devise-tokens 1.0.3 → 1.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +13 -0
- data/README.md +99 -0
- data/Rakefile +42 -0
- data/app/controllers/{devise_tokens → devise_token_auth}/application_controller.rb +8 -6
- data/app/controllers/{devise_tokens → devise_token_auth}/concerns/resource_finder.rb +4 -2
- data/app/controllers/{devise_tokens → devise_token_auth}/concerns/set_user_by_token.rb +24 -23
- data/app/controllers/{devise_tokens → devise_token_auth}/confirmations_controller.rb +9 -7
- data/app/controllers/{devise_tokens → devise_token_auth}/omniauth_callbacks_controller.rb +11 -9
- data/app/controllers/{devise_tokens → devise_token_auth}/passwords_controller.rb +16 -14
- data/app/controllers/{devise_tokens → devise_token_auth}/registrations_controller.rb +13 -11
- data/app/controllers/{devise_tokens → devise_token_auth}/sessions_controller.rb +9 -6
- data/app/controllers/{devise_tokens → devise_token_auth}/token_validations_controller.rb +5 -3
- data/app/controllers/{devise_tokens → devise_token_auth}/unlocks_controller.rb +7 -5
- data/app/models/{devise_tokens → devise_token_auth}/concerns/active_record_support.rb +2 -2
- data/app/models/{devise_tokens → devise_token_auth}/concerns/mongoid_support.rb +1 -1
- data/app/models/{devise_tokens → devise_token_auth}/concerns/tokens_serialization.rb +1 -1
- data/app/models/{devise_tokens → devise_token_auth}/concerns/user.rb +21 -17
- data/app/models/{devise_tokens → devise_token_auth}/concerns/user_omniauth_callbacks.rb +3 -3
- data/app/validators/devise_token_auth_email_validator.rb +2 -2
- data/config/locales/da-DK.yml +1 -1
- data/config/locales/de.yml +1 -1
- data/config/locales/en.yml +1 -1
- data/config/locales/es.yml +1 -1
- data/config/locales/fr.yml +1 -1
- data/config/locales/he.yml +1 -1
- data/config/locales/it.yml +1 -1
- data/config/locales/ja.yml +1 -1
- data/config/locales/nl.yml +1 -1
- data/config/locales/pl.yml +1 -1
- data/config/locales/pt-BR.yml +1 -1
- data/config/locales/pt.yml +1 -1
- data/config/locales/ro.yml +1 -1
- data/config/locales/ru.yml +1 -1
- data/config/locales/sq.yml +1 -1
- data/config/locales/sv.yml +1 -1
- data/config/locales/uk.yml +1 -1
- data/config/locales/vi.yml +1 -1
- data/config/locales/zh-CN.yml +1 -1
- data/config/locales/zh-HK.yml +1 -1
- data/config/locales/zh-TW.yml +1 -1
- data/lib/devise_token_auth.rb +14 -0
- data/lib/{devise_tokens → devise_token_auth}/blacklist.rb +0 -0
- data/lib/{devise_tokens → devise_token_auth}/controllers/helpers.rb +3 -3
- data/lib/{devise_tokens → devise_token_auth}/controllers/url_helpers.rb +2 -2
- data/lib/{devise_tokens → devise_token_auth}/engine.rb +7 -5
- data/lib/{devise_tokens → devise_token_auth}/errors.rb +3 -1
- data/lib/{devise_tokens → devise_token_auth}/rails/routes.rb +15 -15
- data/lib/{devise_tokens → devise_token_auth}/token_factory.rb +19 -19
- data/lib/{devise_tokens → devise_token_auth}/url.rb +4 -2
- data/lib/devise_token_auth/version.rb +5 -0
- data/lib/generators/{devise_tokens → devise_token_auth}/USAGE +9 -9
- data/lib/generators/{devise_tokens → devise_token_auth}/install_generator.rb +9 -9
- data/lib/generators/{devise_tokens → devise_token_auth}/install_generator_helpers.rb +9 -9
- data/lib/generators/{devise_tokens → devise_token_auth}/install_mongoid_generator.rb +5 -5
- data/lib/generators/{devise_tokens → devise_token_auth}/install_views_generator.rb +2 -2
- data/lib/generators/{devise_tokens/templates/devise_tokens.rb → devise_token_auth/templates/devise_token_auth.rb} +2 -2
- data/lib/generators/{devise_tokens/templates/devise_tokens_create_users.rb.erb → devise_token_auth/templates/devise_token_auth_create_users.rb.erb} +1 -1
- data/lib/generators/{devise_tokens → devise_token_auth}/templates/user.rb.erb +2 -2
- data/lib/generators/{devise_tokens → devise_token_auth}/templates/user_mongoid.rb.erb +2 -2
- data/lib/tasks/{devise_tokens_tasks.rake → devise_token_auth_tasks.rake} +2 -2
- data/test/controllers/custom/custom_confirmations_controller_test.rb +25 -0
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +33 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +79 -0
- data/test/controllers/custom/custom_registrations_controller_test.rb +63 -0
- data/test/controllers/custom/custom_sessions_controller_test.rb +39 -0
- data/test/controllers/custom/custom_token_validations_controller_test.rb +42 -0
- data/test/controllers/demo_group_controller_test.rb +151 -0
- data/test/controllers/demo_mang_controller_test.rb +284 -0
- data/test/controllers/demo_user_controller_test.rb +629 -0
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +187 -0
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +441 -0
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +780 -0
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +907 -0
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +503 -0
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +102 -0
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +196 -0
- data/test/controllers/overrides/confirmations_controller_test.rb +47 -0
