Module: DeviseTokenAuth::Concerns::User

Extended by:: ActiveSupport::Concern

Defined in:: app/models/devise_token_auth/concerns/user.rb

Defined Under Namespace

Modules: ClassMethods

Class Method Summary collapse

.tokens_match?(token_hash, token) ⇒ Boolean

Instance Method Summary collapse

#build_auth_header(token, client_id = 'default') ⇒ Object
#build_auth_url(base_url, args) ⇒ Object
#confirmed? ⇒ Boolean
#create_new_auth_token(client_id = nil) ⇒ Object

update user’s auth token (should happen on each request).
#create_token(client_id: nil, token: nil, expiry: nil, **token_extras) ⇒ Object
#extend_batch_buffer(token, client_id) ⇒ Object
#send_confirmation_notification? ⇒ Boolean

this must be done from the controller so that additional params can be passed on from the client.
#token_can_be_reused?(token, client_id) ⇒ Boolean

allow batch requests to use the previous token.
#token_is_current?(token, client_id) ⇒ Boolean
#token_lifespan ⇒ Object
#token_validation_response ⇒ Object
#update_auth_header(token, client_id = 'default') ⇒ Object
#valid_token?(token, client_id = 'default') ⇒ Boolean

Class Method Details

.tokens_match?(token_hash, token) ⇒ `Boolean`

# File 'app/models/devise_token_auth/concerns/user.rb', line 8

def self.tokens_match?(token_hash, token)
  @token_equality_cache ||= {}

  key = "#{token_hash}/#{token}"
  result = @token_equality_cache[key] ||= (::BCrypt::Password.new(token_hash) == token)
  if @token_equality_cache.size > 10000
    @token_equality_cache = {}
  end
  result
end

Instance Method Details

#build_auth_header(token, client_id = 'default') ⇒ `Object`

# File 'app/models/devise_token_auth/concerns/user.rb', line 187

def build_auth_header(token, client_id='default')
  # client may use expiry to prevent validation request if expired
  # must be cast as string or headers will break
  expiry = tokens[client_id]['expiry'] || tokens[client_id][:expiry]

  {
    DeviseTokenAuth.headers_names[:"access-token"] => token,
    DeviseTokenAuth.headers_names[:"token-type"]   => "Bearer",
    DeviseTokenAuth.headers_names[:"client"]       => client_id,
    DeviseTokenAuth.headers_names[:"expiry"]       => expiry.to_s,
    DeviseTokenAuth.headers_names[:"uid"]          => uid
  }
end

#build_auth_url(base_url, args) ⇒ `Object`

# File 'app/models/devise_token_auth/concerns/user.rb', line 209

def build_auth_url(base_url, args)
  args[:uid]    = uid
  args[:expiry] = tokens[args[:client_id]]['expiry']

  DeviseTokenAuth::Url.generate(base_url, args)
end

#confirmed? ⇒ `Boolean`



221
222
223

# File 'app/models/devise_token_auth/concerns/user.rb', line 221

def confirmed?
  devise_modules.exclude?(:confirmable) || super
end

#create_new_auth_token(client_id = nil) ⇒ `Object`

update user’s auth token (should happen on each request)

# File 'app/models/devise_token_auth/concerns/user.rb', line 174

def create_new_auth_token(client_id=nil)
  now = Time.zone.now

  client_id, token = create_token(
    client_id: client_id,
    expiry: (now + token_lifespan).to_i,
    last_token: tokens.fetch(client_id, {})['token'],
    updated_at: now
  )

  update_auth_header(token, client_id)
end

#create_token(client_id: nil, token: nil, expiry: nil, **token_extras) ⇒ `Object`

# File 'app/models/devise_token_auth/concerns/user.rb', line 93

def create_token(client_id: nil, token: nil, expiry: nil, **token_extras)
  client_id ||= SecureRandom.urlsafe_base64(nil, false)
  token     ||= SecureRandom.urlsafe_base64(nil, false)
  expiry    ||= (Time.zone.now + token_lifespan).to_i

  self.tokens[client_id] = {
    token: BCrypt::Password.create(token),
    expiry: expiry
  }.merge!(token_extras)

  clean_old_tokens

  [client_id, token, expiry]
end

#extend_batch_buffer(token, client_id) ⇒ `Object`

# File 'app/models/devise_token_auth/concerns/user.rb', line 216

def extend_batch_buffer(token, client_id)
  self.tokens[client_id]['updated_at'] = Time.zone.now
  update_auth_header(token, client_id)
end

