module ActionController::HttpAuthentication::Token

def authenticate(controller, &login_procedure)

def authenticate(controller, &login_procedure)
  token, options = token_and_options(controller.request)
  unless token.blank?
    login_procedure.call(token, options)
  end
end

def authentication_request(controller, realm, message = nil)

Returns nothing.

realm - String realm to use in the header.
controller - ActionController::Base instance for the outgoing response.

Sets a WWW-Authenticate header to let the client know a token is desired.
def authentication_request(controller, realm, message = nil)
  message ||= "HTTP Token: Access denied.\n"
  controller.headers["WWW-Authenticate"] = %(Token realm="#{realm.tr('"'.freeze, "".freeze)}")
  controller.__send__ :render, plain: message, status: :unauthorized
end

def encode_credentials(token, options = {})

Returns String.

options - optional Hash of the options.
token - String token.

Encodes the given token and options into an Authorization header value.
def encode_credentials(token, options = {})
  values = ["#{TOKEN_KEY}#{token.to_s.inspect}"] + options.map do |key, value|
    "#{key}=#{value.to_s.inspect}"
  end
  "Token #{values * ", "}"
end

def params_array_from(raw_params)

Takes raw_params and turns it into an array of parameters
def params_array_from(raw_params)
  raw_params.map { |param| param.split %r/=(.+)?/ }
end

def raw_params(auth)

delimiters defined in +AUTHN_PAIR_DELIMITERS+.
pairs by the standardized :, ;, or \t
This method takes an authorization body and splits up the key-value
def raw_params(auth)
  _raw_params = auth.sub(TOKEN_REGEX, "").split(/\s*#{AUTHN_PAIR_DELIMITERS}\s*/)
  if !(_raw_params.first =~ %r{\A#{TOKEN_KEY}})
    _raw_params[0] = "#{TOKEN_KEY}#{_raw_params.first}"
  end
  _raw_params
end

def rewrite_param_values(array_params)

This removes the " characters wrapping the value.
def rewrite_param_values(array_params)
  array_params.each { |param| (param[1] || "".dup).gsub! %r/^"|"$/, "" }
end

def token_and_options(request)

Returns +nil+ if no token is found.
Returns an +Array+ of [String, Hash] if a token is present.

request - ActionDispatch::Request instance with the current headers.

{nonce: "def"}
Then the returned token is "abc", and the options are
Authorization: Token token="abc", nonce="def"
"Token" or "Bearer". If the header looks like this:
The value for the Authorization header is expected to have the prefix
Parses the token and options out of the token Authorization header.
def token_and_options(request)
  authorization_request = request.authorization.to_s
  if authorization_request[TOKEN_REGEX]
    params = token_params_from authorization_request
    [params.shift[1], Hash[params].with_indifferent_access]
  end
end

def token_params_from(auth)

def token_params_from(auth)
  rewrite_param_values params_array_from raw_params auth
end