RubyGems - authentication-zero - Versions diffs - 2.2.3 → 2.2.6 - Mend

authentication-zero 2.2.3 → 2.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b27407c78924deb810f7fbfce18aee02eece09440bd24f4820a4533cb7117155
-  data.tar.gz: 26f8c2e4cd81245f09b5b72c7f2bae9293f2ce9e6d459ca93346fb87c10f20ad
+  metadata.gz: 8f18ce45e177a0e4b7cdb47f22456d5516909dc516002ad33416474f7582a39b
+  data.tar.gz: 18352b1de767047836853252e9a2832c84e6329002887724157a4dddb1d02f47
 SHA512:
-  metadata.gz: dce2fef3a2d068f362ea47d2dee94d86627e80503a002d15ebe7beec21d178b0cceef74b6fddfe954388281aab4a4f6797997bdc542ca5f31c713c6e78cfc52d
-  data.tar.gz: fd70bc3d6585b769d3ba044fbe36a9f49e6a0954ce56b9cc5032f558cd6420992aef2d8a4ddb9d4bd719d5909031e58ebcf192f20b9c1e124af5a5abb4fb1dae
+  metadata.gz: 30be7c743f859f755d32a076ff1748c33f0803d53b3368a6e7914c756e7b5a8183864d07866b15d3b07e2e0ad77bfcd174386090ebe941e1eeee1e269ab57412
+  data.tar.gz: 0b07f046c9ccfa17c4ad51fac9c4d4e59807c17f3f190acefc0d73168b32bb4b2112bdbcd14df75d402aa65b78f6c42edd68e18c55f0df39c5f1d4f2ffc7f67a

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.2.3)
+    authentication-zero (2.2.6)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -12,8 +12,8 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Reset the user password only from verified emails
 - Authentication by cookie (html)
 - Authentication by token (api)
-- Send e-mail verification when your email is changed
-- Send e-mail when someone has signed-in into your account
+- Send e-mail verification when your email has been changed
+- Send email when someone has logged into your account
 - Manage multiple sessions & devices
 - Cancel my account
 - Log out

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.2.3"
+  VERSION = "2.2.6"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -38,7 +38,6 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_fixture_file
     if options.fixture && options.fixture_replacement.nil?
       template "#{test_framework}/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
-      template "#{test_framework}/sessions.yml", "test/fixtures/sessions.yml"
     end
   end

data/lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt CHANGED Viewed

@@ -11,8 +11,8 @@ class EmailVerificationsController < ApplicationController
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      @<%= singular_table_name %> = <%= class_name %>.where(email: params[:email]).find_signed!(params[:token], purpose: params[:email])
+    rescue ActiveSupport::MessageVerifier::InvalidSignature, ActiveRecord::RecordNotFound
       render json: { error: "That email verification link is invalid" }, status: :bad_request
     end
 end

data/lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt CHANGED Viewed

@@ -1,5 +1,5 @@
 class EmailVerificationsController < ApplicationController
-  before_action :set_<%= singular_table_name %>, only: :edit
+  before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
   def edit
     @<%= singular_table_name %>.update! verified: true
@@ -13,8 +13,8 @@ class EmailVerificationsController < ApplicationController
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      @<%= singular_table_name %> = <%= class_name %>.where(email: params[:email]).find_signed!(params[:token], purpose: params[:email])
+    rescue ActiveSupport::MessageVerifier::InvalidSignature, ActiveRecord::RecordNotFound
       redirect_to edit_email_path, alert: "That email verification link is invalid"
     end
 end

data/lib/generators/authentication/templates/erb/sessions/index.html.erb.tt CHANGED Viewed

@@ -1,6 +1,6 @@
 <p style="color: green"><%%= notice %></p>
-<h1>Sessions</h1>
+<h1>Devices & Sessions</h1>
 <div id="sessions">
   <%% @sessions.each do |session| %>

data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt CHANGED Viewed

@@ -8,7 +8,7 @@ class IdentityMailer < ApplicationMailer
   def email_verify_confirmation
     @<%= singular_table_name %> = params[:<%= singular_table_name %>]
-    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
+    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
     mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
   end

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt CHANGED Viewed

@@ -2,7 +2,6 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
   def change
     create_table :sessions do |t|
       t.references :<%= singular_table_name %>, null: false, foreign_key: true
       t.string :user_agent
       t.string :ip_address

data/lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt CHANGED Viewed

@@ -3,8 +3,8 @@ require "test_helper"
 class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
-    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
     @<%= singular_table_name %>.update! verified: false
   end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "That email verification link is invalid", response.parsed_body["error"]
   end
+  test "should not verify email with previous token" do
+    @<%= singular_table_name %>.update! email: "other_email@hey.com"
+    patch email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :bad_request
+    assert_equal "That email verification link is invalid", response.parsed_body["error"]
+  end
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
     [<%= singular_table_name %>, response.headers["X-Session-Token"]]

data/lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt CHANGED Viewed

@@ -3,8 +3,8 @@ require "test_helper"
 class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
-    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
     @<%= singular_table_name %>.update! verified: false
   end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "That email verification link is invalid", flash[:alert]
   end
+  test "should not verify email with previous token" do
+    @<%= singular_table_name %>.update! email: "other_email@hey.com"
+    get edit_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email_previously_was)
+    assert_redirected_to edit_email_path
+    assert_equal "That email verification link is invalid", flash[:alert]
+  end
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); <%= singular_table_name %>
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.2.3
+  version: 2.2.6
 platform: ruby
 authors:
 - Nixon
@@ -76,7 +76,6 @@ files:
 - lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/fixtures.yml.tt
-- lib/generators/authentication/templates/test_unit/sessions.yml.tt
 - lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt

data/lib/generators/authentication/templates/test_unit/sessions.yml.tt DELETED Viewed

@@ -1,6 +0,0 @@
-# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
-lazaro_nixon_ios:
-  <%= singular_table_name %>: lazaro_nixon
-  user_agent: Device iOS
-  ip_address: 127.0.0.1