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +53 -0
- data/test/controllers/overrides/passwords_controller_test.rb +64 -0
- data/test/controllers/overrides/registrations_controller_test.rb +46 -0
- data/test/controllers/overrides/sessions_controller_test.rb +35 -0
- data/test/controllers/overrides/token_validations_controller_test.rb +43 -0
- data/test/dummy/README.rdoc +28 -0
- data/test/dummy/app/active_record/lockable_user.rb +7 -0
- data/test/dummy/app/active_record/mang.rb +5 -0
- data/test/dummy/app/active_record/only_email_user.rb +7 -0
- data/test/dummy/app/active_record/scoped_user.rb +9 -0
- data/test/dummy/app/active_record/unconfirmable_user.rb +9 -0
- data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/application_controller.rb +18 -0
- data/test/dummy/app/controllers/auth_origin_controller.rb +7 -0
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +13 -0
- data/test/dummy/app/controllers/custom/passwords_controller.rb +39 -0
- data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
- data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
- data/test/dummy/app/controllers/demo_group_controller.rb +15 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +14 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +27 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +28 -0
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +16 -0
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +35 -0
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +29 -0
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
- data/test/dummy/app/helpers/application_helper.rb +1058 -0
- data/test/dummy/app/models/concerns/favorite_color.rb +19 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/config.ru +18 -0
- data/test/dummy/config/application.rb +48 -0
- data/test/dummy/config/application.yml.bk +0 -0
- data/test/dummy/config/boot.rb +11 -0
- data/test/dummy/config/environment.rb +7 -0
- data/test/dummy/config/environments/development.rb +46 -0
- data/test/dummy/config/environments/production.rb +84 -0
- data/test/dummy/config/environments/test.rb +50 -0
- data/test/dummy/config/initializers/assets.rb +10 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +9 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +5 -0
- data/test/dummy/config/initializers/devise.rb +290 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +55 -0
- data/test/dummy/config/initializers/figaro.rb +3 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +6 -0
- data/test/dummy/config/initializers/inflections.rb +18 -0
- data/test/dummy/config/initializers/mime_types.rb +6 -0
- data/test/dummy/config/initializers/omniauth.rb +10 -0
- data/test/dummy/config/initializers/session_store.rb +5 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +16 -0
- data/test/dummy/config/routes.rb +55 -0
- data/test/dummy/config/spring.rb +3 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +58 -0
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +57 -0
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +8 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +7 -0
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +55 -0
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +56 -0
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +56 -0
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +56 -0
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +56 -0
- data/test/dummy/db/schema.rb +173 -0
- data/test/dummy/lib/migration_database_helper.rb +43 -0
- data/test/factories/users.rb +40 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +11 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +26 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +217 -0
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +25 -0
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +70 -0
- data/test/models/only_email_user_test.rb +29 -0
- data/test/models/user_test.rb +108 -0
- data/test/support/controllers/routes.rb +43 -0
- data/test/test_helper.rb +103 -0
- metadata +246 -37
- data/lib/devise_tokens.rb +0 -14
- data/lib/devise_tokens/version.rb +0 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c1b97c61de919a0137ed6c30e55388c6594780fdfa0b088b6a227a270b896b31
|
4
|
+
data.tar.gz: 46907189f0816ed2494c464e9a2647dd090fd44064bc5db5840ea5eb385697f7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b60ca30afe1424bd87dd5937a4c6995e19672cb5cf79b991535ec1429e571adb9df8c5a7f31cada2a128d47df024282cf139fb013bdc32f95a07cdc9e13e1089
|
7
|
+
data.tar.gz: 8fd194ee1795bfe92e4dd6451455ed858879178e041a0dff8a066fde32fee9f486338b7e62e7d4c2e3c9e26b945b1861b8e26dc96044bfd281096229e8a14780
|
data/LICENSE
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
|
2
|
+
Version 2, December 2004
|
3
|
+
|
4
|
+
Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
|
5
|
+
|
6
|
+
Everyone is permitted to copy and distribute verbatim or modified
|
7
|
+
copies of this license document, and changing it is allowed as long
|
8
|
+
as the name is changed.
