devise_invitable 2.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2723ccf2ae328662f6728a699ac484ff5067dbb24248e59d7d596a9d445747ab
-  data.tar.gz: 7d95b8d919685e863dbe8126ce5823b78f949c67f6ada3e69adab431d29e7711
+  metadata.gz: 60a516052fe7d7f32929e0d35df374e05405951924011c1e7922c046fd8f8f73
+  data.tar.gz: 4b790b2133f56ecd6dc5ac1736976bc1a689478e2094f093cfcb4ea2d19e1a39
 SHA512:
-  metadata.gz: ba422fbe6c9b3d7d13dae30f24daf9638ace499ceead90f7d3d18949655028b33d53c5275000aafecd4a9b75595ad174d3348a4511a7dbe70957bd9a43cd5945
-  data.tar.gz: b8eb68401a1fd5e41b861fbe8d8dd38b4f9050d87427d00cb5ea394630e5e5f5a16d6889da85199e597d8bdc2947aa8523208aca95fb731d39c50ba9f5d4a4d5
+  metadata.gz: 5fa8ed65bcf5ae7647aa798e9f63bbe20d19e0d87e28e1f0dc44f04dcc406e16980ffaa09cf94bb66ac6219c0d4d29829bafdd4fd3cdd86c2b628647ff05e14d
+  data.tar.gz: 9fcff0bb96a9c6f81345c772b48ecace9bb446583328ac942d521c292533dae8132078a3593d30419c48abae381a8c87a4519e97d73dca2a76bfb15702334af8

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+## 2.0.1
+- Use per-model allow_insecure_sign_in_after_accept ([#790](https://github.com/scambra/devise_invitable/pull/790))
+
 ## 2.0.0
 - Remove deprecated devise_error_messages! from templates ([#786](https://github.com/scambra/devise_invitable/pull/785))
 - Drop Devise < 4.6 support ([#786](https://github.com/scambra/devise_invitable/pull/786))

data/README.rdoc

@@ -70,11 +70,6 @@ or for a model that already exists, define a migration to add DeviseInvitable to
       add_column :users, :invited_by_id, :integer
       add_column :users, :invited_by_type, :string
       add_index :users, :invitation_token, unique: true
-
-      # Allow null encrypted_password
-      change_column_null :users, :encrypted_password, :string, true
-      # Allow null password_salt (add it if you are using Devise's encryptable module)
-      change_column_null :users, :password_salt, :string, true
   end
 
 If you previously used devise_invitable with a <tt>:limit</tt> on <tt>:invitation_token</tt>, remove it:
@@ -109,13 +104,13 @@ Remember to create indexes within the MongoDB database after deploying your chan
 
 DeviseInvitable adds some new configuration options:
 
-* <tt>invite_for</tt>: The period the generated invitation token is valid, after this period, the invited resource won't be able to accept the invitation. When <tt>invite_for</tt> is <tt>0</tt> (the default), the invitation won't expire.
+* <tt>invite_for</tt>: The period the generated invitation token is valid. After this period, the invited resource won't be able to accept the invitation. When <tt>invite_for</tt> is <tt>0</tt> (the default), the invitation won't expire.
 
 You can set this configuration option in the Devise initializer as follow:
 
   # ==> Configuration for :invitable
-  # The period the generated invitation token is valid, after
-  # this period, the invited resource won't be able to accept the invitation.
+  # The period the generated invitation token is valid.
+  # After this period, the invited resource won't be able to accept the invitation.
   # When invite_for is 0 (the default), the invitation won't expire.
   # config.invite_for = 2.weeks
 
@@ -186,23 +181,21 @@ To change behaviour of inviting or accepting users, you can simply override two
   class Users::InvitationsController < Devise::InvitationsController
     private
 
-    # this is called when creating invitation
-    # should return an instance of resource class
-    def invite_resource
-      ## skip sending emails on invite
-      super do |u|
-        u.skip_invitation = true
+      # this is called when creating invitation
+      # should return an instance of resource class
+      def invite_resource
+        # skip sending emails on invite
+        super { |user| user.skip_invitation = true }
       end
-    end
 
