RubyGems - authentication-zero - Versions diffs - 2.2.2 → 2.2.5 - Mend

authentication-zero 2.2.2 → 2.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ebc9ddc7618fcddba8022355329e17c9c2c57cef7a0fc01841f9a81a2aa2d02f
-  data.tar.gz: 3c3c7f689a728dd430619b20e9436576e70bae5b8d0eb7846d604101cbe14de3
+  metadata.gz: cbf5451c5736444444c73e85d59820172c61985c90393c5a3eb4fc7e92dd476e
+  data.tar.gz: f6bea74bc5e5334f27036ce75831562d3f0e95e9eaea76be7e5d1e799df2afd6
 SHA512:
-  metadata.gz: 1d8d013ce1b98fc3103c3259de61a12550b4c54628f2d246bd45fbd90d464322869330c3d8ade099600a87aa58f10f4fa02d289ca3a71db4772f4242d2ee2933
-  data.tar.gz: 464a5dad30c894bf3a3b5db0637589efff8b7cfbfe41190c4b40826365529f617c3b7e7ed977fef85294a133107445f3d4e35e0a3aea84882a548f1f85bd8502
+  metadata.gz: a0ae090e81d5ffe5149c3d2dea1a1ca64071335829393700732458c1f6b4d8167335c23e74cf1370e49b7f14a1751ecfd28e3d68205b7303198544a4a209ec73
+  data.tar.gz: bd43ec57382214d285cdd556b68468096aad74b689e41df5cce770d5334b1d11e1858267fd31aedf7260509f34b7e95b41d6e8f3cd50dc64e63f5170bbcf1e15

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.2.2)
+    authentication-zero (2.2.5)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -5,14 +5,15 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 ## Features
 - **Simplest code ever (~200 lines of code)**
+- **Inspired by hey.com**
 - Sign up
 - Email and password validations
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
 - Authentication by cookie (html)
 - Authentication by token (api)
-- Send e-mail verification when your email is changed
-- Send e-mail when someone has signed-in into your account
+- Send e-mail verification when your email has been changed
+- Send email when someone has logged into your account
 - Manage multiple sessions & devices
 - Cancel my account
 - Log out
@@ -61,17 +62,19 @@ Add these lines to your `app/views/home/index.html.erb`:
 </div>
 <div>
-  <%= link_to "Change email", edit_email_path %>
+  <%= link_to "Change email address", edit_email_path %>
 </div>
 <div>
-  <%= link_to "Manage Sessions", sessions_path %>
+  <%= link_to "Devices & Sessions", sessions_path %>
 </div>
 <div>
-  <%= button_to "Cancel my account", registration_path, method: :delete  %>
+  <%= button_to "Cancel my account & delete my data", registration_path, method: :delete  %>
 </div>
+<br>
 <%= button_to "Log out", Current.session, method: :delete %>
 ```

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.2.2"
+  VERSION = "2.2.5"
 end

data/lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt CHANGED Viewed

@@ -6,12 +6,16 @@ class EmailVerificationsController < ApplicationController
   end
   def update
-    @<%= singular_table_name %>.update! verified: true
+    if Current.<%= singular_table_name %>.email == params[:email]
+      @<%= singular_table_name %>.update! verified: true
+    else
+      render json: { error: "That email verification link is invalid" }, status: :bad_request
+    end
   end
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: params[:email])
     rescue ActiveSupport::MessageVerifier::InvalidSignature
       render json: { error: "That email verification link is invalid" }, status: :bad_request
     end

data/lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt CHANGED Viewed

@@ -2,8 +2,12 @@ class EmailVerificationsController < ApplicationController
   before_action :set_<%= singular_table_name %>, only: :edit
   def edit
-    @<%= singular_table_name %>.update! verified: true
-    redirect_to root_path, notice: "Thank you for verifying your email address"
+    if Current.<%= singular_table_name %>.email == params[:email]
+      @<%= singular_table_name %>.update! verified: true
+      redirect_to root_path, notice: "Thank you for verifying your email address"
+    else
+      redirect_to edit_email_path, alert: "That email verification link is invalid"
+    end
   end
   def create
@@ -13,7 +17,7 @@ class EmailVerificationsController < ApplicationController
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: params[:email])
     rescue ActiveSupport::MessageVerifier::InvalidSignature
       redirect_to edit_email_path, alert: "That email verification link is invalid"
     end

data/lib/generators/authentication/templates/erb/emails/edit.html.erb.tt CHANGED Viewed

@@ -3,7 +3,7 @@
 <%% if Current.<%= singular_table_name %>.verified? %>
   <h1>Change your email</h1>
 <%% else %>
-  <h1>Verify your email </h1>
