active_model-password_reset 1.0.5 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/active_model/password_reset.rb +16 -2
  3. data/lib/active_model/password_reset/version.rb +1 -1
  4. data/test/password_reset_test.rb +11 -3
  5. data/test/test_helper.rb +0 -6
  6. metadata +1 -2
  7. data/lib/active_model/password_reset/message_verifier.rb +0 -31
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 455a1aa149c191af50e7aaf62a00ef3a907abf59
4
- data.tar.gz: 1decd2207085c7804abc09f2eb01ca6e5be80f78
3
+ metadata.gz: fe553d4c6afbf0ce502eb50105ecc91493dd6c24
4
+ data.tar.gz: 599ef0754af598a6aab1087b0057c2dc409cd992
5
5
  SHA512:
6
- metadata.gz: f8486978442fe76b46c2fbe71a8a9a0399c2d14858425e94ffd88281b71d673fce00e50c4044da196ea9f89ca04676e4b84223753ca22d34eebbf97b71208a3a
7
- data.tar.gz: ad1b87d403b2a60cbce493a93b5ca0688233bf1b34f1d50046d95e90ed77101354580c31537e83a409d076f8e0294c235ad39f1ecfc88b3d312e847e06a53189
6
+ metadata.gz: 0cca77633cf6b5575f7460a033f3460dd2414b2cd6969e22967da7b66f560d1704811155de33903f6a9168ad5ebc3a07532bb9efb099556999fea7fd0837f595
7
+ data.tar.gz: ec47d803fff9273edacbbc3bc6ebb1106d85337d8ada551bcd1fe9e39beab4fb2849b6c5e309456812eaf36b2b7fd26adaf03cecb6c502bb985836805d2ba121
data/lib/active_model/password_reset.rb CHANGED
@@ -25,11 +25,11 @@ module ActiveModel
25
25
  email = user.email
26
26
  digest = Digest::MD5.digest(user.password_digest)
27
27
  expires_at = Time.now.to_i + EXPIRATION_TIME
28
- MessageVerifier.generate([email, digest, expires_at])
28
+ self.class.generate_token([email, digest, expires_at])
29
29
  end
30
30
 
31
31
  def self.find(token)
32
- email, digest, expires_at = MessageVerifier.verify(token)
32
+ email, digest, expires_at = verify_token(token)
33
33
  raise TokenExpired if Time.now.to_i > expires_at.to_i
34
34
  new(email: email).tap do |password_reset|
35
35
  raise EmailInvalid if password_reset.invalid?
@@ -39,6 +39,20 @@ module ActiveModel
39
39
 
40
40
  private
41
41
 
42
+ def self.message_verifier
43
+ Rails.application.message_verifier("password reset salt")
44
+ end
45
+
46
+ def self.generate_token(*args)
47
+ Base64.urlsafe_encode64(message_verifier.generate(*args))
48
+ end
49
+
50
+ def self.verify_token(string)
51
+ message_verifier.verify(Base64.urlsafe_decode64(string))
52
+ rescue ActiveSupport::MessageVerifier::InvalidSignature, ArgumentError
53
+ raise TokenInvalid
54
+ end
55
+
42
56
  def digest
43
57
  Digest::MD5.digest(user.password_digest)
44
58
  end
data/lib/active_model/password_reset/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module ActiveModel
2
2
  class PasswordReset
3
- VERSION = "1.0.5"
3
+ VERSION = "1.0.6"
4
4
  end
5
5
  end
data/test/password_reset_test.rb CHANGED
@@ -19,6 +19,14 @@ class User
19
19
  end
20
20
  end
21
21
 
22
+ module ActiveModel
23
+ def PasswordReset.message_verifier
24
+ key_generator = ActiveSupport::KeyGenerator.new("12345678901234567890123456789012345678901234567890123456789012345678901234567890", iterations: 1000)
25
+ secret = key_generator.generate_key("password reset salt")
26
+ ActiveSupport::MessageVerifier.new(secret)
27
+ end
28
+ end
29
+
22
30
  class PasswordResetTest < Test::Unit::TestCase
23
31
  include ActiveModel::Lint::Tests
24
32
 
