touth 0.0.2 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +43 -9
- data/lib/touth.rb +10 -5
- data/lib/touth/acts_as_token_authenticatable.rb +1 -2
- data/lib/touth/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a982bb3f2804af9044cbc34c112d9e9169e2c060
|
|
4
|
+
data.tar.gz: 69d657f673a36d5145ce472dd03f83ef005f2ede
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 01374f38683aafa8ea082f89e4a376fcf204ae116fa4416583f18480e7644250ec2e716dbd9c68be7f0d65dafa1a1f7866aa23850ac1d78301cfc4c10dee2615
|
|
7
|
+
data.tar.gz: d43b3269705ba47bef2ec31a2ed958a5bcade63732cf27ff840f7cb2a835de0818357cfa34d21d44c726ce8846694e22b90811e4c6a398a5372410ac9104f298
|
data/README.md
CHANGED
|
@@ -3,7 +3,10 @@ Touth
|
|
|
3
3
|
|
|
4
4
|
Secure and simple token based authentication for Rails.
|
|
5
5
|
|
|
6
|
-
|
|
6
|
+
- No extra dependencies
|
|
7
|
+
- No migrations necessary
|
|
8
|
+
- Store-less access token verification
|
|
9
|
+
- Flexible lifetime
|
|
7
10
|
|
|
8
11
|
|
|
9
12
|
Getting started
|
|
@@ -11,7 +14,7 @@ Getting started
|
|
|
11
14
|
|
|
12
15
|
Touth works with Rails 3.x and 4.x. Add this line to Gemfile:
|
|
13
16
|
|
|
14
|
-
```
|
|
17
|
+
```ruby
|
|
15
18
|
gem 'touth'
|
|
16
19
|
```
|
|
17
20
|
|
|
@@ -59,7 +62,17 @@ Usage
|
|
|
59
62
|
```ruby
|
|
60
63
|
user_account = UserAccount.first
|
|
61
64
|
|
|
62
|
-
|
|
65
|
+
|
|
66
|
+
# create access token for default lifetime
|
|
67
|
+
t1 = user_account.access_token #=> "9619feb4b8d54352ae07588d011da48385c8c4f072ab889d3996d127ad2142fc6213d553"
|
|
68
|
+
|
|
69
|
+
|
|
70
|
+
# create token expires in 20 secounds
|
|
71
|
+
t2 = user_account.access_token 20 #=> "ad60fa5bb2d05e72ac943c6d409e18e6cc24c15eae9833f66c8aab391241475fe2bd0954"
|
|
72
|
+
|
|
73
|
+
user_account.valid_access_token? t2 #=> true
|
|
74
|
+
sleep 20
|
|
75
|
+
user_account.valid_access_token? t2 #=> false
|
|
63
76
|
```
|
|
64
77
|
|
|
65
78
|
### Authentication by request headers
|
|
@@ -69,6 +82,16 @@ X-Auth-ID: 1
|
|
|
69
82
|
X-Auth-Token: 9619feb4b8d54352ae07588d011da48385c8c4f072ab889d3996d127ad2142fc6213d553
|
|
70
83
|
```
|
|
71
84
|
|
|
85
|
+
### Invalidation
|
|
86
|
+
|
|
87
|
+
**1. Invalidate all old access token**
|
|
88
|
+
|
|
89
|
+
Change `client_secret_key` in initializer.
|
|
90
|
+
|
|
91
|
+
**2. Invalidate all old access token of specific user**
|
|
92
|
+
|
|
93
|
+
Owner (an user) can do with changing his password.
|
|
94
|
+
|
|
72
95
|
|
|
73
96
|
Configuation
|
|
74
97
|
------------
|
|
@@ -77,9 +100,20 @@ Touth can be customized with an initializer in `config/initializers/touth.rb`.
|
|
|
77
100
|
|
|
78
101
|
```ruby
|
|
79
102
|
Touth.setup do |config|
|
|
103
|
+
|
|
104
|
+
# Default lifetime of access token.
|
|
80
105
|
config.access_token_lifetime = 60.days
|
|
81
|
-
|
|
82
|
-
|
|
106
|
+
|
|
107
|
+
# Secret key is used for verifying the integrity of access token.
|
|
108
|
+
# If you change this key, all old access token will become invalid.
|
|
109
|
+
# You can use rake secret or SecureRandom.hex(64) to generate one.
|
|
110
|
+
config.client_secret_key = ''
|
|
111
|
+
|
|
112
|
+
# Password field in your model.
|
|
113
|
+
# Owner can invalidate all old access token by changing owner's password.
|
|
114
|
+
# :encrypted_password will work nice with devise model.
|
|
115
|
+
config.password_field = :encrypted_password
|
|
116
|
+
|
|
83
117
|
end
|
|
84
118
|
```
|
|
85
119
|
|
|
@@ -92,15 +126,15 @@ Contributions are always welcome!
|
|
|
92
126
|
### Bug reports
|
|
93
127
|
|
|
94
128
|
1. Ensure the bug can be reproduced on the latest master.
|
|
95
|
-
|
|
96
|
-
|
|
129
|
+
1. Check it's not a duplicate.
|
|
130
|
+
1. Raise an issue.
|
|
97
131
|
|
|
98
132
|
|
|
99
133
|
### Pull requests
|
|
100
134
|
|
|
101
135
|
1. Fork the repository.
|
|
102
|
-
|
|
103
|
-
|
|
136
|
+
1. Create a branch.
|
|
137
|
+
1. Create a new pull request.
|
|
104
138
|
|
|
105
139
|
|
|
106
140
|
License
|
data/lib/touth.rb
CHANGED
|
@@ -31,20 +31,25 @@ module Touth
|
|
|
31
31
|
class << self
|
|
32
32
|
|
|
33
33
|
def setup
|
|
34
|
-
@
|
|
35
|
-
yield @
|
|
34
|
+
@config ||= Configuration.new
|
|
35
|
+
yield @config if block_given?
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def digest(data)
|
|
39
|
+
@digest_method ||= OpenSSL::Digest.new 'sha256'
|
|
40
|
+
OpenSSL::HMAC.digest @digest_method, self.client_secret_key, data
|
|
36
41
|
end
|
|
37
42
|
|
|
38
43
|
def method_missing(method_name, *args, &block)
|
|
39
|
-
if @
|
|
40
|
-
@
|
|
44
|
+
if @config.respond_to? method_name
|
|
45
|
+
@config.send method_name, *args, &block
|
|
41
46
|
else
|
|
42
47
|
super
|
|
43
48
|
end
|
|
44
49
|
end
|
|
45
50
|
|
|
46
51
|
def respond_to?(method_name, include_private = false)
|
|
47
|
-
@
|
|
52
|
+
@config.respond_to? method_name
|
|
48
53
|
end
|
|
49
54
|
|
|
50
55
|
end
|
data/lib/touth/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: touth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Yuki Iwanaga
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-07-
|
|
11
|
+
date: 2014-07-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|