devise_invitable 2.0.6 → 2.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3803fa69fe6bdecc811ab934878cc365f31ae0a124e54bbde34ad967752f1d3c
-  data.tar.gz: df5c2b785956d22e8bf69d644326605a649f1fd76b1d19af04d4bcd48a3c15f6
+  metadata.gz: b8ff92d4a82378780e01c6d3cfe57ff0808b08d49a619e3a899e94a86e7ec46c
+  data.tar.gz: 174e7982212230032987ad9b6b1ed572b98fda73fc0652e095ae71c1b6282436
 SHA512:
-  metadata.gz: 925df2c1ef1a893f9e4d9b376b298fa5e21a4c516d8829d7990aa5e5b4a18a7d288d209658f38a1793c51b5a4fca83cbff814a19f2e725ddd8baa4307f448092
-  data.tar.gz: 4380da8ff7d5ff6e680393ab8f8935dae7b10e3d50271fdfaa839d0968caad99a56282ba6765b3d18f2f70090796c607c0198dc3932f3ac21f24821a8635a4e5
+  metadata.gz: 25a25c7ec4df1183ef43d399f73cb7a4b661cc33df172d660dd551f658bebce01ac552c837608affeac59aeaaa85b137ad56247278fbe5a436ea15d03131b1e3
+  data.tar.gz: 07a394b356fb623ab7a8ca48486acd935ea5c69b86969ccae667d414bc6d7319ec2e5fe90c0cdc8ff2a9f46eace35bfd517df659fc445088f4e43a0f6536590c

data/CHANGELOG.md

@@ -1,6 +1,19 @@
+## 2.0.9
+- Do not accept expired invitation on password reset ([#897](https://github.com/scambra/devise_invitable/pull/897))
+
+## 2.0.8
+- Fix for turbo stream
+
+## 2.0.7
+- Allow customizing invalid_token_path_for, the path to redirect users who try to accept with invalid token
+- Don't override registrations controller in routes if module option is used
+- Fix typo in spanish translation, add Catalan translation ([#857](https://github.com/scambra/devise_invitable/pull/857))
+- Fix for ruby 3.2.0
+
 ## 2.0.6
 - Fix submit form failure with turbolinks, fixes ([#865](https://github.com/scambra/devise_invitable/issues/865))
 - Fix obsolete symbols in German translation ([#864](https://github.com/scambra/devise_invitable/pull/864))
+- Allow to provide validate option to the instance method "invite!", default to follow the setting validate_on_invite
 
 ## 2.0.5
 - Fix NoMethodError in random_password when validatable is not used ([#850](https://github.com/scambra/devise_invitable/pull/850))

data/README.rdoc

@@ -1,5 +1,7 @@
 = DeviseInvitable
-{<img src="https://badge.fury.io/rb/devise_invitable.svg"/>}[http://badge.fury.io/rb/devise_invitable] {<img src="https://travis-ci.org/scambra/devise_invitable.svg"/>}[https://travis-ci.org/scambra/devise_invitable] {<img src="https://codeclimate.com/github/scambra/devise_invitable/badges/gpa.svg"/>}[https://codeclimate.com/github/scambra/devise_invitable]
+{<img src="https://badge.fury.io/rb/devise_invitable.svg"/>}[http://badge.fury.io/rb/devise_invitable]
+{<img src="https://github.com/scambra/devise_invitable/actions/workflows/ci.yml/badge.svg"/>}[https://github.com/scambra/devise_invitable/actions/workflows/ci.yml]
+{<img src="https://codeclimate.com/github/scambra/devise_invitable/badges/gpa.svg"/>}[https://codeclimate.com/github/scambra/devise_invitable]
 
 It adds support to Devise[https://github.com/plataformatec/devise] for sending invitations by email (it requires to be authenticated) and accept the invitation setting the password.
 
