module ActionController::HttpAuthentication::Token

def authenticate(controller, &login_procedure)


authenticate(controller) { |token, options| ... }

should take two arguments:
* +login_procedure+ - Proc to call if a token is present. The Proc
* +controller+ - ActionController::Base instance for the current request.

==== Parameters

token is found. Returns +nil+ if no token is found.
Returns the return value of +login_procedure+ if a

procedure with the present token and options.
If token Authorization header is present, call the login
def authenticate(controller, &login_procedure)
  token, options = token_and_options(controller.request)
  unless token.blank?
    login_procedure.call(token, options)
  end
end

def authentication_request(controller, realm, message = nil)

* +realm+ - String realm to use in the header.
* +controller+ - ActionController::Base instance for the outgoing response.

==== Parameters

Returns nothing.

Sets a WWW-Authenticate header to let the client know a token is desired.
def authentication_request(controller, realm, message = nil)
  message ||= "HTTP Token: Access denied.\n"
  controller.headers["WWW-Authenticate"] = %(Token realm="#{realm.tr('"', "")}")
  controller.__send__ :render, plain: message, status: :unauthorized
end

def encode_credentials(token, options = {})

* +options+ - Optional Hash of the options.
* +token+ - String token.

==== Parameters

Returns String.

Encodes the given token and options into an Authorization header value.
def encode_credentials(token, options = {})
  values = ["#{TOKEN_KEY}#{token.to_s.inspect}"] + options.map do |key, value|
    "#{key}=#{value.to_s.inspect}"
  end
  "Token #{values * ", "}"
end

def params_array_from(raw_params)

Takes +raw_params+ and turns it into an array of parameters.
def params_array_from(raw_params)
  raw_params.map { |param| param.split %r/=(.+)?/ }
end

def raw_params(auth)

delimiters defined in +AUTHN_PAIR_DELIMITERS+.
pairs by the standardized :, ;, or \t
This method takes an authorization body and splits up the key-value
def raw_params(auth)
  _raw_params = auth.sub(TOKEN_REGEX, "").split(WHITESPACED_AUTHN_PAIR_DELIMITERS)
  _raw_params.reject!(&:empty?)
  if !_raw_params.first&.start_with?(TOKEN_KEY)
    _raw_params[0] = "#{TOKEN_KEY}#{_raw_params.first}"
  end
  _raw_params
end

def rewrite_param_values(array_params)

This removes the " characters wrapping the value.
def rewrite_param_values(array_params)
  array_params.each { |param| (param[1] || +"").gsub! %r/^"|"$/, "" }
end

def token_and_options(request)

* +request+ - ActionDispatch::Request instance with the current headers.

==== Parameters

Returns +nil+ if no token is found.
Returns an +Array+ of [String, Hash] if a token is present.

{nonce: "def"}.
Then the returned token is "abc", and the options are

Authorization: Token token="abc", nonce="def"

"Token" or "Bearer". If the header looks like this:
The value for the Authorization header is expected to have the prefix
Parses the token and options out of the token Authorization header.
def token_and_options(request)
  authorization_request = request.authorization.to_s
  if authorization_request[TOKEN_REGEX]
    params = token_params_from authorization_request
    [params.shift[1], Hash[params].with_indifferent_access]
  end
end

def token_params_from(auth)

def token_params_from(auth)
  rewrite_param_values params_array_from raw_params auth
end