Add API for encoding extra information in magic token

devise-passwordless.gemspec

@@ -38,4 +38,5 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ">= 2.1.0"
 
   spec.add_dependency "devise"
+  spec.add_development_dependency "timecop"
 end

lib/devise/passwordless/login_token.rb

@@ -2,21 +2,23 @@ module Devise::Passwordless
   class LoginToken
     class InvalidOrExpiredTokenError < StandardError; end
 
-    def self.encode(resource)
+    def self.encode(resource, extra=nil)
       now = Time.current
       len = ActiveSupport::MessageEncryptor.key_len
       salt = SecureRandom.random_bytes(len)
       key = ActiveSupport::KeyGenerator.new(self.secret_key).generate_key(salt, len)
       crypt = ActiveSupport::MessageEncryptor.new(key, serializer: JSON)
-      encrypted_data = crypt.encrypt_and_sign({
+      data = {
         data: {
           resource: {
             key: resource.to_key,
             email: resource.email,
           },
         },
         created_at: now.to_f,
-      })
+      }
+      data[:data][:extra] = extra if extra
+      encrypted_data = crypt.encrypt_and_sign(data)
       salt_base64 = Base64.strict_encode64(salt)
       "#{salt_base64}:#{encrypted_data}"
     end
@@ -54,4 +56,4 @@ def self.secret_key
       end
     end
   end
-end
+end

lib/devise/strategies/magic_link_authenticatable.rb

@@ -42,6 +42,7 @@ def authenticate!
         if validate(resource)
           remember_me(resource)
           resource.after_magic_link_authentication
+          env['warden.magic_link_extra'] = data['data'].delete('extra')
           success!(resource)
         else
           fail!(:magic_link_invalid)

spec/devise/passwordless/login_token_spec.rb

@@ -0,0 +1,56 @@
+require 'timecop'
+
+RSpec.describe Devise::Passwordless::LoginToken do
+  describe 'encryption and decryption' do
+    let(:user) { double(:user, email: 'email@example.com', to_key: 12345) }
+
+    before do
+      Timecop.freeze(Time.utc(2023, 1, 1))
+
+      allow(described_class).to receive(:secret_key).and_return('sekret')
+    end
+
+    after do
+      Timecop.return
+    end
+
+    it 'can encrypt and decrypt a resource', freeze_time: Time.utc(2023, 1, 1) do
+      token = described_class.encode(user)
+      decrypted = described_class.decode(token)
+
+      expected_decrypt =
+        {
+          "created_at" => 1672531200.0,
+          "data" => {
+            "resource" => {
+              "email" => "email@example.com",
+              "key" => 12345
+            }
+          }
+        }
+
+      expect(decrypted).to eq(expected_decrypt)
+    end
+
+    it 'can encrypt and decrpt a resource with extra data supplied', freeze_time: Time.utc(2023, 1, 1) do
+      token = described_class.encode(user, { foo: :bar })
+      decrypted = described_class.decode(token)
+
+      expected_decrypt =
+        {
+          "created_at" => 1672531200.0,
+          "data" => {
+            "resource" => {
+              "email" => "email@example.com",
+              "key" => 12345
+            },
+            "extra" => {
+              "foo" => "bar"
+            },
+          }
+        }
+
+      expect(decrypted).to eq(expected_decrypt)
+    end
+  end
+end