+  <h1>Verify your email</h1>
   <p>We sent a verification email to the address below. Check that email and follow those instructions to confirm it's your email address.</p>
   <p><%%= button_to "Re-send verification email", email_verification_path %></p>
 <%% end %>

data/lib/generators/authentication/templates/erb/sessions/index.html.erb.tt CHANGED Viewed

@@ -1,6 +1,6 @@
 <p style="color: green"><%%= notice %></p>
-<h1>Sessions</h1>
+<h1>Devices & Sessions</h1>
 <div id="sessions">
   <%% @sessions.each do |session| %>

data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt CHANGED Viewed

@@ -8,7 +8,7 @@ class IdentityMailer < ApplicationMailer
   def email_verify_confirmation
     @<%= singular_table_name %> = params[:<%= singular_table_name %>]
-    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
+    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
     mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
   end

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt CHANGED Viewed

@@ -2,7 +2,6 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
   def change
     create_table :sessions do |t|
       t.references :<%= singular_table_name %>, null: false, foreign_key: true
       t.string :user_agent
       t.string :ip_address

data/lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt CHANGED Viewed

@@ -3,8 +3,8 @@ require "test_helper"
 class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
-    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
     @<%= singular_table_name %>.update! verified: false
   end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "That email verification link is invalid", response.parsed_body["error"]
   end
+  test "should not verify email with previous token" do
+    @<%= singular_table_name %>.update! email: "other_email@hey.com"
+    patch email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :bad_request
+    assert_equal "That email verification link is invalid", response.parsed_body["error"]
+  end
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
     [<%= singular_table_name %>, response.headers["X-Session-Token"]]

data/lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt CHANGED Viewed

@@ -3,8 +3,8 @@ require "test_helper"
 class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
-    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
     @<%= singular_table_name %>.update! verified: false
   end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "That email verification link is invalid", flash[:alert]
   end
+  test "should not verify email with previous token" do
+    @<%= singular_table_name %>.update! email: "other_email@hey.com"
+    get edit_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email_previously_was)
+    assert_redirected_to edit_email_path
+    assert_equal "That email verification link is invalid", flash[:alert]
+  end
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); <%= singular_table_name %>
   end

data/lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt CHANGED Viewed

@@ -6,7 +6,7 @@ class EmailsTest < ApplicationSystemTestCase
   end
   test "updating the email" do
-    click_on "Change email"
+    click_on "Change email address"
     fill_in "Current password", with: "secret123"
     fill_in "New email", with: "new_email@hey.com"
@@ -18,7 +18,7 @@ class EmailsTest < ApplicationSystemTestCase
   test "sending a verification email" do
     @<%= singular_table_name %>.update! verified: false
-    click_on "Change email"
+    click_on "Change email address"
     click_on "Re-send verification email"
     assert_text "We sent a verification email to your email address"

data/lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt CHANGED Viewed

@@ -19,7 +19,7 @@ class RegistrationsTest < ApplicationSystemTestCase
   test "cancelling my account" do
     sign_in_as @<%= singular_table_name %>
-    click_on "Cancel my account"
+    click_on "Cancel my account & delete my data"
     assert_text "Your account is closed"
   end

data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt CHANGED Viewed

@@ -8,7 +8,7 @@ class SessionsTest < ApplicationSystemTestCase
   test "visiting the index" do
     sign_in_as @<%= singular_table_name %>
-    click_on "Manage Sessions"
+    click_on "Devices & Sessions"
     assert_selector "h1", text: "Sessions"
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.2.2
+  version: 2.2.5
 platform: ruby
 authors:
 - Nixon