active_model-password_reset 1.0.5 → 1.0.6
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fe553d4c6afbf0ce502eb50105ecc91493dd6c24
|
4
|
+
data.tar.gz: 599ef0754af598a6aab1087b0057c2dc409cd992
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0cca77633cf6b5575f7460a033f3460dd2414b2cd6969e22967da7b66f560d1704811155de33903f6a9168ad5ebc3a07532bb9efb099556999fea7fd0837f595
|
7
|
+
data.tar.gz: ec47d803fff9273edacbbc3bc6ebb1106d85337d8ada551bcd1fe9e39beab4fb2849b6c5e309456812eaf36b2b7fd26adaf03cecb6c502bb985836805d2ba121
|
@@ -25,11 +25,11 @@ module ActiveModel
|
|
25
25
|
email = user.email
|
26
26
|
digest = Digest::MD5.digest(user.password_digest)
|
27
27
|
expires_at = Time.now.to_i + EXPIRATION_TIME
|
28
|
-
|
28
|
+
self.class.generate_token([email, digest, expires_at])
|
29
29
|
end
|
30
30
|
|
31
31
|
def self.find(token)
|
32
|
-
email, digest, expires_at =
|
32
|
+
email, digest, expires_at = verify_token(token)
|
33
33
|
raise TokenExpired if Time.now.to_i > expires_at.to_i
|
34
34
|
new(email: email).tap do |password_reset|
|
35
35
|
raise EmailInvalid if password_reset.invalid?
|
@@ -39,6 +39,20 @@ module ActiveModel
|
|
39
39
|
|
40
40
|
private
|
41
41
|
|
42
|
+
def self.message_verifier
|
43
|
+
Rails.application.message_verifier("password reset salt")
|
44
|
+
end
|
45
|
+
|
46
|
+
def self.generate_token(*args)
|
47
|
+
Base64.urlsafe_encode64(message_verifier.generate(*args))
|
48
|
+
end
|
49
|
+
|
50
|
+
def self.verify_token(string)
|
51
|
+
message_verifier.verify(Base64.urlsafe_decode64(string))
|
52
|
+
rescue ActiveSupport::MessageVerifier::InvalidSignature, ArgumentError
|
53
|
+
raise TokenInvalid
|
54
|
+
end
|
55
|
+
|
42
56
|
def digest
|
43
57
|
Digest::MD5.digest(user.password_digest)
|
44
58
|
end
|
data/test/password_reset_test.rb
CHANGED
@@ -19,6 +19,14 @@ class User
|
|
19
19
|
end
|
20
20
|
end
|
21
21
|
|
22
|
+
module ActiveModel
|
23
|
+
def PasswordReset.message_verifier
|
24
|
+
key_generator = ActiveSupport::KeyGenerator.new("12345678901234567890123456789012345678901234567890123456789012345678901234567890", iterations: 1000)
|
25
|
+
secret = key_generator.generate_key("password reset salt")
|
26
|
+
ActiveSupport::MessageVerifier.new(secret)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
22
30
|
class PasswordResetTest < Test::Unit::TestCase
|
23
31
|
include ActiveModel::Lint::Tests
|
24
32
|
|
@@ -50,7 +58,7 @@ class PasswordResetTest < Test::Unit::TestCase
|
|
50
58
|
end
|
51
59
|
|
52
60
|
def test_find_raises_exception_with_invalid_email
|
53
|
-
token = ActiveModel::PasswordReset
|
61
|
+
token = ActiveModel::PasswordReset.generate_token(["invalid@example.com", Digest::MD5.digest("alicedigest"), Time.now.to_i + 3600])
|
54
62
|
assert_raises(ActiveModel::PasswordReset::EmailInvalid) { ActiveModel::PasswordReset.find(token) }
|
55
63
|
end
|
56
64
|
|
@@ -63,12 +71,12 @@ class PasswordResetTest < Test::Unit::TestCase
|
|
63
71
|
end
|
64
72
|
|
65
73
|
def test_find_raises_exception_with_expired_token
|
66
|
-
token = ActiveModel::PasswordReset
|
74
|
+
token = ActiveModel::PasswordReset.generate_token(["alice@example.com", Digest::MD5.digest("alicedigest"), Time.now.to_i - 3600])
|
67
75
|
assert_raises(ActiveModel::PasswordReset::TokenExpired) { ActiveModel::PasswordReset.find(token) }
|
68
76
|
end
|
69
77
|
|
70
78
|
def test_find_raises_exception_with_changed_password
|
71
|
-
token = ActiveModel::PasswordReset
|
79
|
+
token = ActiveModel::PasswordReset.generate_token(["alice@example.com", Digest::MD5.digest("anotheralicedigest"), Time.now.to_i + 3600])
|
72
80
|
assert_raises(ActiveModel::PasswordReset::PasswordChanged) { ActiveModel::PasswordReset.find(token) }
|
73
81
|
end
|
74
82
|
end
|
data/test/test_helper.rb
CHANGED
@@ -1,9 +1,3 @@
|
|
1
1
|
require "test/unit"
|
2
2
|
require "active_model/password_reset"
|
3
3
|
require "ostruct"
|
4
|
-
|
5
|
-
class Rails
|
6
|
-
def self.application
|
7
|
-
OpenStruct.new(secrets: OpenStruct.new(secret_key_base: "12345678901234567890123456789012345678901234567890123456789012345678901234567890"))
|
8
|
-
end
|
9
|
-
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: active_model-password_reset
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Kuba Kuźma
|
@@ -67,7 +67,6 @@ files:
|
|
67
67
|
- active_model-password_reset.gemspec
|
68
68
|
- lib/active_model/password_reset.rb
|
69
69
|
- lib/active_model/password_reset/error.rb
|
70
|
-
- lib/active_model/password_reset/message_verifier.rb
|
71
70
|
- lib/active_model/password_reset/version.rb
|
72
71
|
- test/password_reset_test.rb
|
73
72
|
- test/test_helper.rb
|
@@ -1,31 +0,0 @@
|
|
1
|
-
require "singleton"
|
2
|
-
|
3
|
-
module ActiveModel
|
4
|
-
class PasswordReset
|
5
|
-
class MessageVerifier
|
6
|
-
include Singleton
|
7
|
-
|
8
|
-
attr_reader :message_verifier
|
9
|
-
|
10
|
-
class << self
|
11
|
-
def generate(object)
|
12
|
-
token = instance.message_verifier.generate(object)
|
13
|
-
Base64.urlsafe_encode64(token)
|
14
|
-
end
|
15
|
-
|
16
|
-
def verify(string)
|
17
|
-
token = Base64.urlsafe_decode64(string)
|
18
|
-
instance.message_verifier.verify(token)
|
19
|
-
rescue ActiveSupport::MessageVerifier::InvalidSignature, ArgumentError
|
20
|
-
raise TokenInvalid
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
def initialize
|
25
|
-
key_generator = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base, iterations: 1000)
|
26
|
-
secret = key_generator.generate_key("password reset salt")
|
27
|
-
@message_verifier = ActiveSupport::MessageVerifier.new(secret)
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|