touth 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 897c36cb2334dae65ce580c4a3b952045b1b5d43
4
+ data.tar.gz: 6bd3f571f4c5cf62bae2a7164b0174623e03e8c5
5
+ SHA512:
6
+ metadata.gz: e5190b10304a511c916cb90a921c343ce46510c2386268cd49b0de5ef162aac3c6fdb723deeee385918ea1aec37950b73a4dfef073cb58fbf15ca972e34a4a6b
7
+ data.tar.gz: 1bf88d5b71449557118e117c4bfdf1cd09969aeebf601b15ff9ab3c8ece3b67fae66902ee23def5766409752338da0ae0eee8034094df97b2a4e238fbb6410c9
@@ -0,0 +1,22 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
18
+ *.bundle
19
+ *.so
20
+ *.o
21
+ *.a
22
+ mkmf.log
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in touth.gemspec
4
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2014 Yuki Iwanaga
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,111 @@
1
+ Touth
2
+ =====
3
+
4
+ Secure and simple token based authentication for Rails.
5
+
6
+ No dependencies. No migration necessary. Session-less.
7
+
8
+
9
+ Getting started
10
+ ---------------
11
+
12
+ Touth works with Rails 3.x and 4.x. Add this line to Gemfile:
13
+
14
+ ```rub
15
+ gem 'touth'
16
+ ```
17
+
18
+ ### Model
19
+
20
+ ```ruby
21
+ class UserAccount < ActiveRecord::Base
22
+
23
+ acts_as_token_authenticatable
24
+
25
+ end
26
+ ```
27
+
28
+ ### Controller
29
+
30
+ ```ruby
31
+ class ApplicationController < ActionController::Base
32
+
33
+ token_authentication_for :user_account
34
+
35
+ end
36
+ ```
37
+
38
+ ### Helper methods
39
+
40
+ Checking if a user is signed in, and getting the current signed-in user, the following Devise-like helpers is available:
41
+
42
+ - `user_account_signed_in?`
43
+ - `current_user_account`
44
+
45
+ ### Hooks
46
+
47
+ - `authenticate_entity_from_token!`
48
+
49
+ ### Fallbacks
50
+
51
+ - `token_authentication_error!(type)`
52
+
53
+
54
+ Usage
55
+ -----
56
+
57
+ ### Access token generation
58
+
59
+ ```ruby
60
+ user_account = UserAccount.first
61
+
62
+ user_account.access_token
63
+ ```
64
+
65
+ ### Authentication by request headers
66
+
67
+ ```
68
+ X-Auth-ID: 1
69
+ X-Auth-Token: 9619feb4b8d54352ae07588d011da48385c8c4f072ab889d3996d127ad2142fc6213d553
70
+ ```
71
+
72
+
73
+ Configuation
74
+ ------------
75
+
76
+ Touth can be customized with an initializer in `config/initializers/touth.rb`.
77
+
78
+ ```ruby
79
+ Touth.setup do |config|
80
+ config.access_token_lifetime = 60.days
81
+ config.client_secret_key = '' # use SecureRandom.hex(64) to generate one
82
+ config.password_field = :encrypted_password # works nice with devise
83
+ end
84
+ ```
85
+
86
+
87
+ Contributing
88
+ ------------
89
+
90
+ Contributions are always welcome!
91
+
92
+ ### Bug reports
93
+
94
+ 1. Ensure the bug can be reproduced on the latest master.
95
+ 2. Check it's not a duplicate.
96
+ 3. Raise an issue.
97
+
98
+
99
+ ### Pull requests
100
+
101
+ 1. Fork the repository.
102
+ 2. Create a branch.
103
+ 6. Create a new pull request.
104
+
105
+
106
+ License
107
+ -------
108
+
109
+ This project is copyright by [Creasty](http://www.creasty.com), released under the MIT lisence.
110
+ See `LICENSE` file for details.
