new authentication gem and tests;

Gemfile

@@ -38,7 +38,7 @@ group :development, :test do
 end
 
 # Docs
-gem 'raddocs'
+gem 'raddocs', github: 'smartlogic/raddocs'
 
 # Use ActiveModel has_secure_password
 # gem 'bcrypt', '~> 3.1.7'
@@ -68,11 +68,9 @@ gem 'rack-cors'
 
 # Authentication and Authorization
 gem 'devise'
+gem 'devise_token_auth'
 gem 'cancan'
 
 gem 'activeadmin', github: 'gregbell/active_admin'
 
-gem 'exception_notification', group: [:production, :staging]
-
-
-# gem 'doorkeeper'
+gem 'airbrake'

app/controllers/api_controller.rb

@@ -0,0 +1,28 @@
+class ApiController < ActionController::Base
+  include DeviseTokenAuth::Concerns::SetUserByToken
+  protect_from_forgery with: :null_session
+
+  before_filter :set_locale
+  before_action :set_client_info
+
+
+  private
+  def set_locale
+    begin
+      I18n.locale = request.env['HTTP_ACCEPT_LANGUAGE'].scan(/^[a-z]{2}/).first unless request.env['HTTP_ACCEPT_LANGUAGE'].nil?
+    rescue
+      logger.error 'Invalid locale. HTTP_ACCEPT_LANGUAGE = ' + request.env['HTTP_ACCEPT_LANGUAGE'].to_s
+    end
+  end
+
+  def set_client_info
+    @client_platform = @client_version = nil
+    begin
+      unless request.headers['Client-Version'].blank?
+        @client_platform, @client_version = request.headers['Client-Version'].split('/')
+      end
+    rescue
+      logger.error 'Bad Client-Version header provided by client: ' + request.env['Client-Version']
+    end
+  end
+end

app/controllers/application_controller.rb

@@ -2,51 +2,5 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
-  protect_from_forgery with: :null_session, :if => Proc.new { |c| c.request.format == 'application/json'}
 
-  before_filter :set_locale
-  before_action :set_client_info
-
-
-  ## TOKEN AUTH (FROM: http://www.soryy.com/blog/2014/apis-with-devise/)
-  def authenticate_user_from_token!
-    user_email = request.headers["X-API-EMAIL"].presence        # If it's needed check on USERNAME in place of EMAIL show changes on commit beacon-backend/92f6c98  -  https://bitbucket.org/micred/beacon-backend/commits/92f6c9853f2051fc36561a68e6d4473c0a598642
-    user_auth_token = request.headers["X-API-TOKEN"].presence
-    user = user_email && User.find(email: user_email)
-    if user && Devise.secure_compare(user.authentication_token, user_auth_token)
-      sign_in(user, store: false)
-    end
-  end
-
-  #TODO: Change to reflect format and uncomment check_authorization
-  # Fix for CanCan/Strong Parameters (expecting format ex: /api/v1/resource)
-  after_filter do
-    resource = controller_path.singularize.gsub(/api\/v[\d]+\//i, '').gsub('/', '_')
-    method = "#{resource}_params"
-    params[resource] &&= send(method) if respond_to?(method, true)
-  end
-
-  # Enable CanCan authorization by default
-  # check_authorization unless: :devise_controller?
-
-
-  private
-   def set_locale
-     begin
-       I18n.locale = request.env['HTTP_ACCEPT_LANGUAGE'].scan(/^[a-z]{2}/).first unless request.env['HTTP_ACCEPT_LANGUAGE'].nil?
-     rescue
-       logger.error 'Invalid locale. HTTP_ACCEPT_LANGUAGE = ' + request.env['HTTP_ACCEPT_LANGUAGE'].to_s
-     end
-   end
-
-  def set_client_info
-      @client_platform = @client_version = nil
-      begin
-        unless request.headers['Client-Version'].blank?
-          @client_platform, @client_version = request.headers['Client-Version'].split('/')
-        end
-      rescue
-        logger.error 'Bad Client-Version header provided by client: ' + request.env['Client-Version']
-      end
-    end
 end

app/models/admin_user.rb

@@ -1,3 +1,27 @@
+# == Schema Information
+#
+# Table name: admin_users
+#
+#  id                     :integer          not null, primary key
+#  email                  :string           default(""), not null
+#  encrypted_password     :string           default(""), not null
+#  reset_password_token   :string
+#  reset_password_sent_at :datetime
+#  remember_created_at    :datetime
+#  sign_in_count          :integer          default("0"), not null
+#  current_sign_in_at     :datetime
+#  last_sign_in_at        :datetime
+#  current_sign_in_ip     :string
+#  last_sign_in_ip        :string
+#  created_at             :datetime
+#  updated_at             :datetime
+#
+# Indexes
+#
+#  index_admin_users_on_email                 (email) UNIQUE
+#  index_admin_users_on_reset_password_token  (reset_password_token) UNIQUE
+#
+
 class AdminUser < ActiveRecord::Base
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable and :omniauthable

