Sign upLogin

IcaliaLabs/toll

View on GitHub
Star
README.md

Summary

Maintainability
Test Coverage
[![Code Climate](https://codeclimate.com/github/IcaliaLabs/toll/badges/gpa.svg)](https://codeclimate.com/github/IcaliaLabs/toll)
[![Test Coverage](https://codeclimate.com/github/IcaliaLabs/toll/badges/coverage.svg)](https://codeclimate.com/github/IcaliaLabs/toll/coverage)
[![Issue Count](https://codeclimate.com/github/IcaliaLabs/toll/badges/issue_count.svg)](https://codeclimate.com/github/IcaliaLabs/toll)

# Toll

![Toll](http://cdn2.hubspot.net/hub/42741/file-29805357-jpg/images/toll-booth1-resized-600.jpg)

Toll is a small yet powerful library to help you handle authentication for your Rails API using the right response headers & code.

## Table of contents
- [Quick start](#quick-start)
- [Configuration](#configuration)
- [Sessions Controller Example](#sessions-controller-example)
- [Bug tracker & feature request](#bug-tracker-&-feature-request)
- [Documentation or Installation instructions](#documentation)
- [Contributing](#contributing)
- [Community](#community)
- [Heroes](#heroes)
- [License](#license)


## Quick Start

`toll` is really easy to install, you just need to add it to your Gemfile:

```ruby
gem 'toll'
```

And then execute:

```console
% bundle install
```

## Configuration

After installing the gem, it is highly recommended that you generate the configuration initializer:

```console
% rails g toll:install
```

The last command should create a file under `config/initializers` called `toll.rb`, you can leave the defaults for now.

After that you can start creating models that will be authenticated for the API, commonly a `User` model:

```console
% rails g toll User <attributes>
```

**WATCH OUT: We only support authentication for User models**

The `toll` generator will add an attribute called `authentication_token` for the `User`, but you can call it whatever you want and configure it on the `toll` initializer.

It will also add a `tollify` method to the `User` model which has all the logic to handle the token generation and authentication.

Last thing but really important is to include the `Authenticable` module to the `ApplicationController` or the one you are inheriting from on your API.

**app/controllers/application_controller.rb**

```ruby
class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :null_session

  include Toll::Controllers::Authenticable
end
```

### Session methods

The `Authenticable` module for the controllers provide a set of handy methods, which by the name you may be already familiar with:

```ruby
authenticate! # You can call this method to make sure a user is signed in

current_user # returns the user on 'session'

authenticated? # true or false whether the user is authenticated or not
```

## Sessions Controller Example

We provide a super simple example for a sessions controller using some of the [devise](https://github.com/plataformatec/devise) methods:

```ruby
class SessionsController < ApplicationController
  before_action :authenticate!, only: [:destroy]

  def create
    # session: {
    #  email: "email@example.com",
    #  password: "12345678"
    # }

    user_email = params[:session][:email]
    user_password = params[:session][:password]

    user = user_email.present? && User.find_by(email: user_email)
    # => user
    # => nil

    if user && user.valid_password?(user_password)
        # the authenticate_with_token is provided by the Toll gem
      user.authenticate_with_token
      render json: user, status: :ok
    else
      render json: { session: { errors: "Invalid email or password" }}, status: :unprocessable_entity
    end
  end

  def destroy
     # the sign_out is provided by the Toll gem
     # it is an alias for the authenticate_with_token
    current_user.sign_out
    head :no_content
  end
end
```

## Bug tracker & feature request

Have a bug or a feature request? [Please open a new issue](https://github.com/IcaliaLabs/toll/issues). Before opening any issue, please search for existing issues.

## Contributing

Please submit all pull requests against a separate branch. Although it does not have tests yet, be a nice guy and add some for your feature. We'll be working hard to add them too.

In case you are wondering what to attack, we have a milestone with the version to work, some fixes and refactors. Feel free to start one.

Thanks!

## Heroes

**Abraham Kuri**

+ [http://twitter.com/kurenn](http://twitter.com/kurenn)
+ [http://github.com/kurenn](http://github.com/kurenn)
+ [http://klout.com/#/kurenn](http://klout.com/#/kurenn)

## License

Code and documentation copyright 2015 Icalia Labs. Code released under [the MIT license](LICENSE).