bosskovic · September 21, 2022 14:24 · aleksb86 · Aug 22, 2019 · bosskovic · Aug 22, 2019
diff --git a/application_controller.rb b/application_controller.rb
 # app/controllers/application_controller.rb
 class ApplicationController < ActionController::Base
  acts_as_token_authentication_handler_for User, fallback_to_devise: false
  respond_to :json
  protect_from_forgery with: :null_session
 end
diff --git a/auth_helpers.rb b/auth_helpers.rb
 # spec/support/auth_helpers.rb
 module AuthHelpers
  def auth_token_to_headers(user)
    request.headers['X-User-Email'] = "#{user.email}"
    request.headers['X-User-Token'] = "#{user.authentication_token}"
  end

  def clear_auth_token
    request.headers['X-User-Email'] = nil
    request.headers['X-User-Token'] = nil
  end
 end
diff --git a/confirmations_controller.rb b/confirmations_controller.rb
 # app/controllers/v1/custom_devise/confirmations_controller.rb
 module V1
  module CustomDevise
    class ConfirmationsController < Devise::ConfirmationsController
      respond_to :json

      # GET /resource/confirmation?confirmation_token=abcdef
      def show
        self.resource = User.confirm_by_token(params[:confirmation_token])

        yield resource if block_given?

        if resource.errors.empty?
          render file: 'v1/custom_devise/sessions/create', locals: { current_user: resource}
        else
          render file: "#{Rails.root}/public/422.json", status: :unprocessable_entity, locals: { errors: resource.errors.full_messages }
        end
      end

    end
  end
 end
diff --git a/development.rb b/development.rb
 # config/environment/development.rb
 config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
diff --git a/devise.rb b/devise.rb
 config.mailer_sender = '...'
 config.skip_session_storage = [:http_auth, :token_auth]

 # if :confirmable
 config.allow_unconfirmed_access_for = 2.days
diff --git a/Gemfile b/Gemfile
 gem 'devise', '3.2.4'
 gem 'simple_token_authentication', '1.5.0'
diff --git a/generators.sh b/generators.sh
 rails generate devise:install
 rails generate devise User
diff --git a/migration.rb b/migration.rb
 class DeviseCreateUsers < ActiveRecord::Migration
  def change
    create_table(:users) do |t|
      ## Database authenticatable
      t.string :email, null: false
      t.string :encrypted_password

      t.string :first_name, null: false
      t.string :last_name, null: false

      t.string :uuid
      t.string :authentication_token

      ## Recoverable
      t.string :reset_password_token
      t.datetime :reset_password_sent_at

      ## Trackable
      t.integer :sign_in_count, default: 0, null: false
      t.datetime :current_sign_in_at
      t.datetime :last_sign_in_at
      t.string :current_sign_in_ip
      t.string :last_sign_in_ip

      ## Confirmable
      t.string :confirmation_token
      t.datetime :confirmed_at
      t.datetime :confirmation_sent_at
      t.string :unconfirmed_email # Only if using reconfirmable

      t.timestamps
    end

    add_index :users, :email, unique: true
    add_index :users, :reset_password_token, unique: true
    add_index :users, :authentication_token, unique: true
    add_index :users, :confirmation_token,   unique: true
  end
 end
diff --git a/registrations_controller.rb b/registrations_controller.rb
 # app/controllers/v1/custom_devise/registrations_controller.rb
 module V1
  module CustomDevise
    class RegistrationsController < Devise::RegistrationsController

    respond_to :json

      acts_as_token_authentication_handler_for User
      
      skip_before_filter :authenticate_entity_from_token!, only: [:create]
      skip_before_filter :authenticate_entity!, only: [:create]

      skip_before_filter :authenticate_scope!
      append_before_filter :authenticate_scope!, only: [:destroy]


      # POST /users
      def create
        build_resource(param_keys_to_snake_case(sign_up_params))

        if resource.save
          sign_up(resource_name, resource)
          render file: 'v1/custom_devise/registrations/create', status: :created
        else
          clean_up_passwords resource
          render file: "#{Rails.root}/public/422.json", status: :unprocessable_entity, locals: { errors: resource.errors.full_messages }
        end
      end


      # DELETE /users/UUID
      def destroy
        resource.deactivated_at = DateTime.now
        resource.save!
        Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
      end

      private

      def sign_up_params
        params.fetch(:user).permit([:password, :passwordConfirmation, :email, :firstName, :lastName])
      end

    end
  end
 end
diff --git a/routes.rb b/routes.rb
 # config/routes.rb
 Rails.application.routes.draw do

  scope module: :v1, constraints: ApiConstraints.new(version: 1, default: :true, domain: APPLICATION_DOMAIN), defaults: {format: 'json'} do
    devise_for :users, controllers: {
        registrations: 'v1/custom_devise/registrations',
        confirmations: 'v1/custom_devise/confirmations',
        sessions: 'v1/custom_devise/sessions'
    }
  end

 end
diff --git a/secure_compare.rb b/secure_compare.rb
 user = User.find_by_email(params[:user_email].presence)
 
 if user && Devise.secure_compare(user.authentication_token, params[:user_token])
  sign_in user, store: false
 end
diff --git a/sessions_controller.rb b/sessions_controller.rb
 # app/controllers/v1/custom_devise/sessions_controller.rb
 module V1
  module CustomDevise
    class SessionsController < Devise::SessionsController
      respond_to :json

      acts_as_token_authentication_handler_for User, fallback_to_devise: false
      skip_before_filter :authenticate_entity_from_token!, only: [:create]
      skip_before_filter :authenticate_entity!, only: [:create]

