RubyGems - authentication-zero - Versions diffs - 2.2.2 → 2.2.5 - Mend

authentication-zero 2.2.2 → 2.2.5

Files changed (16) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ebc9ddc7618fcddba8022355329e17c9c2c57cef7a0fc01841f9a81a2aa2d02f
-  data.tar.gz: 3c3c7f689a728dd430619b20e9436576e70bae5b8d0eb7846d604101cbe14de3
+  metadata.gz: cbf5451c5736444444c73e85d59820172c61985c90393c5a3eb4fc7e92dd476e
+  data.tar.gz: f6bea74bc5e5334f27036ce75831562d3f0e95e9eaea76be7e5d1e799df2afd6
 SHA512:
-  metadata.gz: 1d8d013ce1b98fc3103c3259de61a12550b4c54628f2d246bd45fbd90d464322869330c3d8ade099600a87aa58f10f4fa02d289ca3a71db4772f4242d2ee2933
-  data.tar.gz: 464a5dad30c894bf3a3b5db0637589efff8b7cfbfe41190c4b40826365529f617c3b7e7ed977fef85294a133107445f3d4e35e0a3aea84882a548f1f85bd8502
+  metadata.gz: a0ae090e81d5ffe5149c3d2dea1a1ca64071335829393700732458c1f6b4d8167335c23e74cf1370e49b7f14a1751ecfd28e3d68205b7303198544a4a209ec73
+  data.tar.gz: bd43ec57382214d285cdd556b68468096aad74b689e41df5cce770d5334b1d11e1858267fd31aedf7260509f34b7e95b41d6e8f3cd50dc64e63f5170bbcf1e15