app/models/user.rb

@@ -1,13 +1,46 @@
-class User < ActiveRecord::Base
-  # Include default devise modules. Others available are:
-  # :confirmable, :lockable, :timeoutable, :registerable, and :omniauthable
-  devise :database_authenticatable, :recoverable, :rememberable, :trackable
+# == Schema Information
+#
+# Table name: users
+#
+#  id                     :integer          not null, primary key
+#  provider               :string           not null
+#  uid                    :string           default(""), not null
+#  encrypted_password     :string           default(""), not null
+#  reset_password_token   :string
+#  reset_password_sent_at :datetime
+#  remember_created_at    :datetime
+#  sign_in_count          :integer          default("0"), not null
+#  current_sign_in_at     :datetime
+#  last_sign_in_at        :datetime
+#  current_sign_in_ip     :string
+#  last_sign_in_ip        :string
+#  confirmation_token     :string
+#  confirmed_at           :datetime
+#  confirmation_sent_at   :datetime
+#  unconfirmed_email      :string
+#  name                   :string
+#  nickname               :string
+#  image                  :string
+#  email                  :string
+#  tokens                 :text
+#  created_at             :datetime
+#  updated_at             :datetime
+#
+# Indexes
+#
+#  index_users_on_confirmation_token    (confirmation_token) UNIQUE
+#  index_users_on_email                 (email)
+#  index_users_on_reset_password_token  (reset_password_token) UNIQUE
+#  index_users_on_uid_and_provider      (uid,provider) UNIQUE
+#
 
-  before_save :ensure_authentication_token!
+class User < ActiveRecord::Base
+  # Include default devise modules. Now disabled: :omniauthable
+  devise :database_authenticatable, :registerable,
+          :recoverable, :rememberable, :trackable, :validatable,
+          :confirmable
+  include DeviseTokenAuth::Concerns::User
 
-  def generate_secure_token_string
-    SecureRandom.urlsafe_base64(25).tr('lIO0', 'sxyz')
-  end
 
   # Sarbanes-Oxley Compliance: http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act
   def password_complexity
@@ -16,39 +49,12 @@ def password_complexity
     end
   end
 
-  def password_presence
-    password.present? && password_confirmation.present?
-  end
-
-  def password_match
-    password == password_confirmation
-  end
-
-  def ensure_authentication_token!
-    if authentication_token.blank?
-      self.authentication_token = generate_authentication_token
-    end
-  end
-
-  def generate_authentication_token
-    loop do
-      token = generate_secure_token_string
-      break token unless User.where(authentication_token: token).first
-    end
-  end
-
-  def reset_authentication_token!
-    self.authentication_token = generate_authentication_token
-    save!(validate: false)
-  end
-
-
-  def as_json(options = {})
-    super(options.merge(
-              # :methods => [...],
-              # :only => [...],
-              # :include => [...],
-              :except => [:created_at, :updated_at]
-          ))
-  end
+  # def as_json(options = {})
+  #   super(options.merge(
+  #             # :methods => [...],
+  #             # :only => [...],
+  #             # :include => [...],
+  #             :except => [:created_at, :updated_at]
+  #         ))
+  # end
 end

config/application.rb

@@ -31,18 +31,9 @@ class Application < Rails::Application
         resource '*',
                  :methods => [:get, :post, :put, :patch, :delete, :options],
                  :headers => :any, #['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Accept-Encoding', 'Authorization', 'Content-Disposition', 'Client-Version', 'Accept-Language'], # ALL headers must be specified
-                 # :expose  => ['Some-Custom-Response-Header'],
+                 :expose  => ['access-token', 'expiry', 'token-type', 'uid', 'client'],
                  :max_age => 600
       end
     end
-
-    config.paperclip_defaults = {
-        :storage => :s3,
-        :s3_credentials => {
-            :bucket => ENV['s3_bucket'],
-            :access_key_id => ENV['aws_access_key_id'],
-            :secret_access_key => ENV['aws_secret_access_key']
-        }
-    }
   end
 end

config/deploy.rb

@@ -1,5 +1,5 @@
 # config valid only for Capistrano 3.1
-lock '3.3.5'
+lock '3.4.0'
 
 set :application,   "xxx_#{fetch(:stage)}"
 set :repo_url, 'git@bitbucket.org:xxx/xxx.git'

config/environments/development.rb

@@ -14,7 +14,7 @@
   config.action_controller.perform_caching = false
 
   # Don't care if the mailer can't send.
-  config.action_mailer.raise_delivery_errors = false
+  config.action_mailer.raise_delivery_errors = true
 
