RubyGems - authentication-zero - Versions diffs - 2.2.4 → 2.2.7 - Mend

authentication-zero 2.2.4 → 2.2.7

Files changed (16) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ec32db1ac920db94f1c2350fbf5a98efeca35af8fa8ca1b4f83f1c93190753c
-  data.tar.gz: 196b5398bfccab4033f1d9b59897b5afcf2610449b9550e81f008b7c7145fa8a
+  metadata.gz: 065a0e9195053ad906f495477bc12ffb7a299481f7ce1837389fe7123700b083
+  data.tar.gz: df7baaa9cc9ca5100664ab40884a4c6df62c7e92dc4497e050deb1ad2e91dea2
 SHA512:
-  metadata.gz: a551abfb08274802e4422117c5ac30200843bf66a6ee0fcfe6f2fa8dae8ae3e33bdf9d9304af7a60d74d2f3ae3e1a35b76f1988a55a7beaf36dcb53bfec8a0bd
-  data.tar.gz: 0ea020f80489a0c5d6e767754543b455b7e986c332fcd8ffea64a38b9f1000629cbb7cb40090c38cd789908d4c6c6590666b295ac9131b86a935f2f48d999195
+  metadata.gz: b8506400f8d08c8bfdd0ecf43d25524deb75f23da5ea40dcfd8e9f8b983eded76219f4de68c0d8a31acbb58600992f1c1c6bd4f3da8e110c7985d276cfb7fa04
+  data.tar.gz: bfb7f162e36c9e31fef121998dd8b00aefe298b265a2fa781326a6090be2f788824f7d9fe9066909f80fb8a28f2385b807efbbfa68f71dc192e9d09ebefcf47c

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.2.4)
+    authentication-zero (2.2.7)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -12,8 +12,8 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Reset the user password only from verified emails
 - Authentication by cookie (html)
 - Authentication by token (api)
-- Send e-mail verification when your email is changed
-- Send e-mail when someone has signed-in into your account
+- Send e-mail verification when your email has been changed
+- Send email when someone has logged into your account
 - Manage multiple sessions & devices
 - Cancel my account
 - Log out

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.2.4"
+  VERSION = "2.2.7"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -38,7 +38,6 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_fixture_file
     if options.fixture && options.fixture_replacement.nil?
       template "#{test_framework}/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
-      template "#{test_framework}/sessions.yml", "test/fixtures/sessions.yml"
     end
   end

data/lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt CHANGED Viewed

@@ -11,8 +11,8 @@ class EmailVerificationsController < ApplicationController
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      @<%= singular_table_name %> = <%= class_name %>.where(email: params[:email]).find_signed!(params[:token], purpose: params[:email])
+    rescue
       render json: { error: "That email verification link is invalid" }, status: :bad_request
     end
 end

data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt CHANGED Viewed

@@ -22,7 +22,7 @@ class PasswordResetsController < ApplicationController
   private
     def set_<%= singular_table_name %>
       @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
+    rescue
       render json: { error: "That password reset link is invalid" }, status: :bad_request
     end

data/lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt CHANGED Viewed

@@ -1,5 +1,5 @@
 class EmailVerificationsController < ApplicationController
-  before_action :set_<%= singular_table_name %>, only: :edit
+  before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
   def edit
     @<%= singular_table_name %>.update! verified: true
@@ -13,8 +13,8 @@ class EmailVerificationsController < ApplicationController
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      @<%= singular_table_name %> = <%= class_name %>.where(email: params[:email]).find_signed!(params[:token], purpose: params[:email])
+    rescue
       redirect_to edit_email_path, alert: "That email verification link is invalid"
     end
 end

data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt CHANGED Viewed

@@ -29,7 +29,7 @@ class PasswordResetsController < ApplicationController
   private
     def set_<%= singular_table_name %>
       @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
+    rescue
       redirect_to new_password_reset_path, alert: "That password reset link is invalid"
     end

data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt CHANGED Viewed

@@ -8,7 +8,7 @@ class IdentityMailer < ApplicationMailer
   def email_verify_confirmation
     @<%= singular_table_name %> = params[:<%= singular_table_name %>]
-    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
+    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
     mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
   end

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt CHANGED Viewed

@@ -2,7 +2,6 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
   def change
     create_table :sessions do |t|
       t.references :<%= singular_table_name %>, null: false, foreign_key: true
       t.string :user_agent
       t.string :ip_address

data/lib/generators/authentication/templates/models/model.rb.tt CHANGED Viewed

@@ -11,12 +11,12 @@ class <%= class_name %> < ApplicationRecord
     self.email = email.downcase.strip
   end
-  after_create_commit do
-    IdentityMailer.with(<%= singular_table_name %>: self).email_verify_confirmation.deliver_later
+  before_validation if: :email_changed? do
+    self.verified = false
   end
-  after_update_commit if: :email_previously_changed? do
-    update_columns verified: false
+  after_create_commit do
+    IdentityMailer.with(<%= singular_table_name %>: self).email_verify_confirmation.deliver_later
   end
   after_update_commit if: :email_previously_changed? do

data/lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt CHANGED Viewed

@@ -3,8 +3,8 @@ require "test_helper"
 class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
-    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
     @<%= singular_table_name %>.update! verified: false
   end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "That email verification link is invalid", response.parsed_body["error"]
   end
+  test "should not verify email with previous token" do
+    @<%= singular_table_name %>.update! email: "other_email@hey.com"
+    patch email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :bad_request
+    assert_equal "That email verification link is invalid", response.parsed_body["error"]
+  end
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
     [<%= singular_table_name %>, response.headers["X-Session-Token"]]

data/lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt CHANGED Viewed

@@ -3,8 +3,8 @@ require "test_helper"
 class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
-    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
     @<%= singular_table_name %>.update! verified: false
   end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "That email verification link is invalid", flash[:alert]
   end
+  test "should not verify email with previous token" do
+    @<%= singular_table_name %>.update! email: "other_email@hey.com"
+    get edit_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email_previously_was)
+    assert_redirected_to edit_email_path
+    assert_equal "That email verification link is invalid", flash[:alert]
+  end
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); <%= singular_table_name %>
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.2.4
+  version: 2.2.7
 platform: ruby
 authors:
 - Nixon
@@ -76,7 +76,6 @@ files:
 - lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/fixtures.yml.tt
-- lib/generators/authentication/templates/test_unit/sessions.yml.tt
 - lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt

data/lib/generators/authentication/templates/test_unit/sessions.yml.tt DELETED Viewed

@@ -1,6 +0,0 @@
-# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
-lazaro_nixon_ios:
-  <%= singular_table_name %>: lazaro_nixon
-  user_agent: Device iOS
-  ip_address: 127.0.0.1