devise_invitable 2.0.0 → 2.0.5

data/lib/devise_invitable.rb

@@ -22,7 +22,8 @@ module Devise
   mattr_accessor :invite_for
   @@invite_for = 0
 
-  # Public: Flag that force a record to be valid before being actually invited
+  # Public: Ensure that invited record is valid.
+  # The invitation won't be sent if this check fails.
   # (default: false).
   #
   # Examples (in config/initializers/devise.rb)

data/lib/devise_invitable/controllers/helpers.rb

@@ -14,9 +14,8 @@ module DeviseInvitable::Controllers::Helpers
 
   protected
 
-  def authenticate_inviter!
-    send(:"authenticate_#{resource_name}!", force: true)
-  end
-
+    def authenticate_inviter!
+      send(:"authenticate_#{resource_name}!", force: true)
+    end
 end
 

data/lib/devise_invitable/inviter.rb

@@ -25,6 +25,7 @@ module DeviseInvitable
     end
 
     protected
+
       def decrement_invitation_limit!
         if self.class.invitation_limit.present?
           self.invitation_limit ||= self.class.invitation_limit
@@ -32,8 +33,8 @@ module DeviseInvitable
         end
       end
 
-    module ClassMethods
-      Devise::Models.config(self, :invitation_limit)
-    end
+      module ClassMethods
+        Devise::Models.config(self, :invitation_limit)
+      end
   end
 end

data/lib/devise_invitable/mapping.rb

@@ -1,10 +1,11 @@
 module DeviseInvitable
   module Mapping
     private
-    def default_controllers(options)
-      options[:controllers] ||= {}
-      options[:controllers][:registrations] ||= 'devise_invitable/registrations'
-      super
-    end
+
+      def default_controllers(options)
+        options[:controllers] ||= {}
+        options[:controllers][:registrations] ||= 'devise_invitable/registrations'
+        super
+      end
   end
 end

data/lib/devise_invitable/models.rb

@@ -10,8 +10,8 @@ module Devise
     #
     # Configuration:
     #
-    #   invite_for: The period the generated invitation token is valid, after
-    #               this period, the invited resource won't be able to accept the invitation.
+    #   invite_for: The period the generated invitation token is valid.
+    #               After this period, the invited resource won't be able to accept the invitation.
     #               When invite_for is 0 (the default), the invitation won't expire.
     #
     # Examples:
@@ -45,7 +45,7 @@ module Devise
         elsif defined?(Mongoid) && defined?(Mongoid::Document) && self < Mongoid::Document && Mongoid::VERSION >= '6.0.0'
           belongs_to_options.merge! optional: true
         end
-        belongs_to :invited_by, belongs_to_options
+        belongs_to :invited_by, **belongs_to_options
 
         extend ActiveModel::Callbacks
         define_model_callbacks :invitation_created
@@ -391,15 +391,17 @@ module Devise
 
         private
 
-        # The random password, as set after an invitation, must conform
-        # to any password format validation rules of the application.
-        # This default fixes the most common scenarios: Passwords must contain
-        # lower + upper case, a digit and a symbol.
-        # For more unusual rules, this method can be overridden.
-        def random_password
-          'aA1!' + Devise.friendly_token[0, 20]
-        end
+          # The random password, as set after an invitation, must conform
+          # to any password format validation rules of the application.
+          # This default fixes the most common scenarios: Passwords must contain
+          # lower + upper case, a digit and a symbol.
+          # For more unusual rules, this method can be overridden.
+          def random_password
+            length = respond_to?(:password_length) ? password_length : Devise.password_length
 
+            prefix = 'aA1!'
+            prefix + Devise.friendly_token(length.last - prefix.length)
+          end
       end
     end
   end

data/lib/devise_invitable/models/authenticatable.rb

@@ -1,11 +1,17 @@
 module Devise
   module Models
     module Authenticatable
-      BLACKLIST_FOR_SERIALIZATION.concat %i[
+      list = %i[
         invitation_token invitation_created_at invitation_sent_at
         invitation_accepted_at invitation_limit invited_by_type
         invited_by_id invitations_count
       ]
+      
+      if defined?(UNSAFE_ATTRIBUTES_FOR_SERIALIZATION)
+        UNSAFE_ATTRIBUTES_FOR_SERIALIZATION.concat(list)
+      else
+        BLACKLIST_FOR_SERIALIZATION.concat(list)
+      end
     end
   end
 end

data/lib/devise_invitable/parameter_sanitizer.rb

@@ -12,27 +12,27 @@ module DeviseInvitable
 
     private
 
-    if defined?(Devise::BaseSanitizer)
-      def permit(keys)
-        default_params.permit(*Array(keys))
-      end
+      if defined?(Devise::BaseSanitizer)
+        def permit(keys)
+          default_params.permit(*Array(keys))
+        end
 