111
+
@@ -0,0 +1,2 @@
1
+ require "bundler/gem_tasks"
2
+
@@ -0,0 +1,69 @@
1
+ require 'active_support'
2
+
3
+ require_relative 'touth/engine' if defined? Rails
4
+
5
+
6
+ # Touth
7
+ #-----------------------------------------------
8
+ module Touth
9
+
10
+ extend ActiveSupport::Autoload
11
+
12
+ autoload :ActsAsTokenAuthenticatable
13
+ autoload :ActiveRecordSupport
14
+ autoload :ActionControllerSupport
15
+ autoload :VERSION
16
+
17
+ class Configuration
18
+
19
+ attr_accessor :access_token_lifetime,
20
+ :client_secret_key,
21
+ :password_field
22
+
23
+ def initialize
24
+ @access_token_lifetime = 60 * (24 * 60 * 60) # 60 days
25
+ @client_secret_key = '' # use SecureRandom.hex(64) to generate one
26
+ @password_field = :encrypted_password
27
+ end
28
+
29
+ end
30
+
31
+ class << self
32
+
33
+ def setup
34
+ @configuration ||= Configuration.new
35
+ yield @configuration if block_given?
36
+ end
37
+
38
+ def method_missing(method_name, *args, &block)
39
+ if @configuration.respond_to? method_name
40
+ @configuration.send method_name, *args, &block
41
+ else
42
+ super
43
+ end
44
+ end
45
+
46
+ def respond_to?(method_name, include_private = false)
47
+ @configuration.respond_to? method_name
48
+ end
49
+
50
+ end
51
+
52
+ end
53
+
54
+
55
+ # Setup
56
+ #-----------------------------------------------
57
+ Touth.setup
58
+
59
+
60
+ # Include
61
+ #-----------------------------------------------
62
+ ActiveSupport.on_load(:active_record) do
63
+ extend Touth::ActiveRecordSupport::ClassMethods
64
+ end
65
+ ActiveSupport.on_load(:action_controller) do
66
+ extend Touth::ActionControllerSupport::ClassMethods
67
+ include Touth::ActionControllerSupport::InstanceMethods
68
+ end
69
+
@@ -0,0 +1,65 @@
1
+ module Touth
2
+ module ActionControllerSupport
3
+
4
+ module ClassMethods
5
+
6
+ mattr_accessor :token_authentication_on
7
+
8
+ def token_authentication_for(scope)
9
+ name = scope.to_s
10
+
11
+ self.token_authentication_on = {
12
+ model_class: name.camelize.constantize,
13
+ current: nil,
14
+ }
15
+
16
+ before_action :authenticate_entity_from_token!
17
+
18
+ define_method "#{name}_signed_in?" do
19
+ !!self.class.token_authentication_on[:current]
20
+ end
21
+
22
+ define_method "current_#{name}" do
23
+ self.class.token_authentication_on[:current]
24
+ end
25
+ end
26
+
27
+ end
28
+
29
+ module InstanceMethods
30
+
31
+ protected
32
+
33
+ def token_authentication_header
34
+ @token_authentication_header ||= {
35
+ id: request.headers['X-Auth-ID'],
36
+ token: request.headers['X-Auth-Token'],
37
+ }
38
+ end
39
+
40
+ def authenticate_entity_from_token!
41
+ id = token_authentication_header[:id]
42
+
43
+ model = id.present? \
44
+ && self.class.token_authentication_on[:model_class].find(id)
45
+
46
+ unless model
47
+ return token_authentication_error! :no_entity
48
+ end
49
+
50
+ unless model.valid_access_token? token_authentication_header[:token]
51
+ return token_authentication_error! :invalid_token
52
+ end
53
+
54
+ self.class.token_authentication_on[:current] = model
55
+ end
56
+
57
+ def token_authentication_error!(type)
58
+ render nothing: true, status: :unauthorized
59
+ false
60
+ end
61
+
62
+ end
63
+
64
+ end
65
+ end
@@ -0,0 +1,13 @@
1
+ module Touth
2
+ module ActiveRecordSupport
3
+
4
+ module ClassMethods
5
+
6
+ def acts_as_token_authenticatable
7
+ include Touth::ActsAsTokenAuthenticatable
8
+ end
9
+
10
+ end
11
+
12
+ end
13
+ end
@@ -0,0 +1,37 @@
1
+ module Touth
2
+ module ActsAsTokenAuthenticatable
3
+
4
+ def access_token(lifetime = Touth.access_token_lifetime)
5
+ expires_at = Time.now.to_i + lifetime
6
+
7
+ "#{access_token_id(expires_at)}#{[expires_at].pack('V')}".unpack('H*')[0]
8
+ end
9
+
10
+ def valid_access_token?(token)
11
+ begin
12
+ data = [token].pack 'H*'
13
+ token_id, timestamp = data[0..0x1f], data[0x20..-1]