|
9
|
+
|
10
|
+
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
|
11
|
+
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
12
|
+
|
13
|
+
0. You just DO WHAT THE FUCK YOU WANT TO.
|
data/README.md
ADDED
@@ -0,0 +1,99 @@
|
|
1
|
+
# Devise Token Auth
|
2
|
+
|
3
|
+
[![Gem Version](https://badge.fury.io/rb/devise_token_auth.svg)](http://badge.fury.io/rb/devise_token_auth)
|
4
|
+
[![Build Status](https://travis-ci.org/lynndylanhurley/devise_token_auth.svg?branch=master)](https://travis-ci.org/lynndylanhurley/devise_token_auth)
|
5
|
+
[![Code Climate](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/badges/gpa.svg)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth)
|
6
|
+
[![Test Coverage](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/badges/coverage.svg)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/coverage)
|
7
|
+
[![Downloads](https://img.shields.io/gem/dt/devise_token_auth.svg)](https://rubygems.org/gems/devise_token_auth)
|
8
|
+
[![Backers on Open Collective](https://opencollective.com/devise_token_auth/backers/badge.svg)](#backers)
|
9
|
+
[![Sponsors on Open Collective](https://opencollective.com/devise_token_auth/sponsors/badge.svg)](#sponsors)
|
10
|
+
[![Join the chat at https://gitter.im/lynndylanhurley/devise_token_auth](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/lynndylanhurley/devise_token_auth?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
11
|
+
|
12
|
+
Simple, multi-client and secure token-based authentication for Rails.
|
13
|
+
|
14
|
+
If you're building SPA or a mobile app, and you want authentication, you need tokens, not cookies.
|
15
|
+
This gem refreshes the tokens on each request, and expires them in a short time, so the app is secure.
|
16
|
+
Also, it maintains a session for each client/device, so you can have as many sessions as you want.
|
17
|
+
|
18
|
+
## Main features
|
19
|
+
|
20
|
+
* Seamless integration with:
|
21
|
+
* [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) for [AngularJS](https://github.com/angular/angular.js)
|
22
|
+
* [Angular-Token](https://github.com/neroniaky/angular-token) for [Angular](https://github.com/angular/angular)
|
23
|
+
* [redux-token-auth](https://github.com/kylecorbelli/redux-token-auth) for [React with Redux](https://github.com/reactjs/react-redux)
|
24
|
+
* [jToker](https://github.com/lynndylanhurley/j-toker) for [jQuery](https://jquery.com/)
|
25
|
+
* Oauth2 authentication using [OmniAuth](https://github.com/intridea/omniauth).
|
26
|
+
* Email authentication using [Devise](https://github.com/plataformatec/devise), including:
|
27
|
+
* User registration, update and deletion
|
28
|
+
* Login and logout
|
29
|
+
* Password reset, account confirmation
|
30
|
+
* Support for [multiple user models](./docs/usage/multiple_models.md).
|
31
|
+
* It is [secure](docs/security.md).
|
32
|
+
|
33
|
+
This project leverages the following gems:
|
34
|
+
|
35
|
+
* [Devise](https://github.com/plataformatec/devise)
|
36
|
+
* [OmniAuth](https://github.com/intridea/omniauth)
|
37
|
+
|
38
|
+
## Installation
|
39
|
+
|
40
|
+
Add the following to your `Gemfile`:
|
41
|
+
|
42
|
+
~~~ruby
|
43
|
+
gem 'devise_token_auth'
|
44
|
+
~~~
|
45
|
+
|
46
|
+
Then install the gem using bundle:
|
47
|
+
|
48
|
+
~~~bash
|
49
|
+
bundle install
|
50
|
+
~~~
|
51
|
+
|
52
|
+
## [Docs](https://devise-token-auth.gitbook.io/devise-token-auth)
|
53
|
+
|
54
|
+
## Need help?
|
55
|
+
|
56
|
+
Please use [StackOverflow](https://stackoverflow.com/questions/tagged/devise-token-auth) for help requests and how-to questions.
|
57
|
+
|
58
|
+
Please open GitHub issues for bugs and enhancements only, not general help requests. Please search previous issues (and Google and StackOverflow) before creating a new issue.
|
59
|
+
|
60
|
+
Please read the [issue template](https://github.com/lynndylanhurley/devise_token_auth/blob/master/.github/ISSUE_TEMPLATE.md) before posting issues.
