active_model-password_reset 1.0.2 → 1.0.3
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1efbf3bec21766c47e369871f623e9352cd876f7
|
4
|
+
data.tar.gz: 17b3c3edc0d0f61a1bfaf7cb6b74e273eb2335bd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a670a34fd8dfef77b3be3d7ae00842436926052373a37fc599773d80cb449afde1c256f207c07e1796b762b71d704efa8f8a892965105e11c1de3ae472f1eb4f
|
7
|
+
data.tar.gz: 19c3e7f1ff5e9f96f3be620a89fe2a13a342167aa6cc35fb43952b34af037aef519136c794e5652a1679af35bf4abd4bc0122f4cd5f0fdbebc3241cf200e96d5
|
@@ -9,12 +9,14 @@ module ActiveModel
|
|
9
9
|
|
10
10
|
class << self
|
11
11
|
def generate(object)
|
12
|
-
instance.message_verifier.generate(object)
|
12
|
+
token = instance.message_verifier.generate(object)
|
13
|
+
Base64.urlsafe_encode64(token)
|
13
14
|
end
|
14
15
|
|
15
16
|
def verify(string)
|
16
|
-
|
17
|
-
|
17
|
+
token = Base64.urlsafe_decode64(string)
|
18
|
+
instance.message_verifier.verify(token)
|
19
|
+
rescue ActiveSupport::MessageVerifier::InvalidSignature, ArgumentError
|
18
20
|
raise TokenInvalid
|
19
21
|
end
|
20
22
|
end
|
@@ -25,12 +25,10 @@ module ActiveModel
|
|
25
25
|
email = user.email
|
26
26
|
digest = Digest::MD5.digest(user.password_digest)
|
27
27
|
expires_at = Time.now.to_i + EXPIRATION_TIME
|
28
|
-
|
29
|
-
CGI.escape(token)
|
28
|
+
MessageVerifier.generate([email, digest, expires_at])
|
30
29
|
end
|
31
30
|
|
32
|
-
def self.find(
|
33
|
-
token = CGI.unescape(escaped_token)
|
31
|
+
def self.find(token)
|
34
32
|
email, digest, expires_at = MessageVerifier.verify(token)
|
35
33
|
raise TokenExpired if Time.now.to_i > expires_at.to_i
|
36
34
|
new(email: email).tap do |password_reset|
|
data/test/password_reset_test.rb
CHANGED
@@ -51,20 +51,24 @@ class PasswordResetTest < Test::Unit::TestCase
|
|
51
51
|
|
52
52
|
def test_find_raises_exception_with_invalid_email
|
53
53
|
token = ActiveModel::PasswordReset::MessageVerifier.generate(["invalid@example.com", Digest::MD5.digest("alicedigest"), Time.now.to_i + 3600])
|
54
|
-
assert_raises(ActiveModel::PasswordReset::EmailInvalid) { ActiveModel::PasswordReset.find(
|
54
|
+
assert_raises(ActiveModel::PasswordReset::EmailInvalid) { ActiveModel::PasswordReset.find(token) }
|
55
55
|
end
|
56
56
|
|
57
57
|
def test_find_raises_exception_with_invalid_token
|
58
58
|
assert_raises(ActiveModel::PasswordReset::TokenInvalid) { ActiveModel::PasswordReset.find("invalidtoken") }
|
59
59
|
end
|
60
60
|
|
61
|
+
def test_find_raises_exception_with_non_base64_token
|
62
|
+
assert_raises(ActiveModel::PasswordReset::TokenInvalid) { ActiveModel::PasswordReset.find("%%%%%%%%%") }
|
63
|
+
end
|
64
|
+
|
61
65
|
def test_find_raises_exception_with_expired_token
|
62
66
|
token = ActiveModel::PasswordReset::MessageVerifier.generate(["alice@example.com", Digest::MD5.digest("alicedigest"), Time.now.to_i - 3600])
|
63
|
-
assert_raises(ActiveModel::PasswordReset::TokenExpired) { ActiveModel::PasswordReset.find(
|
67
|
+
assert_raises(ActiveModel::PasswordReset::TokenExpired) { ActiveModel::PasswordReset.find(token) }
|
64
68
|
end
|
65
69
|
|
66
70
|
def test_find_raises_exception_with_changed_password
|
67
71
|
token = ActiveModel::PasswordReset::MessageVerifier.generate(["alice@example.com", Digest::MD5.digest("anotheralicedigest"), Time.now.to_i + 3600])
|
68
|
-
assert_raises(ActiveModel::PasswordReset::PasswordChanged) { ActiveModel::PasswordReset.find(
|
72
|
+
assert_raises(ActiveModel::PasswordReset::PasswordChanged) { ActiveModel::PasswordReset.find(token) }
|
69
73
|
end
|
70
74
|
end
|