14
+ expires_at = timestamp.unpack('V')[0]
15
+
16
+ access_token_id(expires_at) == token_id && Time.now.to_i < expires_at
17
+ rescue
18
+ false
19
+ end
20
+ end
21
+
22
+ private
23
+
24
+ def access_token_id(expires_at)
25
+ raw = [
26
+ expires_at,
27
+ self.class.name,
28
+ self.id,
29
+ self.send(Touth.password_field),
30
+ ].join ':'
31
+
32
+ digest = OpenSSL::Digest.new 'sha256'
33
+ OpenSSL::HMAC.digest digest, Touth.client_secret_key, raw
34
+ end
35
+
36
+ end
37
+ end
@@ -0,0 +1,6 @@
1
+ require 'rails/engine'
2
+
3
+ module ActsAsTaggableOn
4
+ class Engine < Rails::Engine
5
+ end
6
+ end
@@ -0,0 +1,3 @@
1
+ module Touth
2
+ VERSION = '0.0.1'
3
+ end
@@ -0,0 +1,25 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'touth/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = 'touth'
8
+ spec.version = Touth::VERSION
9
+ spec.authors = ['Yuki Iwanaga']
10
+ spec.email = ['yuki@creasty.com']
11
+ spec.summary = 'Token based authentication'
12
+ spec.description = 'Secure and simple token based authentication for Rails 4'
13
+ spec.homepage = 'https://github.com/creasty/touth'
14
+ spec.license = 'MIT'
15
+
16
+ spec.files = `git ls-files -z`.split("\x0")
17
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
+ spec.require_paths = ['lib']
20
+
21
+ spec.add_dependency 'activesupport', '~> 4.1', '>= 3.2'
22
+
23
+ spec.add_development_dependency 'bundler', '~> 1.6'
24
+ spec.add_development_dependency 'rake', '~> 10.3'
25
+ end
metadata ADDED
@@ -0,0 +1,104 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: touth
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Yuki Iwanaga
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2014-07-07 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: activesupport
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '4.1'
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: '3.2'
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: '4.1'
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: '3.2'
33
+ - !ruby/object:Gem::Dependency
34
+ name: bundler
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - "~>"
38
+ - !ruby/object:Gem::Version
39
+ version: '1.6'
40
+ type: :development
41
+ prerelease: false
42
+ version_requirements: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - "~>"
45
+ - !ruby/object:Gem::Version
46
+ version: '1.6'
47
+ - !ruby/object:Gem::Dependency
48
+ name: rake
49
+ requirement: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - "~>"
52
+ - !ruby/object:Gem::Version
53
+ version: '10.3'
54
+ type: :development
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - "~>"
59
+ - !ruby/object:Gem::Version
60
+ version: '10.3'
61
+ description: Secure and simple token based authentication for Rails 4
62
+ email:
63
+ - yuki@creasty.com
64
+ executables: []
65
+ extensions: []
66
+ extra_rdoc_files: []
67
+ files:
68
+ - ".gitignore"
69
+ - Gemfile
70
+ - LICENSE
71
+ - README.md
72
+ - Rakefile
73
+ - lib/touth.rb
74
+ - lib/touth/action_controller_support.rb
75
+ - lib/touth/active_record_support.rb
76
+ - lib/touth/acts_as_token_authenticatable.rb
77
+ - lib/touth/engine.rb
78
+ - lib/touth/version.rb
79
+ - touth.gemspec
80
+ homepage: https://github.com/creasty/touth
81
+ licenses:
82
+ - MIT
83
+ metadata: {}
84
+ post_install_message:
85
+ rdoc_options: []
86
+ require_paths:
87
+ - lib
88
+ required_ruby_version: !ruby/object:Gem::Requirement
89
+ requirements:
90
+ - - ">="
91
+ - !ruby/object:Gem::Version
92
+ version: '0'
93
+ required_rubygems_version: !ruby/object:Gem::Requirement
94
+ requirements:
95
+ - - ">="
96
+ - !ruby/object:Gem::Version
97
+ version: '0'
98
+ requirements: []
99
+ rubyforge_project:
100
+ rubygems_version: 2.2.2
101
+ signing_key:
102
+ specification_version: 4
103
+ summary: Token based authentication
104
+ test_files: []