1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00

Tidy up token authentication implementation.

This commit is contained in:
José Valim 2010-02-02 13:21:00 +01:00
parent 4878bdb60b
commit 3781a0f47b
8 changed files with 64 additions and 50 deletions

View file

@ -1,3 +1,7 @@
* enhancements
* Added gemspec to repo
* Added token authenticatable (by github.com/grimen)
== 0.9.1
* bug fix

View file

@ -18,7 +18,7 @@ class SessionsController < ApplicationController
set_flash_message :notice, :signed_in
sign_in_and_redirect(resource_name, resource, true)
else
set_now_flash_message :alert, warden.message || :invalid
set_now_flash_message :alert, (warden.message || :invalid)
build_resource
render_with_scope :new
end

View file

@ -53,6 +53,10 @@ Devise.setup do |config|
# Time interval to unlock the account if :time is enabled as unlock_strategy.
# config.unlock_in = 1.hour
# ==> Configuration for :token_authenticatable
# Defines name of the authentication token params key
# config.token_authentication_key = :auth_token
# ==> General configuration
# Load and configure the ORM. Supports :active_record (default), :mongo_mapper
# (requires mongo_ext installed) and :data_mapper (experimental).

View file

@ -133,8 +133,8 @@ module Devise
@@mailer_sender
# Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
mattr_accessor :authentication_token_param_key
@@authentication_token_param_key = :auth_token
mattr_accessor :token_authentication_key
@@token_authentication_key = :auth_token
class << self
# Default way to setup Devise. Run script/generate devise_install to create

View file

@ -10,9 +10,7 @@ module Devise
# You can overwrite configuration values by setting in globally in Devise (+Devise.setup+),
# using devise method, or overwriting the respective instance method.
#
# +authentication_token_param_key+ - Defines name of the authentication token params key. E.g. /users/sign_in?some_key=...
#
# +reset_authentication_token_on+ - Defines which callback hooks that should trigger a authentication token reset.
# +token_authentication_key+ - Defines name of the authentication token params key. E.g. /users/sign_in?some_key=...
#
# == Examples:
#
@ -23,20 +21,29 @@ module Devise
def self.included(base)
base.class_eval do
extend ClassMethods
before_save :ensure_authentication_token!
before_save :ensure_authentication_token
end
end
# Generate authentication token unless already exists.
def ensure_authentication_token!
self.reset_authentication_token!(false) if self.authentication_token.blank?
end
# Generate new authentication token (a.k.a. "single access token").
def reset_authentication_token!(do_save = true)
def reset_authentication_token
self.authentication_token = self.class.authentication_token
self.save if do_save
end
# Generate new authentication token and save the record.
def reset_authentication_token!
reset_authentication_token
self.save
end
# Generate authentication token unless already exists.
def ensure_authentication_token
self.reset_authentication_token if self.authentication_token.blank?
end
# Generate authentication token unless already exists and save the record.
def ensure_authentication_token!
self.reset_authentication_token! if self.authentication_token.blank?
end
# Verifies whether an +incoming_authentication_token+ (i.e. from single access URL)
@ -46,12 +53,11 @@ module Devise
end
module ClassMethods
::Devise::Models.config(self, :authentication_token_param_key)
::Devise::Models.config(self, :token_authentication_key)
# Authenticate a user based on authentication token.
def authenticate_with_token(attributes = {})
token = attributes[::Devise.authentication_token_param_key]
def authenticate_with_token(attributes)
token = attributes[self.token_authentication_key]
resource = self.find_for_token_authentication(token)
resource if resource.try(:valid_authentication_token?, token)
end
@ -73,8 +79,8 @@ module Devise
# self.find_by_authentication_token(token, :conditions => conditions)
# end
#
def find_for_token_authentication(token, conditions = {})
self.find_by_authentication_token(token, :conditions => conditions)
def find_for_token_authentication(token)
self.find(:first, :conditions => { :authentication_token => token})
end
end

View file

@ -25,9 +25,9 @@ module Devise
# Detect authentication token in params: scoped or not.
def authentication_token(scope)
if params[scope]
params[scope][::Devise.authentication_token_param_key]
params[scope][mapping.to.token_authentication_key]
else
params[::Devise.authentication_token_param_key]
params[mapping.to.token_authentication_key]
end
end