-    # this is called when accepting invitation
-    # should return an instance of resource class
-    def accept_resource
-      resource = resource_class.accept_invitation!(update_resource_params)
-      ## Report accepting invitation to analytics
-      Analytics.report('invite.accept', resource.id)
-      resource
-    end
+      # this is called when accepting invitation
+      # should return an instance of resource class
+      def accept_resource
+        resource = resource_class.accept_invitation!(update_resource_params)
+        # Report accepting invitation to analytics
+        Analytics.report('invite.accept', resource.id)
+        resource
+      end
   end
 
 == Strong Parameters
@@ -242,12 +235,12 @@ If you want to create the invitation but not send it, you can set <tt>skip_invit
   # => the record will be created, but the invitation email will not be sent
 
 When generating the <tt>accept_user_invitation_url</tt> yourself, you must use the <tt>raw_invitation_token</tt>
-the value is temporarily available when you invite a user and will be decrypted when recieved.
+the value is temporarily available when you invite a user and will be decrypted when received.
 
   accept_user_invitation_url(invitation_token: user.raw_invitation_token)
 
 When <tt>skip_invitation</tt> is used, you must also then set the <tt>invitation_sent_at</tt> field when the user is sent their token. Failure to do so will yield "Invalid invitation token" error when the user attempts to accept the invite.
-You can set column, or call <tt>deliver_invitation</tt> to sent invitation and set column:
+You can set the column, or call <tt>deliver_invitation</tt> to send the invitation and set the column:
 
   user.deliver_invitation
 
@@ -335,10 +328,11 @@ Default behavior requires authentication of the same resource as the invited one
 You would have a <tt>User</tt> model which is configured as invitable and an <tt>Admin</tt> model which is not. If you want to allow only admins to send invitations, simply overwrite the <tt>authenticate_inviter!</tt> method as follow:
 
   class ApplicationController < ActionController::Base
-  protected
-    def authenticate_inviter!
-      authenticate_admin!(force: true)
-    end
+    protected
+
+      def authenticate_inviter!
+        authenticate_admin!(force: true)
+      end
   end
 
 And include <tt>DeviseInvitable::Inviter</tt> module into <tt>Admin</tt> model:

data/app/controllers/devise/invitations_controller.rb

@@ -51,7 +51,7 @@ class Devise::InvitationsController < DeviseController
     yield resource if block_given?
 
     if invitation_accepted
-      if Devise.allow_insecure_sign_in_after_accept
+      if resource.class.allow_insecure_sign_in_after_accept
         flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
         set_flash_message :notice, flash_message if is_flashing_format?
         sign_in(resource_name, resource)
@@ -75,42 +75,42 @@ class Devise::InvitationsController < DeviseController
 
   protected
 
-  def invite_resource(&block)
-    resource_class.invite!(invite_params, current_inviter, &block)
-  end
+    def invite_resource(&block)
+      resource_class.invite!(invite_params, current_inviter, &block)
+    end
 
-  def accept_resource
-    resource_class.accept_invitation!(update_resource_params)
-  end
+    def accept_resource
+      resource_class.accept_invitation!(update_resource_params)
+    end
 
-  def current_inviter
-    authenticate_inviter!
-  end
+    def current_inviter
+      authenticate_inviter!
+    end
 
-  def has_invitations_left?
-    unless current_inviter.nil? || current_inviter.has_invitations_left?
-      self.resource = resource_class.new
-      set_flash_message :alert, :no_invitations_remaining if is_flashing_format?
-      respond_with_navigational(resource) { render :new }
+    def has_invitations_left?
+      unless current_inviter.nil? || current_inviter.has_invitations_left?
+        self.resource = resource_class.new
+        set_flash_message :alert, :no_invitations_remaining if is_flashing_format?
+        respond_with_navigational(resource) { render :new }
+      end
     end
-  end
 
