RubyGems - authentication-zero - Versions diffs - 2.2.3 → 2.2.6 - Mend

authentication-zero 2.2.3 → 2.2.6

Files changed (14) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b27407c78924deb810f7fbfce18aee02eece09440bd24f4820a4533cb7117155
-  data.tar.gz: 26f8c2e4cd81245f09b5b72c7f2bae9293f2ce9e6d459ca93346fb87c10f20ad
+  metadata.gz: 8f18ce45e177a0e4b7cdb47f22456d5516909dc516002ad33416474f7582a39b
+  data.tar.gz: 18352b1de767047836853252e9a2832c84e6329002887724157a4dddb1d02f47
 SHA512:
-  metadata.gz: dce2fef3a2d068f362ea47d2dee94d86627e80503a002d15ebe7beec21d178b0cceef74b6fddfe954388281aab4a4f6797997bdc542ca5f31c713c6e78cfc52d
-  data.tar.gz: fd70bc3d6585b769d3ba044fbe36a9f49e6a0954ce56b9cc5032f558cd6420992aef2d8a4ddb9d4bd719d5909031e58ebcf192f20b9c1e124af5a5abb4fb1dae
+  metadata.gz: 30be7c743f859f755d32a076ff1748c33f0803d53b3368a6e7914c756e7b5a8183864d07866b15d3b07e2e0ad77bfcd174386090ebe941e1eeee1e269ab57412
+  data.tar.gz: 0b07f046c9ccfa17c4ad51fac9c4d4e59807c17f3f190acefc0d73168b32bb4b2112bdbcd14df75d402aa65b78f6c42edd68e18c55f0df39c5f1d4f2ffc7f67a

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.2.3)
+    authentication-zero (2.2.6)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -12,8 +12,8 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Reset the user password only from verified emails
 - Authentication by cookie (html)
 - Authentication by token (api)
-- Send e-mail verification when your email is changed
-- Send e-mail when someone has signed-in into your account
+- Send e-mail verification when your email has been changed
+- Send email when someone has logged into your account
 - Manage multiple sessions & devices
 - Cancel my account
 - Log out

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.2.3"
+  VERSION = "2.2.6"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -38,7 +38,6 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_fixture_file
     if options.fixture && options.fixture_replacement.nil?
       template "#{test_framework}/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
-      template "#{test_framework}/sessions.yml", "test/fixtures/sessions.yml"
     end
   end

data/lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt CHANGED Viewed

@@ -11,8 +11,8 @@ class EmailVerificationsController < ApplicationController
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      @<%= singular_table_name %> = <%= class_name %>.where(email: params[:email]).find_signed!(params[:token], purpose: params[:email])
+    rescue ActiveSupport::MessageVerifier::InvalidSignature, ActiveRecord::RecordNotFound
       render json: { error: "That email verification link is invalid" }, status: :bad_request
     end
 end

data/lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt CHANGED Viewed

@@ -1,5 +1,5 @@
 class EmailVerificationsController < ApplicationController
-  before_action :set_<%= singular_table_name %>, only: :edit
+  before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
   def edit
     @<%= singular_table_name %>.update! verified: true
@@ -13,8 +13,8 @@ class EmailVerificationsController < ApplicationController
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      @<%= singular_table_name %> = <%= class_name %>.where(email: params[:email]).find_signed!(params[:token], purpose: params[:email])
+    rescue ActiveSupport::MessageVerifier::InvalidSignature, ActiveRecord::RecordNotFound
       redirect_to edit_email_path, alert: "That email verification link is invalid"
     end
 end

data/lib/generators/authentication/templates/erb/sessions/index.html.erb.tt CHANGED Viewed

@@ -1,6 +1,6 @@
 <p style="color: green"><%%= notice %></p>
-<h1>Sessions</h1>
+<h1>Devices & Sessions</h1>
 <div id="sessions">
   <%% @sessions.each do |session| %>

data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt CHANGED Viewed

@@ -8,7 +8,7 @@ class IdentityMailer < ApplicationMailer
   def email_verify_confirmation
     @<%= singular_table_name %> = params[:<%= singular_table_name %>]
-    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
+    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
     mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
   end

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt CHANGED Viewed

@@ -2,7 +2,6 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
   def change
     create_table :sessions do |t|
       t.references :<%= singular_table_name %>, null: false, foreign_key: true
       t.string :user_agent
       t.string :ip_address

data/lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt CHANGED Viewed

@@ -3,8 +3,8 @@ require "test_helper"
 class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
-    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
     @<%= singular_table_name %>.update! verified: false
   end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "That email verification link is invalid", response.parsed_body["error"]
   end
+  test "should not verify email with previous token" do
+    @<%= singular_table_name %>.update! email: "other_email@hey.com"
+    patch email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :bad_request
+    assert_equal "That email verification link is invalid", response.parsed_body["error"]
+  end
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
     [<%= singular_table_name %>, response.headers["X-Session-Token"]]

data/lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt CHANGED Viewed

@@ -3,8 +3,8 @@ require "test_helper"
 class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
-    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
     @<%= singular_table_name %>.update! verified: false
   end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "That email verification link is invalid", flash[:alert]
   end
+  test "should not verify email with previous token" do
+    @<%= singular_table_name %>.update! email: "other_email@hey.com"
+    get edit_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email_previously_was)
+    assert_redirected_to edit_email_path
+    assert_equal "That email verification link is invalid", flash[:alert]
+  end
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); <%= singular_table_name %>
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.2.3
+  version: 2.2.6
 platform: ruby
 authors:
 - Nixon
@@ -76,7 +76,6 @@ files:
 - lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/fixtures.yml.tt
-- lib/generators/authentication/templates/test_unit/sessions.yml.tt
 - lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt

data/lib/generators/authentication/templates/test_unit/sessions.yml.tt DELETED Viewed

@@ -1,6 +0,0 @@
-# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
-lazaro_nixon_ios:
-  <%= singular_table_name %>: lazaro_nixon
-  user_agent: Device iOS
-  ip_address: 127.0.0.1