Mounted engine for creating tokens (#4)

Author: marcqualie

config/routes.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+Tokenable::Engine.routes.draw do
+  post '/', to: 'tokens#create'
+end

lib/tokenable.rb

@@ -6,7 +6,6 @@
 
 module Tokenable
   class Error < StandardError; end
-  class Unauthorized < Error; end
 
-  # Your code goes here...
+  class Unauthorized < Error; end
 end

lib/tokenable/authable.rb

@@ -38,6 +38,17 @@ def token_from_header
       headers['Authorization'].to_s.split(' ').last
     end
 
+    def token_from_user(user_id)
+      jwt_data = {
+        user_id: user_id,
+      }
+      jwt_token = JWT.encode(jwt_data, jwt_secret, 'HS256')
+      {
+        user_id: user_id,
+        token: jwt_token,
+      }
+    end
+
     def jwt_user_id
       jwt['data']['user_id']
     end

lib/tokenable/controllers/tokens_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Tokenable
+  class TokensController < ::ActionController::API
+    include Authable
+
+    def create
+      user_id, = User.from_params(params)
+      raise Tokenable::Unauthorized unless user_id
+
+      token = token_from_user(user_id)
+      render json: { data: token }, status: 201
+    end
+  end
+end

lib/tokenable/engine.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require_relative 'controllers/tokens_controller'
+require_relative 'strategies/devise'
+require_relative 'strategies/secure_password'
+
+module Tokenable
+  class Engine < ::Rails::Engine
+    isolate_namespace Tokenable
+  end
+end

lib/tokenable/railtie.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'authable'
+require_relative 'engine'
 
 module Tokebale
   class Railtie < ::Rails::Railtie

lib/tokenable/strategies/devise.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Tokenable
+  module Strategies
+    module Devise
+      extend ActiveSupport::Concern
+
+      class_methods do
+        # @return [string, nil] Returns user_id + revocation key (not used yet)
+        def from_params(params)
+          email, password = parse_auth_params(params)
+
+          user = User.find_by(email: email)
+          return nil unless user
+
+          return nil unless user.valid_password?(password)
+
+          [user.id, nil]
+        end
+
+        private
+
+        def parse_auth_params(params)
+          [
+            params.require(:email),
+            params.require(:password),
+          ]
+        end
+      end
+    end
+  end
+end

lib/tokenable/strategies/secure_password.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Tokenable
+  module Strategies
+    module SecurePassword
+      extend ActiveSupport::Concern
+
+      class_methods do
+        # @return [string, nil] Returns user_id + revocation key (not used yet)
+        def from_params(params)
+          email, password = parse_auth_params(params)
+
+          user = User.select(:id, :password_digest).find_by(email: email)
+          return nil unless user
+
+          return nil unless user.authenticate(password)
+
+          [user.id, nil]
+        end
+
+        private
+
+        def parse_auth_params(params)
+          [
+            params.require(:email),
+            params.require(:password),
+          ]
+        end
+      end
+    end
+  end
+end

spec/spec_helper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # This file was generated by the `rspec --init` command. Conventionally, all
 # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
 # The generated `.rspec` file contains `--require spec_helper` which will cause
@@ -44,57 +46,55 @@
   # triggering implicit auto-inclusion in groups with matching metadata.
   config.shared_context_metadata_behavior = :apply_to_host_groups
 
