tokenable-ruby 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 40e8d5ec3402eabc0468d0ddc40eccc571b7745719b5101da223d01c504e43ee
-  data.tar.gz: 950d44d72882ffd8a376837ce1150bb81a5c149ce31f45cc2ba90efa3b0d325d
+  metadata.gz: a63844e9ccbdab546defaf4e6e9a3d8e1447a96dd1db93678181fc490c7210eb
+  data.tar.gz: e0f6a5cfcd3276d0809fe9c5293d632ff3a6bbf26c06bb698a6b24833987a460
 SHA512:
-  metadata.gz: a55f04fce6b1aabbc31fc0306793d7680636b1ed29e5397c33e1124e650ccff36e8eb28baaa72c6b3d1cd55785a030aaeed861ac986c4cfbfbe9aec63191650f
-  data.tar.gz: c0b41d1071a8212a09d50fddbd5e75b677e0d96864cf940b79057df16ce31767debf00e4168bab415134c81a428c8e2f029436a18f079817c99a7b975715de5d
+  metadata.gz: e18044255f88cadbe625ab99e2ea00d1c8bf92a6d6e512f00024a93121f010efcdf644b4bd4de3c63a6030d88feb97340cf124c49b73e99a8af7af618309fd93
+  data.tar.gz: d24acf6f7d796c6520efb10f97a7af9593a32d5d89428472454761665b7f3b75876d92e3f8a2907d833e94066d10742705b24a4fabdb2613b476a7196670542c

data/.github/workflows/rubocop.yml

@@ -11,6 +11,6 @@ jobs:
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: 2.7
-      - run: gem install bundler -v 2.2.4
-      - run: bundle install
+          bundler-cache: true
+
       - run: bundle exec rubocop

data/.github/workflows/{test.yml → tests.yml}

@@ -1,9 +1,9 @@
-name: Test
+name: Tests
 
 on: push
 
 jobs:
-  test:
+  rspec:
     strategy:
       fail-fast: false
       matrix:
@@ -12,10 +12,16 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v2
+
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
-      - run: gem install bundler -v 2.2.4
-      - run: bundle install
+          bundler-cache: true
+
+      - run: cd spec/dummy && bundle install
+      - run: cd spec/dummy && bundle exec rails db:create db:migrate
+        env:
+          RAILS_ENV: test
+
       - run: bundle exec rspec

data/.gitignore

@@ -7,3 +7,11 @@
 /spec/reports/
 /tmp/
 Gemfile.lock
+/vendor
+
+spec/dummy/log
+spec/dummy/tmp
+spec/dummy/db/*.sqlite3
+spec/dummy/config/master.key
+
+*.gem

data/.rubocop.yml

@@ -1,5 +1,18 @@
+require:
+  - rubocop-rake
+  - rubocop-rspec
+
 AllCops:
+  NewCops: enable
   TargetRubyVersion: 2.5
+  Exclude:
+    - "spec/dummy/**/*"
+    - "vendor/**/*"
+    - "tmp/**/*"
+
+Naming/FileName:
+  Exclude:
+    - 'lib/tokenable-ruby.rb'
 
 Style/Documentation:
   Enabled: false
@@ -20,3 +33,45 @@ Style/TrailingCommaInHashLiteral:
 
 Layout/LineLength:
   Max: 150
+  Exclude:
+    - "spec/**/*"
+
+Lint/EmptyBlock:
+  Enabled: false
+
+Metrics/AbcSize:
+  Enabled: false
+
+Metrics/MethodLength:
+  Enabled: false
+
+Metrics/BlockLength:
+  Exclude:
+    - "spec/**/*"
+
+Style/ClassVars:
+  Enabled: false
+
+RSpec/MultipleExpectations:
+  Enabled: false
+
+RSpec/ImplicitBlockExpectation:
+  Enabled: false
+
+RSpec/DescribedClass:
+  Enabled: false
+
+RSpec/StubbedMock:
+  Enabled: false
+
+RSpec/MessageSpies:
+  Enabled: false
+
+RSpec/NamedSubject:
+  Enabled: false
+
+RSpec/ExampleLength:
+  Enabled: false
+
+RSpec/FilePath:
+  Enabled: false

data/Gemfile

@@ -4,7 +4,22 @@ source 'https://rubygems.org'
 
 gemspec
 
-gem 'rake', '~> 13.0'
+gem 'tzinfo-data', platforms: %i[mingw mswin x64_mingw jruby]
 
