README.md in token_authenticate_me-0.5.3 vs README.md in token_authenticate_me-0.5.4

- old
+ new

@@ -8,29 +8,35 @@ Add the gem to your Gemfile: `gem token_authenticate_me` Run `bundle install` to install it. -To add or create a user with token authentication run: -`rails generate token_authenticate_me:install <model>` +To install run the following: +`rails generate token_authenticate_me:install` -Replace `<model>` with the class name used for users. This will create the necessary migration files, and optionally create the model file if it does not exist. +Include `TokenAuthenticateMe::Concerns::Controllers::TokenAuthenticateable` into api controllers that require authorization: +````rb +require 'token_authenticate_me/concerns/controllers/token_authenticateable' -**Right now this gem only supports creating the authentication model `User`, so it is recommended to call `rails generate token_authenticate_me:install user`** +class ApiController < ApplicationController + include TokenAuthenticateMe::Concerns::Controllers::TokenAuthenticateable -Include TokenAuthenticateMe::TokenAuthentication into the application controller or any controllers that require authorization: -````rb -require 'token_authenticate_me/controllers/token_authenticateable' + skip_before_filter :verify_authenticity_token # CSRF is not needed for header or param based auth -class ApplicationController < ActionController::Base - force_ssl if Rails.env.production? + #... +end +```` +Include `TokenAuthenticateMe::Concerns::Controllers::SessionAuthenticateable` into server rendered page controllers that require authorization: +````rb +require 'token_authenticate_me/concerns/controllers/session_authenticateable' + +class AuthenticatedController < ApplicationController # Prevent CSRF attacks by raising an exception. - # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception - include TokenAuthenticateMe::Controllers::TokenAuthenticateable + include TokenAuthenticateMe::Concerns::Controllers::SessionAuthenticateable #... end ```` @@ -42,29 +48,18 @@ skip_before_action :authenticate, only: [:create] end ```` ## Authentication Model -The model that is used for authentication will need to have `include TokenAuthenticateMe::Models::Authenticatable`. This will automatically happen if you use the generator. +The model has 3 concerns: +* [Authenticatable](https://github.com/wildland/token_authenticate_me/blob/master/lib/token_authenticate_me/concerns/models/authenticatable.rb) +* [Invitable](https://github.com/wildland/token_authenticate_me/blob/master/lib/token_authenticate_me/concerns/models/invitable.rb) +* [Sessionable](https://github.com/wildland/token_authenticate_me/blob/master/lib/token_authenticate_me/concerns/models/sessionable.rb) -If you did not use the generator, this module expects the model to have the following attributes: -* `email:string` -* `password_digest:string` -* `username:string` -* `reset_password_token:string` -* `reset_password_token_exp:datetime` - -This model will have a set of [validators](https://github.com/inigo-llc/token_authenticate_me/blob/master/lib/token_authenticate_me/models/authenticatable.rb#L11) added to it. - *tl;dr*: * `email` is required, can't be blank, is unique (case insensitive), and must look like an email address. * `password` is required, can not be blank, it must be confirmed (`password_confirmation`), and must be between 8 and 72 characters long. If the model has been persisted `password` can be blank or `nil` which indicates that it should not be changed and will be ignored. * `username` is required, can't be blank, is unique (case insensitive), and only allows alphanumeric values. * To change the `password` or `email` after the model has been persisted, you will need to provide the current password as `current_password`. - -#### TODO: -- [ ] Make it so any resource name can be used for authentication (initial thought is either specify the default or pass resource name in token string?). -- [ ] Allow users to specify the API namespace default. -- [ ] Add a way to override/change/configure validations. ## Code Of Conduct Wildland Open Source [Code Of Conduct](https://github.com/wildland/code-of-conduct)