visa 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/.travis.yml +6 -1
  4. data/Appraisals +15 -0
  5. data/README.md +62 -2
  6. data/gemfiles/4.0.gemfile +7 -0
  7. data/gemfiles/4.1.gemfile +7 -0
  8. data/gemfiles/4.2.gemfile +7 -0
  9. data/gemfiles/5.0.gemfile +7 -0
  10. data/spec/internal/app/controllers/application_controller.rb +9 -1
  11. data/spec/internal/app/controllers/home_controller.rb +2 -2
  12. data/spec/requests/requests_spec.rb +12 -4
  13. data/visa.gemspec +4 -3
  14. metadata +26 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f2af2c06bc21beec4d5480f0a38e1a117d0e50a7
4
- data.tar.gz: 433dbff707b3de766c194b719548ef204fa5a9d5
3
+ metadata.gz: e68dd910bddff0bc749609a542200dd7e811007a
4
+ data.tar.gz: 25f694e143383044baf30b1b68c9ef55a94007ca
5
5
  SHA512:
6
- metadata.gz: 520a808fc5dc34b4e6e59f48d2dfc3c54be7de21c510b43c0c1c7c012e4c6a24332126453822d8ac9ea987ed52127cd101a1f278399bc45b73068de2c26dcc65
7
- data.tar.gz: ea0aa2b9f2a0ff6b71b519df3f32fb611281c306c51bb3d96eb165ec08358f811dd70e157077de42523bd53507956cae55518b7069644bc4e8764d4723ab36c8
6
+ metadata.gz: a8ad463af5b6a142d4ca8920a62b172972de61e80538361aa8474cf3315f48a7b6869069db2b72ea7e7b93217092d2402b52220cc7ac031a2c96a1cba6544ea9
7
+ data.tar.gz: 860c20cb5ef89a82b25c1a4da2dfc060e30896ecdd83dd6e52169afdf4bf418d6c36851006ec6fe3afa6c81256a4686cffc04b1e632b9fb06f86abde79cc239a
data/.gitignore CHANGED
@@ -4,6 +4,7 @@
4
4
  /_yardoc/
5
5
  /coverage/
6
6
  /doc/
7
+ /gemfiles/*.lock
7
8
  /pkg/
8
9
  /spec/reports/
9
10
  /tmp/
data/.travis.yml CHANGED
@@ -2,4 +2,9 @@ language: ruby
2
2
  script: bundle exec rspec spec
3
3
  cache: bundler
4
4
  rvm:
5
- - 2.2
5
+ - 2.3.1
6
+ gemfile:
7
+ - gemfiles/4.0.gemfile
8
+ - gemfiles/4.1.gemfile
9
+ - gemfiles/4.2.gemfile
10
+ - gemfiles/5.0.gemfile
data/Appraisals ADDED
@@ -0,0 +1,15 @@
1
+ appraise "4.0" do
2
+ gem "rails", "4.0.13"
3
+ end
4
+
5
+ appraise "4.1" do
6
+ gem "rails", "4.1.16"
7
+ end
8
+
9
+ appraise "4.2" do
10
+ gem "rails", "4.2.7.1"
11
+ end
12
+
13
+ appraise "5.0" do
14
+ gem "rails", "5.0.0.1"
15
+ end
data/README.md CHANGED
@@ -7,12 +7,72 @@ Multi-token authentication for Rails apps. Built with Devise in mind, but can be
7
7
  Something like the following should go in your Gemfile:
8
8
 
9
9
  ```ruby
10
- gem 'visa', '~> 0.0.2'
10
+ gem 'visa', '~> 0.0.3'
11
11
  ```
12
12
 
