touth 0.0.2 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +43 -9
- data/lib/touth.rb +10 -5
- data/lib/touth/acts_as_token_authenticatable.rb +1 -2
- data/lib/touth/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a982bb3f2804af9044cbc34c112d9e9169e2c060
|
|
4
|
+
data.tar.gz: 69d657f673a36d5145ce472dd03f83ef005f2ede
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 01374f38683aafa8ea082f89e4a376fcf204ae116fa4416583f18480e7644250ec2e716dbd9c68be7f0d65dafa1a1f7866aa23850ac1d78301cfc4c10dee2615
|
|
7
|
+
data.tar.gz: d43b3269705ba47bef2ec31a2ed958a5bcade63732cf27ff840f7cb2a835de0818357cfa34d21d44c726ce8846694e22b90811e4c6a398a5372410ac9104f298
|
data/README.md
CHANGED
|
@@ -3,7 +3,10 @@ Touth
|
|
|
3
3
|
|
|
4
4
|
Secure and simple token based authentication for Rails.
|
|
5
5
|
|
|
6
|
-
|
|
6
|
+
- No extra dependencies
|
|
7
|
+
- No migrations necessary
|
|
8
|
+
- Store-less access token verification
|
|
9
|
+
- Flexible lifetime
|
|
7
10
|
|
|
8
11
|
|
|
9
12
|
Getting started
|
|
@@ -11,7 +14,7 @@ Getting started
|
|
|
11
14
|
|
|
12
15
|
Touth works with Rails 3.x and 4.x. Add this line to Gemfile:
|
|
13
16
|
|
|
14
|
-
```
|
|
17
|
+
```ruby
|
|
15
18
|
gem 'touth'
|
|
16
19
|
```
|
|
17
20
|
|
|
@@ -59,7 +62,17 @@ Usage
|
|
|
59
62
|
```ruby
|
|
60
63
|
user_account = UserAccount.first
|
|
61
64
|
|
|
62
|
-
|
|
65
|
+
|
|
66
|
+
# create access token for default lifetime
|
|
67
|
+
t1 = user_account.access_token #=> "9619feb4b8d54352ae07588d011da48385c8c4f072ab889d3996d127ad2142fc6213d553"
|
|
68
|
+
|
|
69
|
+
|
|
70
|
+
# create token expires in 20 secounds
|
|
71
|
+
t2 = user_account.access_token 20 #=> "ad60fa5bb2d05e72ac943c6d409e18e6cc24c15eae9833f66c8aab391241475fe2bd0954"
|
|
72
|
+
|
|
73
|
+
user_account.valid_access_token? t2 #=> true
|
|
74
|
+
sleep 20
|
|
75
|
+
user_account.valid_access_token? t2 #=> false
|
|
63
76
|
```
|
|
64
77
|
|
|
65
78
|
### Authentication by request headers
|
|
@@ -69,6 +82,16 @@ X-Auth-ID: 1
|
|
|
69
82
|
X-Auth-Token: 9619feb4b8d54352ae07588d011da48385c8c4f072ab889d3996d127ad2142fc6213d553
|
|
70
83
|
```
|
|
71
84
|
|
|
85
|
+
### Invalidation
|
|
86
|
+
|
|
87
|
+
**1. Invalidate all old access token**
|
|
88
|
+
|
|
89
|
+
Change `client_secret_key` in initializer.
|
|
90
|
+
|
|
91
|
+
**2. Invalidate all old access token of specific user**
|
|
92
|
+
|
|
93
|
+
Owner (an user) can do with changing his password.
|
|
94
|
+
|
|
72
95
|
|
|
73
96
|
Configuation
|
|
74
97
|
------------
|
|
@@ -77,9 +100,20 @@ Touth can be customized with an initializer in `config/initializers/touth.rb`.
|
|
|
77
100
|
|
|
78
101
|
```ruby
|
|
79
102
|
Touth.setup do |config|
|
|
103
|
+
|
|
104
|
+
# Default lifetime of access token.
|
|
80
105
|
config.access_token_lifetime = 60.days
|
|
81
|
-
|
|
82
|
-
|
|
106
|
+
|
|
107
|
+
# Secret key is used for verifying the integrity of access token.
|
|
108
|
+
# If you change this key, all old access token will become invalid.
|
|
109
|
+
# You can use rake secret or SecureRandom.hex(64) to generate one.
|
|
110
|
+
config.client_secret_key = ''
|
|
111
|
+
|
|
112
|
+
# Password field in your model.
|
|
113
|
+
# Owner can invalidate all old access token by changing owner's password.
|
|
114
|
+
# :encrypted_password will work nice with devise model.
|
|
115
|
+
config.password_field = :encrypted_password
|
|
116
|
+
|
|
83
117
|
end
|
|
84
118
|
```
|
|
85
119
|
|
|
@@ -92,15 +126,15 @@ Contributions are always welcome!
|
|
|
92
126
|
### Bug reports
|
|
93
127
|
|
|
94
128
|
1. Ensure the bug can be reproduced on the latest master.
|
|
95
|
-
|
|
96
|
-
|
|
129
|
+
1. Check it's not a duplicate.
|
|
130
|
+
1. Raise an issue.
|
|
97
131
|
|
|
98
132
|
|
|
99
133
|
### Pull requests
|
|
100
134
|
|
|
101
135
|
1. Fork the repository.
|
|
102
|
-
|
|
103
|
-
|
|
136
|
+
1. Create a branch.
|
|
137
|
+
1. Create a new pull request.
|
|
104
138
|
|
|
105
139
|
|
|
106
140
|
License
|
data/lib/touth.rb
CHANGED
|
@@ -31,20 +31,25 @@ module Touth
|
|
|
31
31
|
class << self
|
|
32
32
|
|
|
33
33
|
def setup
|
|
34
|
-
@
|
|
35
|
-
yield @
|
|
34
|
+
@config ||= Configuration.new
|
|
35
|
+
yield @config if block_given?
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def digest(data)
|
|
39
|
+
@digest_method ||= OpenSSL::Digest.new 'sha256'
|
|
40
|
+
OpenSSL::HMAC.digest @digest_method, self.client_secret_key, data
|
|
36
41
|
end
|
|
37
42
|
|
|
38
43
|
def method_missing(method_name, *args, &block)
|
|
39
|
-
if @
|
|
40
|
-
@
|
|
44
|
+
if @config.respond_to? method_name
|
|
45
|
+
@config.send method_name, *args, &block
|
|
41
46
|
else
|
|
42
47
|
super
|
|
43
48
|
end
|
|
44
49
|
end
|
|
45
50
|
|
|
46
51
|
def respond_to?(method_name, include_private = false)
|
|
47
|
-
@
|
|
52
|
+
@config.respond_to? method_name
|
|
48
53
|
end
|
|
49
54
|
|
|
50
55
|
end
|
data/lib/touth/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: touth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Yuki Iwanaga
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-07-
|
|
11
|
+
date: 2014-07-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|