-gem 'rspec', '~> 3.10'
-gem 'rubocop', '~> 0.80'
+gem 'rake'
+
+group :test do
+  gem 'bcrypt'
+  gem 'codecov', require: false, git: 'https://github.com/codecov/codecov-ruby.git'
+  gem 'database_cleaner-active_record', '1.8.0'
+  gem 'generator_spec', '0.9.4'
+  gem 'rails'
+  gem 'rails-controller-testing', '1.0.5'
+  gem 'rspec-rails', '4.0.2'
+  gem 'rubocop', '1.8.1'
+  gem 'rubocop-rails', '2.9.1'
+  gem 'rubocop-rake', '0.5.1'
+  gem 'rubocop-rspec', '2.1.0'
+  gem 'simplecov', '~> 0.2'
+  gem 'sqlite3', '1.4.2'
+end

data/README.md

@@ -1,17 +1,20 @@
 # Tokenable
 
-![Test](https://github.com/tokenable/tokenable-ruby/workflows/Test/badge.svg)
+![Tests](https://github.com/tokenable/tokenable-ruby/workflows/Tests/badge.svg)
+[![codecov](https://codecov.io/gh/tokenable/tokenable-ruby/branch/main/graph/badge.svg?token=URF456H8RI)](https://codecov.io/gh/tokenable/tokenable-ruby)
+![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)
+![Project Status: WIP – Development is in progress](https://www.repostatus.org/badges/latest/wip.svg)
 
-Tokenable is a gem for Rails to enable the ability for API applications to provide Authentication.
+Tokenable is a Rails gem that allows API-only applications a way to authenticate users. This can be helpful when building Single Page Applications, or Mobile Applications.
 
-This allows you to provide authentication to mobile apps, or SPAs with ease.
+Simply send a login request to the authentication endpoint, and Tokenable will return a token. This token can then be used to access your API, and any authenticated endpoints.
 
 ## Installation
 
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'tokenable'
+gem 'tokenable-ruby', git: 'https://github.com/tokenable/tokenable-ruby.git', branch: 'main'
 ```
 
 And then execute:
@@ -22,103 +25,78 @@ bundle install
 
 ## Usage
 
-In your `config/routes.rb`, please add:
+Once you have the gem installed, lets get it setup:
 
-```ruby
-mount Tokenable::Engine => '/api/auth'
+```bash
+rails generate tokenable:install User --strategy=devise
 ```
 
-And in your `User` model, please add an Auth Strategy. For example, if you are using `has_secure_password`, then you could use:
-
-```ruby
-class User < ApplicationRecord
-  include Tokenable::Strategies::SecurePassword
+We make it easier for you, by adding out of the box support for some auth libraries. You can pick from the following options for `--strategy`, or leave it empty for a [custom strategy](https://github.com/tokenable/tokenable-ruby/wiki/Create-your-own-statergy):
 
-  has_secure_password
-end
-```
+- [devise](https://github.com/heartcombo/devise)
+- [sorcery](https://github.com/Sorcery/sorcery)
+- [secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html)
 
-You can chose from:
+This will add a route, the configuration file at `config/initializers/tokenable.rb`, and add the required includes to your User model. There are no migrations to run in the default configuration.
 
-- `Tokenable::Strategies::SecurePassword`
-- `Tokenable::Strategies::Devise`
+### Controllers
 
-You can also create your own stragery. This is as simple as creating a method on the User object.
+To limit access to your controllers/endpoints, you will need to include Tokenable.
 
 ```ruby
-def self.from_tokenable_params(params)
-  user = User.find_by(something: params[:something])
-  return nil unless user.present?
+class SomeController < ApplicationController
+  include Tokenable::Authable
 
-  return nil unless user.password_valid?(params[:password])
-  user
+  before_action :require_tokenable_user!
 end
 ```
 
+After you have done this, the following methods are available:
+
+- `current_user`
+- `user_signed_in?`
+
 ### Invalidate Tokens
 
-If you want to be able to invalidate tokens from the server, then you can add `Tokenable::Verifier`.
+Sometime you want to be able to force a user (or users) to login again. You can do this by adding the Verifier. To install this, run:
 
-```ruby
-class User < ApplicationRecord
-  include Tokenable::Verifier
-end
+```
+rails generate tokenable:verifier User
 ```
 
-And running the following migration:
+And then run your migrations:
 
-```bash
-rails g migration AddTokenableVerifierToUsers tokenable_verifier:string
+```
+rails db:migrate
 ```
 
 You can now invalidate all tokens by calling `user.invalidate_tokens!`.
 
