Version 2 (nsarno#111)

* Version 2.0 - remove deprecated features

.travis.yml

@@ -2,9 +2,6 @@ language: ruby
 rvm:
   - 2.3.1
   - 2.2.5
-gemfile:
-  - gemfiles/rails_4.gemfile
-  - gemfiles/rails_5.gemfile
 before_script:
   - bundle exec rake db:migrate RAILS_ENV=test
 addons:

CHANGELOG.md

@@ -2,10 +2,13 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased] - unreleased
+## [2.0] - unreleased
 ### Added
 - Configurable unauthorized response by overriding `Authenticable#unauthorized_entity`
 
+### Removed
+- Deprecated features (see deprecated features in version 1.5)
+
 ## [1.5] - 2016-05-29
 ### Added
 - Exception configuration option `Knock.not_found_exception_class_name`

Gemfile

@@ -19,5 +19,4 @@ gem "simplecov", require: false, group: :test
 group :development do
   gem "bundler"
   gem "rake"
-  gem "appraisal"
 end

app/controllers/knock/auth_token_controller.rb

@@ -25,16 +25,10 @@ def auth_token
 
     def entity
       @entity ||=
-        if self.class.name == "Knock::AuthTokenController"
-          warn "[DEPRECATION]: Routing to `AuthTokenController` directly is deprecated. Please use `<Entity Name>TokenController` inheriting from it instead. E.g. `UserTokenController`"
-          warn "[DEPRECATION]: Relying on `Knock.current_user_from_handle` is deprecated. Please implement `User#from_token_request` instead."
-          Knock.current_user_from_handle.call auth_params[Knock.handle_attr]
+        if entity_class.respond_to? :from_token_request
+          entity_class.from_token_request request
         else
-          if entity_class.respond_to? :from_token_request
-            entity_class.from_token_request request
-          else
-            entity_class.find_by email: auth_params[:email]
-          end
+          entity_class.find_by email: auth_params[:email]
         end
     end
 
@@ -47,7 +41,7 @@ def entity_name
     end
 
     def auth_params
-      params.require(:auth).permit Knock.handle_attr, :password
+      params.require(:auth).permit :email, :password
     end
   end
 end

app/model/knock/auth_token.rb

@@ -21,12 +21,7 @@ def entity_for entity_class
       if entity_class.respond_to? :from_token_payload
         entity_class.from_token_payload @payload
       else
-        if entity_class.to_s == "User" && Knock.respond_to?(:current_user_from_token)
-          warn "[DEPRECATION]: `Knock.current_user_from_token` is deprecated. Please implement `User.from_token_payload` instead."
-          Knock.current_user_from_token.call @payload
-        else
-          entity_class.find @payload['sub']
-        end
+        entity_class.find @payload['sub']
       end
     end
 

lib/generators/templates/knock.rb

@@ -1,54 +1,5 @@
 Knock.setup do |config|
 
-  ## [DEPRECATED]
-  ## This is deprecated in favor of `User.from_token_request`.
-  ##
-  ## User handle attribute
-  ## ---------------------
-  ##
-  ## The attribute used to uniquely identify a user.
-  ##
-  ## Default:
-  # config.handle_attr = :email
-
-  ## [DEPRECATED]
-  ## This is deprecated in favor of `User.from_token_request`.
-  ##
-  ## Current user retrieval from handle when signing in
-  ## --------------------------------------------------
-  ##
-  ## This is where you can configure how to retrieve the current user when
-  ## signing in.
-  ##
-  ## Knock uses the `handle_attr` variable to retrieve the handle from the
-  ## AuthTokenController parameters. It also uses the same variable to enforce
-  ## permitted values in the controller.
-  ##
-  ## You must raise an exception if the resource cannot be retrieved.
-  ## The type of the exception is configured in config.not_found_exception_class_name,
-  ## and it is ActiveRecord::RecordNotFound by default
-  ##
-  ## Default:
-  # config.current_user_from_handle = -> (handle) { User.find_by! Knock.handle_attr => handle }
-
-  ## [DEPRECATED]
-  ## This is depreacted in favor of `User.from_token_payload`.
-  ##
-  ## Current user retrieval when validating token
-  ## --------------------------------------------
-  ##
-  ## This is how you can tell Knock how to retrieve the current_user.
-  ## By default, it assumes you have a model called `User` and that
-  ## the user_id is stored in the 'sub' claim.
-  ##
-  ## You must raise an exception if the resource cannot be retrieved.
-  ## The type of the exception is configured in config.not_found_exception_class_name,
-  ## and it is ActiveRecord::RecordNotFound by default
-  ##
-  ## Default:
-  # config.current_user_from_token = -> (claims) { User.find claims['sub'] }
-
-
   ## Expiration claim
   ## ----------------
   ##

