RubyGems - authentication-zero - Versions diffs - 2.2.4 → 2.2.7 - Mend

authentication-zero 2.2.4 → 2.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ec32db1ac920db94f1c2350fbf5a98efeca35af8fa8ca1b4f83f1c93190753c
-  data.tar.gz: 196b5398bfccab4033f1d9b59897b5afcf2610449b9550e81f008b7c7145fa8a
+  metadata.gz: 065a0e9195053ad906f495477bc12ffb7a299481f7ce1837389fe7123700b083
+  data.tar.gz: df7baaa9cc9ca5100664ab40884a4c6df62c7e92dc4497e050deb1ad2e91dea2
 SHA512:
-  metadata.gz: a551abfb08274802e4422117c5ac30200843bf66a6ee0fcfe6f2fa8dae8ae3e33bdf9d9304af7a60d74d2f3ae3e1a35b76f1988a55a7beaf36dcb53bfec8a0bd
-  data.tar.gz: 0ea020f80489a0c5d6e767754543b455b7e986c332fcd8ffea64a38b9f1000629cbb7cb40090c38cd789908d4c6c6590666b295ac9131b86a935f2f48d999195
+  metadata.gz: b8506400f8d08c8bfdd0ecf43d25524deb75f23da5ea40dcfd8e9f8b983eded76219f4de68c0d8a31acbb58600992f1c1c6bd4f3da8e110c7985d276cfb7fa04
+  data.tar.gz: bfb7f162e36c9e31fef121998dd8b00aefe298b265a2fa781326a6090be2f788824f7d9fe9066909f80fb8a28f2385b807efbbfa68f71dc192e9d09ebefcf47c

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.2.4)
+    authentication-zero (2.2.7)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -12,8 +12,8 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Reset the user password only from verified emails
 - Authentication by cookie (html)
 - Authentication by token (api)
-- Send e-mail verification when your email is changed
-- Send e-mail when someone has signed-in into your account
+- Send e-mail verification when your email has been changed
+- Send email when someone has logged into your account
 - Manage multiple sessions & devices
 - Cancel my account
 - Log out

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.2.4"
+  VERSION = "2.2.7"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -38,7 +38,6 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_fixture_file
     if options.fixture && options.fixture_replacement.nil?
       template "#{test_framework}/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
-      template "#{test_framework}/sessions.yml", "test/fixtures/sessions.yml"
     end
   end

data/lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt CHANGED Viewed

@@ -11,8 +11,8 @@ class EmailVerificationsController < ApplicationController
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      @<%= singular_table_name %> = <%= class_name %>.where(email: params[:email]).find_signed!(params[:token], purpose: params[:email])
+    rescue
       render json: { error: "That email verification link is invalid" }, status: :bad_request
     end
 end

data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt CHANGED Viewed

@@ -22,7 +22,7 @@ class PasswordResetsController < ApplicationController
   private
     def set_<%= singular_table_name %>
       @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
+    rescue
       render json: { error: "That password reset link is invalid" }, status: :bad_request
     end

data/lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt CHANGED Viewed

@@ -1,5 +1,5 @@
 class EmailVerificationsController < ApplicationController
-  before_action :set_<%= singular_table_name %>, only: :edit
+  before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
   def edit
     @<%= singular_table_name %>.update! verified: true
@@ -13,8 +13,8 @@ class EmailVerificationsController < ApplicationController
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      @<%= singular_table_name %> = <%= class_name %>.where(email: params[:email]).find_signed!(params[:token], purpose: params[:email])
+    rescue
       redirect_to edit_email_path, alert: "That email verification link is invalid"
     end
 end

data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt CHANGED Viewed

@@ -29,7 +29,7 @@ class PasswordResetsController < ApplicationController
   private
     def set_<%= singular_table_name %>
       @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
+    rescue
       redirect_to new_password_reset_path, alert: "That password reset link is invalid"
     end

data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt CHANGED Viewed

@@ -8,7 +8,7 @@ class IdentityMailer < ApplicationMailer
   def email_verify_confirmation
     @<%= singular_table_name %> = params[:<%= singular_table_name %>]
-    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
+    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
     mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
   end

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt CHANGED Viewed

@@ -2,7 +2,6 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
   def change
     create_table :sessions do |t|
       t.references :<%= singular_table_name %>, null: false, foreign_key: true
       t.string :user_agent
       t.string :ip_address

data/lib/generators/authentication/templates/models/model.rb.tt CHANGED Viewed

@@ -11,12 +11,12 @@ class <%= class_name %> < ApplicationRecord
     self.email = email.downcase.strip
   end
-  after_create_commit do
-    IdentityMailer.with(<%= singular_table_name %>: self).email_verify_confirmation.deliver_later
+  before_validation if: :email_changed? do
+    self.verified = false
   end
-  after_update_commit if: :email_previously_changed? do
-    update_columns verified: false
+  after_create_commit do
+    IdentityMailer.with(<%= singular_table_name %>: self).email_verify_confirmation.deliver_later
   end
   after_update_commit if: :email_previously_changed? do

data/lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt CHANGED Viewed

@@ -3,8 +3,8 @@ require "test_helper"
 class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
-    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
     @<%= singular_table_name %>.update! verified: false
   end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "That email verification link is invalid", response.parsed_body["error"]
   end
+  test "should not verify email with previous token" do
+    @<%= singular_table_name %>.update! email: "other_email@hey.com"
+    patch email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :bad_request
+    assert_equal "That email verification link is invalid", response.parsed_body["error"]
+  end
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
     [<%= singular_table_name %>, response.headers["X-Session-Token"]]

data/lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt CHANGED Viewed

@@ -3,8 +3,8 @@ require "test_helper"
 class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
-    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 0.minutes)
     @<%= singular_table_name %>.update! verified: false
   end
@@ -29,6 +29,15 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "That email verification link is invalid", flash[:alert]
   end
+  test "should not verify email with previous token" do
+    @<%= singular_table_name %>.update! email: "other_email@hey.com"
+    get edit_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email_previously_was)
+    assert_redirected_to edit_email_path
+    assert_equal "That email verification link is invalid", flash[:alert]
+  end
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); <%= singular_table_name %>
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.2.4
+  version: 2.2.7
 platform: ruby
 authors:
 - Nixon
@@ -76,7 +76,6 @@ files:
 - lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/fixtures.yml.tt
-- lib/generators/authentication/templates/test_unit/sessions.yml.tt
 - lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt

data/lib/generators/authentication/templates/test_unit/sessions.yml.tt DELETED Viewed

@@ -1,6 +0,0 @@
-# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
-lazaro_nixon_ios:
-  <%= singular_table_name %>: lazaro_nixon
-  user_agent: Device iOS
-  ip_address: 127.0.0.1