@@ -339,7 +341,7 @@ To accept an invitation with a token use the <tt>accept_invitation!</tt> class m
 === Callbacks
 
 A callback event is fired before and after an invitation is created (User#invite!) or accepted (User#accept_invitation!). For example, in your resource model you can add:
-
+  # Note: callbacks should be placed after devise: :invitable is specified.
   before_invitation_created :email_admins
   after_invitation_accepted :email_invited_by
 
@@ -370,7 +372,7 @@ After an invitation is created and sent, the inviter will be redirected to <tt>a
 
 After an invitation is accepted, the invitee will be redirected to <tt>after_accept_path_for(resource)</tt>, which is the same path as <tt>signed_in_root_path</tt> by default. If you want to override the path, override invitations controller and define <tt>after_accept_path_for</tt> method. This is useful in the common case that a user is invited to a specific location in your application. More on {Devise's README}[https://github.com/plataformatec/devise], "Controller filters and helpers" section.
 
-The invitation email includes a link to accept the invitation that looks like this: <tt>/users/invitation/accept?invitation_token=abcd123</tt>. When clicked, the invited must set a password in order to accept its invitation. Note that if the <tt>invitation_token</tt> is not present or not valid, the invited is redirected to <tt>after_sign_out_path_for(resource_name)</tt>.
+The invitation email includes a link to accept the invitation that looks like this: <tt>/users/invitation/accept?invitation_token=abcd123</tt>. When clicked, the invited must set a password in order to accept its invitation. Note that if the <tt>invitation_token</tt> is not present or not valid, the invited is redirected to <tt>invalid_token_path_for(resource_name)</tt>, which by default is <tt>after_sign_out_path_for(resource_name)</tt>.
 
 The controller sets the <tt>invited_by_id</tt> attribute for the new user to the current user.  This will let you easily keep track of who invited whom.
 

data/app/controllers/devise/invitations_controller.rb

@@ -31,7 +31,7 @@ class Devise::InvitationsController < DeviseController
         respond_with resource, location: after_invite_path_for(current_inviter, resource)
       end
     else
-      respond_with_navigational(resource) { render :new, status: :unprocessable_entity }
+      respond_with(resource)
     end
   end
 
@@ -63,7 +63,7 @@ class Devise::InvitationsController < DeviseController
       end
     else
       resource.invitation_token = raw_invitation_token
-      respond_with_navigational(resource) { render :edit, status: :unprocessable_entity }
+      respond_with(resource)
     end
   end
 
@@ -99,7 +99,7 @@ class Devise::InvitationsController < DeviseController
     def resource_from_invitation_token
       unless params[:invitation_token] && self.resource = resource_class.find_by_invitation_token(params[:invitation_token], true)
         set_flash_message(:alert, :invitation_token_invalid) if is_flashing_format?
-        redirect_to after_sign_out_path_for(resource_name)
+        redirect_to invalid_token_path_for(resource_name)
       end
     end
 

data/config/locales/ca.yml

@@ -0,0 +1,32 @@
+
+ca:
+  devise:
+    failure:
+      invited: "Tens una invitació pendent, accepta-la per acabar de crear el teu compte."
+    invitations:
+      send_instructions: "S'ha enviat una invitació a %{email}."
+      invitation_token_invalid: "La invitació no es vàlida!"
+      updated: "S'ha configurat la seva contrasenya i s'ha ingressat al sistema"
+      updated_not_active: "La seva contrasenya s'ha configurat correctament."
+      no_invitations_remaining: "No queden invitacions"
+      invitation_removed: "S'ha retirat la seva invitació"
+      new:
+        header: "Enviar Invitació"
+        submit_button: "Envia una invitació"
+      edit:
+        header: "Establir contrasenya"
+        submit_button: "Guardar la meva contrasenya"
+    mailer:
+      invitation_instructions:
+        subject: "Instruccions de la invitació"
+        hello: "Hola %{email}"
+        someone_invited_you: "Has estat invitat a %{url}, pots acceptar-ho seguint el següent enllaç"
+        accept: "Aceptar la invitació"
+        accept_until: "Aquesta invitació expirarà en %{due_date}."
+        ignore: "Si no li interessa aquesta invitació, simplement ignori aquest correu. No es crearà el teu compte fins que accedeixis a l'anterior enllaç i creïs una contrasenya"
+  time:
+    formats:
+      devise:
+        mailer:
+          invitation_instructions:
+            accept_until_format: "%d de %B de %Y, %H:%M"