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
@@ -48,4 +48,5 @@
   ActionMailer::Base.default :from => ENV['smtp_username']
 
   # config.action_mailer.perform_deliveries = true   ### Uncomment to send email in development.
+
 end

config/environments/production.rb

@@ -20,7 +20,7 @@
   # config.action_dispatch.rack_cache = true
 
   # Disable Rails's static asset server (Apache or nginx will already do this).
-  config.serve_static_assets = false
+  config.serve_static_files = false
 
   # Compress JavaScripts and CSS.
   config.assets.js_compressor = :uglifier
@@ -93,10 +93,4 @@
 
   ActionMailer::Base.default :from => ENV['smtp_username']
 
-  config.middleware.use ExceptionNotification::Rack,
-                        :email => {
-                            :email_prefix => "[Exception][NUOVO-PROGETTO] ",
-                            :sender_address => %{"Nuovo progetto" <support@moku.io>},
-                            :exception_recipients => %w{michele@moku.io}
-                        }
 end

config/environments/staging.rb

@@ -20,7 +20,7 @@
   # config.action_dispatch.rack_cache = true
 
   # Disable Rails's static asset server (Apache or nginx will already do this).
-  config.serve_static_assets = false
+  config.serve_static_files = false
 
   # Compress JavaScripts and CSS.
   config.assets.js_compressor = :uglifier
@@ -93,10 +93,4 @@
 
   ActionMailer::Base.default :from => ENV['smtp_username']
 
-  config.middleware.use ExceptionNotification::Rack,
-                        :email => {
-                            :email_prefix => "[Exception][NUOVO-PROGETTO] ",
-                            :sender_address => %{"Nuovo progetto" <support@moku.io>},
-                            :exception_recipients => %w{michele@moku.io}
-                        }
 end

config/environments/test.rb

@@ -13,7 +13,7 @@
   config.eager_load = false
 
   # Configure static asset server for tests with Cache-Control for performance.
-  config.serve_static_assets  = true
+  config.serve_static_files  = true
   config.static_cache_control = 'public, max-age=3600'
 
   # Show full error reports and disable caching.
@@ -36,4 +36,6 @@
 
   # Raises error for missing translations
   # config.action_view.raise_on_missing_translations = true
+
+  config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
 end

config/initializers/active_admin.rb

@@ -5,7 +5,7 @@
   # Set the title that is displayed on the main layout
   # for each of the active admin pages.
   #
-  config.site_title = "BASE"
+  config.site_title = "MyAdmin"
 
   # Set the link url for the title. For example, to take
   # users to your main site. Defaults to no link.

config/initializers/airbrake.rb

@@ -1,5 +1,5 @@
 Airbrake.configure do |config|
-  config.api_key = 'f79efa94c209cbe1ef0602c79beb5771'
+  config.api_key = '02beb6911647332863601a3164e7f836'
   config.host    = 'errors.moku.io'
   config.port    = 80
   config.secure  = config.port == 443

config/initializers/devise_token_auth.rb

@@ -0,0 +1,22 @@
+DeviseTokenAuth.setup do |config|
+  # By default the authorization headers will change after each request. The
+  # client is responsible for keeping track of the changing tokens. Change
+  # this to false to prevent the Authorization header from changing after
+  # each request.
+  #config.change_headers_on_each_request = true
+
+  # By default, users will need to re-authenticate after 2 weeks. This setting
+  # determines how long tokens will remain valid after they are issued.
+  config.token_lifespan = 15.days
+
+  # Sometimes it's necessary to make several requests to the API at the same
+  # time. In this case, each request in the batch will need to share the same
+  # auth token. This setting determines how far apart the requests can be while
+  # still using the same auth token.
+  #config.batch_request_buffer_throttle = 5.seconds
+
+  # This route will be the prefix for all oauth2 redirect callbacks. For
+  # example, using the default '/omniauth', the github oauth2 provider will
+  # redirect successful authentications to '/omniauth/github/callback'
+  #config.omniauth_prefix = "/omniauth"
+end

config/locales/en.yml

@@ -19,5 +19,4 @@
 # To learn more, please read the Rails Internationalization guide
 # available at http://guides.rubyonrails.org/i18n.html.
 
-en:
-  active_admin:
+en: