xing_backend_token_auth 0.1.31

data/lib/devise_token_auth/rails/routes.rb

@@ -0,0 +1,65 @@
+module ActionDispatch::Routing
+  class Mapper
+    def mount_devise_token_auth_for(resource, opts)
+      # ensure objects exist to simplify attr checks
+      opts[:controllers] ||= {}
+      opts[:skip]        ||= []
+
+      # check for ctrl overrides, fall back to defaults
+      sessions_ctrl          = opts[:controllers][:sessions] || "devise_token_auth/sessions"
+      registrations_ctrl     = opts[:controllers][:registrations] || "devise_token_auth/registrations"
+      passwords_ctrl         = opts[:controllers][:passwords] || "devise_token_auth/passwords"
+      confirmations_ctrl     = opts[:controllers][:confirmations] || "devise_token_auth/confirmations"
+      token_validations_ctrl = opts[:controllers][:token_validations] || "devise_token_auth/token_validations"
+      omniauth_ctrl          = opts[:controllers][:omniauth_callbacks] || "devise_token_auth/omniauth_callbacks"
+
+      # define devise controller mappings
+      controllers = {:sessions           => sessions_ctrl,
+                     :registrations      => registrations_ctrl,
+                     :passwords          => passwords_ctrl,
+                     :confirmations      => confirmations_ctrl,
+                     :omniauth_callbacks => omniauth_ctrl}
+
+      # remove any unwanted devise modules
+      opts[:skip].each{|item| controllers.delete(item)}
+
+      scope opts[:at] do
+        devise_for resource.pluralize.underscore.to_sym,
+          :class_name  => resource,
+          :module      => :devise,
+          :path        => "",
+          :controllers => controllers
+
+        devise_scope resource.underscore.to_sym do
+          # path to verify token validity
+          get "validate_token", to: "#{token_validations_ctrl}#validate_token"
+
+          # omniauth routes. only define if omniauth is installed and not skipped.
+          if defined?(::OmniAuth) and not opts[:skip].include?(:omniauth_callbacks)
+            get "failure",             to: "#{omniauth_ctrl}#omniauth_failure"
+            get ":provider/callback",  to: "#{omniauth_ctrl}#omniauth_success"
+
+            # preserve the resource class thru oauth authentication by setting name of
+            # resource as "resource_class" param
+            match ":provider", to: redirect{|params, request|
+              # get the current querystring
+              qs = CGI::parse(request.env["QUERY_STRING"])
+
+              # append name of current resource
+              qs["resource_class"] = [resource]
+
+              # re-construct the path for omniauth
+              "#{::OmniAuth::config.path_prefix}/#{params[:provider]}?#{{}.tap {|hash| qs.each{|k, v| hash[k] = v.first}}.to_param}"
+            }, via: [:get]
+          end
+        end
+      end
+    end
+
+    # ignore error about omniauth/multiple model support
+    def set_omniauth_path_prefix!(path_prefix)
+      ::OmniAuth.config.path_prefix = path_prefix
+    end
+
+  end
+end

data/lib/generators/devise_token_auth/USAGE

@@ -0,0 +1,31 @@
+Description:
+  This generator will install all the necessary configuration and migration
+  files for the devies_token_auth gem. See
+  https://github.com/lynndylanhurley/devise_token_auth for more information.
+
+Arguments:
+  USER_CLASS # The name of the class to use for user authentication. Default is
+             # 'User'
+  MOUNT_PATH # The path at which to mount the authentication routes. Default is
+             # 'auth'. More detail documentation is here:
+             # https://github.com/lynndylanhurley/devise_token_auth#usage
+
+Example:
+  rails generate devise_token_auth:install User auth
+
+  This will create:
+      config/initializers/devise_token_auth.rb
+      db/migrate/<%= Time.now.utc.strftime("%Y%m%d%H%M%S") %>_create_devise_token_auth_create_users.rb
+      app/models/user.rb
+
+  If 'app/models/user.rb' already exists, the following line will be inserted
+  after the class definition:
+      include DeviseTokenAuth::Concerns::User
+
+  The following line will be inserted into your application controller at
+  app/controllers/application_controller.rb:
+      include DeviseTokenAuth::Concerns::SetUserByToken
+
+  The following line will be inserted at the top of 'config/routes.rb' if it
+  does not already exist:
+      mount_devise_token_auth_for "User", at: '/auth'

