Project

devise_sessionable

0.0
No commit activity in last 3 years
No release in over 3 years
devise_sessionablepapercloud/devise_sessionableHomepageDocumentationSource CodeBug TrackerWiki
Use session objects for token authentication
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
2,347
Stars
1
Forks
0
Watchers
11
 Releases
Current version
0.1.0
Total releases
1
First release
2017-10-25
Latest release
2017-10-25
 Issues
Open Issues
2
Closed Issues
0
Total Issues
2
Issue Closure Rate
0%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
4
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2017-09-06
Reverse Dependencies
0

 Dependencies

Development

appraisal
>= 0
factory_girl_rails
>= 0
pg
>= 0
pry
>= 0
rspec-rails
>= 0
shoulda-matchers
>= 0

Runtime

rails
< 6.0, > 4.2.7
simple_token_authentication
< 2.0, > 1.0
 Project Readme

DeviseSessionable

Devise Sessionable extends the Simple Token Authentication gem into a Session object to allow for easier and more secure token authentication.

Installation

Add this line to your application's Gemfile:

gem 'devise_sessionable'

And then execute:

$ bundle

Or install it yourself as:

$ gem install devise_sessionable

Getting Started

First things first, run the installer:

rails generate devise_sessionable:install

This will generate a migration for the session object.

NOTE: This gem is setup to work with UUIDs as default. If you are NOT using uuids you will need to update the migration to reflect this correctly.

Then simply run:

rails db:migrate

Adding Session Authentication on a Model

simply add acts_as_sessionable to the devise enabled model that you wish to be session authable.

class User < ApplicationRecord
  acts_as_sessionable

  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

Enabling Session Authentication in the Controller

Once you have a model with session authentication enabled on a model, you can start using it in your controller with just a few simple steps.

First, you need to put your controllers behind a layer of token authentication:

module Api
  module V1
    class ApiController < ApplicationController
      acts_as_token_authentication_handler_for DeviseSessionable::Session,
                                               as: :session,
                                               fallback: :exception
    end
  end
end

Secondly, because we are using the Session to authenticate, but are actually authenticating a User, we need to define the current_authable scope in our ApiController

private 

def current_authable
  current_user
end

Finally, we need to setup our Simple Token Authentication to refer to the sessions id when authenticating

# config/initializers/simple_token_authentication.rb

SimpleTokenAuthentication.configure do |config|
  config.identifiers = { session: 'id' }
end

(This is something that we plan to integrate into the gem itself in a future release)

Using Sessions for Authentication

Now that we have everything in place, we can authenticate using our new session objects. How you want to handle the creation, deletion and expiration of sessions is up to you, all the gem cares about is that a valid session is passed through to authenticate.

Underneath the gem we are still using the Simple Token Authentication gem to handle authentication, the usage is essentially the same, and you can refer to their documentation here

Default Header Keys:

  'X-Session-Id' => session.id,
  'X-Session-Token' => session.authentication_token

These can be overidden in the SimpleTokenAuthentication initializer, using the same methods the base gem uses.

License

The gem is available as open source under the terms of the MIT License.