data/config/locales/es.yml

@@ -17,7 +17,7 @@ es:
         submit_button: "Guardar mi contraseña"
     mailer:
       invitation_instructions:
-        subject: "Instruciones de la invitación"
+        subject: "Instrucciones de la invitación"
         hello: "Hola %{email}"
         someone_invited_you: "Has sido invitado a %{url}, puedes aceptarlo siguiendo el siguiente enlace"
         accept: "Aceptar la invitación"

data/config/locales/fr.yml

@@ -14,10 +14,8 @@ fr:
         legend: Envoyer l’invitation
         submit_button: Envoyer
       edit:
-        header: Confirmation
-        submit_button: Confirmer
-        new_password: Mot de passe
-        new_password_confirmation: Confirmation du mot de passe
+        header: Définissez votre mot de passe
+        submit_button: Définir mon mot de passe
     mailer:
       invitation_instructions:
         subject: 'Vous avez reçu une invitation'
@@ -31,4 +29,4 @@ fr:
       devise:
         mailer:
           invitation_instructions:
-            accept_until_format: "%B %d, %Y %I:%M %p"
+            accept_until_format: "%B %d, %Y %I:%M %p"

data/config/locales/id.yml

@@ -0,0 +1,31 @@
+id:
+  devise:
+    failure:
+      invited: "Anda memiliki undangan yang tertunda, harap terima undangan tersebut untuk menyelesaikan pembuatan akun Anda."
+    invitations:
+      send_instructions: "Email undangan telah dikirim ke %{email}."
+      invitation_token_invalid: "Token undangan yang diberikan tidak valid!"
+      updated: "Kata sandi Anda telah berhasil diatur. Anda sudah masuk."
+      updated_not_active: "Kata sandi Anda telah berhasil diatur."
+      no_invitations_remaining: "Tidak ada undangan tersisa."
+      invitation_removed: "Undangan Anda telah dihapus."
+      new:
+        header: "Kirim Undangan"
+        submit_button: "Kirim undangan"
+      edit:
+        header: "Atur kata sandi Anda"
+        submit_button: "Atur kata sandi"
+    mailer:
+      invitation_instructions:
+        subject: "Instruksi Undangan"
+        hello: "Halo %{email}"
+        someone_invited_you: "Seseorang telah mengundang Anda ke %{url}. Anda dapat menerima undangan ini melalui tautan di bawah ini."
+        accept: "Terima Undangan"
+        accept_until: "Undangan ini akan berakhir pada %{due_date}."
+        ignore: "Jika Anda tidak ingin menerima undangan ini, silakan abaikan email ini. Akun Anda tidak akan dibuat sampai Anda mengakses tautan di atas dan mengatur kata sandi Anda."
+  time:
+    formats:
+      devise:
+        mailer:
+          invitation_instructions:
+            accept_until_format: "%d %B %Y %H:%M:%S"

data/lib/devise_invitable/controllers/helpers.rb

@@ -12,6 +12,10 @@ module DeviseInvitable::Controllers::Helpers
     signed_in_root_path(resource)
   end
 
+  def invalid_token_path_for(resource_name)
+    after_sign_out_path_for(resource_name)
+  end
+
   protected
 
     def authenticate_inviter!

data/lib/devise_invitable/mapping.rb

@@ -3,8 +3,10 @@ module DeviseInvitable
     private
 
       def default_controllers(options)
-        options[:controllers] ||= {}
-        options[:controllers][:registrations] ||= 'devise_invitable/registrations'
+        unless options[:module]
+          options[:controllers] ||= {}
+          options[:controllers][:registrations] ||= 'devise_invitable/registrations'
+        end
         super
       end
   end

data/lib/devise_invitable/models.rb

@@ -195,7 +195,7 @@ module Devise
       def clear_reset_password_token
         reset_password_token_present = reset_password_token.present?
         super
-        accept_invitation! if reset_password_token_present && invited_to_sign_up?
+        accept_invitation! if reset_password_token_present && valid_invitation?
       end
 
