Fixed current user list not being updated when user logs in

[scouttyg]

This pull request fixes issue #270

[scouttyg]

Some time ago, Devise got rid of their module "Token Authenticatable" (see here: heartcombo/devise#2616). The issue is, Kandan relies on the authentication_token to keep track of users connecting / disconnecting. See:

faye.js.coffee:

    authExtension = {
      outgoing: (message, callback)->
        if message.channel == "/meta/subscribe"
          message['ext'] = {
            auth_token: Kandan.Helpers.Users.currentUser().auth_token
          }
        callback(message)
    }

Kandan.Helpers.Users.currentUser() checks $.data(document, 'current-user'), which is added in application.html.erb as:

  <%- if user_signed_in? %>
    <%= javascript_tag do %>
      $.data(document, "current-user", <%= current_user_data.to_json.html_safe %>);
    <% end %>
  <%- end %>

Which references Application helper as:

module ApplicationHelper
  def current_user_data
    current_user_data = {
      :id            => current_user.id,
      :first_name    => current_user.first_name,
      :last_name     => current_user.last_name,
      :email         => current_user.email,
      :username      => current_user.username,
      :auth_token    => current_user.authentication_token,
      :gravatar_hash => current_user.gravatar_hash,
      :avatar_url    => current_user.avatar_url
    }
  end
end

The issue is, auth_token won't be there for any version of Devise after they removed the Token Authenticatable" module. This means message['ext'] wont contain the auth token, which means in devise_auth.rb:

class DeviseAuth
  def incoming(message, callback)
    if message['channel'] == "/meta/subscribe"
      auth_token = message['ext']['auth_token']
      user = User.find_by_authentication_token(auth_token)
      if user
        ActiveUsers.add(message['clientId'], user) # if not meta_channels?(message['subscription'])
        return callback.call(message) 
      else
        message['error'] = "Invalid auth token"
      end
    end
    # puts "Message: #{message.inspect}"
    callback.call(message)
  end

  # def meta_channels?(channel)
    #if ("/app/activities" =~ /\/app\/.*/ || "/app/activities" =~ /\/app\/.*/
  # end

  #TODO disable publishing by users or use only user-published msgs
end

It wont add a user to Active Users because message['ext']['auth_token'] wont be there, which means ``User.find_by_authentication_token(nil)` will cause a bunch of issues. This means you won't get a message that a user has connected when they have, you won't have an active user list, and a whole bunch of quirky behavior.

[scouttyg]

All these methods come from a gist here:

https://gist.github.com/josevalim/fb706b1e933ef01e4fb6#file-1_unsafe_token_authenticatable-rb

Where it talks about what to do if you still need the authentication_token attribute for a user.