      # POST /users/sign_in
      def create
        allow_params_authentication!
        self.resource = warden.authenticate!(auth_options)

        reset_token resource
        render file: 'v1/custom_devise/sessions/create'
      end


      # DELETE /users/sign_out
      def destroy
        warden.authenticate!
        reset_token current_user
      end

      private

      def sign_in_params
        params.fetch(:user).permit([:password, :email])
      end

      def reset_token(resource)
        resource.authentication_token = nil
        resource.save!
      end
    end
  end
 end
diff --git a/token_generation.rb b/token_generation.rb
 def generate_authentication_token
  loop do
    token = Devise.friendly_token
    break token unless self.class.exists?(authentication_token: token)
  end
 end
diff --git a/user.rb b/user.rb
 # models/user.rb
 class User < ActiveRecord::Base
  acts_as_token_authenticatable

  devise :database_authenticatable, :registerable, :recoverable, :trackable, :validatable, :confirmable

  validates :first_name, presence: true
  validates :last_name, presence: true

  # left up to Devise to validate
  # validates_presence_of :password_confirmation
  # validates_uniqueness_of :email, case_sensitive: true
 end
	# app/controllers/application_controller.rb
	class ApplicationController < ActionController::Base
	acts_as_token_authentication_handler_for User, fallback_to_devise: false
	respond_to :json
	protect_from_forgery with: :null_session
	end
	# spec/support/auth_helpers.rb
	module AuthHelpers
	def auth_token_to_headers(user)
	request.headers['X-User-Email'] = "#{user.email}"
	request.headers['X-User-Token'] = "#{user.authentication_token}"
	end

	def clear_auth_token
	request.headers['X-User-Email'] = nil
	request.headers['X-User-Token'] = nil
	end
	end
	# app/controllers/v1/custom_devise/confirmations_controller.rb
	module V1
	module CustomDevise
	class ConfirmationsController < Devise::ConfirmationsController
	respond_to :json

	# GET /resource/confirmation?confirmation_token=abcdef
	def show
	self.resource = User.confirm_by_token(params[:confirmation_token])

	yield resource if block_given?

	if resource.errors.empty?
	render file: 'v1/custom_devise/sessions/create', locals: { current_user: resource}
	else
	render file: "#{Rails.root}/public/422.json", status: :unprocessable_entity, locals: { errors: resource.errors.full_messages }
	end
	end

	end
	end
	end
	# config/environment/development.rb
	config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
	config.mailer_sender = '...'
	config.skip_session_storage = [:http_auth, :token_auth]

	# if :confirmable
	config.allow_unconfirmed_access_for = 2.days
	gem 'devise', '3.2.4'
	gem 'simple_token_authentication', '1.5.0'
	class DeviseCreateUsers < ActiveRecord::Migration
	def change
	create_table(:users) do \|t\|
	## Database authenticatable
	t.string :email, null: false
	t.string :encrypted_password

	t.string :first_name, null: false
	t.string :last_name, null: false

	t.string :uuid
	t.string :authentication_token

	## Recoverable
	t.string :reset_password_token
	t.datetime :reset_password_sent_at

	## Trackable
	t.integer :sign_in_count, default: 0, null: false
	t.datetime :current_sign_in_at
	t.datetime :last_sign_in_at
	t.string :current_sign_in_ip
	t.string :last_sign_in_ip

	## Confirmable
	t.string :confirmation_token
	t.datetime :confirmed_at
	t.datetime :confirmation_sent_at
	t.string :unconfirmed_email # Only if using reconfirmable

	t.timestamps
	end

	add_index :users, :email, unique: true
	add_index :users, :reset_password_token, unique: true
	add_index :users, :authentication_token, unique: true
	add_index :users, :confirmation_token, unique: true
	end
	end
	# app/controllers/v1/custom_devise/registrations_controller.rb
	module V1
	module CustomDevise
	class RegistrationsController < Devise::RegistrationsController

	respond_to :json

	acts_as_token_authentication_handler_for User

	skip_before_filter :authenticate_entity_from_token!, only: [:create]
	skip_before_filter :authenticate_entity!, only: [:create]

	skip_before_filter :authenticate_scope!
	append_before_filter :authenticate_scope!, only: [:destroy]


	# POST /users
	def create
	build_resource(param_keys_to_snake_case(sign_up_params))

	if resource.save
	sign_up(resource_name, resource)
	render file: 'v1/custom_devise/registrations/create', status: :created
	else
	clean_up_passwords resource
	render file: "#{Rails.root}/public/422.json", status: :unprocessable_entity, locals: { errors: resource.errors.full_messages }
	end
	end


	# DELETE /users/UUID
	def destroy
	resource.deactivated_at = DateTime.now
	resource.save!
	Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
	end

	private

	def sign_up_params
	params.fetch(:user).permit([:password, :passwordConfirmation, :email, :firstName, :lastName])
	end

	end
	end
	end
	# config/routes.rb
	Rails.application.routes.draw do

	scope module: :v1, constraints: ApiConstraints.new(version: 1, default: :true, domain: APPLICATION_DOMAIN), defaults: {format: 'json'} do
	devise_for :users, controllers: {
	registrations: 'v1/custom_devise/registrations',
	confirmations: 'v1/custom_devise/confirmations',
	sessions: 'v1/custom_devise/sessions'
	}
	end

	end
	user = User.find_by_email(params[:user_email].presence)

	if user && Devise.secure_compare(user.authentication_token, params[:user_token])
	sign_in user, store: false
	end