-# The settings below are suggested to provide a good initial experience
-# with RSpec, but feel free to customize to your heart's content.
-=begin
-  # This allows you to limit a spec run to individual examples or groups
-  # you care about by tagging them with `:focus` metadata. When nothing
-  # is tagged with `:focus`, all examples get run. RSpec also provides
-  # aliases for `it`, `describe`, and `context` that include `:focus`
-  # metadata: `fit`, `fdescribe` and `fcontext`, respectively.
-  config.filter_run_when_matching :focus
-
-  # Allows RSpec to persist some state between runs in order to support
-  # the `--only-failures` and `--next-failure` CLI options. We recommend
-  # you configure your source control system to ignore this file.
-  config.example_status_persistence_file_path = "spec/examples.txt"
-
-  # Limits the available syntax to the non-monkey patched syntax that is
-  # recommended. For more details, see:
-  #   - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
-  #   - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
-  #   - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
-  config.disable_monkey_patching!
-
-  # This setting enables warnings. It's recommended, but in some cases may
-  # be too noisy due to issues in dependencies.
-  config.warnings = true
-
-  # Many RSpec users commonly either run the entire suite or an individual
-  # file, and it's useful to allow more verbose output when running an
-  # individual spec file.
-  if config.files_to_run.one?
-    # Use the documentation formatter for detailed output,
-    # unless a formatter has already been configured
-    # (e.g. via a command-line flag).
-    config.default_formatter = "doc"
-  end
-
-  # Print the 10 slowest examples and example groups at the
-  # end of the spec run, to help surface which specs are running
-  # particularly slow.
-  config.profile_examples = 10
-
-  # Run specs in random order to surface order dependencies. If you find an
-  # order dependency and want to debug it, you can fix the order by providing
-  # the seed, which is printed after each run.
-  #     --seed 1234
-  config.order = :random
-
-  # Seed global randomization in this process using the `--seed` CLI option.
-  # Setting this allows you to use `--seed` to deterministically reproduce
-  # test failures related to randomization by passing the same `--seed` value
-  # as the one that triggered the failure.
-  Kernel.srand config.seed
-=end
+  # The settings below are suggested to provide a good initial experience
+  # with RSpec, but feel free to customize to your heart's content.
+  #   # This allows you to limit a spec run to individual examples or groups
+  #   # you care about by tagging them with `:focus` metadata. When nothing
+  #   # is tagged with `:focus`, all examples get run. RSpec also provides
+  #   # aliases for `it`, `describe`, and `context` that include `:focus`
+  #   # metadata: `fit`, `fdescribe` and `fcontext`, respectively.
+  #   config.filter_run_when_matching :focus
+  #
+  #   # Allows RSpec to persist some state between runs in order to support
+  #   # the `--only-failures` and `--next-failure` CLI options. We recommend
+  #   # you configure your source control system to ignore this file.
+  #   config.example_status_persistence_file_path = "spec/examples.txt"
+  #
+  #   # Limits the available syntax to the non-monkey patched syntax that is
+  #   # recommended. For more details, see:
+  #   #   - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
+  #   #   - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   #   - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
+  #   config.disable_monkey_patching!
+  #
+  #   # This setting enables warnings. It's recommended, but in some cases may
+  #   # be too noisy due to issues in dependencies.
+  #   config.warnings = true
+  #
+  #   # Many RSpec users commonly either run the entire suite or an individual
+  #   # file, and it's useful to allow more verbose output when running an
+  #   # individual spec file.
+  #   if config.files_to_run.one?
+  #     # Use the documentation formatter for detailed output,
+  #     # unless a formatter has already been configured
+  #     # (e.g. via a command-line flag).
+  #     config.default_formatter = "doc"
+  #   end
+  #
+  #   # Print the 10 slowest examples and example groups at the
+  #   # end of the spec run, to help surface which specs are running
+  #   # particularly slow.
+  #   config.profile_examples = 10
+  #
+  #   # Run specs in random order to surface order dependencies. If you find an
+  #   # order dependency and want to debug it, you can fix the order by providing
+  #   # the seed, which is printed after each run.
+  #   #     --seed 1234
+  #   config.order = :random
+  #
+  #   # Seed global randomization in this process using the `--seed` CLI option.
+  #   # Setting this allows you to use `--seed` to deterministically reproduce
+  #   # test failures related to randomization by passing the same `--seed` value
+  #   # as the one that triggered the failure.
+  #   Kernel.srand config.seed
 end

spec/tokenable_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 
 describe Tokenable do