-  def resource_from_invitation_token
-    unless params[:invitation_token] && self.resource = resource_class.find_by_invitation_token(params[:invitation_token], true)
-      set_flash_message(:alert, :invitation_token_invalid) if is_flashing_format?
-      redirect_to after_sign_out_path_for(resource_name)
+    def resource_from_invitation_token
+      unless params[:invitation_token] && self.resource = resource_class.find_by_invitation_token(params[:invitation_token], true)
+        set_flash_message(:alert, :invitation_token_invalid) if is_flashing_format?
+        redirect_to after_sign_out_path_for(resource_name)
+      end
     end
-  end
 
-  def invite_params
-    devise_parameter_sanitizer.sanitize(:invite)
-  end
+    def invite_params
+      devise_parameter_sanitizer.sanitize(:invite)
+    end
 
-  def update_resource_params
-    devise_parameter_sanitizer.sanitize(:accept_invitation)
-  end
+    def update_resource_params
+      devise_parameter_sanitizer.sanitize(:accept_invitation)
+    end
 
-  def translation_scope
-    'devise.invitations'
-  end
+    def translation_scope
+      'devise.invitations'
+    end
 end

data/app/controllers/devise_invitable/registrations_controller.rb

@@ -1,17 +1,17 @@
 class DeviseInvitable::RegistrationsController < Devise::RegistrationsController
   protected
 
-  def build_resource(hash = {})
-    if hash[:email]
-      self.resource = resource_class.where(email: hash[:email]).first
-      if self.resource && self.resource.respond_to?(:invited_to_sign_up?) && self.resource.invited_to_sign_up?
-        self.resource.attributes = hash
-        self.resource.send_confirmation_instructions if self.resource.confirmation_required_for_invited?
-        self.resource.accept_invitation
-      else
-        self.resource = nil
+    def build_resource(hash = {})
+      if hash[:email]
+        self.resource = resource_class.where(email: hash[:email]).first
+        if self.resource && self.resource.respond_to?(:invited_to_sign_up?) && self.resource.invited_to_sign_up?
+          self.resource.attributes = hash
+          self.resource.send_confirmation_instructions if self.resource.confirmation_required_for_invited?
+          self.resource.accept_invitation
+        else
+          self.resource = nil
+        end
       end
+      self.resource ||= super
     end
-    self.resource ||= super
-  end
 end

data/app/views/devise/invitations/edit.html.erb

@@ -7,7 +7,7 @@
   <% if f.object.class.require_password_on_accepting %>
     <div class="field">
       <%= f.label :password %><br />
-      <%= f.password_field :password %></p>
+      <%= f.password_field :password %>
     </div>
 
     <div class="field">

data/app/views/devise/mailer/invitation_instructions.html.erb

@@ -2,7 +2,7 @@
 
 <p><%= t("devise.mailer.invitation_instructions.someone_invited_you", url: root_url) %></p>
 
-<p><%= link_to t("devise.mailer.invitation_instructions.accept"), accept_invitation_url(@resource, :invitation_token => @token) %></p>
+<p><%= link_to t("devise.mailer.invitation_instructions.accept"), accept_invitation_url(@resource, invitation_token: @token) %></p>
 
 <% if @resource.invitation_due_at %>
   <p><%= t("devise.mailer.invitation_instructions.accept_until", due_date: l(@resource.invitation_due_at, format: :'devise.mailer.invitation_instructions.accept_until_format')) %></p>

data/app/views/devise/mailer/invitation_instructions.text.erb

@@ -2,7 +2,7 @@
 
 <%= t("devise.mailer.invitation_instructions.someone_invited_you", url: root_url) %>
 
-<%= accept_invitation_url(@resource, :invitation_token => @token) %>
+<%= accept_invitation_url(@resource, invitation_token: @token) %>
 
 <% if @resource.invitation_due_at %>
   <%= t("devise.mailer.invitation_instructions.accept_until", due_date: l(@resource.invitation_due_at, format: :'devise.mailer.invitation_instructions.accept_until_format')) %>

data/lib/devise_invitable.rb

@@ -22,7 +22,8 @@ module Devise
   mattr_accessor :invite_for
   @@invite_for = 0
 
