Add expiry for tokens

[lauraannwilliams]

adds a configuration value and check for expired tokens, to create auth tokens that expire at a custom time

[baschtl]

Hey @lauraannwilliams,

thanks a lot for providing this PR! Great!

Could you have a look at the failing specs on Travis and add some information to the readme about the new configuration option? After this I will have a detailed look at your changes.

[baschtl]

@lauraannwilliams Isn't this the same functionality as the devise timeoutable module (http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable) gives us?

[mikwat]

I actually think this would be a good improvement. The devise timeoutable module doesn't quite accomplish the same thing. Timeoutable will invalidate a session after a period of inactivity, but if you include the same auth token in every request, a new session will be created each time and thus the token will never be reset.

[mikwat]

@baschtl I've resurrected this PR (and fixed the specs) v0.4.6...TetrationAnalytics:v0.4.7 but since there isn't a branch for v0.4.6 I can't submit a PR.

[baschtl]

Changes were incorporated in version 0.4.9. Thanks @lauraannwilliams !

[leonelgalan]

Does the introduction of this PR requires a authentication_token_created_at on the users table? I'm haven't change any setting, other than upgrading the gem and I'm getting:

NoMethodError: undefined methodauthentication_token_created_at=' for #User:0x007f4eff0fb388`

…ctivemodel-4.2.6/lib/active_model/attribute_methods.rb: 433:in `method_missing'
…atable-0.5.0/lib/devise/token_authenticatable/model.rb:  62:in `reset_authentication_token'
…atable-0.5.0/lib/devise/token_authenticatable/model.rb:  73:in `ensure_authentication_token'
/app/app/controllers/api/v2/registrations_controller.rb:  17:in `create'

[mikwat]

Yes @leonelgalan See here:
https://github.com/baschtl/devise-token_authenticatable/releases/tag/v0.4.9

Should we make it so this field isn't required, @baschtl ?

[leonelgalan]

I missed there. Specially being a 0.0.x increase, I didn't expect breaking changes. My gut says yes, as long as the setting is optional and off by default the field should too. I'll take a look.

EDIT: Backtracking, it might also be good to improve the README. Currently it doesn't mention the fields needed on the DB. Most of us come from Devise having this feature and this gem allowing us to keep that behavior, but for newcomers.

[baschtl]

@mikwat Yes, optional would be good. I just did not have the time to reason about it. It should only be optional if token_expires_in is not set IMO.

@leonelgalan Thanks for the input. You are also welcome to improve the readme via a pull request. :-)

[mikwat]

@baschtl Here's a fix (if you create a branch for 0.4.9 I can send a proper PR): v0.4.9...TetrationAnalytics:optional-token-expires-in

CC: @leonelgalan

[mikwat]

Specs are passing: https://travis-ci.org/TetrationAnalytics/devise-token_authenticatable/builds/138157233

[baschtl]

@mikwat See https://github.com/baschtl/devise-token_authenticatable/tree/v0.4.9.