 ### Token Expiry
 
-By default, tokens will live forever. If you want to change this, you can set a config option (see below for how to set that up).
+By default, tokens expire after 7 days. If you want to change this, you can set a config option.
 
 ```ruby
+# Expire in 7 days (default)
 Tokenable::Config.lifespan = 7.days
-```
 
-### Configuration Options
-
-Tokenable works out of the box, with no config required, however you can tweak the settings, by creating `config/initializers/tokenable.rb` file.
-
-```ruby
-# The secret used to create these tokens. This is then used to verify the
-# token is valid. Note: Tokens are not encrypted, and container the user_id.
-# Default: Rails.application.secret_key_base
-Tokenable::Config.secret = 'a-256-bit-string'
+# Tokens will never expire
+Tokenable::Config.lifespan = nil
 ```
 
-### Example Usage
+### Example Use Cases
 
-Once you have this setup, you can login. For example, you could login using `axios` in JavaScript:
+Once you have this setup, you will then be able to integrate your Rails API with a mobile app, single page application, or any other type of system. Here are some example use cases:
 
-```js
-const { data } = await axios.post("https://example.com/api/auth", {
-  email: "email@example.com",
-  password: "coolpassword123",
-});
-
-const token = data.data.token;
-const user_id = data.data.user_id;
-```
-
-You then use this token in all future API requests:
-
-```js
-const { data } = await axios.get(`https://example.com/api/user/${user_id}`, {
-  headers: { Authorization: `Bearer ${token}` },
-});
-```
+- [Using Tokenable with Nuxt.js Auth](https://github.com/tokenable/tokenable-ruby/wiki/Integration-with-Nuxt.js-Auth)
+- [Using Tokenable with Axios](https://github.com/tokenable/tokenable-ruby/wiki/Integration-with-Axios)
+- [Using Tokenable with Curl](https://github.com/tokenable/tokenable-ruby/wiki/Curl-Example)
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+After checking out the repo, run `bin/setup` to install dependencies.
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+Then, run `bundle exec rspec` to run the tests.
 
 ## Contributing
 

data/lib/generators/templates/routes.rb.erb

@@ -0,0 +1,2 @@
+Rails.application.routes.draw do
+end

data/lib/generators/templates/tokenable.rb.erb

@@ -0,0 +1,12 @@
+# How long should the token be valid for?
+# After this time, it will return Tokenable::Unauthorized
+# You can set this to nil for tokens to never expire
+Tokenable::Config.lifespan = 7.days
+
+# The class in which your User resides.
+Tokenable::Config.user_class = <%= name %>
+
+# The secret used to create these tokens. This is then used to verify the
+# token is valid. Note: Tokens are not encrypted, and container the user_id.
+# You can change this to any 256-bit string
+Tokenable::Config.secret = Rails.application.secret_key_base

data/lib/generators/templates/verifier_migration.rb.erb

@@ -0,0 +1,5 @@
+class AddTokenableVerifierTo<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
+  def change
+    add_column :<%= table_name %>, :tokenable_verifier, :string
+  end
+end