-      def attributes_for(kind)
-        case kind
-        when :invite
-          resource_class.respond_to?(:invite_key_fields) ? resource_class.invite_key_fields : []
-        when :accept_invitation
-          [:password, :password_confirmation, :invitation_token]
-        else
+        def attributes_for(kind)
+          case kind
+          when :invite
+            resource_class.respond_to?(:invite_key_fields) ? resource_class.invite_key_fields : []
+          when :accept_invitation
+            [:password, :password_confirmation, :invitation_token]
+          else
+            super
+          end
+        end
+      else
+        def initialize(resource_class, resource_name, params)
           super
+          permit(:invite, keys: (resource_class.respond_to?(:invite_key_fields) ? resource_class.invite_key_fields : []) )
+          permit(:accept_invitation, keys: [:password, :password_confirmation, :invitation_token] )
         end
       end
-    else
-      def initialize(resource_class, resource_name, params)
-        super
-        permit(:invite, keys: (resource_class.respond_to?(:invite_key_fields) ? resource_class.invite_key_fields : []) )
-        permit(:accept_invitation, keys: [:password, :password_confirmation, :invitation_token] )
-      end
-    end
   end
 end

data/lib/devise_invitable/routes.rb

@@ -2,6 +2,7 @@ module ActionDispatch::Routing
   class Mapper
 
   protected
+
     def devise_invitation(mapping, controllers)
       resource :invitation, only: [:new, :create, :update],
         path: mapping.path_names[:invitation], controller: controllers[:invitations] do
@@ -9,6 +10,5 @@ module ActionDispatch::Routing
         get :destroy, path: mapping.path_names[:remove], as: :remove
       end
     end
-
   end
 end

data/lib/devise_invitable/version.rb

@@ -1,3 +1,3 @@
 module DeviseInvitable
-  VERSION = '2.0.0'
+  VERSION = '2.0.5'.freeze
 end

data/lib/generators/active_record/templates/migration.rb

@@ -8,7 +8,6 @@ class DeviseInvitableAddTo<%= table_name.camelize %> < ActiveRecord::Migration<%
       t.integer    :invitation_limit
       t.references :invited_by, polymorphic: true
       t.integer    :invitations_count, default: 0
-      t.index      :invitations_count
       t.index      :invitation_token, unique: true # for invitable
       t.index      :invited_by_id
     end

data/lib/generators/devise_invitable/install_generator.rb

@@ -15,8 +15,8 @@ module DeviseInvitable
             inject_into_file(devise_initializer_path, before: "  # ==> Configuration for :confirmable\n") do
 <<-CONTENT
   # ==> Configuration for :invitable
-  # The period the generated invitation token is valid, after
-  # this period, the invited resource won't be able to accept the invitation.
+  # The period the generated invitation token is valid.
+  # After this period, the invited resource won't be able to accept the invitation.
   # When invite_for is 0 (the default), the invitation won't expire.
   # config.invite_for = 2.weeks
 
@@ -35,7 +35,8 @@ module DeviseInvitable
   # config.invite_key = { email: /\\A[^@]+@[^@]+\\z/ }
   # config.invite_key = { email: /\\A[^@]+@[^@]+\\z/, username: nil }
 
-  # Flag that force a record to be valid before being actually invited
+  # Ensure that invited record is valid.
+  # The invitation won't be sent if this check fails.
   # Default: false
   # config.validate_on_invite = true
 

data/test/generators/views_generator_test.rb

@@ -28,13 +28,14 @@ class ViewsGeneratorTest < ::Rails::Generators::TestCase
   end
 
   private
-  def assert_files
-    assert views = { @invitations_path => %w/edit.html.erb new.html.erb/, @mailer_path => %w/invitation_instructions.html.erb/ }
 