13
13
  ## Usage
14
14
 
15
- TODO: Write usage instructions here
15
+ Visa doesn't try to do too much. You're expected to provide your own controllers or other Rack API endpoints that handle new sessions, and then check that session is active in the rest of your endpoints/controllers.
16
+
17
+ The authenticated token details are per-session, and stored separately to Devise and other models.
18
+
19
+ ### Setup
20
+
21
+ First, you'll want to import Visa's migrations for the `Visa::Token` model:
22
+
23
+ ```
24
+ rake visa:install:migrations
25
+ ```
26
+
27
+ Visa, like Devise, can be configured to have varying encryption costs. The default is 10, but you'll probably want it to be just 1 for your test environment. Thus, the following should go in an initialiser:
28
+
29
+ ```ruby
30
+ Visa.encryption_cost = Rails.env.test? ? 1 : 10
31
+ ```
32
+
33
+ ### Signing In
34
+
35
+ Your own code will manage taking email and password parameters and confirming that they're valid.
36
+
37
+ If they _are_ valid, then you want to create a new `Visa::Token`, and return the access token via JSON or a HTTP header or whatever you like:
38
+
39
+ ```ruby
40
+ visa_token = Visa::Token.create :tokenable => authenticated_user
41
+ access_token = "#{visa_token.client_id}#{visa_token.secret}"
42
+ ```
43
+
44
+ If they're not, best to return a 403 and a corresponding error message.
45
+
46
+ ### Authenticating
47
+
48
+ Each authenticated request should use the generated access token, sent through either using a request parameter `access_token`, or a HTTP header `HTTP_AUTHENTICATION`. You can customise the name of the latter in your initialiser via `Visa.request_header`.
49
+
50
+ Then, in the endpoints/controllers where you're confirming if requests are authenticated:
51
+
52
+ ```ruby
53
+ # Pass in the Rack environment. In Rails, this is request.env:
54
+ visa_request = Visa::Request.new request.env
55
+
56
+ # Confirm the request is valid (the equivalent of Devise's user_signed_in?):
57
+ visa_request.valid?
58
+
59
+ # Access the authenticated user (the equivalent of Devise's current_user):
60
+ visa_request.tokenable
61
+ ```
62
+
63
+ ### Signing Out
64
+
65
+ To mark credentials as no longer valid, you can call `invalidate` on the `Visa::Request` instance:
66
+
67
+ ```ruby
68
+ visa_request.invalidate
69
+ ```
70
+
71
+ ## Wishlist
72
+
73
+ It'd be nice to have the token be different on each request, though there are issues here with keeping old token values valid for a small window of time to allow for request lag.
74
+
75
+ And of course, you should be using HTTPS across all requests to ensure the tokens and other data passed around are as secure as possible.
16
76
 
17
77
  ## Contributing
18
78
 
data/gemfiles/4.0.gemfile ADDED
@@ -0,0 +1,7 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "rails", "4.0.13"
6
+
7
+ gemspec :path => "../"
data/gemfiles/4.1.gemfile ADDED
@@ -0,0 +1,7 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "rails", "4.1.16"
6
+
7
+ gemspec :path => "../"
data/gemfiles/4.2.gemfile ADDED
@@ -0,0 +1,7 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "rails", "4.2.7.1"
6
+
7
+ gemspec :path => "../"
data/gemfiles/5.0.gemfile ADDED
@@ -0,0 +1,7 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "rails", "5.0.0.1"
6
+
7
+ gemspec :path => "../"
data/spec/internal/app/controllers/application_controller.rb CHANGED
@@ -5,7 +5,7 @@ class ApplicationController < ActionController::Base
5
5
  if user_signed_in?
6
6
  visa_request.touch
7
7
  else
8
- render text: 'Unauthorised', status: 401
8
+ render_plain_text 'Unauthorised', status: 401
9
9
  end
10
10
  end
11
11
 
@@ -13,6 +13,14 @@ class ApplicationController < ActionController::Base
13
13
  visa_request.tokenable
14
14
  end
15
15
 
16
+ def render_plain_text(text, options = {})
17
+ if Rails::VERSION::MAJOR == 4
18
+ render options.merge(text: text)
19
+ else
20
+ render options.merge(plain: text)
21
+ end
22
+ end
23
+
16
24
  def visa_request
17
25
  @visa_request ||= Visa::Request.new request.env
18
26
  end
data/spec/internal/app/controllers/home_controller.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  class HomeController < ApplicationController
2
- before_filter :authenticate_user!
2
+ before_action :authenticate_user!
3
3
 
4
4
  def index
5
- render text: 'OK'
5
+ render_plain_text 'OK'
6
6
  end
7
7
  end
data/spec/requests/requests_spec.rb CHANGED
@@ -3,14 +3,22 @@ require 'spec_helper'
3
3
  RSpec.describe 'Request integration', type: :request do
4
4
  let(:token) { Visa::Token.create tokenable: User.create }
5
5
 
6
+ def get_root_with_token(token)
7
+ if Rails::VERSION::MAJOR == 4
8
+ get '/', access_token: token
9
+ else
10
+ get '/', params: {access_token: token}
11
+ end
12
+ end
13
+
6
14
  it 'accepts valid tokens' do
7
- get '/', access_token: "#{token.client_id}#{token.secret}"
15
+ get_root_with_token "#{token.client_id}#{token.secret}"
8
16
 
9
17
  expect(response.status).to eq(200)
10
18
  end
11
19
 
12
20
  it 'returns 401 when the token is invalid' do
13
- get '/', access_token: "#{token.client_id}this-is-invalid"
21
+ get_root_with_token "#{token.client_id}this-is-invalid"
14
22
 
15
23
  expect(response.status).to eq(401)
16
24
  end
@@ -18,13 +26,13 @@ RSpec.describe 'Request integration', type: :request do
18
26
  it 'returns 401 when the token has not been used in two weeks' do
19
27
  token.update_column :last_requested_at, 15.days.ago
20
28
 
21
- get '/', access_token: "#{token.client_id}#{token.secret}"
29
+ get_root_with_token "#{token.client_id}#{token.secret}"
22
30
 
23
31
  expect(response.status).to eq(401)
24
32
  end
25
33
 
26
34
  it 'updates the last_requested_at column' do
27
- get '/', access_token: "#{token.client_id}#{token.secret}"
35
+ get_root_with_token "#{token.client_id}#{token.secret}"
28
36
 
29
37
  token.reload
30
38
 
data/visa.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  # coding: utf-8
2
2
  Gem::Specification.new do |spec|
3
3
  spec.name = 'visa'
4
- spec.version = '0.0.2'
4
+ spec.version = '0.0.3'
5
5
  spec.authors = ['Pat Allan']
6
6
  spec.email = ['pat@freelancing-gods.com']
7
7
  spec.summary = %q{Multi-token authentication for Rails apps.}
@@ -16,9 +16,10 @@ Gem::Specification.new do |spec|
16
16
 
17
17
  spec.add_runtime_dependency 'bcrypt'
18
18
  spec.add_runtime_dependency 'rack'
19
- spec.add_runtime_dependency 'rails', '~> 4.0'
19
+ spec.add_runtime_dependency 'rails', '>= 4.0'
20
20
 
21
- spec.add_development_dependency 'combustion', '0.5.1'
21
+ spec.add_development_dependency 'appraisal', '~> 2.1.0'
22
+ spec.add_development_dependency 'combustion', '0.5.5'
22
23
  spec.add_development_dependency 'rspec-rails', '~> 3.1'
23
24
  spec.add_development_dependency 'sqlite3', '~> 1.3'
24
25
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: visa
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Pat Allan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-01-22 00:00:00.000000000 Z
11
+ date: 2016-11-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bcrypt
@@ -42,30 +42,44 @@ dependencies:
42
42
  name: rails
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
47
  version: '4.0'
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - "~>"
52
+ - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: '4.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: appraisal
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: 2.1.0
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: 2.1.0
55
69
  - !ruby/object:Gem::Dependency
56
70
  name: combustion
57
71
  requirement: !ruby/object:Gem::Requirement
58
72
  requirements:
59
73
  - - '='
60
74
  - !ruby/object:Gem::Version
61
- version: 0.5.1
75
+ version: 0.5.5
62
76
  type: :development
63
77
  prerelease: false
64
78
  version_requirements: !ruby/object:Gem::Requirement
65
79
  requirements:
66
80
  - - '='
67
81
  - !ruby/object:Gem::Version
68
- version: 0.5.1
82
+ version: 0.5.5
69
83
  - !ruby/object:Gem::Dependency
70
84
  name: rspec-rails
71
85
  requirement: !ruby/object:Gem::Requirement
@@ -103,6 +117,7 @@ extra_rdoc_files: []
103
117
  files:
104
118
  - ".gitignore"
105
119
  - ".travis.yml"
120
+ - Appraisals
106
121
  - Gemfile
107
122
  - LICENSE.txt
108
123
  - README.md
@@ -111,6 +126,10 @@ files:
111
126
  - config.ru
112
127
  - db/migrate/1_create_tokens.rb
113
128
  - db/migrate/2_add_voided_at.rb
129
+ - gemfiles/4.0.gemfile
130
+ - gemfiles/4.1.gemfile
131
+ - gemfiles/4.2.gemfile
132
+ - gemfiles/5.0.gemfile
114
133
  - lib/visa.rb
115
134
  - lib/visa/engine.rb
116
135
  - lib/visa/request.rb
@@ -147,7 +166,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
147
166
  version: '0'
148
167
  requirements: []
149
168
  rubyforge_project:
150
- rubygems_version: 2.2.2
169
+ rubygems_version: 2.5.1
151
170
  signing_key:
152
171
  specification_version: 4
153
172
  summary: Multi-token authentication for Rails apps.