       def clear_errors_on_valid_keys
@@ -231,7 +231,7 @@ module Devise
       def add_taken_error(key)
         errors.add(key, :taken)
       end
-    
+
       def invitation_taken?
         !invited_to_sign_up?
       end

data/lib/devise_invitable/version.rb

@@ -1,3 +1,3 @@
 module DeviseInvitable
-  VERSION = '2.0.6'.freeze
+  VERSION = '2.0.9'.freeze
 end

data/lib/generators/devise_invitable/devise_invitable_generator.rb

@@ -7,7 +7,7 @@ module DeviseInvitable
 
       def inject_devise_invitable_content
         path = File.join('app', 'models', "#{file_path}.rb")
-        inject_into_file(path, 'invitable, :', after: 'devise :') if File.exists?(path)
+        inject_into_file(path, 'invitable, :', after: 'devise :') if File.exist?(path)
       end
 
       hook_for :orm

data/test/functional/controller_helpers_test.rb

@@ -41,4 +41,14 @@ class ControllerHelpersTest < ActionController::TestCase
     assert Devise::InvitationsController.method_defined? :after_accept_path_for
     assert !Devise::InvitationsController.instance_methods(false).include?(:after_accept_path_for)
   end
+
+  test 'invalid token path defaults to after sign out path' do
+    assert_equal @controller.send(:after_sign_out_path_for, :user), @controller.invalid_token_path_for(:user)
+  end
+
+  test 'invalid token path is customizable from application controller' do
+    custom_path = 'customized/invalid/token/path'
+    @controller.instance_eval "def invalid_token_path_for(resource_name) '#{custom_path}' end"
+    assert_equal @controller.invalid_token_path_for(:user), custom_path
+  end
 end

data/test/integration/invitation_test.rb

@@ -98,7 +98,7 @@ class InvitationTest < ActionDispatch::IntegrationTest
       fill_in 'Password confirmation', with: 'other_password'
     end
     assert_equal user_invitation_path, current_path
-    assert page.has_css?('#error_explanation li', text: /Password .*doesn\'t match/)
+    assert page.has_css?('#error_explanation li', text: /Password .*doesn['’]t match/)
     assert !user.confirmed?
   end
 

data/test/mailers/invitation_mail_test.rb

@@ -102,7 +102,7 @@ class InvitationMailTest < ActionMailer::TestCase
       def initialize(*args); end
       def deliver; end
     end
-    Devise.mailer = CustomMailer
+    Devise.mailer = 'InvitationMailTest::CustomMailer'
 
     User.invite!({ email: 'valid@email.com' }, nil, { invited_at: Time.now })
   end

data/test/model_tests_helper.rb

@@ -1,6 +1,6 @@
 class ActiveSupport::TestCase
   def setup_mailer
-    Devise.mailer = Devise::Mailer
+    Devise.mailer = 'Devise::Mailer'
     ActionMailer::Base.deliveries = []
   end
 

data/test/models/invitable_test.rb

@@ -89,12 +89,12 @@ class InvitableTest < ActiveSupport::TestCase
     user.invite!
     old_invitation_created_at = 3.days.ago
     old_invitation_sent_at = 3.days.ago
-    user.update_attributes(invitation_sent_at: old_invitation_sent_at, invitation_created_at: old_invitation_created_at)
+    user.update(invitation_sent_at: old_invitation_sent_at, invitation_created_at: old_invitation_created_at)
     3.times do
       user.invite!
       refute_equal old_invitation_sent_at, user.invitation_sent_at
       refute_equal old_invitation_created_at, user.invitation_created_at
-      user.update_attributes(invitation_sent_at: old_invitation_sent_at, invitation_created_at: old_invitation_created_at)
+      user.update(invitation_sent_at: old_invitation_sent_at, invitation_created_at: old_invitation_created_at)
     end
   end
 
@@ -279,6 +279,23 @@ class InvitableTest < ActiveSupport::TestCase
     refute_predicate user, :invited_to_sign_up?
   end
 
+  test 'should not accept expired invitation while resetting the password' do
+    User.stubs(:invite_for).returns(1.day)
+    user = User.invite!(email: 'valid@email.com')
+    assert user.invited_to_sign_up?
+    user.invitation_created_at = Time.now.utc - 2.days
+    token, user.reset_password_token = Devise.token_generator.generate(User, :reset_password_token)
+    user.reset_password_sent_at = Time.now.utc
+    user.save
+
+    assert user.reset_password_token.present?
+    assert user.invitation_token.present?
+    User.reset_password_by_token(reset_password_token: token, password: '123456789', password_confirmation: '123456789')
+    assert_nil user.reload.reset_password_token
+    assert user.reload.invitation_token.present?
+    assert user.reload.invited_to_sign_up?
+  end
+
   test 'should not accept invitation on failing to reset the password' do
     user = User.invite!(email: 'valid@email.com')
     assert user.invited_to_sign_up?
@@ -366,15 +383,51 @@ class InvitableTest < ActiveSupport::TestCase
     User.validate_on_invite = validate_on_invite
   end
 
+  test 'should not validate other attributes when validate_on_invite is disabled (for instance method)' do
+    validate_on_invite = User.validate_on_invite
+    User.validate_on_invite = false
+    user = new_user(email: 'valid@email.com', username: 'a' * 50)
+    user.invite!(nil, validate: false)
+    assert_empty user.errors
+    User.validate_on_invite = validate_on_invite
+  end
+
+  test 'should validate other attributes when validate_on_invite is disabled and validate option is enabled (for instance method)' do
+    validate_on_invite = User.validate_on_invite
+    User.validate_on_invite = false
+    user = new_user(email: 'valid@email.com', username: 'a' * 50)
+    user.invite!(nil, validate: true)
+    refute_empty user.errors[:username]
+    User.validate_on_invite = validate_on_invite
+  end
+
+  test 'should validate other attributes when validate_on_invite is enabled and validate option is disabled (for instance method)' do
+    validate_on_invite = User.validate_on_invite
+    User.validate_on_invite = true
+    user = new_user(email: 'valid@email.com', username: 'a' * 50)
+    user.invite!
+    refute_empty user.errors[:username]
+    User.validate_on_invite = validate_on_invite
+  end
+
+  test 'should validate other attributes when validate_on_invite is enabled and validate option is disabled explicitly (for instance method)' do
+    validate_on_invite = User.validate_on_invite
+    User.validate_on_invite = true
+    user = new_user(email: 'valid@email.com', username: 'a' * 50)
+    user.invite!(nil, validate: false)
+    assert_empty user.errors
+    User.validate_on_invite = validate_on_invite
+  end
+
   test 'should return a record with errors if user was found by e-mail' do
     existing_user = User.new(email: 'valid@email.com')
     existing_user.save(validate: false)
     user = User.invite!(email: 'valid@email.com')
     assert_equal user, existing_user
-    assert_equal ['has already been taken'], user.errors[:email]
+    assert_equal [{error: :taken}], user.errors.details[:email]
     same_user = User.invite!(email: 'valid@email.com')
     assert_equal same_user, existing_user
-    assert_equal ['has already been taken'], same_user.errors[:email]
+    assert_equal [{error: :taken}], same_user.errors.details[:email]
   end
 
   test 'should return a record with errors if user with pending invitation was found by e-mail' do
@@ -388,7 +441,7 @@ class InvitableTest < ActiveSupport::TestCase
 
       user = User.invite!(email: 'valid@email.com')
       assert_equal user, existing_user
-      assert_equal ['has already been taken'], user.errors[:email]
+      assert_equal [{error: :taken}], user.errors.details[:email]
     ensure
       User.resend_invitation = resend_invitation
     end
@@ -402,7 +455,7 @@ class InvitableTest < ActiveSupport::TestCase
       existing_user.save(validate: false)
       user = User.invite!(email: 'valid@email.com', username: 'a' * 50)
       assert_equal user, existing_user
-      assert_equal ['has already been taken'], user.errors[:email]
+      assert_equal [{error: :taken}], user.errors.details[:email]
       refute_empty user.errors[:username]
     ensure
       User.validate_on_invite = validate_on_invite
@@ -412,13 +465,13 @@ class InvitableTest < ActiveSupport::TestCase
   test 'should return a new record with errors if e-mail is blank' do
     invited_user = User.invite!(email: '')
     assert invited_user.new_record?
-    assert_equal ["can't be blank"], invited_user.errors[:email]
+    assert_equal [{error: :blank}], invited_user.errors.details[:email]
   end
 
