RubyGems - active_model-password_reset - Versions diffs - 1.0.2 → 1.0.3 - Mend

active_model-password_reset 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/active_model/password_reset/message_verifier.rb +5 -3
data/lib/active_model/password_reset/version.rb +1 -1
data/lib/active_model/password_reset.rb +2 -4
data/test/password_reset_test.rb +7 -3
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 350aa28e566951412752770887f4d988bf59dad6
-  data.tar.gz: 4cbf12f0ef0fbcd628e451767b205bba26a41cd1
+  metadata.gz: 1efbf3bec21766c47e369871f623e9352cd876f7
+  data.tar.gz: 17b3c3edc0d0f61a1bfaf7cb6b74e273eb2335bd
 SHA512:
-  metadata.gz: d0b9cad3924b13892cdc82b3b3aad53928ea73118b36cf4eec3a6d278c469d92c86a355157f9e44195acb0ad423f579e435656bde364cfd144711afa040a5492
-  data.tar.gz: b8a08e8bdfc624ba262bfa716d0dec253e45b77925dd18ea2c321ea69551719b7a0df2478cb948b26ebcb14f590891a68b31e484bb1f2b9ebcad7025c3a80262
+  metadata.gz: a670a34fd8dfef77b3be3d7ae00842436926052373a37fc599773d80cb449afde1c256f207c07e1796b762b71d704efa8f8a892965105e11c1de3ae472f1eb4f
+  data.tar.gz: 19c3e7f1ff5e9f96f3be620a89fe2a13a342167aa6cc35fb43952b34af037aef519136c794e5652a1679af35bf4abd4bc0122f4cd5f0fdbebc3241cf200e96d5

data/lib/active_model/password_reset/message_verifier.rb CHANGED Viewed

@@ -9,12 +9,14 @@ module ActiveModel
       class << self
         def generate(object)
-          instance.message_verifier.generate(object)
+          token = instance.message_verifier.generate(object)
+          Base64.urlsafe_encode64(token)
         end
         def verify(string)
-          instance.message_verifier.verify(string)
-        rescue ActiveSupport::MessageVerifier::InvalidSignature
+          token = Base64.urlsafe_decode64(string)
+          instance.message_verifier.verify(token)
+        rescue ActiveSupport::MessageVerifier::InvalidSignature, ArgumentError
           raise TokenInvalid
         end
       end

data/lib/active_model/password_reset/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module ActiveModel
   class PasswordReset
-    VERSION = "1.0.2"
+    VERSION = "1.0.3"
   end
 end

data/lib/active_model/password_reset.rb CHANGED Viewed

@@ -25,12 +25,10 @@ module ActiveModel
       email = user.email
       digest = Digest::MD5.digest(user.password_digest)
       expires_at = Time.now.to_i + EXPIRATION_TIME
-      token = MessageVerifier.generate([email, digest, expires_at])
-      CGI.escape(token)
+      MessageVerifier.generate([email, digest, expires_at])
     end
-    def self.find(escaped_token)
-      token = CGI.unescape(escaped_token)
+    def self.find(token)
       email, digest, expires_at = MessageVerifier.verify(token)
       raise TokenExpired if Time.now.to_i > expires_at.to_i
       new(email: email).tap do |password_reset|

data/test/password_reset_test.rb CHANGED Viewed

@@ -51,20 +51,24 @@ class PasswordResetTest < Test::Unit::TestCase
   def test_find_raises_exception_with_invalid_email
     token = ActiveModel::PasswordReset::MessageVerifier.generate(["invalid@example.com", Digest::MD5.digest("alicedigest"), Time.now.to_i + 3600])
-    assert_raises(ActiveModel::PasswordReset::EmailInvalid) { ActiveModel::PasswordReset.find(CGI.escape(token)) }
+    assert_raises(ActiveModel::PasswordReset::EmailInvalid) { ActiveModel::PasswordReset.find(token) }
   end
   def test_find_raises_exception_with_invalid_token
     assert_raises(ActiveModel::PasswordReset::TokenInvalid) { ActiveModel::PasswordReset.find("invalidtoken") }
   end
+  def test_find_raises_exception_with_non_base64_token
+    assert_raises(ActiveModel::PasswordReset::TokenInvalid) { ActiveModel::PasswordReset.find("%%%%%%%%%") }
+  end
   def test_find_raises_exception_with_expired_token
     token = ActiveModel::PasswordReset::MessageVerifier.generate(["alice@example.com", Digest::MD5.digest("alicedigest"), Time.now.to_i - 3600])
-    assert_raises(ActiveModel::PasswordReset::TokenExpired) { ActiveModel::PasswordReset.find(CGI.escape(token)) }
+    assert_raises(ActiveModel::PasswordReset::TokenExpired) { ActiveModel::PasswordReset.find(token) }
   end
   def test_find_raises_exception_with_changed_password
     token = ActiveModel::PasswordReset::MessageVerifier.generate(["alice@example.com", Digest::MD5.digest("anotheralicedigest"), Time.now.to_i + 3600])
-    assert_raises(ActiveModel::PasswordReset::PasswordChanged) { ActiveModel::PasswordReset.find(CGI.escape(token)) }
+    assert_raises(ActiveModel::PasswordReset::PasswordChanged) { ActiveModel::PasswordReset.find(token) }
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: active_model-password_reset
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.0.3
 platform: ruby
 authors:
 - Kuba Kuźma