|
61
|
+
|
62
|
+
## [FAQ](docs/faq.md)
|
63
|
+
|
64
|
+
## Contributors wanted!
|
65
|
+
|
66
|
+
See our [Contribution Guidelines](https://github.com/lynndylanhurley/devise_token_auth/blob/master/.github/CONTRIBUTING.md). Feel free to submit pull requests, review pull requests, or review open issues. If you'd like to get in contact, [Zach Feldman](https://github.com/zachfeldman) has been wrangling this effort, you can reach him with his name @gmail. Further discussion of this in [this issue](https://github.com/lynndylanhurley/devise_token_auth/issues/969).
|
67
|
+
|
68
|
+
We have some bounties for some issues, [check them out](https://github.com/lynndylanhurley/devise_token_auth/issues?q=is%3Aopen+is%3Aissue+label%3Abounty)!
|
69
|
+
|
70
|
+
## Live Demos
|
71
|
+
|
72
|
+
[Here is a demo](http://ng-token-auth-demo.herokuapp.com/) of this app running with the [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) module and [AngularJS](https://github.com/angular/angular.js).
|
73
|
+
|
74
|
+
[Here is a demo](https://stackblitz.com/github/neroniaky/angular-token) of this app running with the [Angular-Token](https://github.com/neroniaky/angular-token) service and [Angular](https://github.com/angular/angular).
|
75
|
+
|
76
|
+
[Here is a demo](https://j-toker-demo.herokuapp.com/) of this app using the [jToker](https://github.com/lynndylanhurley/j-toker) plugin and [React](http://facebook.github.io/react/).
|
77
|
+
|
78
|
+
The fully configured api used in these demos can be found [here](https://github.com/lynndylanhurley/devise_token_auth_demo).
|
79
|
+
|
80
|
+
|
81
|
+
## Contributors
|
82
|
+
|
83
|
+
<a href="graphs/contributors"><img src="https://opencollective.com/devise_token_auth/contributors.svg?width=890&button=false" /></a>
|
84
|
+
|
85
|
+
## Backers
|
86
|
+
|
87
|
+
Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/devise_token_auth#backer)]
|
88
|
+
|
89
|
+
[![](https://opencollective.com/devise_token_auth/backers.svg?width=890)](https://opencollective.com/devise_token_auth#backers)
|
90
|
+
|
91
|
+
|
92
|
+
## Sponsors
|
93
|
+
|
94
|
+
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/devise_token_auth#sponsor)]
|
95
|
+
|
96
|
+
[![](https://opencollective.com/devise_token_auth/sponsor/0/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/0/website) [![](https://opencollective.com/devise_token_auth/sponsor/1/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/1/website) [![](https://opencollective.com/devise_token_auth/sponsor/2/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/2/website) [![](https://opencollective.com/devise_token_auth/sponsor/3/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/3/website) [![](https://opencollective.com/devise_token_auth/sponsor/4/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/4/website) [![](https://opencollective.com/devise_token_auth/sponsor/5/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/5/website) [![](https://opencollective.com/devise_token_auth/sponsor/6/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/6/website) [![](https://opencollective.com/devise_token_auth/sponsor/7/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/7/website) [![](https://opencollective.com/devise_token_auth/sponsor/8/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/8/website) [![](https://opencollective.com/devise_token_auth/sponsor/9/avatar.svg)](https://opencollective.com/devise_token_auth/sponsor/9/website)
|
97
|
+
|
98
|
+
## License
|
99
|
+
This project uses the WTFPL
|
data/Rakefile
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
begin
|
4
|
+
require 'bundler/setup'
|
5
|
+
rescue LoadError
|
6
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
7
|
+
end
|
8
|
+
|
9
|
+
require 'rdoc/task'
|
10
|
+
|
11
|
+
RDoc::Task.new(:rdoc) do |rdoc|
|
12
|
+
rdoc.rdoc_dir = 'rdoc'
|
13
|
+
rdoc.title = 'DeviseTokenAuth'
|
14
|
+
rdoc.options << '--line-numbers'
|
15
|
+
rdoc.rdoc_files.include('README.rdoc')
|
16
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
17
|
+
end
|
18
|
+
|
19
|
+
APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
|
20
|
+
load 'rails/tasks/engine.rake'
|
21