#send_confirmation_notification? ⇒ `Boolean`

this must be done from the controller so that additional params can be passed on from the client

133	# File 'app/models/devise_token_auth/concerns/user.rb', line 133 def send_confirmation_notification?; false; end

#token_can_be_reused?(token, client_id) ⇒ `Boolean`

allow batch requests to use the previous token

# File 'app/models/devise_token_auth/concerns/user.rb', line 155

def token_can_be_reused?(token, client_id)
  # ghetto HashWithIndifferentAccess
  updated_at = tokens[client_id]['updated_at'] || tokens[client_id][:updated_at]
  last_token = tokens[client_id]['last_token'] || tokens[client_id][:last_token]

  return true if (
    # ensure that the last token and its creation time exist
    updated_at && last_token &&

    # ensure that previous token falls within the batch buffer throttle time of the last request
    Time.parse(updated_at) > Time.zone.now - DeviseTokenAuth.batch_request_buffer_throttle &&

    # ensure that the token is valid
    ::BCrypt::Password.new(last_token) == token
  )
end

#token_is_current?(token, client_id) ⇒ `Boolean`

# File 'app/models/devise_token_auth/concerns/user.rb', line 136

def token_is_current?(token, client_id)
  # ghetto HashWithIndifferentAccess
  expiry     = tokens[client_id]['expiry'] || tokens[client_id][:expiry]
  token_hash = tokens[client_id]['token'] || tokens[client_id][:token]

  return true if (
    # ensure that expiry and token are set
    expiry && token &&

    # ensure that the token has not yet expired
    DateTime.strptime(expiry.to_s, '%s') > Time.zone.now &&

    # ensure that the token is valid
    DeviseTokenAuth::Concerns::User.tokens_match?(token_hash, token)
  )
end

#token_lifespan ⇒ `Object`



229
230
231

# File 'app/models/devise_token_auth/concerns/user.rb', line 229

def token_lifespan
  DeviseTokenAuth.token_lifespan
end

#token_validation_response ⇒ `Object`



225
226
227

# File 'app/models/devise_token_auth/concerns/user.rb', line 225

def token_validation_response
  as_json(except: [:tokens, :created_at, :updated_at])
end

#update_auth_header(token, client_id = 'default') ⇒ `Object`

# File 'app/models/devise_token_auth/concerns/user.rb', line 201

def update_auth_header(token, client_id='default')
  headers = build_auth_header(token, client_id)
  clean_old_tokens
  save!

  headers
end

#valid_token?(token, client_id = 'default') ⇒ `Boolean`

# File 'app/models/devise_token_auth/concerns/user.rb', line 121

def valid_token?(token, client_id='default')
  return false unless tokens[client_id]
  return true if token_is_current?(token, client_id)
  return true if token_can_be_reused?(token, client_id)

  # return false if none of the above conditions are met
  return false
end

Module: DeviseTokenAuth::Concerns::User

Defined Under Namespace

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.tokens_match?(token_hash, token) ⇒ Boolean

Instance Method Details

#build_auth_header(token, client_id = 'default') ⇒ Object

#build_auth_url(base_url, args) ⇒ Object

#confirmed? ⇒ Boolean

#create_new_auth_token(client_id = nil) ⇒ Object

#create_token(client_id: nil, token: nil, expiry: nil, **token_extras) ⇒ Object

#extend_batch_buffer(token, client_id) ⇒ Object

#send_confirmation_notification? ⇒ Boolean

#token_can_be_reused?(token, client_id) ⇒ Boolean

#token_is_current?(token, client_id) ⇒ Boolean

#token_lifespan ⇒ Object

#token_validation_response ⇒ Object

#update_auth_header(token, client_id = 'default') ⇒ Object

#valid_token?(token, client_id = 'default') ⇒ Boolean