data/lib/generators/devise_token_auth/install_generator.rb

@@ -0,0 +1,100 @@
+module DeviseTokenAuth
+  class InstallGenerator < Rails::Generators::Base
+    include Rails::Generators::Migration
+
+    source_root File.expand_path('../templates', __FILE__)
+
+    argument :user_class, type: :string, default: "User"
+    argument :mount_path, type: :string, default: '/auth'
+
+    def create_initializer_file
+      copy_file("devise_token_auth.rb", "config/initializers/devise_token_auth.rb")
+    end
+
+    def copy_migrations
+      if self.class.migration_exists?("db/migrate", "devise_token_auth_create_#{ user_class.underscore }")
+        say_status("skipped", "Migration 'devise_token_auth_create_#{ user_class.underscore }' already exists")
+      else
+        migration_template(
+          "devise_token_auth_add_token_info_to_users.rb.erb",
+          "db/migrate/devise_token_auth_add_token_info_to_#{ user_class.pluralize.underscore }.rb"
+        )
+      end
+    end
+
+    def include_controller_concerns
+      fname = "app/controllers/application_controller.rb"
+      line  = "include DeviseTokenAuth::Concerns::SetUserByToken"
+
+      if File.exist?(File.join(destination_root, fname))
+        if parse_file_for_line(fname, line)
+          say_status("skipped", "Concern is already included in the application controller.")
+        else
+          inject_into_file fname, after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
+  include DeviseTokenAuth::Concerns::SetUserByToken
+          RUBY
+          end
+        end
+      else
+        say_status("skipped", "app/controllers/application_controller.rb not found. Add 'include DeviseTokenAuth::Concerns::SetUserByToken' to any controllers that require authentication.")
+      end
+    end
+
+    def add_route_mount
+      f    = "config/routes.rb"
+      str  = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
+
+      if File.exist?(File.join(destination_root, f))
+        line = parse_file_for_line(f, "mount_devise_token_auth_for")
+
+        unless line
+          line = "Rails.application.routes.draw do"
+          existing_user_class = false
+        else
+          existing_user_class = true
+        end
+
+        if parse_file_for_line(f, str)
+          say_status("skipped", "Routes already exist for #{user_class} at #{mount_path}")
+        else
+          insert_after_line(f, line, str)
+
+          if existing_user_class
+            scoped_routes = ""+
+              "as :#{user_class.underscore} do\n"+
+              "    # Define routes for #{user_class} within this block.\n"+
+              "  end\n"
+            insert_after_line(f, str, scoped_routes)
+          end
+        end
+      else
+        say_status("skipped", "config/routes.rb not found. Add \"mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'\" to your routes file.")
+      end
+    end
+
+    private
+
+    def self.next_migration_number(path)
+      Time.now.utc.strftime("%Y%m%d%H%M%S")
+    end
+
+    def insert_after_line(filename, line, str)
+      gsub_file filename, /(#{Regexp.escape(line)})/mi do |match|
+        "#{match}\n  #{str}"
+      end
+    end
+
+    def parse_file_for_line(filename, str)
+      match = false
+
+      File.open(File.join(destination_root, filename)) do |f|
+        f.each_line do |line|
+          if line =~ /(#{Regexp.escape(str)})/mi
+            match = line
+          end
+        end
+      end
+      match
+    end
+  end
+end

data/lib/generators/devise_token_auth/install_views_generator.rb

@@ -0,0 +1,16 @@
+module DeviseTokenAuth
+  class InstallViewsGenerator < Rails::Generators::Base
+    source_root File.expand_path('../../../../app/views/devise/mailer', __FILE__)
+
+    def copy_mailer_templates
+      copy_file(
+        "confirmation_instructions.html.erb",
+        "app/views/devise/mailer/confirmation_instructions.html.erb"
+      )
+      copy_file(
+        "reset_password_instructions.html.erb",
+        "app/views/devise/mailer/reset_password_instructions.html.erb"
+      )
+    end
+  end
+end