-  # Public: Flag that force a record to be valid before being actually invited
+  # Public: Ensure that invited record is valid.
+  # The invitation won't be sent if this check fails.
   # (default: false).
   #
   # Examples (in config/initializers/devise.rb)

data/lib/devise_invitable/controllers/helpers.rb

@@ -14,9 +14,8 @@ module DeviseInvitable::Controllers::Helpers
 
   protected
 
-  def authenticate_inviter!
-    send(:"authenticate_#{resource_name}!", force: true)
-  end
-
+    def authenticate_inviter!
+      send(:"authenticate_#{resource_name}!", force: true)
+    end
 end
 

data/lib/devise_invitable/inviter.rb

@@ -25,6 +25,7 @@ module DeviseInvitable
     end
 
     protected
+
       def decrement_invitation_limit!
         if self.class.invitation_limit.present?
           self.invitation_limit ||= self.class.invitation_limit
@@ -32,8 +33,8 @@ module DeviseInvitable
         end
       end
 
-    module ClassMethods
-      Devise::Models.config(self, :invitation_limit)
-    end
+      module ClassMethods
+        Devise::Models.config(self, :invitation_limit)
+      end
   end
 end

data/lib/devise_invitable/mapping.rb

@@ -1,10 +1,11 @@
 module DeviseInvitable
   module Mapping
     private
-    def default_controllers(options)
-      options[:controllers] ||= {}
-      options[:controllers][:registrations] ||= 'devise_invitable/registrations'
-      super
-    end
+
+      def default_controllers(options)
+        options[:controllers] ||= {}
+        options[:controllers][:registrations] ||= 'devise_invitable/registrations'
+        super
+      end
   end
 end

data/lib/devise_invitable/models.rb

@@ -10,8 +10,8 @@ module Devise
     #
     # Configuration:
     #
-    #   invite_for: The period the generated invitation token is valid, after
-    #               this period, the invited resource won't be able to accept the invitation.
+    #   invite_for: The period the generated invitation token is valid.
+    #               After this period, the invited resource won't be able to accept the invitation.
     #               When invite_for is 0 (the default), the invitation won't expire.
     #
     # Examples:
@@ -391,15 +391,14 @@ module Devise
 
         private
 
-        # The random password, as set after an invitation, must conform
-        # to any password format validation rules of the application.
-        # This default fixes the most common scenarios: Passwords must contain
-        # lower + upper case, a digit and a symbol.
-        # For more unusual rules, this method can be overridden.
-        def random_password
-          'aA1!' + Devise.friendly_token[0, 20]
-        end
-
+          # The random password, as set after an invitation, must conform
+          # to any password format validation rules of the application.
+          # This default fixes the most common scenarios: Passwords must contain
+          # lower + upper case, a digit and a symbol.
+          # For more unusual rules, this method can be overridden.
+          def random_password
+            'aA1!' + Devise.friendly_token[0, 20]
+          end
       end
     end
   end

data/lib/devise_invitable/parameter_sanitizer.rb

@@ -12,27 +12,27 @@ module DeviseInvitable
 
     private
 
-    if defined?(Devise::BaseSanitizer)
-      def permit(keys)
-        default_params.permit(*Array(keys))
-      end
+      if defined?(Devise::BaseSanitizer)
+        def permit(keys)
+          default_params.permit(*Array(keys))
+        end
 