View file

@ -3,8 +3,8 @@ require 'test/test_helper'
class TokenAuthenticationTest < ActionController::IntegrationTest
test 'sign in user should authenticate with valid authentication token and proper authentication token key' do
swap Devise, :authentication_token_param_key => :secret_token do
sign_in_as_new_user_with_token(:auth_token_key => :secret_token, :auth_token => VALID_AUTHENTICATION_TOKEN)
swap Devise, :token_authentication_key => :secret_token do
sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
assert_response :success
assert_template 'users/index'
@ -14,30 +14,22 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
end
test 'user signing in with valid authentication token - but improper authentication token key - return to sign in form with error message' do
# FIXME: For some reason I18n value is not respected. Always render defalt one. =S
# store_translations :en, :devise => {:sessions => {:unauthenticated => 'Ouch!'}} do
# assert 'Ouch!', I18n.t('devise.sessions.unauthenticated') # for paranoia
swap Devise, :authentication_token_param_key => :donald_duck_token do
sign_in_as_new_user_with_token(:auth_token_key => :secret_token, :auth_token => VALID_AUTHENTICATION_TOKEN)
swap Devise, :token_authentication_key => :donald_duck_token do
sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
assert_redirected_to new_user_session_path(:unauthenticated => true)
follow_redirect!
# assert_contain 'Ouch!'
assert_contain 'You need to sign in or sign up before continuing'
assert_contain 'Sign in'
assert_not warden.authenticated?(:user)
end
# end
end
test 'user signing in with invalid authentication token should return to sign in form with error message' do
store_translations :en, :devise => {:sessions => {:invalid_token => 'LOL, that was not a single character correct.'}} do
sign_in_as_new_user_with_token(:auth_token => '*** INVALID TOKEN ***')
assert_redirected_to new_user_session_path(:invalid_token => true)
follow_redirect!
assert_equal users_path(Devise.authentication_token_param_key => '*** INVALID TOKEN ***'), session[:"user.return_to"]
assert_response :success
assert_contain 'LOL, that was not a single character correct.'
@ -49,12 +41,14 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
private
def sign_in_as_new_user_with_token(options = {}, &block)
options[:auth_token_key] ||= Devise.authentication_token_param_key
options[:auth_token_key] ||= Devise.token_authentication_key
options[:auth_token] ||= VALID_AUTHENTICATION_TOKEN
user = create_user(options)
user.authentication_token = VALID_AUTHENTICATION_TOKEN
user.save
visit users_path(options[:auth_token_key].to_sym => (options[:auth_token] || VALID_AUTHENTICATION_TOKEN))
yield if block_given?
visit users_path(options[:auth_token_key].to_sym => options[:auth_token])
user
end

View file

@ -11,14 +11,20 @@ class TokenAuthenticatableTest < ActiveSupport::TestCase
test 'should reset authentication token' do
user = new_user
user.reset_authentication_token!(false)
user.reset_authentication_token
previous_token = user.authentication_token
user.reset_authentication_token!(false)
user.reset_authentication_token
assert_not_equal previous_token, user.authentication_token
end
test 'should ensure authentication token' do
user = new_user
user.ensure_authentication_token
previous_token = user.authentication_token
user.ensure_authentication_token
assert_equal previous_token, user.authentication_token
end
test 'should test for a valid authentication token' do
User.expects(:authentication_token).returns(VALID_AUTHENTICATION_TOKEN)
user = create_user
@ -29,7 +35,7 @@ class TokenAuthenticatableTest < ActiveSupport::TestCase
test 'should authenticate a valid user with authentication token and return it' do
User.expects(:authentication_token).returns(VALID_AUTHENTICATION_TOKEN)
user = create_user
User.any_instance.stubs(:confirmed?).returns(true)
user.confirm!
authenticated_user = User.authenticate_with_token(:auth_token => user.authentication_token)
assert_equal authenticated_user, user
end
@ -37,7 +43,7 @@ class TokenAuthenticatableTest < ActiveSupport::TestCase
test 'should return nil when authenticating an invalid user by authentication token' do
User.expects(:authentication_token).returns(VALID_AUTHENTICATION_TOKEN)
user = create_user
User.any_instance.stubs(:confirmed?).returns(true)
user.confirm!
authenticated_user = User.authenticate_with_token(:auth_token => user.authentication_token.reverse)
assert_nil authenticated_user
end