data/lib/generators/devise_token_auth/templates/devise_token_auth.rb

@@ -0,0 +1,22 @@
+DeviseTokenAuth.setup do |config|
+  # By default the authorization headers will change after each request. The
+  # client is responsible for keeping track of the changing tokens. Change
+  # this to false to prevent the Authorization header from changing after
+  # each request.
+  #config.change_headers_on_each_request = true
+
+  # By default, users will need to re-authenticate after 2 weeks. This setting
+  # determines how long tokens will remain valid after they are issued.
+  #config.token_lifespan = 2.weeks
+
+  # Sometimes it's necessary to make several requests to the API at the same
+  # time. In this case, each request in the batch will need to share the same
+  # auth token. This setting determines how far apart the requests can be while
+  # still using the same auth token.
+  #config.batch_request_buffer_throttle = 5.seconds
+
+  # This route will be the prefix for all oauth2 redirect callbacks. For
+  # example, using the default '/omniauth', the github oauth2 provider will
+  # redirect successful authentications to '/omniauth/github/callback'
+  #config.omniauth_prefix = "/omniauth"
+end

data/lib/generators/devise_token_auth/templates/devise_token_auth_add_token_info_to_users.rb.erb

@@ -0,0 +1,14 @@
+class DeviseTokenAuthAddTokenInfoTo<%= user_class.pluralize %> < ActiveRecord::Migration
+  def change
+    change_table(:<%= user_class.pluralize.underscore %>) do |t|
+      ## unique oauth id
+      t.string :provider
+      t.string :uid, :null => false, :default => ""
+
+      ## Tokens
+      t.text :tokens
+    end
+
+    add_index :<%= user_class.pluralize.underscore %>, :uid,                  :unique => true
+  end
+end

data/lib/tasks/devise_token_auth_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :devise_token_auth do
+#   # Task goes here
+# end

data/lib/xing_backend_token_auth.rb

@@ -0,0 +1 @@
+require 'devise_token_auth'

data/test/controllers/demo_group_controller_test.rb

@@ -0,0 +1,126 @@
+require 'test_helper'
+
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+
+class DemoGroupControllerTest < ActionDispatch::IntegrationTest
+  describe DemoGroupController do
+    describe "Token access" do
+      before do
+        # user
+        @user = users(:confirmed_email_user)
+        @user.skip_confirmation!
+        @user.save!
+
+        @user_auth_headers = @user.create_new_auth_token
+
+        @user_token     = @user_auth_headers['access-token']
+        @user_client_id = @user_auth_headers['client']
+        @user_expiry    = @user_auth_headers['expiry']
+
+        # mang
+        @mang = mangs(:confirmed_email_user)
+        @mang.skip_confirmation!
+        @mang.save!
+
+        @mang_auth_headers = @mang.create_new_auth_token
+
+        @mang_token     = @mang_auth_headers['access-token']
+        @mang_client_id = @mang_auth_headers['client']
+        @mang_expiry    = @mang_auth_headers['expiry']
+      end
+
+      describe 'user access' do
+        before do
+          # ensure that request is not treated as batch request
+          age_token(@user, @user_client_id)
+
+          get '/demo/members_only_group', {}, @user_auth_headers
+
+          @resp_token       = response.headers['access-token']
+          @resp_client_id   = response.headers['client']
+          @resp_expiry      = response.headers['expiry']
+          @resp_uid         = response.headers['uid']
+        end
+
+        test 'request is successful' do
+          assert_equal 200, response.status
+        end
+
+        describe 'devise mappings' do
+          it 'should define current_user' do
+            assert_equal @user, @controller.current_user
+          end
+
+          it 'should define user_signed_in?' do
+            assert @controller.user_signed_in?
+          end
+
+          it 'should not define current_mang' do
+            refute_equal @user, @controller.current_mang
+          end
+
+          it 'should define current_member' do
+            assert_equal @user, @controller.current_member
+          end
+
+          it 'should define current_members' do
+            assert @controller.current_members.include? @user
+          end
+
+          it 'should define member_signed_in?' do
+            assert @controller.current_members.include? @user
+          end
+        end
+      end
+
+      describe 'mang access' do
+        before do
+          # ensure that request is not treated as batch request
+          age_token(@mang, @mang_client_id)
+
+          get '/demo/members_only_group', {}, @mang_auth_headers
+
+          @resp_token       = response.headers['access-token']
+          @resp_client_id   = response.headers['client']
+          @resp_expiry      = response.headers['expiry']
+          @resp_uid         = response.headers['uid']
+        end
+
+        test 'request is successful' do
+          assert_equal 200, response.status
+        end
+
+        describe 'devise mappings' do
+          it 'should define current_mang' do
+            assert_equal @mang, @controller.current_mang
+          end
+
+          it 'should define mang_signed_in?' do
+            assert @controller.mang_signed_in?
+          end
+
+          it 'should not define current_mang' do
+            refute_equal @mang, @controller.current_user
+          end
+
+          it 'should define current_member' do
+            assert_equal @mang, @controller.current_member
+          end
+
+          it 'should define current_members' do
+            assert @controller.current_members.include? @mang
+          end
+
+          it 'should define member_signed_in?' do
+            assert @controller.current_members.include? @mang
+          end
+        end
+      end
+    end
+  end
+end
+

data/test/controllers/demo_mang_controller_test.rb

@@ -0,0 +1,263 @@
+require 'test_helper'
+
+#  was the web request successful?
+#  was the user redirected to the right page?
+#  was the user successfully authenticated?
+#  was the correct object stored in the response?
+#  was the appropriate message delivered in the json payload?
+
+class DemoMangControllerTest < ActionDispatch::IntegrationTest
+  describe DemoMangController do
+    describe "Token access" do
+      before do
+        @user = mangs(:confirmed_email_user)
+        @user.skip_confirmation!
+        @user.save!
+
+        @auth_headers = @user.create_new_auth_token
+
+        @token     = @auth_headers['access-token']
+        @client_id = @auth_headers['client']
+        @expiry    = @auth_headers['expiry']
+      end
+
+      describe 'successful request' do
+        before do
+          # ensure that request is not treated as batch request
+          age_token(@user, @client_id)
+
+          get '/demo/members_only_mang', {}, @auth_headers
+
+          @resp_token       = response.headers['access-token']
+          @resp_client_id   = response.headers['client']
+          @resp_expiry      = response.headers['expiry']
+          @resp_uid         = response.headers['uid']
+        end
+
+        describe 'devise mappings' do
+          it 'should define current_mang' do
+            assert_equal @user, @controller.current_mang
+          end
+
+          it 'should define mang_signed_in?' do
+            assert @controller.mang_signed_in?
+          end
+
+          it 'should not define current_user' do
+            refute_equal @user, @controller.current_user
+          end
+        end
+
+        it 'should return success status' do
+          assert_equal 200, response.status
+        end
+
+        it 'should receive new token after successful request' do
+          refute_equal @token, @resp_token
+        end
+
+        it 'should preserve the client id from the first request' do
+          assert_equal @client_id, @resp_client_id
+        end
+
+        it "should return the user's uid in the auth header" do
+          assert_equal @user.uid, @resp_uid
+        end
+
+        it 'should not treat this request as a batch request' do
+          refute assigns(:is_batch_request)
+        end
+
+        describe 'subsequent requests' do
+          before do
+            @user.reload
+            # ensure that request is not treated as batch request
+            age_token(@user, @client_id)
+
+            get '/demo/members_only_mang', {}, @auth_headers.merge({'access-token' => @resp_token})
+          end
+
+          it 'should not treat this request as a batch request' do
+            refute assigns(:is_batch_request)
+          end
+
+          it "should allow a new request to be made using new token" do
+            assert_equal 200, response.status
+          end
+        end
+      end
+
+      describe 'failed request' do
+        before do
+          get '/demo/members_only_mang', {}, @auth_headers.merge({'access-token' => "bogus"})
+        end
+
+        it 'should not return any auth headers' do
+          refute response.headers['access-token']
+        end
+
+        it 'should return error: unauthorized status' do
+          assert_equal 401, response.status
+        end
+      end
+
+      describe 'disable change_headers_on_each_request' do
+        before do
+          DeviseTokenAuth.change_headers_on_each_request = false
+          @user.reload
+          age_token(@user, @client_id)
+
+          get '/demo/members_only_mang', {}, @auth_headers
+
+          @first_is_batch_request = assigns(:is_batch_request)
+          @first_user = assigns(:user).dup
+          @first_access_token = response.headers['access-token']
+          @first_response_status = response.status
+
+          @user.reload
+          age_token(@user, @client_id)
+
+          # use expired auth header
+          get '/demo/members_only_mang', {}, @auth_headers
+
+          @second_is_batch_request = assigns(:is_batch_request)
+          @second_user = assigns(:user).dup
+          @second_access_token = response.headers['access-token']
+          @second_response_status = response.status
+        end
+
+        after do
+          DeviseTokenAuth.change_headers_on_each_request = true
+        end
+
+        it 'should allow the first request through' do
+          assert_equal 200, @first_response_status
+        end
+
+        it 'should allow the second request through' do
+          assert_equal 200, @second_response_status
+        end
+
+        it 'should return auth headers from the first request' do
+          assert @first_access_token
+        end
+
+        it 'should not treat either requests as batch requests' do
+          refute @first_is_batch_request
+          refute @second_is_batch_request
+        end
+
+        it 'should return auth headers from the second request' do
+          assert @second_access_token
+        end
+
+        it 'should define user during first request' do
+          assert @first_user
+        end
+
+        it 'should define user during second request' do
+          assert @second_user
+        end
+      end
+
+      describe 'batch requests' do
+        describe 'success' do
+          before do
+            age_token(@user, @client_id)
+            #request.headers.merge!(@auth_headers)
+
+            get '/demo/members_only_mang', {}, @auth_headers
+
+            @first_is_batch_request = assigns(:is_batch_request)
+            @first_user = assigns(:user)
+            @first_access_token = response.headers['access-token']
+
+            get '/demo/members_only_mang', {}, @auth_headers
+
+            @second_is_batch_request = assigns(:is_batch_request)
+            @second_user = assigns(:user)
+            @second_access_token = response.headers['access-token']
+          end
+
+          it 'should allow both requests through' do
+            assert_equal 200, response.status
+          end
+
+          it 'should not treat the first request as a batch request' do
+            refute @first_is_batch_request
+          end
+
+          it 'should treat the second request as a batch request' do
+            assert @second_is_batch_request
+          end
+
+          it 'should return access token for first (non-batch) request' do
+            assert @first_access_token
+          end
+
+          it 'should also return auth headers for second (batched) requests' do
+            assert @second_access_token
+          end
+        end
+
+        describe 'time out' do
+          before do
+            @user.reload
+            age_token(@user, @client_id)
+
+            get '/demo/members_only_mang', {}, @auth_headers
+
+            @first_is_batch_request = assigns(:is_batch_request)
+            @first_user = assigns(:user).dup
+            @first_access_token = response.headers['access-token']
+            @first_response_status = response.status
+
+            @user.reload
+            age_token(@user, @client_id)
+
+            # use expired auth header
+            get '/demo/members_only_mang', {}, @auth_headers
+
+            @second_is_batch_request = assigns(:is_batch_request)
+            @second_user = assigns(:user)
+            @second_access_token = response.headers['access-token']
+            @second_response_status = response.status
+          end
+
+          it 'should allow the first request through' do
+            assert_equal 200, @first_response_status
+          end
+
+          it 'should not allow the second request through' do
+            assert_equal 401, @second_response_status
+          end
+
+          it 'should not treat first request as batch request' do
+            refute @secord_is_batch_request
+          end
+
+          it 'should return auth headers from the first request' do
+            assert @first_access_token
+          end
+
+          it 'should not treat second request as batch request' do
+            refute @secord_is_batch_request
+          end
+
+          it 'should not return auth headers from the second request' do
+            refute @second_access_token
+          end
+
+          it 'should define user during first request' do
+            assert @first_user
+          end
+
+          it 'should not define user during second request' do
+            refute @second_user
+          end
+        end
+      end
+    end
+  end
+end
+