lib/knock.rb

@@ -1,16 +1,6 @@
 require "knock/engine"
 
 module Knock
-
-  mattr_accessor :handle_attr
-  self.handle_attr = :email
-
-  mattr_accessor :current_user_from_handle
-  self.current_user_from_handle = -> handle { User.find_by! Knock.handle_attr => handle }
-
-  mattr_accessor :current_user_from_token
-  self.current_user_from_token = -> claims { User.find claims['sub'] }
-
   mattr_accessor :token_lifetime
   self.token_lifetime = 1.day
 

lib/knock/authenticable.rb

@@ -1,9 +1,4 @@
 module Knock::Authenticable
-  def authenticate
-    warn "[DEPRECATION]: `authenticate` is deprecated. Please use `authenticate_user` instead."
-    head(:unauthorized) unless authenticate_for(User)
-  end
-
   def authenticate_for entity_class
     getter_name = "current_#{entity_class.to_s.underscore}"
     define_current_entity_getter(entity_class, getter_name)

lib/knock/version.rb

@@ -1,3 +1,3 @@
 module Knock
-  VERSION = "1.5"
+  VERSION = "2.0"
 end

test/dummy/app/controllers/protected_resources_controller.rb

@@ -1,5 +1,5 @@
 class ProtectedResourcesController < ApplicationController
-  before_action :authenticate
+  before_action :authenticate_user
 
   def index
     head :ok

test/dummy/config/initializers/knock.rb

@@ -4,7 +4,5 @@
   config.token_public_key = nil
   config.token_audience = nil
 
-  config.current_user_from_handle = -> handle { User.find_by(Knock.handle_attr => handle) || raise(Knock::MyCustomException) }
-  config.current_user_from_token = -> claims { User.find_by(id: claims['sub']) || raise(Knock::MyCustomException) }
   config.not_found_exception_class_name = 'Knock::MyCustomException'
 end

test/dummy/test/controllers/admin_token_controller_test.rb

@@ -6,17 +6,17 @@ def setup
   end
 
   test "responds with 404 if user does not exist" do
-    post :create, auth: { email: 'wrong@example.net', password: '' }
+    post :create, params: {auth: { email: 'wrong@example.net', password: '' }}
     assert_response :not_found
   end
 
   test "responds with 404 if password is invalid" do
-    post :create, auth: { email: @admin.email, password: 'wrong' }
+    post :create, params: {auth: { email: @admin.email, password: 'wrong' }}
     assert_response :not_found
   end
 
   test "responds with 201" do
-    post :create, auth: { email: @admin.email, password: 'secret' }
+    post :create, params: {auth: { email: @admin.email, password: 'secret' }}
     assert_response :created
   end
 end

test/dummy/test/controllers/protected_resources_controller_test.rb

@@ -28,12 +28,12 @@ def authenticate token: @token
   end
 
   test "responds with success with token in url" do
-    get :index, token: @token
+    get :index, params: {token: @token}
     assert_response :success
   end
 
   test "responds with unauthorized with invalid token in url" do
-    get :index, token: "invalid"
+    get :index, params: {token: "invalid"}
     assert_response :unauthorized
   end
 

test/dummy/test/controllers/vendor_protected_controller_test.rb

@@ -49,7 +49,7 @@ def invalid_entity_auth
 
   test "raises method missing error appropriately" do
     assert_raises(NoMethodError) do
-      get :show, id: 1
+      get :show, params: {id: 1}
     end
   end
 end

test/dummy/test/controllers/vendor_token_controller_test.rb

@@ -6,17 +6,17 @@ def setup
   end
 
   test "responds with 404 if user does not exist" do
-    post :create, auth: { email: 'wrong@example.net', password: '' }
+    post :create, params: {auth: { email: 'wrong@example.net', password: '' }}
     assert_response :not_found
   end
 
   test "responds with 404 if password is invalid" do
-    post :create, auth: { email: @vendor.email, password: 'wrong' }
+    post :create, params: {auth: { email: @vendor.email, password: 'wrong' }}
     assert_response :not_found
   end
 
   test "responds with 201" do
-    post :create, auth: { email: @vendor.email, password: 'secret' }
+    post :create, params: {auth: { email: @vendor.email, password: 'secret' }}
     assert_response :created
   end
 end

test/model/knock/auth_token_test.rb

@@ -41,7 +41,6 @@ class AuthTokenTest < ActiveSupport::TestCase
 
     test "verify audience when token_audience is present" do
       Knock.token_audience = -> { 'bar' }
-      key = Knock.token_secret_signature_key.call
 
       assert_raises(JWT::InvalidAudError) {
         AuthToken.new token: @token