-      def attributes_for(kind)
-        case kind
-        when :invite
-          resource_class.respond_to?(:invite_key_fields) ? resource_class.invite_key_fields : []
-        when :accept_invitation
-          [:password, :password_confirmation, :invitation_token]
-        else
+        def attributes_for(kind)
+          case kind
+          when :invite
+            resource_class.respond_to?(:invite_key_fields) ? resource_class.invite_key_fields : []
+          when :accept_invitation
+            [:password, :password_confirmation, :invitation_token]
+          else
+            super
+          end
+        end
+      else
+        def initialize(resource_class, resource_name, params)
           super
+          permit(:invite, keys: (resource_class.respond_to?(:invite_key_fields) ? resource_class.invite_key_fields : []) )
+          permit(:accept_invitation, keys: [:password, :password_confirmation, :invitation_token] )
         end
       end
-    else
-      def initialize(resource_class, resource_name, params)
-        super
-        permit(:invite, keys: (resource_class.respond_to?(:invite_key_fields) ? resource_class.invite_key_fields : []) )
-        permit(:accept_invitation, keys: [:password, :password_confirmation, :invitation_token] )
-      end
-    end
   end
 end

data/lib/devise_invitable/routes.rb

@@ -2,6 +2,7 @@ module ActionDispatch::Routing
   class Mapper
 
   protected
+
     def devise_invitation(mapping, controllers)
       resource :invitation, only: [:new, :create, :update],
         path: mapping.path_names[:invitation], controller: controllers[:invitations] do
@@ -9,6 +10,5 @@ module ActionDispatch::Routing
         get :destroy, path: mapping.path_names[:remove], as: :remove
       end
     end
-
   end
 end

data/lib/devise_invitable/version.rb

@@ -1,3 +1,3 @@
 module DeviseInvitable
-  VERSION = '2.0.0'
+  VERSION = '2.0.1'.freeze
 end

data/lib/generators/devise_invitable/install_generator.rb

@@ -15,8 +15,8 @@ module DeviseInvitable
             inject_into_file(devise_initializer_path, before: "  # ==> Configuration for :confirmable\n") do
 <<-CONTENT
   # ==> Configuration for :invitable
-  # The period the generated invitation token is valid, after
-  # this period, the invited resource won't be able to accept the invitation.
+  # The period the generated invitation token is valid.
+  # After this period, the invited resource won't be able to accept the invitation.
   # When invite_for is 0 (the default), the invitation won't expire.
   # config.invite_for = 2.weeks
 
@@ -35,7 +35,8 @@ module DeviseInvitable
   # config.invite_key = { email: /\\A[^@]+@[^@]+\\z/ }
   # config.invite_key = { email: /\\A[^@]+@[^@]+\\z/, username: nil }
 
-  # Flag that force a record to be valid before being actually invited
+  # Ensure that invited record is valid.
+  # The invitation won't be sent if this check fails.
   # Default: false
   # config.validate_on_invite = true
 

data/test/generators/views_generator_test.rb

@@ -28,13 +28,14 @@ class ViewsGeneratorTest < ::Rails::Generators::TestCase
   end
 
   private
-  def assert_files
-    assert views = { @invitations_path => %w/edit.html.erb new.html.erb/, @mailer_path => %w/invitation_instructions.html.erb/ }
 
-    views.each do |path, files|
-      files.each do |file|
-        assert_file File.join path, file
+    def assert_files
+      assert views = { @invitations_path => %w/edit.html.erb new.html.erb/, @mailer_path => %w/invitation_instructions.html.erb/ }
+
+      views.each do |path, files|
+        files.each do |file|
+          assert_file File.join path, file
+        end
       end
     end
-  end
 end

data/test/integration_tests_helper.rb

@@ -29,7 +29,6 @@ class ActionDispatch::IntegrationTest
 
   # Fix assert_redirect_to in integration sessions because they don't take into
   # account Middleware redirects.
-  #
   def assert_redirected_to(url)
     assert [301, 302].include?(@integration_session.status),
            "Expected status to be 301 or 302, got #{@integration_session.status}"

data/test/rails_app/app/controllers/admins_controller.rb

@@ -1,6 +1,7 @@
 class AdminsController < Devise::InvitationsController
   protected
-  def authenticate_inviter!
-    authenticate_admin!(force: true)
-  end
+
+    def authenticate_inviter!
+      authenticate_admin!(force: true)
+    end
 end

data/test/rails_app/app/controllers/application_controller.rb

@@ -3,15 +3,16 @@ class ApplicationController < ActionController::Base
   before_action :configure_permitted_parameters, if: :devise_controller?
 