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.2.2)
+    authentication-zero (2.2.5)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -5,14 +5,15 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 ## Features
 - **Simplest code ever (~200 lines of code)**
+- **Inspired by hey.com**
 - Sign up
 - Email and password validations
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
 - Authentication by cookie (html)
 - Authentication by token (api)
-- Send e-mail verification when your email is changed
-- Send e-mail when someone has signed-in into your account
+- Send e-mail verification when your email has been changed
+- Send email when someone has logged into your account
 - Manage multiple sessions & devices
 - Cancel my account
 - Log out
@@ -61,17 +62,19 @@ Add these lines to your `app/views/home/index.html.erb`:
 </div>
 <div>
-  <%= link_to "Change email", edit_email_path %>
+  <%= link_to "Change email address", edit_email_path %>
 </div>
 <div>
-  <%= link_to "Manage Sessions", sessions_path %>
+  <%= link_to "Devices & Sessions", sessions_path %>
 </div>
 <div>
-  <%= button_to "Cancel my account", registration_path, method: :delete  %>
+  <%= button_to "Cancel my account & delete my data", registration_path, method: :delete  %>
 </div>
+<br>
 <%= button_to "Log out", Current.session, method: :delete %>
 ```

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.2.2"
+  VERSION = "2.2.5"
 end

data/lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt CHANGED Viewed

@@ -6,12 +6,16 @@ class EmailVerificationsController < ApplicationController
   end
   def update
-    @<%= singular_table_name %>.update! verified: true
+    if Current.<%= singular_table_name %>.email == params[:email]
+      @<%= singular_table_name %>.update! verified: true
+    else
+      render json: { error: "That email verification link is invalid" }, status: :bad_request
+    end
   end
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: params[:email])
     rescue ActiveSupport::MessageVerifier::InvalidSignature
       render json: { error: "That email verification link is invalid" }, status: :bad_request
     end

data/lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt CHANGED Viewed

@@ -2,8 +2,12 @@ class EmailVerificationsController < ApplicationController
   before_action :set_<%= singular_table_name %>, only: :edit
   def edit
-    @<%= singular_table_name %>.update! verified: true
-    redirect_to root_path, notice: "Thank you for verifying your email address"
+    if Current.<%= singular_table_name %>.email == params[:email]
+      @<%= singular_table_name %>.update! verified: true
+      redirect_to root_path, notice: "Thank you for verifying your email address"
+    else
+      redirect_to edit_email_path, alert: "That email verification link is invalid"
+    end
   end
   def create
@@ -13,7 +17,7 @@ class EmailVerificationsController < ApplicationController
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: params[:email])
     rescue ActiveSupport::MessageVerifier::InvalidSignature
       redirect_to edit_email_path, alert: "That email verification link is invalid"
     end

data/lib/generators/authentication/templates/erb/emails/edit.html.erb.tt CHANGED Viewed

@@ -3,7 +3,7 @@
 <%% if Current.<%= singular_table_name %>.verified? %>
   <h1>Change your email</h1>
 <%% else %>
-  <h1>Verify your email </h1>
+  <h1>Verify your email</h1>
   <p>We sent a verification email to the address below. Check that email and follow those instructions to confirm it's your email address.</p>
   <p><%%= button_to "Re-send verification email", email_verification_path %></p>
 <%% end %>

data/lib/generators/authentication/templates/erb/sessions/index.html.erb.tt CHANGED Viewed

@@ -1,6 +1,6 @@
 <p style="color: green"><%%= notice %></p>
-<h1>Sessions</h1>
+<h1>Devices & Sessions</h1>
 <div id="sessions">
   <%% @sessions.each do |session| %>

data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt CHANGED Viewed

@@ -8,7 +8,7 @@ class IdentityMailer < ApplicationMailer
   def email_verify_confirmation
     @<%= singular_table_name %> = params[:<%= singular_table_name %>]
-    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
+    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
     mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
   end

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt CHANGED Viewed

@@ -2,7 +2,6 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
   def change
     create_table :sessions do |t|
       t.references :<%= singular_table_name %>, null: false, foreign_key: true
       t.string :user_agent
       t.string :ip_address

data/lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt CHANGED Viewed

@@ -3,8 +3,8 @@ require "test_helper"
 class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
-    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
     @<%= singular_table_name %>.update! verified: false
   end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "That email verification link is invalid", response.parsed_body["error"]
   end
+  test "should not verify email with previous token" do
+    @<%= singular_table_name %>.update! email: "other_email@hey.com"
+    patch email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :bad_request
+    assert_equal "That email verification link is invalid", response.parsed_body["error"]
+  end
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
     [<%= singular_table_name %>, response.headers["X-Session-Token"]]

data/lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt CHANGED Viewed

@@ -3,8 +3,8 @@ require "test_helper"
 class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
-    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
     @<%= singular_table_name %>.update! verified: false
   end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "That email verification link is invalid", flash[:alert]
   end
+  test "should not verify email with previous token" do
+    @<%= singular_table_name %>.update! email: "other_email@hey.com"
+    get edit_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email_previously_was)
+    assert_redirected_to edit_email_path
+    assert_equal "That email verification link is invalid", flash[:alert]
+  end
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); <%= singular_table_name %>
   end

data/lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt CHANGED Viewed

@@ -6,7 +6,7 @@ class EmailsTest < ApplicationSystemTestCase
   end
   test "updating the email" do
-    click_on "Change email"
+    click_on "Change email address"
     fill_in "Current password", with: "secret123"
     fill_in "New email", with: "new_email@hey.com"
@@ -18,7 +18,7 @@ class EmailsTest < ApplicationSystemTestCase
   test "sending a verification email" do
     @<%= singular_table_name %>.update! verified: false
-    click_on "Change email"
+    click_on "Change email address"
     click_on "Re-send verification email"
     assert_text "We sent a verification email to your email address"

data/lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt CHANGED Viewed

@@ -19,7 +19,7 @@ class RegistrationsTest < ApplicationSystemTestCase
   test "cancelling my account" do
     sign_in_as @<%= singular_table_name %>
-    click_on "Cancel my account"
+    click_on "Cancel my account & delete my data"
     assert_text "Your account is closed"
   end

data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt CHANGED Viewed

@@ -8,7 +8,7 @@ class SessionsTest < ApplicationSystemTestCase
   test "visiting the index" do
     sign_in_as @<%= singular_table_name %>
-    click_on "Manage Sessions"
+    click_on "Devices & Sessions"
     assert_selector "h1", text: "Sessions"
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.2.2
+  version: 2.2.5
 platform: ruby
 authors:
 - Nixon