Implement improvements suggested in issue #1

nsarno · Jul 16, 2015 · 17795c6 · 17795c6
1 parent ae0d7af
commit 17795c6
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,15 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [Unreleased][unreleased]
+### Changed
+- Introduce a way to configure how the current_user is retrieved when
+  validating a token. (#1)
+- Use "sub" claim to store the user id by default instead of "user_id"
+
+### Fixed
+- Decode auth0_client_secret in default configuration for Auth0
+
 ## [1.1.0] - 2015-07-15
 
 ## [1.1.0.rc1] - 2015-07-15

diff --git a/app/controllers/knock/auth_token_controller.rb b/app/controllers/knock/auth_token_controller.rb
@@ -14,7 +14,7 @@ def authenticate!
     end
 
     def auth_token
-      AuthToken.new payload: { user_id: user.id }
+      AuthToken.new payload: { sub: user.id }
     end
 
     def user

diff --git a/lib/generators/templates/knock.rb b/lib/generators/templates/knock.rb
@@ -1,5 +1,16 @@
 Knock.setup do |config|
 
+  ## Current user retrieval when validating token
+  ## --------------------------------------------
+  ##
+  ## This is how you can tell Knock how to retrieve the current_user.
+  ## By default, it assumes you have a model called `User` and that
+  ## the user_id is stored in the 'sub' claim.
+  ##
+  ## Default:
+  # config.current_user_from_token = -> (claims) { User.find claims['sub'] }
+
+
   ## Expiration claim
   ## ----------------
   ##
@@ -31,6 +42,6 @@
   # config.token_secret_signature_key = -> { Rails.application.secrets.secret_key_base }
 
   ## If using Auth0, uncomment the line below
-  # config.token_secret_signature_key = -> { Rails.application.secrets.auth0_client_secret }
+  # config.token_secret_signature_key = -> { JWT.base64url_decode Rails.application.secrets.auth0_client_secret }
 
 end
diff --git a/lib/knock.rb b/lib/knock.rb
@@ -11,6 +11,9 @@ module Knock
   mattr_accessor :token_secret_signature_key
   self.token_secret_signature_key = -> { Rails.application.secrets.secret_key_base }
 
+  mattr_accessor :current_user_from_token
+  self.current_user_from_token = -> (claims) { User.find claims['sub'] }
+
   # Default way to setup Knock. Run rails generate knock_install to create
   # a fresh initializer with all configuration values.
   def self.setup

diff --git a/lib/knock/authenticable.rb b/lib/knock/authenticable.rb
@@ -5,7 +5,7 @@ def authenticate
     begin
       token = request.headers['Authorization'].split(' ').last
       payload, header = Knock::AuthToken.new(token: token).validate!
-      @current_user = User.find(payload['user_id'])
+      @current_user = Knock.current_user_from_token.call(payload)
     rescue
       head :unauthorized
     end

diff --git a/test/dummy/test/controllers/protected_resources_controller_test.rb b/test/dummy/test/controllers/protected_resources_controller_test.rb
@@ -3,7 +3,7 @@
 class ProtectedResourcesControllerTest < ActionController::TestCase
   def authenticate
     @user = users(:one)
-    @token = Knock::AuthToken.new(payload: { user_id: @user.id }).token
+    @token = Knock::AuthToken.new(payload: { sub: @user.id }).token
     @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
   end