate_me/concerns/models/invitable.rb
 - lib/token_authenticate_me/concerns/models/sessionable.rb
 - lib/token_authenticate_me/configuration.rb
 - lib/token_authenticate_me/engine.rb
+- lib/token_authenticate_me/header_authentication.rb
 - lib/token_authenticate_me/models.rb
+- lib/token_authenticate_me/session_authentication.rb
 - lib/token_authenticate_me/version.rb
 - test/dummy/README.rdoc
 - test/dummy/Rakefile