Tidy up devise configuration

2013-04-13 22:07:54 -07:00 · 2013-04-13 22:07:54 -07:00 · 5bf4f57fcf
parent 1b8fd7c2ff
commit 5bf4f57fcf
8 changed files with 29 additions and 35 deletions
--- a/lib/devise.rb
+++ b/lib/devise.rb
@ -52,8 +52,8 @@ module Devise
  @@stretches = 10

  # The default key used when authenticating over http auth.
-  mattr_accessor :http_auth_key
-  @@http_auth_key = nil
+  mattr_accessor :http_authentication_key
+  @@http_authentication_key = nil

  # Keys used when authenticating a user.
  mattr_accessor :authentication_keys
@ -182,10 +182,6 @@ module Devise
  mattr_accessor :token_authentication_key
  @@token_authentication_key = :auth_token

-  # Allow HTTP token authorization to set token_authentication_key
-  mattr_accessor :allow_token_authenticatable_via_headers
-  @@allow_token_authenticatable_via_headers = true
-
  # Skip session storage for the following strategies
  mattr_accessor :skip_session_storage
  @@skip_session_storage = []
--- a/lib/devise/models/authenticatable.rb
+++ b/lib/devise/models/authenticatable.rb
@ -10,7 +10,7 @@ module Devise
    #
    #   * +authentication_keys+: parameters used for authentication. By default [:email].
    #
-    #   * +http_auth_key+: map the username passed via HTTP Auth to this parameter. Defaults to
+    #   * +http_authentication_key+: map the username passed via HTTP Auth to this parameter. Defaults to
    #     the first element in +authentication_keys+.
    #
    #   * +request_keys+: parameters from the request object used for authentication.
@ -198,7 +198,7 @@ module Devise
      module ClassMethods
        Devise::Models.config(self, :authentication_keys, :request_keys, :strip_whitespace_keys,
          :case_insensitive_keys, :http_authenticatable, :params_authenticatable, :skip_session_storage,
-          :http_auth_key)
+          :http_authentication_key)

        def serialize_into_session(record)
          [record.to_key, record.authenticatable_salt]
--- a/lib/devise/models/token_authenticatable.rb
+++ b/lib/devise/models/token_authenticatable.rb
@ -82,7 +82,7 @@ module Devise
          generate_token(:authentication_token)
        end

-        Devise::Models.config(self, :token_authentication_key, :allow_token_authenticatable_via_headers, :expire_auth_token_on_timeout)
+        Devise::Models.config(self, :token_authentication_key, :expire_auth_token_on_timeout)
      end
    end
  end
--- a/lib/devise/strategies/authenticatable.rb
+++ b/lib/devise/strategies/authenticatable.rb
@ -100,7 +100,7 @@ module Devise

      # Extract a hash with attributes:values from the http params.
      def http_auth_hash
-        keys = [http_auth_key, :password]
+        keys = [http_authentication_key, :password]
        Hash[*keys.zip(decode_credentials).flatten]
      end

@ -134,32 +134,27 @@ module Devise
        parse_authentication_key_values(request_values, request_keys)
      end

-      # Holds the authentication keys.
      def authentication_keys
        @authentication_keys ||= mapping.to.authentication_keys
      end

-      def http_auth_key
-        @http_auth_key ||= mapping.to.http_auth_key
-        @http_auth_key ||= case authentication_keys
+      def http_authentication_key
+        @http_authentication_key ||= mapping.to.http_authentication_key || case authentication_keys
          when Array then authentication_keys.first
          when Hash then authentication_keys.keys.first
        end
      end

-      # Holds request keys.
      def request_keys
        @request_keys ||= mapping.to.request_keys
      end

-      # Returns values from the request object.
      def request_values
        keys = request_keys.respond_to?(:keys) ? request_keys.keys : request_keys
        values = keys.map { |k| self.request.send(k) }
        Hash[keys.zip(values)]
      end

-      # Parse authentication keys considering if they should be enforced or not.
      def parse_authentication_key_values(hash, keys)
        keys.each do |key, enforce|
          value = hash[key].presence
--- a/lib/devise/strategies/token_authenticatable.rb
+++ b/lib/devise/strategies/token_authenticatable.rb
@ -7,8 +7,13 @@ module Devise
    #
    #   http://myapp.example.com/?user_token=SECRET
    #
-    # For HTTP, you can pass the token as username and blank password. Since some clients may require
-    # a password, you can pass "X" as password and it will simply be ignored.
+    # For headers, you can use basic authentication passing the token as username and
+    # blank password. Since some clients may require a password, you can pass "X" as
+    # password and it will simply be ignored.
+    #
+    # You may also pass the token using the Token authentication mechanism provided
+    # by Rails: http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
+    # The token options are stored in request.env['devise.token_options']
    class TokenAuthenticatable < Authenticatable
      def store?
        super && !mapping.to.skip_session_storage.include?(:token_auth)
@ -42,7 +47,7 @@ module Devise

      # Check if the model accepts this strategy as token authenticatable.
      def token_authenticatable?
-        mapping.to.allow_token_authenticatable_via_headers
+        mapping.to.http_authenticatable?(:token_options)
      end

      # Check if this is strategy is valid for token authentication by:
@ -57,17 +62,16 @@ module Devise

      # Extract the auth token from the request
      def auth_token
-        @auth_token ||= ActionController::HttpAuthentication::Token.
-          token_and_options(request)
+        @auth_token ||= ActionController::HttpAuthentication::Token.token_and_options(request)
      end

-      # Extract a hash with attributes:values from the auth_token.
+      # Extract a hash with attributes:values from the auth_token
      def token_auth_hash
        request.env['devise.token_options'] = auth_token.last
-        {authentication_keys.first => auth_token.first}
+        { authentication_keys.first => auth_token.first }
      end

-      # Try both scoped and non scoped keys.
+      # Try both scoped and non scoped keys
      def params_auth_hash
        if params[scope].kind_of?(Hash) && params[scope].has_key?(authentication_keys.first)
          params[scope]
--- a/lib/generators/templates/devise.rb
+++ b/lib/generators/templates/devise.rb
@ -48,10 +48,14 @@ Devise.setup do |config|
  # enable it only for database (email + password) authentication.
  # config.params_authenticatable = true

-  # Tell if authentication through HTTP Basic Auth is enabled. False by default.
+  # Tell if authentication through HTTP Auth is enabled. False by default.
  # It can be set to an array that will enable http authentication only for the
  # given strategies, for example, `config.http_authenticatable = [:token]` will
-  # enable it only for token authentication.
+  # enable it only for token authentication. The supported strategies are:
+  # :database      = Support basic authentication with authentication key + password
+  # :token         = Support basic authentication with token authentication key
+  # :token_options = Support token authentication with options as defined in
+  #                  http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
  # config.http_authenticatable = false

  # If http headers should be returned for AJAX requests. True by default.
@ -184,11 +188,6 @@ Devise.setup do |config|
  # Defines name of the authentication token params key
  # config.token_authentication_key = :auth_token

-  # Tell if authentication through HTTP Token Auth is enabled. True by default.
-  # Any extra options passed along with the options will be available in the
-  # env['devise.token_options'] hash
-  # config.allow_token_authenticatable_via_headers = false
-
  # ==> Scopes configuration
  # Turn scoped views on. Before rendering "sessions/new", it will first check for
  # "users/sessions/new". It's turned off by default because it's slower if you
--- a/test/integration/http_authenticatable_test.rb
+++ b/test/integration/http_authenticatable_test.rb
@ -72,7 +72,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
  end

  test 'it uses the appropriate key when configured explicitly' do
-    swap Devise, :authentication_keys => { :email => false, :username => false }, :http_auth_key => :username do
+    swap Devise, :authentication_keys => { :email => false, :username => false }, :http_authentication_key => :username do
      sign_in_as_new_user_with_http("usertest")
      assert_response :success
      assert_match '<email>user@test.com</email>', response.body
--- a/test/integration/token_authenticatable_test.rb
+++ b/test/integration/token_authenticatable_test.rb
@ -141,7 +141,7 @@ class TokenAuthenticationTest < ActionDispatch::IntegrationTest
  end

  test 'authenticate with valid authentication token key and value through http header, with options' do
-    swap Devise, :token_authentication_key => :secret_token do
+    swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => [:token_options] do
      signature = "**TESTSIGNATURE**"
      sign_in_as_new_user_with_token(:token_auth => true, :token_options => {:signature => signature, :nonce => 'def'})

@ -154,7 +154,7 @@ class TokenAuthenticationTest < ActionDispatch::IntegrationTest
  end

  test 'authenticate with valid authentication token key and value through http header without allowing token authorization setting is denied' do
-    swap Devise, :token_authentication_key => :secret_token, :allow_token_authenticatable_via_headers => false do
+    swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => false do
      sign_in_as_new_user_with_token(:token_auth => true)

      assert_response :unauthorized