@@ -50,7 +58,7 @@ class PasswordResetTest < Test::Unit::TestCase
50
58
  end
51
59
 
52
60
  def test_find_raises_exception_with_invalid_email
53
- token = ActiveModel::PasswordReset::MessageVerifier.generate(["invalid@example.com", Digest::MD5.digest("alicedigest"), Time.now.to_i + 3600])
61
+ token = ActiveModel::PasswordReset.generate_token(["invalid@example.com", Digest::MD5.digest("alicedigest"), Time.now.to_i + 3600])
54
62
  assert_raises(ActiveModel::PasswordReset::EmailInvalid) { ActiveModel::PasswordReset.find(token) }
55
63
  end
56
64
 
@@ -63,12 +71,12 @@ class PasswordResetTest < Test::Unit::TestCase
63
71
  end
64
72
 
65
73
  def test_find_raises_exception_with_expired_token
66
- token = ActiveModel::PasswordReset::MessageVerifier.generate(["alice@example.com", Digest::MD5.digest("alicedigest"), Time.now.to_i - 3600])
74
+ token = ActiveModel::PasswordReset.generate_token(["alice@example.com", Digest::MD5.digest("alicedigest"), Time.now.to_i - 3600])
67
75
  assert_raises(ActiveModel::PasswordReset::TokenExpired) { ActiveModel::PasswordReset.find(token) }
68
76
  end
69
77
 
70
78
  def test_find_raises_exception_with_changed_password
71
- token = ActiveModel::PasswordReset::MessageVerifier.generate(["alice@example.com", Digest::MD5.digest("anotheralicedigest"), Time.now.to_i + 3600])
79
+ token = ActiveModel::PasswordReset.generate_token(["alice@example.com", Digest::MD5.digest("anotheralicedigest"), Time.now.to_i + 3600])
72
80
  assert_raises(ActiveModel::PasswordReset::PasswordChanged) { ActiveModel::PasswordReset.find(token) }
73
81
  end
74
82
  end
data/test/test_helper.rb CHANGED
@@ -1,9 +1,3 @@
1
1
  require "test/unit"
2
2
  require "active_model/password_reset"
3
3
  require "ostruct"
4
-
5
- class Rails
6
- def self.application
7
- OpenStruct.new(secrets: OpenStruct.new(secret_key_base: "12345678901234567890123456789012345678901234567890123456789012345678901234567890"))
8
- end
9
- end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: active_model-password_reset
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.5
4
+ version: 1.0.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kuba Kuźma
@@ -67,7 +67,6 @@ files:
67
67
  - active_model-password_reset.gemspec
68
68
  - lib/active_model/password_reset.rb
69
69
  - lib/active_model/password_reset/error.rb
70
- - lib/active_model/password_reset/message_verifier.rb
71
70
  - lib/active_model/password_reset/version.rb
72
71
  - test/password_reset_test.rb
73
72
  - test/test_helper.rb
data/lib/active_model/password_reset/message_verifier.rb DELETED
@@ -1,31 +0,0 @@
1
- require "singleton"
2
-
3
- module ActiveModel
4
- class PasswordReset
5
- class MessageVerifier
6
- include Singleton
7
-
8
- attr_reader :message_verifier
9
-
10
- class << self
11
- def generate(object)
12
- token = instance.message_verifier.generate(object)
13
- Base64.urlsafe_encode64(token)
14
- end
15
-
16
- def verify(string)
17
- token = Base64.urlsafe_decode64(string)
18
- instance.message_verifier.verify(token)
19
- rescue ActiveSupport::MessageVerifier::InvalidSignature, ArgumentError
20
- raise TokenInvalid
21
- end
22
- end
23
-
24
- def initialize
25
- key_generator = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base, iterations: 1000)
26
- secret = key_generator.generate_key("password reset salt")
27
- @message_verifier = ActiveSupport::MessageVerifier.new(secret)
28
- end
29
- end
30
- end
31
- end