|
+
|
22
|
+
Bundler::GemHelper.install_tasks
|
23
|
+
|
24
|
+
require 'rake/testtask'
|
25
|
+
|
26
|
+
Rake::TestTask.new(:test) do |t|
|
27
|
+
t.libs << 'lib'
|
28
|
+
t.libs << 'test'
|
29
|
+
t.pattern = 'test/**/*_test.rb'
|
30
|
+
t.verbose = false
|
31
|
+
t.warning = false
|
32
|
+
end
|
33
|
+
|
34
|
+
task default: :test
|
35
|
+
|
36
|
+
require 'rubocop/rake_task'
|
37
|
+
|
38
|
+
desc 'Run RuboCop'
|
39
|
+
RuboCop::RakeTask.new(:rubocop) do |task|
|
40
|
+
task.formatters = %w[fuubar offenses worst]
|
41
|
+
task.fail_on_error = false # don't abort rake on failure
|
42
|
+
end
|
@@ -1,6 +1,8 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module DeviseTokenAuth
|
2
4
|
class ApplicationController < DeviseController
|
3
|
-
include
|
5
|
+
include DeviseTokenAuth::Concerns::SetUserByToken
|
4
6
|
|
5
7
|
def resource_data(opts = {})
|
6
8
|
response_data = opts[:resource_json] || @resource.as_json
|
@@ -15,18 +17,18 @@ module DeviseTokens
|
|
15
17
|
protected
|
16
18
|
|
17
19
|
def blacklisted_redirect_url?(redirect_url)
|
18
|
-
|
20
|
+
DeviseTokenAuth.redirect_whitelist && !DeviseTokenAuth::Url.whitelisted?(redirect_url)
|
19
21
|
end
|
20
22
|
|
21
23
|
def build_redirect_headers(access_token, client, redirect_header_options = {})
|
22
24
|
{
|
23
|
-
|
24
|
-
|
25
|
+
DeviseTokenAuth.headers_names[:"access-token"] => access_token,
|
26
|
+
DeviseTokenAuth.headers_names[:"client"] => client,
|
25
27
|
:config => params[:config],
|
26
28
|
|
27
29
|
# Legacy parameters which may be removed in a future release.
|
28
30
|
# Consider using "client" and "access-token" in client code.
|
29
|
-
# See: github.com/lynndylanhurley/
|
31
|
+
# See: github.com/lynndylanhurley/devise_token_auth/issues/993
|
30
32
|
:client_id => client,
|
31
33
|
:token => access_token
|
32
34
|
}.merge(redirect_header_options)
|
@@ -1,6 +1,8 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module DeviseTokenAuth::Concerns::ResourceFinder
|
2
4
|
extend ActiveSupport::Concern
|
3
|
-
include
|
5
|
+
include DeviseTokenAuth::Controllers::Helpers
|
4
6
|
|
5
7
|
def get_case_insensitive_field_from_resource_params(field)
|
6
8
|
# honor Devise configuration for case_insensitive keys
|
@@ -1,6 +1,8 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module DeviseTokenAuth::Concerns::SetUserByToken
|
2
4
|
extend ActiveSupport::Concern
|
3
|
-
include
|
5
|
+
include DeviseTokenAuth::Concerns::ResourceFinder
|
4
6
|
|
5
7
|
included do
|
6
8
|
before_action :set_request_start
|
@@ -15,7 +17,7 @@ module DeviseTokens::Concerns::SetUserByToken
|
|
15
17
|
@used_auth_by_token = true
|
16
18
|
|
17
19
|
# initialize instance variables
|
18
|
-
@token =
|
20
|
+
@token = DeviseTokenAuth::TokenFactory.new
|
19
21
|
@resource ||= nil
|
20
22
|
@is_batch_request ||= nil
|
21
23
|
end
|
@@ -28,23 +30,22 @@ module DeviseTokens::Concerns::SetUserByToken
|
|
28
30
|
# no default user defined
|
29
31
|
return unless rc
|
30
32
|
|
31
|
-
|
32
|
-
|
33
|
-
|
33
|
+
# gets the headers names, which was set in the initialize file
|
34
|
+
uid_name = DeviseTokenAuth.headers_names[:'uid']
|
35
|
+
access_token_name = DeviseTokenAuth.headers_names[:'access-token']
|
36
|
+
client_name = DeviseTokenAuth.headers_names[:'client']
|
34
37
|
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
38
|
+
# parse header for values necessary for authentication
|
39
|
+
uid = request.headers[uid_name] || params[uid_name]
|
40
|
+
@token = DeviseTokenAuth::TokenFactory.new unless @token
|
41
|
+
@token.token ||= request.headers[access_token_name] || params[access_token_name]
|
42
|
+
@token.client ||= request.headers[client_name] || params[client_name]
|
40
43
|
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
end
|
44
|
+
# client isn't required, set to 'default' if absent
|
45
|
+
@token.client ||= 'default'
|
45
46
|
|
46
47
|
# check for an existing user, authenticated via warden/devise, if enabled
|
47
|
-
if
|
48
|
+
if DeviseTokenAuth.enable_standard_devise_support
|
48
49
|
devise_warden_user = warden.user(rc.to_s.underscore.to_sym)
|
49
50
|
if devise_warden_user && devise_warden_user.tokens[@token.client].nil?