data/lib/generators/tokenable/install_generator.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'rails/generators/active_record'
+
+module Tokenable
+  module Generators
+    class InstallGenerator < Rails::Generators::NamedBase
+      source_root File.expand_path('../templates', __dir__)
+      class_option :strategy, type: :string
+
+      def install_config
+        template 'tokenable.rb.erb', 'config/initializers/tokenable.rb'
+        template 'routes.rb.erb', 'config/routes.rb' unless routes_file_exists?
+        route "mount Tokenable::Engine => '/api/auth'"
+      end
+
+      def setup_strategy
+        unless options.strategy
+          say_status :skip, 'strategy (none provided)', :yellow
+          return
+        end
+
+        if options.strategy.in?(list_of_strategies)
+          invoke 'active_record:model', [name], migration: false unless model_exists?
+
+          strategy_class = options.strategy.classify
+          model_path = "app/models/#{file_name}.rb"
+          already_injected = File.open(File.join(destination_root, model_path)).grep(/Tokenable::Strategies/).any?
+
+          if already_injected
+            say_status :skip, 'a strategy is already in this model', :yellow
+          else
+            inject_into_file model_path, "  include Tokenable::Strategies::#{strategy_class}\n", after: " < ApplicationRecord\n"
+          end
+        else
+          say_status :failure, "stargery not found (#{options.strategy}). Available: #{list_of_strategies.join(", ")}", :red
+        end
+      end
+
+      private
+
+      def model_exists?
+        File.exist?(File.join(destination_root, "app/models/#{file_name}.rb"))
+      end
+
+      def routes_file_exists?
+        File.exist?(File.join(destination_root, 'config/routes.rb'))
+      end
+
+      def list_of_strategies
+        Dir.entries(File.expand_path('../../tokenable/strategies', __dir__))
+           .reject { |f| File.directory?(f) }
+           .map { |f| File.basename(f, File.extname(f)) }
+           .compact
+      end
+    end
+  end
+end

data/lib/generators/tokenable/verifier_generator.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'rails/generators/active_record'
+
+module Tokenable
+  module Generators
+    class VerifierGenerator < ActiveRecord::Generators::Base
+      source_root File.expand_path('../templates', __dir__)
+
+      def generate_model
+        invoke 'active_record:model', [name], migration: false unless model_exists? && behavior == :invoke
+      end
+
+      def add_to_model
+        model_path = "app/models/#{file_name}.rb"
+        already_injected = File.open(File.join(destination_root, model_path)).grep(/Tokenable::Verifier/).any?
+
+        if already_injected
+          say_status :skip, 'verifier is already in this model', :yellow
+        else
+          inject_into_file "app/models/#{file_name}.rb", "  include Tokenable::Verifier\n", after: " < ApplicationRecord\n"
+        end
+      end
+
+      def add_migration
+        migration_template 'verifier_migration.rb.erb', "db/migrate/add_tokenable_verifier_to_#{table_name}.rb"
+      end
+
+      private
+
+      def model_exists?
+        File.exist?(File.join(destination_root, "app/models/#{file_name}.rb"))
+      end
+
+      def migration_version
+        "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]" if Rails::VERSION::MAJOR >= 5
+      end
+    end
+  end
+end

data/lib/tokenable-ruby.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require_relative 'tokenable'

data/lib/tokenable/authable.rb

@@ -14,7 +14,7 @@ module Tokenable
     end
 
     def current_user
-      @current_user ||= user_class.find(jwt_user_id)
+      @current_user ||= user_class.find_by(id: jwt_user_id)
     rescue Tokenable::Unauthorized
       nil
     end
@@ -42,7 +42,7 @@ module Tokenable
     end
 
     def token_from_header
-      request.authorization.to_s.split(' ').last
+      request.authorization.to_s.split.last
     end
 
     def token_from_user(user)
@@ -56,6 +56,8 @@ module Tokenable
 
       jwt_data[:data][:verifier] = user.current_verifier if verifier_enabled?
 
+      raise Tokenable::Unauthorized, 'No secret key was provided' unless jwt_secret
+
       JWT.encode(jwt_data, jwt_secret, 'HS256')
     end
 

data/lib/tokenable/config.rb

@@ -3,8 +3,9 @@
 module Tokenable
   class Config
     # How long should the token last before it expires?
-    # E.G: Tokenable::Config.lifespan = 7.days
-    mattr_accessor :lifespan, default: nil
+    # E.G: Tokenable::Config.lifespan = 14.days
+    # You could set this to nil to disable expiring keys
+    mattr_writer :lifespan, default: -> { 7.days }
 
     # The secret used by JWT to encode the Token.
     # We default to Rails secret_key_base

data/lib/tokenable/controllers/tokens_controller.rb

@@ -4,9 +4,13 @@ module Tokenable
   class TokensController < ::ActionController::API
     include Authable
 
+    rescue_from 'Tokenable::Unauthorized' do
+      render json: { error: 'Login failed, please try again.' }, status: 401
+    end
+
     def create
-      user = User.from_tokenable_params(params)
-      raise Tokenable::Unauthorized unless user
+      user = Tokenable::Config.user_class.from_tokenable_params(params)
+      raise Tokenable::Unauthorized, 'No user returned by strategy' unless user
 
       response = {
         data: {

data/lib/tokenable/engine.rb

@@ -2,6 +2,7 @@
 
 require_relative 'controllers/tokens_controller'
 require_relative 'strategies/devise'
+require_relative 'strategies/sorcery'
 require_relative 'strategies/secure_password'
 
 module Tokenable

data/lib/tokenable/strategies/devise.rb

@@ -9,7 +9,7 @@ module Tokenable
         def from_tokenable_params(params)
           email, password = parse_auth_params(params)
 
-          user = User.find_by(email: email)
+          user = Tokenable::Config.user_class.find_by(email: email)
           return nil unless user
 
           return nil unless user.valid_password?(password)
@@ -21,8 +21,8 @@ module Tokenable
 
         def parse_auth_params(params)
           [
-            params.require(:email),
-            params.require(:password),
+            params[:email],
+            params[:password],
           ]
         end
       end

data/lib/tokenable/strategies/secure_password.rb

@@ -9,7 +9,7 @@ module Tokenable
         def from_tokenable_params(params)
           email, password = parse_auth_params(params)
 
-          user = User.find_by(email: email)
+          user = Tokenable::Config.user_class.find_by(email: email)
           return nil unless user
 
           return nil unless user.authenticate(password)
@@ -21,8 +21,8 @@ module Tokenable
 
         def parse_auth_params(params)
           [
-            params.require(:email),
-            params.require(:password),
+            params[:email],
+            params[:password],
           ]
         end
       end

data/lib/tokenable/strategies/sorcery.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Tokenable
+  module Strategies
+    module Sorcery
+      extend ActiveSupport::Concern
+
+      class_methods do
+        def from_tokenable_params(params)
+          email, password = parse_auth_params(params)
+
+          user = Tokenable::Config.user_class.find_by(email: email)
+          return nil unless user
+
+          return nil unless user.valid_password?(password)
+
+          user
+        end
+
+        private
+
+        def parse_auth_params(params)
+          [
+            params[:email],
+            params[:password],
+          ]
+        end
+      end
+    end
+  end
+end

data/lib/tokenable/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Tokenable
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: tokenable-ruby
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Marc Qualie
 - Scott Robertson
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-01-17 00:00:00.000000000 Z
+date: 2021-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -51,7 +51,7 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '6.2'
-description: 
+description:
 email:
 - marc@marcqualie.com
 - scott@scottrobertson.me
@@ -61,7 +61,7 @@ extra_rdoc_files: []
 files:
 - ".github/workflows/publish.yml"
 - ".github/workflows/rubocop.yml"
-- ".github/workflows/test.yml"
+- ".github/workflows/tests.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
@@ -73,6 +73,12 @@ files:
 - bin/console
 - bin/setup
 - config/routes.rb
+- lib/generators/templates/routes.rb.erb
+- lib/generators/templates/tokenable.rb.erb
+- lib/generators/templates/verifier_migration.rb.erb
+- lib/generators/tokenable/install_generator.rb
+- lib/generators/tokenable/verifier_generator.rb
+- lib/tokenable-ruby.rb
 - lib/tokenable.rb
 - lib/tokenable/authable.rb
 - lib/tokenable/config.rb
@@ -81,6 +87,7 @@ files:
 - lib/tokenable/railtie.rb
 - lib/tokenable/strategies/devise.rb
 - lib/tokenable/strategies/secure_password.rb
+- lib/tokenable/strategies/sorcery.rb
 - lib/tokenable/verifier.rb
 - lib/tokenable/version.rb
 - tokenable-ruby.gemspec
@@ -91,7 +98,7 @@ metadata:
   homepage_uri: https://github.com/tokenable/tokenable-ruby
   source_code_uri: https://github.com/tokenable/tokenable-ruby
   changelog_uri: https://github.com/tokenable/tokenable-ruby/releases
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -106,8 +113,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key: 
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: JWT authentication for Rails API's
 test_files: []