-    views.each do |path, files|
-      files.each do |file|
-        assert_file File.join path, file
+    def assert_files
+      assert views = { @invitations_path => %w/edit.html.erb new.html.erb/, @mailer_path => %w/invitation_instructions.html.erb/ }
+
+      views.each do |path, files|
+        files.each do |file|
+          assert_file File.join path, file
+        end
       end
     end
-  end
 end

data/test/generators_test.rb

@@ -17,13 +17,14 @@ class GeneratorsTest < ActiveSupport::TestCase
 
   test "rails g devise_invitable:install" do
     @output = `cd #{RAILS_APP_PATH} && rails g devise_invitable:install -p`
-    assert @output.match(%r{(inject|insert).*  config/initializers/devise\.rb\n})
+    puts @output
+    assert @output.match(%r{(inject|insert|File unchanged! The supplied flag value not found!).*  config/initializers/devise\.rb\n})
     assert @output.match(%r|create.*  config/locales/devise_invitable\.en\.yml\n|)
   end
 
   test "rails g devise_invitable Octopussy" do
     @output = `cd #{RAILS_APP_PATH} && rails g devise_invitable Octopussy -p`
-    assert @output.match(%r{(inject|insert).*  app/models/octopussy\.rb\n})
+    assert @output.match(%r{(inject|insert|File unchanged! The supplied flag value not found!).*  app/models/octopussy\.rb\n})
     assert @output.match(%r|invoke.*  #{DEVISE_ORM}\n|)
     if DEVISE_ORM == :active_record
       assert @output.match(%r|create.*  db/migrate/\d{14}_devise_invitable_add_to_octopussies\.rb\n|)

data/test/integration_tests_helper.rb

@@ -29,7 +29,6 @@ class ActionDispatch::IntegrationTest
 
   # Fix assert_redirect_to in integration sessions because they don't take into
   # account Middleware redirects.
-  #
   def assert_redirected_to(url)
     assert [301, 302].include?(@integration_session.status),
            "Expected status to be 301 or 302, got #{@integration_session.status}"

data/test/models/invitable_test.rb

@@ -1,6 +1,10 @@
 require 'test_helper'
 require 'model_tests_helper'
 
+class Validatable < User
+  devise :validatable, password_length: 10..20
+end
+
 class InvitableTest < ActiveSupport::TestCase
 
   def setup
@@ -760,4 +764,16 @@ class InvitableTest < ActiveSupport::TestCase
     assert user.persisted?
     assert user.errors.empty?
   end
+
+  test 'should set initial password following Devise.password_length' do
+    user = User.invite!(email: 'valid@email.com')
+    assert_empty user.errors
+    assert_equal Devise.password_length.last, user.password.length
+  end
+
+  test 'should set initial passsword using :validatable with custom password_length' do
+    user = Validatable.invite!(email: 'valid@email.com')
+    assert_empty user.errors
+    assert_equal Validatable.password_length.last, user.password.length
+  end
 end

data/test/rails_app/app/controllers/admins_controller.rb

@@ -1,6 +1,7 @@
 class AdminsController < Devise::InvitationsController
   protected
-  def authenticate_inviter!
-    authenticate_admin!(force: true)
-  end
+
+    def authenticate_inviter!
+      authenticate_admin!(force: true)
+    end
 end

data/test/rails_app/app/controllers/application_controller.rb

@@ -3,15 +3,16 @@ class ApplicationController < ActionController::Base
   before_action :configure_permitted_parameters, if: :devise_controller?
 
   protected
-  def after_sign_in_path_for(resource)
-    if resource.is_a? Admin
-      edit_admin_registration_path(resource)
-    else
-      super
+
+    def after_sign_in_path_for(resource)
+      if resource.is_a? Admin
+        edit_admin_registration_path(resource)
+      else
+        super
+      end
     end
-  end
 
-  def configure_permitted_parameters
-    devise_parameter_sanitizer.permit(:sign_up, keys: [:email, :password, :bio])
-  end
+    def configure_permitted_parameters
+      devise_parameter_sanitizer.permit(:sign_up, keys: [:email, :password, :bio])
+    end
 end

data/test/rails_app/app/controllers/free_invitations_controller.rb

@@ -1,12 +1,15 @@
 class FreeInvitationsController < Devise::InvitationsController
   protected
-  def authenticate_inviter!
-  # everyone can invite
-  end
-  def current_inviter
-    current_admin || current_user
-  end
-  def after_invite_path_for(resource)
-    resource ? super : root_path
-  end
+
+    def authenticate_inviter!
+    # everyone can invite
+    end
+
+    def current_inviter
+      current_admin || current_user
+    end
+
+    def after_invite_path_for(resource)
+      resource ? super : root_path
+    end
 end

data/test/rails_app/config/initializers/devise.rb

@@ -91,8 +91,8 @@ Devise.setup do |config|
   # config.pepper = "e31589192aeea8807cb7d8686b0f8484d6cbfaaa65443d45144519ed1d4ffbc6ccb73b21a69ece276d94f2cac95d83990d824f36f301d6f585ededd1bf90d67d"
 
   # ==> Configuration for :invitable
-  # The period the generated invitation token is valid, after
-  # this period, the invited resource won't be able to accept the invitation.
+  # The period the generated invitation token is valid.
+  # After this period, the invited resource won't be able to accept the invitation.
   # When invite_for is 0 (the default), the invitation won't expire.
   # config.invite_for = 2.weeks
 
@@ -111,7 +111,8 @@ Devise.setup do |config|
   # config.invite_key = {:email => /\\A[^@]+@[^@]+\\z/}
   # config.invite_key = {:email => /\\A[^@]+@[^@]+\\z/, :username => nil}
 
-  # Flag that force a record to be valid before being actually invited
+  # Ensure that invited record is valid.
+  # The invitation won't be sent if this check fails.
   # Default: false
   # config.validate_on_invite = true
 

data/test/rails_app/config/initializers/secret_token.rb

@@ -0,0 +1,9 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+if Rails.version < '5.2.0'
+  RailsApp::Application.config.secret_token = 'e997edf9d7eba5cf89a76a046fa53f5d66261d22cfcf29e3f538c75ad2d175b106bd5d099f44f6ce34ad3b3162d71cfaa37d2d4f4b38645288331427b4c2a607'
+end

data/test/rails_app/db/migrate/20100401102949_create_tables.rb

@@ -32,7 +32,6 @@ class CreateTables < (Rails.version < '5.1' ? ActiveRecord::Migration : ActiveRe
       t.timestamps :null => false
     end
     add_index :users, :invitation_token, :unique => true
-    add_index :users, :invitations_count
 
     create_table :admins do |t|
       ## Database authenticatable
@@ -41,6 +40,5 @@ class CreateTables < (Rails.version < '5.1' ? ActiveRecord::Migration : ActiveRe
 
       t.integer :invitations_count, :default => 0
     end
-    add_index :admins, :invitations_count
   end
 end

data/test/test_helper.rb

@@ -11,7 +11,7 @@ require 'mocha/setup'
 
 ActionMailer::Base.delivery_method = :test
 ActionMailer::Base.perform_deliveries = true
-ActionMailer::Base.default_url_options[:host] = 'test.com'
+ActionMailer::Base.default_url_options[:host] = 'example.com'
 
 ActiveSupport::Deprecation.silenced = true
 $VERBOSE = false
@@ -19,28 +19,15 @@ $VERBOSE = false
 class ActionDispatch::IntegrationTest
   include Capybara::DSL
 end
+
 class ActionController::TestCase
   if defined? Devise::Test
     include Devise::Test::ControllerHelpers
   else
     include Devise::TestHelpers
   end
+
   if defined? ActiveRecord
-    if Rails.version >= '5.0.0'
-      self.use_transactional_tests = true
-    else
-      begin
-        require 'test_after_commit' 
-        self.use_transactional_fixtures = true
-      rescue LoadError
-      end
-    end
-  end
-      
-  if Rails.version < '5.0.0'
-    def post(action, *args)
-      hash = args[0] || {}
-      super action, hash[:params], hash[:session], hash[:flash]
-    end
+    self.use_transactional_tests = true
   end
 end