|
50
51
|
@used_auth_by_token = false
|
@@ -70,10 +71,10 @@ module DeviseTokens::Concerns::SetUserByToken
|
|
70
71
|
|
71
72
|
if user && user.valid_token?(@token.token, @token.client)
|
72
73
|
# sign_in with bypass: true will be deprecated in the next version of Devise
|
73
|
-
if respond_to?(:bypass_sign_in) &&
|
74
|
+
if respond_to?(:bypass_sign_in) && DeviseTokenAuth.bypass_sign_in
|
74
75
|
bypass_sign_in(user, scope: scope)
|
75
76
|
else
|
76
|
-
sign_in(scope, user, store: false, event: :fetch, bypass:
|
77
|
+
sign_in(scope, user, store: false, event: :fetch, bypass: DeviseTokenAuth.bypass_sign_in)
|
77
78
|
end
|
78
79
|
return @resource = user
|
79
80
|
else
|
@@ -90,7 +91,7 @@ module DeviseTokens::Concerns::SetUserByToken
|
|
90
91
|
# Generate new client with existing authentication
|
91
92
|
@token.client = nil unless @used_auth_by_token
|
92
93
|
|
93
|
-
if @used_auth_by_token && !
|
94
|
+
if @used_auth_by_token && !DeviseTokenAuth.change_headers_on_each_request
|
94
95
|
# should not append auth header if @resource related token was
|
95
96
|
# cleared by sign out in the meantime
|
96
97
|
return if @resource.reload.tokens[@token.client].nil?
|
@@ -105,7 +106,7 @@ module DeviseTokens::Concerns::SetUserByToken
|
|
105
106
|
@resource = resource_class.find(@resource.to_param) # errors remain after reload
|
106
107
|
# if we left the model in a bad state, something is wrong in our app
|
107
108
|
unless @resource.valid?
|
108
|
-
raise
|
109
|
+
raise DeviseTokenAuth::Errors::InvalidModel, "Cannot set auth token in invalid model. Errors: #{@resource.errors.full_messages}"
|
109
110
|
end
|
110
111
|
end
|
111
112
|
refresh_headers
|
@@ -131,7 +132,7 @@ module DeviseTokens::Concerns::SetUserByToken
|
|
131
132
|
!params[:unbatch] &&
|
132
133
|
user.tokens[client] &&
|
133
134
|
user.tokens[client]['updated_at'] &&
|
134
|
-
user.tokens[client]['updated_at'].to_time > @request_started_at -
|
135
|
+
user.tokens[client]['updated_at'].to_time > @request_started_at - DeviseTokenAuth.batch_request_buffer_throttle
|
135
136
|
end
|
136
137
|
|
137
138
|
def auth_header_from_batch_request
|
@@ -150,8 +151,8 @@ module DeviseTokens::Concerns::SetUserByToken
|
|
150
151
|
# Use a blank string for the header to still be present and
|
151
152
|
# being passed in a XHR response in case of
|
152
153
|
# 304 Not Modified responses.
|
153
|
-
auth_header[
|
154
|
-
auth_header[
|
154
|
+
auth_header[DeviseTokenAuth.headers_names[:"access-token"]] = ' '
|
155
|
+
auth_header[DeviseTokenAuth.headers_names[:"expiry"]] = ' '
|
155
156
|
else
|
156
157
|
# update Authorization response header with new token
|
157
158
|
auth_header = @resource.create_new_auth_token(@token.client)
|
@@ -1,5 +1,7 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module DeviseTokenAuth
|
4
|
+
class ConfirmationsController < DeviseTokenAuth::ApplicationController
|
3
5
|
|
4
6
|
def show
|
5
7
|
@resource = resource_class.confirm_by_token(resource_params[:confirmation_token])
|
@@ -18,7 +20,7 @@ module DeviseTokens
|
|
18
20
|
|
19
21
|
redirect_to_link = signed_in_resource.build_auth_url(redirect_url, redirect_headers)
|
20
22
|
else
|
21
|
-
redirect_to_link =
|
23
|
+
redirect_to_link = DeviseTokenAuth::Url.generate(redirect_url, redirect_header_options)
|
22
24
|
end
|
23
25
|
|
24
26
|
redirect_to(redirect_to_link)
|
@@ -47,18 +49,18 @@ module DeviseTokens
|
|
47
49
|
protected
|
48
50
|
|
49
51
|
def render_create_error_missing_email
|
50
|
-
render_error(401, I18n.t('
|
52
|
+
render_error(401, I18n.t('devise_token_auth.confirmations.missing_email'))
|
51
53
|
end
|
52
54
|
|
53
55
|
def render_create_success
|
54
56
|
render json: {
|
55
57
|
success: true,
|
56
|
-
message: I18n.t('
|
58
|
+
message: I18n.t('devise_token_auth.confirmations.sended', email: @email)
|
57
59
|
}
|
58
60
|
end
|
59
61
|
|
60
62
|
def render_not_found_error
|
61
|
-
render_error(404, I18n.t('
|
63
|
+
render_error(404, I18n.t('devise_token_auth.confirmations.user_not_found', email: @email))
|
62
64
|
end
|
63
65
|
|
64
66
|
private
|
@@ -71,7 +73,7 @@ module DeviseTokens
|
|
71
73
|
def redirect_url
|
72
74
|
params.fetch(
|
73
75
|
:redirect_url,
|
74
|
-
|
76
|
+
DeviseTokenAuth.default_confirm_success_url
|
75
77
|
)
|
76
78
|
end
|
77
79
|
|
@@ -1,5 +1,7 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module DeviseTokenAuth
|
4
|
+
class OmniauthCallbacksController < DeviseTokenAuth::ApplicationController
|
3
5
|
attr_reader :auth_params
|
4
6
|
|
5
7
|
before_action :validate_auth_origin_url_param
|
@@ -43,7 +45,7 @@ module DeviseTokens
|
|
43
45
|
# find the mapping in `omniauth.params`.
|
44
46
|
#
|
45
47
|
# One example use-case here is for IDP-initiated SAML login. In that
|
46
|
-
# case, there will have been no initial request in which to save
|
48
|
+
# case, there will have been no initial request in which to save
|
47
49
|
# the devise mapping. If you are in a situation like that, and
|
48
50
|
# your app allows for you to determine somehow what the devise
|
49
51
|
# mapping should be (because, for example, it is always the same),
|
@@ -76,10 +78,10 @@ module DeviseTokens
|
|
76
78
|
render_data_or_redirect('authFailure', error: @error)
|
77
79
|
end
|
78
80
|
|
79
|
-
def validate_auth_origin_url_param
|
81
|
+
def validate_auth_origin_url_param
|
80
82
|
return render_error_not_allowed_auth_origin_url if auth_origin_url && blacklisted_redirect_url?(auth_origin_url)
|
81
83
|
end
|
82
|
-
|
84
|
+
|
83
85
|
|
84
86
|
protected
|
85
87
|
|
@@ -201,13 +203,13 @@ module DeviseTokens
|
|
201
203
|
end
|
202
204
|
|
203
205
|
def render_error_not_allowed_auth_origin_url
|
204
|
-
message = I18n.t('
|
206
|
+
message = I18n.t('devise_token_auth.omniauth.not_allowed_redirect_url', redirect_url: unsafe_auth_origin_url)
|
205
207
|
render_data_or_redirect('authFailure', error: message)
|
206
208
|
end
|
207
209
|
|
208
210
|
def render_data(message, data)
|
209
211
|
@data = data.merge(message: ActionController::Base.helpers.sanitize(message))
|
210
|
-
render layout: nil, template: '
|
212
|
+
render layout: nil, template: 'devise_token_auth/omniauth_external_window'
|
211
213
|
end
|
212
214
|
|
213
215
|
def render_data_or_redirect(message, data, user_data = {})
|
@@ -217,7 +219,7 @@ module DeviseTokens
|
|
217
219
|
# (For example, nbrustein does not allow new users to be created if logging in with
|
218
220
|
# an inAppBrowser)
|
219
221
|
#
|
220
|
-
# See app/views/
|
222
|
+
# See app/views/devise_token_auth/omniauth_external_window.html.erb to understand
|
221
223
|
# why we can handle these both the same. The view is setup to handle both cases
|
222
224
|
# at the same time.
|
223
225
|
if ['inAppBrowser', 'newWindow'].include?(omniauth_window_type)
|
@@ -226,7 +228,7 @@ module DeviseTokens
|
|
226
228
|
elsif auth_origin_url # default to same-window implementation, which forwards back to auth_origin_url
|
227
229
|
|
228
230
|
# build and redirect to destination url
|
229
|
-
redirect_to
|
231
|
+
redirect_to DeviseTokenAuth::Url.generate(auth_origin_url, data.merge(blank: true))
|
230
232
|
else
|
231
233
|
|
232
234
|
# there SHOULD always be an auth_origin_url, but if someone does something silly
|
@@ -1,5 +1,7 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module DeviseTokenAuth
|
4
|
+
class PasswordsController < DeviseTokenAuth::ApplicationController
|
3
5
|
before_action :validate_redirect_url_param, only: [:create, :edit]
|
4
6
|
skip_after_action :update_auth_header, only: [:create, :edit]
|
5
7
|
|
@@ -47,7 +49,7 @@ module DeviseTokens
|
|
47
49
|
yield @resource if block_given?
