authentication-zero 2.2.4 → 2.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +2 -2
  4. data/lib/authentication_zero/version.rb +1 -1
  5. data/lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt +6 -2
  6. data/lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt +7 -3
  7. data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt +1 -1
  8. data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt +0 -1
  9. data/lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt +11 -2
  10. data/lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt +11 -2
  11. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6ec32db1ac920db94f1c2350fbf5a98efeca35af8fa8ca1b4f83f1c93190753c
4
- data.tar.gz: 196b5398bfccab4033f1d9b59897b5afcf2610449b9550e81f008b7c7145fa8a
3
+ metadata.gz: cbf5451c5736444444c73e85d59820172c61985c90393c5a3eb4fc7e92dd476e
4
+ data.tar.gz: f6bea74bc5e5334f27036ce75831562d3f0e95e9eaea76be7e5d1e799df2afd6
5
5
  SHA512:
6
- metadata.gz: a551abfb08274802e4422117c5ac30200843bf66a6ee0fcfe6f2fa8dae8ae3e33bdf9d9304af7a60d74d2f3ae3e1a35b76f1988a55a7beaf36dcb53bfec8a0bd
7
- data.tar.gz: 0ea020f80489a0c5d6e767754543b455b7e986c332fcd8ffea64a38b9f1000629cbb7cb40090c38cd789908d4c6c6590666b295ac9131b86a935f2f48d999195
6
+ metadata.gz: a0ae090e81d5ffe5149c3d2dea1a1ca64071335829393700732458c1f6b4d8167335c23e74cf1370e49b7f14a1751ecfd28e3d68205b7303198544a4a209ec73
7
+ data.tar.gz: bd43ec57382214d285cdd556b68468096aad74b689e41df5cce770d5334b1d11e1858267fd31aedf7260509f34b7e95b41d6e8f3cd50dc64e63f5170bbcf1e15
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- authentication-zero (2.2.4)
4
+ authentication-zero (2.2.5)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/README.md CHANGED
@@ -12,8 +12,8 @@ The purpose of authentication zero is to generate a pre-built authentication sys
12
12
  - Reset the user password only from verified emails
13
13
  - Authentication by cookie (html)
14
14
  - Authentication by token (api)
15
- - Send e-mail verification when your email is changed
16
- - Send e-mail when someone has signed-in into your account
15
+ - Send e-mail verification when your email has been changed
16
+ - Send email when someone has logged into your account
17
17
  - Manage multiple sessions & devices
18
18
  - Cancel my account
19
19
  - Log out
data/lib/authentication_zero/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AuthenticationZero
2
- VERSION = "2.2.4"
2
+ VERSION = "2.2.5"
3
3
  end
data/lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt CHANGED
@@ -6,12 +6,16 @@ class EmailVerificationsController < ApplicationController
6
6
  end
7
7
 
8
8
  def update
9
- @<%= singular_table_name %>.update! verified: true
9
+ if Current.<%= singular_table_name %>.email == params[:email]
10
+ @<%= singular_table_name %>.update! verified: true
11
+ else
12
+ render json: { error: "That email verification link is invalid" }, status: :bad_request
13
+ end
10
14
  end
11
15
 
12
16
  private
13
17
  def set_<%= singular_table_name %>
14
- @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
18
+ @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: params[:email])
15
19
  rescue ActiveSupport::MessageVerifier::InvalidSignature
16
20
  render json: { error: "That email verification link is invalid" }, status: :bad_request
17
21
  end
data/lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt CHANGED
@@ -2,8 +2,12 @@ class EmailVerificationsController < ApplicationController
2
2
  before_action :set_<%= singular_table_name %>, only: :edit
3
3
 
4
4
  def edit
5
- @<%= singular_table_name %>.update! verified: true
6
- redirect_to root_path, notice: "Thank you for verifying your email address"
5
+ if Current.<%= singular_table_name %>.email == params[:email]
6
+ @<%= singular_table_name %>.update! verified: true
7
+ redirect_to root_path, notice: "Thank you for verifying your email address"
8
+ else
9
+ redirect_to edit_email_path, alert: "That email verification link is invalid"
10
+ end
7
11
  end
8
12
 
9
13
  def create
@@ -13,7 +17,7 @@ class EmailVerificationsController < ApplicationController
13
17
 
14
18
  private
15
19
  def set_<%= singular_table_name %>
16
- @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
20
+ @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: params[:email])
17
21
  rescue ActiveSupport::MessageVerifier::InvalidSignature
18
22
  redirect_to edit_email_path, alert: "That email verification link is invalid"
19
23
  end
data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt CHANGED
@@ -8,7 +8,7 @@ class IdentityMailer < ApplicationMailer
8
8
 
9
9
  def email_verify_confirmation
10
10
  @<%= singular_table_name %> = params[:<%= singular_table_name %>]
11
- @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
11
+ @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
12
12
 
13
13
  mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
14
14
  end
data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt CHANGED
@@ -2,7 +2,6 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
2
2
  def change
3
3
  create_table :sessions do |t|
4
4
  t.references :<%= singular_table_name %>, null: false, foreign_key: true
5
-
6
5
  t.string :user_agent
7
6
  t.string :ip_address
8
7
 
data/lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt CHANGED
@@ -3,8 +3,8 @@ require "test_helper"
3
3
  class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
4
4
  setup do
5
5
  @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
6
- @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
7
- @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
6
+ @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
7
+ @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
8
8
 
9
9
  @<%= singular_table_name %>.update! verified: false
10
10
  end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
29
29
  assert_equal "That email verification link is invalid", response.parsed_body["error"]
30
30
  end
31
31
 
32
+ test "should not verify email with previous token" do
33
+ @<%= singular_table_name %>.update! email: "other_email@hey.com"
34
+
35
+ patch email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: { "Authorization" => "Bearer #{@token}" }
36
+
37
+ assert_response :bad_request
38
+ assert_equal "That email verification link is invalid", response.parsed_body["error"]
39
+ end
40
+
32
41
  def sign_in_as(<%= singular_table_name %>)
33
42
  post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
34
43
  [<%= singular_table_name %>, response.headers["X-Session-Token"]]
data/lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt CHANGED
@@ -3,8 +3,8 @@ require "test_helper"
3
3
  class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
4
4
  setup do
5
5
  @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
6
- @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
7
- @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
6
+ @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
7
+ @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
8
8
 
9
9
  @<%= singular_table_name %>.update! verified: false
10
10
  end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
29
29
  assert_equal "That email verification link is invalid", flash[:alert]
30
30
  end
31
31
 
32
+ test "should not verify email with previous token" do
33
+ @<%= singular_table_name %>.update! email: "other_email@hey.com"
34
+
35
+ get edit_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email_previously_was)
36
+
37
+ assert_redirected_to edit_email_path
38
+ assert_equal "That email verification link is invalid", flash[:alert]
39
+ end
40
+
32
41
  def sign_in_as(<%= singular_table_name %>)
33
42
  post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); <%= singular_table_name %>
34
43
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authentication-zero
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.4
4
+ version: 2.2.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nixon