Last active
September 21, 2022 14:24
-
-
Save bosskovic/816623404b60b30726a8 to your computer and use it in GitHub Desktop.
Devise as authentication solution for rails API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/controllers/application_controller.rb | |
class ApplicationController < ActionController::Base | |
acts_as_token_authentication_handler_for User, fallback_to_devise: false | |
respond_to :json | |
protect_from_forgery with: :null_session | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# spec/support/auth_helpers.rb | |
module AuthHelpers | |
def auth_token_to_headers(user) | |
request.headers['X-User-Email'] = "#{user.email}" | |
request.headers['X-User-Token'] = "#{user.authentication_token}" | |
end | |
def clear_auth_token | |
request.headers['X-User-Email'] = nil | |
request.headers['X-User-Token'] = nil | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/controllers/v1/custom_devise/confirmations_controller.rb | |
module V1 | |
module CustomDevise | |
class ConfirmationsController < Devise::ConfirmationsController | |
respond_to :json | |
# GET /resource/confirmation?confirmation_token=abcdef | |
def show | |
self.resource = User.confirm_by_token(params[:confirmation_token]) | |
yield resource if block_given? | |
if resource.errors.empty? | |
render file: 'v1/custom_devise/sessions/create', locals: { current_user: resource} | |
else | |
render file: "#{Rails.root}/public/422.json", status: :unprocessable_entity, locals: { errors: resource.errors.full_messages } | |
end | |
end | |
end | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# config/environment/development.rb | |
config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
config.mailer_sender = '...' | |
config.skip_session_storage = [:http_auth, :token_auth] | |
# if :confirmable | |
config.allow_unconfirmed_access_for = 2.days |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gem 'devise', '3.2.4' | |
gem 'simple_token_authentication', '1.5.0' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rails generate devise:install | |
rails generate devise User |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class DeviseCreateUsers < ActiveRecord::Migration | |
def change | |
create_table(:users) do |t| | |
## Database authenticatable | |
t.string :email, null: false | |
t.string :encrypted_password | |
t.string :first_name, null: false | |
t.string :last_name, null: false | |
t.string :uuid | |
t.string :authentication_token | |
## Recoverable | |
t.string :reset_password_token | |
t.datetime :reset_password_sent_at | |
## Trackable | |
t.integer :sign_in_count, default: 0, null: false | |
t.datetime :current_sign_in_at | |
t.datetime :last_sign_in_at | |
t.string :current_sign_in_ip | |
t.string :last_sign_in_ip | |
## Confirmable | |
t.string :confirmation_token | |
t.datetime :confirmed_at | |
t.datetime :confirmation_sent_at | |
t.string :unconfirmed_email # Only if using reconfirmable | |
t.timestamps | |
end | |
add_index :users, :email, unique: true | |
add_index :users, :reset_password_token, unique: true | |
add_index :users, :authentication_token, unique: true | |
add_index :users, :confirmation_token, unique: true | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/controllers/v1/custom_devise/registrations_controller.rb | |
module V1 | |
module CustomDevise | |
class RegistrationsController < Devise::RegistrationsController | |
respond_to :json | |
acts_as_token_authentication_handler_for User | |
skip_before_filter :authenticate_entity_from_token!, only: [:create] | |
skip_before_filter :authenticate_entity!, only: [:create] | |
skip_before_filter :authenticate_scope! | |
append_before_filter :authenticate_scope!, only: [:destroy] | |
# POST /users | |
def create | |
build_resource(param_keys_to_snake_case(sign_up_params)) | |
if resource.save | |
sign_up(resource_name, resource) | |
render file: 'v1/custom_devise/registrations/create', status: :created | |
else | |
clean_up_passwords resource | |
render file: "#{Rails.root}/public/422.json", status: :unprocessable_entity, locals: { errors: resource.errors.full_messages } | |
end | |
end | |
# DELETE /users/UUID | |
def destroy | |
resource.deactivated_at = DateTime.now | |
resource.save! | |
Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name) | |
end | |
private | |
def sign_up_params | |
params.fetch(:user).permit([:password, :passwordConfirmation, :email, :firstName, :lastName]) | |
end | |
end | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# config/routes.rb | |
Rails.application.routes.draw do | |
scope module: :v1, constraints: ApiConstraints.new(version: 1, default: :true, domain: APPLICATION_DOMAIN), defaults: {format: 'json'} do | |
devise_for :users, controllers: { | |
registrations: 'v1/custom_devise/registrations', | |
confirmations: 'v1/custom_devise/confirmations', | |
sessions: 'v1/custom_devise/sessions' | |
} | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user = User.find_by_email(params[:user_email].presence) | |
if user && Devise.secure_compare(user.authentication_token, params[:user_token]) | |
sign_in user, store: false | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/controllers/v1/custom_devise/sessions_controller.rb | |
module V1 | |
module CustomDevise | |
class SessionsController < Devise::SessionsController | |
respond_to :json | |
acts_as_token_authentication_handler_for User, fallback_to_devise: false | |
skip_before_filter :authenticate_entity_from_token!, only: [:create] | |
skip_before_filter :authenticate_entity!, only: [:create] | |
# POST /users/sign_in | |
def create | |
allow_params_authentication! | |
self.resource = warden.authenticate!(auth_options) | |
reset_token resource | |
render file: 'v1/custom_devise/sessions/create' | |
end | |
# DELETE /users/sign_out | |
def destroy | |
warden.authenticate! | |
reset_token current_user | |
end | |
private | |
def sign_in_params | |
params.fetch(:user).permit([:password, :email]) | |
end | |
def reset_token(resource) | |
resource.authentication_token = nil | |
resource.save! | |
end | |
end | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def generate_authentication_token | |
loop do | |
token = Devise.friendly_token | |
break token unless self.class.exists?(authentication_token: token) | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# models/user.rb | |
class User < ActiveRecord::Base | |
acts_as_token_authenticatable | |
devise :database_authenticatable, :registerable, :recoverable, :trackable, :validatable, :confirmable | |
validates :first_name, presence: true | |
validates :last_name, presence: true | |
# left up to Devise to validate | |
# validates_presence_of :password_confirmation | |
# validates_uniqueness_of :email, case_sensitive: true | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@aleksb86 I'm glad it could be of use to you even though it is quite aged by now. Here's an equally old blog post for which I created those gists:
http://perpetuum-mobile.net/tech/devise-as-authentication-solution-for-rails-api/