|
48
50
|
|
49
51
|
if require_client_password_reset_token?
|
50
|
-
redirect_to
|
52
|
+
redirect_to DeviseTokenAuth::Url.generate(@redirect_url, reset_password_token: resource_params[:reset_password_token])
|
51
53
|
else
|
52
54
|
redirect_header_options = { reset_password: true }
|
53
55
|
redirect_headers = build_redirect_headers(token.token,
|
@@ -99,7 +101,7 @@ module DeviseTokens
|
|
99
101
|
|
100
102
|
def resource_update_method
|
101
103
|
allow_password_change = recoverable_enabled? && @resource.allow_password_change == true || require_client_password_reset_token?
|
102
|
-
if
|
104
|
+
if DeviseTokenAuth.check_current_password_before_update == false || allow_password_change
|
103
105
|
'update'
|
104
106
|
else
|
105
107
|
'update_with_password'
|
@@ -107,11 +109,11 @@ module DeviseTokens
|
|
107
109
|
end
|
108
110
|
|
109
111
|
def render_create_error_missing_email
|
110
|
-
render_error(401, I18n.t('
|
112
|
+
render_error(401, I18n.t('devise_token_auth.passwords.missing_email'))
|
111
113
|
end
|
112
114
|
|
113
115
|
def render_create_error_missing_redirect_url
|
114
|
-
render_error(401, I18n.t('
|
116
|
+
render_error(401, I18n.t('devise_token_auth.passwords.missing_redirect_url'))
|
115
117
|
end
|
116
118
|
|
117
119
|
def render_error_not_allowed_redirect_url
|
@@ -119,14 +121,14 @@ module DeviseTokens
|
|
119
121
|
status: 'error',
|
120
122
|
data: resource_data
|
121
123
|
}
|
122
|
-
message = I18n.t('
|
124
|
+
message = I18n.t('devise_token_auth.passwords.not_allowed_redirect_url', redirect_url: @redirect_url)
|
123
125
|
render_error(422, message, response)
|
124
126
|
end
|
125
127
|
|
126
128
|
def render_create_success
|
127
129
|
render json: {
|
128
130
|
success: true,
|
129
|
-
message: I18n.t('
|
131
|
+
message: I18n.t('devise_token_auth.passwords.sended', email: @email)
|
130
132
|
}
|
131
133
|
end
|
132
134
|
|
@@ -146,18 +148,18 @@ module DeviseTokens
|
|
146
148
|
end
|
147
149
|
|
148
150
|
def render_update_error_password_not_required
|
149
|
-
render_error(422, I18n.t('
|
151
|
+
render_error(422, I18n.t('devise_token_auth.passwords.password_not_required', provider: @resource.provider.humanize))
|
150
152
|
end
|
151
153
|
|
152
154
|
def render_update_error_missing_password
|
153
|
-
render_error(422, I18n.t('
|
155
|
+
render_error(422, I18n.t('devise_token_auth.passwords.missing_passwords'))
|
154
156
|
end
|
155
157
|
|
156
158
|
def render_update_success
|
157
159
|
render json: {
|
158
160
|
success: true,
|
159
161
|
data: resource_data,
|
160
|
-
message: I18n.t('
|
162
|
+
message: I18n.t('devise_token_auth.passwords.successfully_updated')
|
161
163
|
}
|
162
164
|
end
|
163
165
|
|
@@ -179,14 +181,14 @@ module DeviseTokens
|
|
179
181
|
end
|
180
182
|
|
181
183
|
def render_not_found_error
|
182
|
-
render_error(404, I18n.t('
|
184
|
+
render_error(404, I18n.t('devise_token_auth.passwords.user_not_found', email: @email))
|
183
185
|
end
|
184
186
|
|
185
187
|
def validate_redirect_url_param
|
186
188
|
# give redirect value from params priority
|
187
189
|
@redirect_url = params.fetch(
|
188
190
|
:redirect_url,
|
189
|
-
|
191
|
+
DeviseTokenAuth.default_password_reset_url
|
190
192
|
)
|
191
193
|
|
192
194
|
return render_create_error_missing_redirect_url unless @redirect_url
|
@@ -198,7 +200,7 @@ module DeviseTokens
|
|
198
200
|
end
|
199
201
|
|
200
202
|
def require_client_password_reset_token?
|
201
|
-
|
203
|
+
DeviseTokenAuth.require_client_password_reset_token
|
202
204
|
end
|
203
205
|
end
|
204
206
|
end
|