   protected
-  def after_sign_in_path_for(resource)
-    if resource.is_a? Admin
-      edit_admin_registration_path(resource)
-    else
-      super
+
+    def after_sign_in_path_for(resource)
+      if resource.is_a? Admin
+        edit_admin_registration_path(resource)
+      else
+        super
+      end
     end
-  end
 
-  def configure_permitted_parameters
-    devise_parameter_sanitizer.permit(:sign_up, keys: [:email, :password, :bio])
-  end
+    def configure_permitted_parameters
+      devise_parameter_sanitizer.permit(:sign_up, keys: [:email, :password, :bio])
+    end
 end

data/test/rails_app/app/controllers/free_invitations_controller.rb

@@ -1,12 +1,15 @@
 class FreeInvitationsController < Devise::InvitationsController
   protected
-  def authenticate_inviter!
-  # everyone can invite
-  end
-  def current_inviter
-    current_admin || current_user
-  end
-  def after_invite_path_for(resource)
-    resource ? super : root_path
-  end
+
+    def authenticate_inviter!
+    # everyone can invite
+    end
+
+    def current_inviter
+      current_admin || current_user
+    end
+
+    def after_invite_path_for(resource)
+      resource ? super : root_path
+    end
 end

data/test/rails_app/config/initializers/devise.rb

@@ -91,8 +91,8 @@ Devise.setup do |config|
   # config.pepper = "e31589192aeea8807cb7d8686b0f8484d6cbfaaa65443d45144519ed1d4ffbc6ccb73b21a69ece276d94f2cac95d83990d824f36f301d6f585ededd1bf90d67d"
 
   # ==> Configuration for :invitable
-  # The period the generated invitation token is valid, after
-  # this period, the invited resource won't be able to accept the invitation.
+  # The period the generated invitation token is valid.
+  # After this period, the invited resource won't be able to accept the invitation.
   # When invite_for is 0 (the default), the invitation won't expire.
   # config.invite_for = 2.weeks
 
@@ -111,7 +111,8 @@ Devise.setup do |config|
   # config.invite_key = {:email => /\\A[^@]+@[^@]+\\z/}
   # config.invite_key = {:email => /\\A[^@]+@[^@]+\\z/, :username => nil}
 
-  # Flag that force a record to be valid before being actually invited
+  # Ensure that invited record is valid.
+  # The invitation won't be sent if this check fails.
   # Default: false
   # config.validate_on_invite = true
 

data/test/test_helper.rb

@@ -11,7 +11,7 @@ require 'mocha/setup'
 
 ActionMailer::Base.delivery_method = :test
 ActionMailer::Base.perform_deliveries = true
-ActionMailer::Base.default_url_options[:host] = 'test.com'
+ActionMailer::Base.default_url_options[:host] = 'example.com'
 
 ActiveSupport::Deprecation.silenced = true
 $VERBOSE = false
@@ -19,28 +19,15 @@ $VERBOSE = false
 class ActionDispatch::IntegrationTest
   include Capybara::DSL
 end
+
 class ActionController::TestCase
   if defined? Devise::Test
     include Devise::Test::ControllerHelpers
   else
     include Devise::TestHelpers
   end
+
   if defined? ActiveRecord
-    if Rails.version >= '5.0.0'
-      self.use_transactional_tests = true
-    else
-      begin
-        require 'test_after_commit' 
-        self.use_transactional_fixtures = true
-      rescue LoadError
-      end
-    end
-  end
-      
-  if Rails.version < '5.0.0'
-    def post(action, *args)
-      hash = args[0] || {}
-      super action, hash[:params], hash[:session], hash[:flash]
-    end
+    self.use_transactional_tests = true
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_invitable
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Sergio Cambra
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-25 00:00:00.000000000 Z
+date: 2019-04-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer