Refactor token creation

Author: MaicolBen

app/controllers/devise_token_auth/confirmations_controller.rb

@@ -4,20 +4,12 @@ def show
       @resource = resource_class.confirm_by_token(params[:confirmation_token])
 
       if @resource && @resource.id
-        # create client id
-        client_id  = SecureRandom.urlsafe_base64(nil, false)
-        token      = SecureRandom.urlsafe_base64(nil, false)
-        token_hash = BCrypt::Password.create(token)
-        expiry     = (Time.now + @resource.token_lifespan).to_i
-
-        if defined? @resource.sign_in_count && @resource.sign_in_count > 0
+        expiry = nil
+        if defined?(@resource.sign_in_count) && @resource.sign_in_count > 0
           expiry = (Time.now + 1.second).to_i
         end
 
-        @resource.tokens[client_id] = {
-          token:  token_hash,
-          expiry: expiry
-        }
+        client_id, token = @resource.create_token expiry: expiry
 
         sign_in(@resource)
         @resource.save!

app/controllers/devise_token_auth/omniauth_callbacks_controller.rb

@@ -27,7 +27,6 @@ def redirect_callbacks
 
     def omniauth_success
       get_resource_from_auth_hash
-      create_token_info
       set_token_on_resource
       create_auth_params
 
@@ -156,14 +155,6 @@ def set_random_password
         @resource.password_confirmation = p
     end
 
-    def create_token_info
-      # create token info
-      @client_id = SecureRandom.urlsafe_base64(nil, false)
-      @token     = SecureRandom.urlsafe_base64(nil, false)
-      @expiry    = (Time.now + @resource.token_lifespan).to_i
-      @config    = omniauth_params['config_name']
-    end
-
     def create_auth_params
       @auth_params = {
         auth_token:     @token,
@@ -177,10 +168,8 @@ def create_auth_params
     end
 
     def set_token_on_resource
-      @resource.tokens[@client_id] = {
-        token: BCrypt::Password.create(@token),
-        expiry: @expiry
-      }
+      @config = omniauth_params['config_name']
+      @client_id, @token, @expiry = @resource.create_token
     end
 
     def render_data(message, data)

app/controllers/devise_token_auth/passwords_controller.rb

@@ -55,15 +55,7 @@ def edit
       @resource = with_reset_password_token(resource_params[:reset_password_token])
 
       if @resource && @resource.reset_password_period_valid?
-        client_id  = SecureRandom.urlsafe_base64(nil, false)
-        token      = SecureRandom.urlsafe_base64(nil, false)
-        token_hash = BCrypt::Password.create(token)
-        expiry     = (Time.now + @resource.token_lifespan).to_i
-
-        @resource.tokens[client_id] = {
-          token:  token_hash,
-          expiry: expiry
-        }
+        client_id, token = @resource.create_token
 
         # ensure that user is confirmed
         @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at

app/controllers/devise_token_auth/registrations_controller.rb

@@ -54,13 +54,7 @@ def create
 
           else
             # email auth has been bypassed, authenticate user
-            @client_id = SecureRandom.urlsafe_base64(nil, false)
-            @token     = SecureRandom.urlsafe_base64(nil, false)
-
-            @resource.tokens[@client_id] = {
-              token: BCrypt::Password.create(@token),
-              expiry: (Time.now + @resource.token_lifespan).to_i
-            }
+            @client_id, @token = @resource.create_token
 
             @resource.save!
 

app/controllers/devise_token_auth/sessions_controller.rb

@@ -25,14 +25,7 @@ def create
           render_create_error_bad_credentials
           return
         end
-        # create client id
-        @client_id = SecureRandom.urlsafe_base64(nil, false)
-        @token     = SecureRandom.urlsafe_base64(nil, false)
-
-        @resource.tokens[@client_id] = {
-          token: BCrypt::Password.create(@token),
-          expiry: (Time.now + @resource.token_lifespan).to_i
-        }
+        @client_id, @token = @resource.create_token
         @resource.save
 
         sign_in(:user, @resource, store: false, bypass: false)

app/controllers/devise_token_auth/unlocks_controller.rb

@@ -35,16 +35,7 @@ def show
       @resource = resource_class.unlock_access_by_token(params[:unlock_token])
 
       if @resource && @resource.id
-        client_id  = SecureRandom.urlsafe_base64(nil, false)
-        token      = SecureRandom.urlsafe_base64(nil, false)
-        token_hash = BCrypt::Password.create(token)
-        expiry     = (Time.now + DeviseTokenAuth.token_lifespan).to_i
-
-        @resource.tokens[client_id] = {
-          token:  token_hash,
-          expiry: expiry
-        }
-
+        client_id, token = @resource.create_token
         @resource.save!
         yield @resource if block_given?
 

app/models/devise_token_auth/concerns/user.rb

@@ -106,6 +106,17 @@ def send_unlock_instructions(opts=nil)
       send_devise_notification(:unlock_instructions, raw, opts)
       raw
     end
+
+    def create_token(client_id: nil, token: nil, expiry: nil)
+      client_id ||= SecureRandom.urlsafe_base64(nil, false)
+      token ||= SecureRandom.urlsafe_base64(nil, false)
+      expiry ||= (Time.now + token_lifespan).to_i
+      tokens[client_id] = {
+        token: BCrypt::Password.create(token),
+        expiry: expiry
+      }
+      [client_id, token, expiry]
+    end
   end
 
   module ClassMethods

test/dummy/app/controllers/overrides/confirmations_controller.rb

@@ -4,17 +4,7 @@ def show
       @resource = resource_class.confirm_by_token(params[:confirmation_token])
 
       if @resource and @resource.id
-        # create client id
-        client_id  = SecureRandom.urlsafe_base64(nil, false)
-        token      = SecureRandom.urlsafe_base64(nil, false)
-        token_hash = BCrypt::Password.create(token)
-        expiry     = (Time.now + @resource.token_lifespan).to_i
-
-        @resource.tokens[client_id] = {
-          token:  token_hash,
-          expiry: expiry
-        }
-
+        client_id, token = @resource.create_token
         @resource.save!
 
         redirect_header_options = {

test/dummy/app/controllers/overrides/passwords_controller.rb

@@ -9,15 +9,7 @@ def edit
       })
 
       if @resource and @resource.id
-        client_id  = SecureRandom.urlsafe_base64(nil, false)
-        token      = SecureRandom.urlsafe_base64(nil, false)
-        token_hash = BCrypt::Password.create(token)
-        expiry     = (Time.now + @resource.token_lifespan).to_i
-
-        @resource.tokens[client_id] = {
-          token:  token_hash,
-          expiry: expiry
-        }
+        client_id, token = @resource.create_token
 
         # ensure that user is confirmed
         @resource.skip_confirmation! unless @resource.confirmed_at

test/dummy/app/controllers/overrides/sessions_controller.rb

@@ -6,14 +6,7 @@ def create
       @resource = resource_class.find_by(email: resource_params[:email])
 
       if @resource and valid_params?(:email, resource_params[:email]) and @resource.valid_password?(resource_params[:password]) and @resource.confirmed?
-        # create client id
-        @client_id = SecureRandom.urlsafe_base64(nil, false)
-        @token     = SecureRandom.urlsafe_base64(nil, false)
-
-        @resource.tokens[@client_id] = {
-          token: BCrypt::Password.create(@token),
-          expiry: (Time.now + @resource.token_lifespan).to_i
-        }
+        @client_id, @token = @resource.create_token
         @resource.save
 
         render json: {