authentication-zero 2.2.4 → 2.2.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +2 -2
  4. data/lib/authentication_zero/version.rb +1 -1
  5. data/lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt +6 -2
  6. data/lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt +7 -3
  7. data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt +1 -1
  8. data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt +0 -1
  9. data/lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt +11 -2
  10. data/lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt +11 -2
  11. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6ec32db1ac920db94f1c2350fbf5a98efeca35af8fa8ca1b4f83f1c93190753c
4
- data.tar.gz: 196b5398bfccab4033f1d9b59897b5afcf2610449b9550e81f008b7c7145fa8a
3
+ metadata.gz: cbf5451c5736444444c73e85d59820172c61985c90393c5a3eb4fc7e92dd476e
4
+ data.tar.gz: f6bea74bc5e5334f27036ce75831562d3f0e95e9eaea76be7e5d1e799df2afd6
5
5
  SHA512:
6
- metadata.gz: a551abfb08274802e4422117c5ac30200843bf66a6ee0fcfe6f2fa8dae8ae3e33bdf9d9304af7a60d74d2f3ae3e1a35b76f1988a55a7beaf36dcb53bfec8a0bd
7
- data.tar.gz: 0ea020f80489a0c5d6e767754543b455b7e986c332fcd8ffea64a38b9f1000629cbb7cb40090c38cd789908d4c6c6590666b295ac9131b86a935f2f48d999195
6
+ metadata.gz: a0ae090e81d5ffe5149c3d2dea1a1ca64071335829393700732458c1f6b4d8167335c23e74cf1370e49b7f14a1751ecfd28e3d68205b7303198544a4a209ec73
7
+ data.tar.gz: bd43ec57382214d285cdd556b68468096aad74b689e41df5cce770d5334b1d11e1858267fd31aedf7260509f34b7e95b41d6e8f3cd50dc64e63f5170bbcf1e15
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- authentication-zero (2.2.4)
4
+ authentication-zero (2.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/README.md CHANGED
@@ -12,8 +12,8 @@ The purpose of authentication zero is to generate a pre-built authentication sys
12
12
  - Reset the user password only from verified emails
13
13
  - Authentication by cookie (html)
14
14
  - Authentication by token (api)
15
- - Send e-mail verification when your email is changed
16
- - Send e-mail when someone has signed-in into your account
15
+ - Send e-mail verification when your email has been changed
16
+ - Send email when someone has logged into your account
17
17
  - Manage multiple sessions & devices
18
18
  - Cancel my account
19
19
  - Log out
data/lib/authentication_zero/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AuthenticationZero
2
- VERSION = "2.2.4"
2
+ VERSION = "2.2.5"
3
3
  end
data/lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt CHANGED
@@ -6,12 +6,16 @@ class EmailVerificationsController < ApplicationController
6
6
  end
7
7
 
8
8
  def update
9
- @<%= singular_table_name %>.update! verified: true
9
+ if Current.<%= singular_table_name %>.email == params[:email]
10
+ @<%= singular_table_name %>.update! verified: true
11
+ else
12
+ render json: { error: "That email verification link is invalid" }, status: :bad_request
13
+ end
10
14
  end
11
15
 
12
16
  private
13
17
  def set_<%= singular_table_name %>
14
- @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
18
+ @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: params[:email])
15
19
  rescue ActiveSupport::MessageVerifier::InvalidSignature
16
20
  render json: { error: "That email verification link is invalid" }, status: :bad_request
17
21
  end
data/lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt CHANGED
@@ -2,8 +2,12 @@ class EmailVerificationsController < ApplicationController
2
2
  before_action :set_<%= singular_table_name %>, only: :edit
3
3
 
4
4
  def edit
5
- @<%= singular_table_name %>.update! verified: true
6
- redirect_to root_path, notice: "Thank you for verifying your email address"
5
+ if Current.<%= singular_table_name %>.email == params[:email]
6
+ @<%= singular_table_name %>.update! verified: true
7
+ redirect_to root_path, notice: "Thank you for verifying your email address"
8
+ else
9
+ redirect_to edit_email_path, alert: "That email verification link is invalid"
10
+ end
7
11
  end
8
12
 
9
13
  def create
@@ -13,7 +17,7 @@ class EmailVerificationsController < ApplicationController
13
17
 
14
18
  private
15
19
  def set_<%= singular_table_name %>
16
- @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
20
+ @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: params[:email])
17
21
  rescue ActiveSupport::MessageVerifier::InvalidSignature
18
22
  redirect_to edit_email_path, alert: "That email verification link is invalid"
19
23
  end
data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt CHANGED
@@ -8,7 +8,7 @@ class IdentityMailer < ApplicationMailer
8
8
 
9
9
  def email_verify_confirmation
10
10
  @<%= singular_table_name %> = params[:<%= singular_table_name %>]
11
- @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
11
+ @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
12
12
 
13
13
  mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
14
14
  end
data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt CHANGED
@@ -2,7 +2,6 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
2
2
  def change
3
3
  create_table :sessions do |t|
4
4
  t.references :<%= singular_table_name %>, null: false, foreign_key: true
5
-
6
5
  t.string :user_agent
7
6
  t.string :ip_address
8
7
 
data/lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt CHANGED
@@ -3,8 +3,8 @@ require "test_helper"
3
3
  class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
4
4
  setup do
5
5
  @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
6
- @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
7
- @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
6
+ @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
7
+ @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
8
8
 
9
9
  @<%= singular_table_name %>.update! verified: false
10
10
  end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
29
29
  assert_equal "That email verification link is invalid", response.parsed_body["error"]
30
30
  end
31
31
 
32
+ test "should not verify email with previous token" do
33
+ @<%= singular_table_name %>.update! email: "other_email@hey.com"
34
+
35
+ patch email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: { "Authorization" => "Bearer #{@token}" }
36
+
37
+ assert_response :bad_request
38
+ assert_equal "That email verification link is invalid", response.parsed_body["error"]
39
+ end
40
+
32
41
  def sign_in_as(<%= singular_table_name %>)
33
42
  post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
34
43
  [<%= singular_table_name %>, response.headers["X-Session-Token"]]
data/lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt CHANGED
@@ -3,8 +3,8 @@ require "test_helper"
3
3
  class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
4
4
  setup do
5
5
  @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
6
- @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
7
- @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
6
+ @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
7
+ @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
8
8
 
9
9
  @<%= singular_table_name %>.update! verified: false
10
10
  end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
29
29
  assert_equal "That email verification link is invalid", flash[:alert]
30
30
  end
31
31
 
32
+ test "should not verify email with previous token" do
33
+ @<%= singular_table_name %>.update! email: "other_email@hey.com"
34
+
35
+ get edit_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email_previously_was)
36
+
37
+ assert_redirected_to edit_email_path
38
+ assert_equal "That email verification link is invalid", flash[:alert]
39
+ end
40
+
32
41
  def sign_in_as(<%= singular_table_name %>)
33
42
  post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); <%= singular_table_name %>
34
43
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authentication-zero
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.4
4
+ version: 2.2.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nixon