   test 'should return a new record with errors if e-mail is invalid' do
     invited_user = User.invite!(email: 'invalid_email')
     assert invited_user.new_record?
-    assert_equal ['is invalid'], invited_user.errors[:email]
+    assert_equal [{error: :invalid}], invited_user.errors.details[:email]
   end
 
   test 'should set all attributes with errors if e-mail is invalid' do
@@ -438,13 +491,13 @@ class InvitableTest < ActiveSupport::TestCase
   test 'should return a new record with errors if no invitation_token is found' do
     invited_user = User.accept_invitation!(invitation_token: 'invalid_token')
     assert invited_user.new_record?
-    assert_equal ['is invalid'], invited_user.errors[:invitation_token]
+    assert_equal [{error: :invalid}], invited_user.errors.details[:invitation_token]
   end
 
   test 'should return a new record with errors if invitation_token is blank' do
     invited_user = User.accept_invitation!(invitation_token: '')
     assert invited_user.new_record?
-    assert_equal ["can't be blank"], invited_user.errors[:invitation_token]
+    assert_equal [{error: :blank}], invited_user.errors.details[:invitation_token]
   end
 
   test 'should return record with errors if invitation_token has expired' do
@@ -454,7 +507,7 @@ class InvitableTest < ActiveSupport::TestCase
     invited_user.save(validate: false)
     user = User.accept_invitation!(invitation_token: Thread.current[:token])
     assert_equal user, invited_user
-    assert_equal ['is invalid'], user.errors[:invitation_token]
+    assert_equal [{error: :invalid}], user.errors.details[:invitation_token]
   end
 
   test 'should allow record modification using block' do

data/test/orm/active_record.rb

@@ -1,7 +1,12 @@
 ActiveRecord::Migration.verbose = false
 ActiveRecord::Base.logger = Logger.new(nil)
 
-if defined? ActiveRecord::MigrationContext # rails >= 5.2
+if ActiveRecord::VERSION::MAJOR >= 6
+  ActiveRecord::MigrationContext.new(
+        File.expand_path('../../rails_app/db/migrate/', __FILE__),
+        ActiveRecord::Base.connection.schema_migration
+      ).migrate
+elsif defined? ActiveRecord::MigrationContext # rails >= 5.2
   ActiveRecord::MigrationContext.new(File.expand_path('../../rails_app/db/migrate/', __FILE__)).migrate
 else
   ActiveRecord::Migrator.migrate(File.expand_path('../../rails_app/db/migrate/', __FILE__))

data/test/test_helper.rb

@@ -7,7 +7,7 @@ require "rails_app/config/environment"
 require 'rails/test_help'
 require "orm/#{DEVISE_ORM}"
 require 'capybara/rails'
-require 'mocha/setup'
+require 'mocha/minitest'
 
 ActionMailer::Base.delivery_method = :test
 ActionMailer::Base.perform_deliveries = true

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_invitable
 version: !ruby/object:Gem::Version
-  version: 2.0.6
+  version: 2.0.9
 platform: ruby
 authors:
 - Sergio Cambra
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-15 00:00:00.000000000 Z
+date: 2023-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer
@@ -70,6 +70,7 @@ files:
 - app/views/devise/mailer/invitation_instructions.html.erb
 - app/views/devise/mailer/invitation_instructions.text.erb
 - config/locales/ar.yml
+- config/locales/ca.yml
 - config/locales/da.yml
 - config/locales/de.yml
 - config/locales/en.yml
@@ -77,6 +78,7 @@ files:
 - config/locales/et.yml
 - config/locales/fa.yml
 - config/locales/fr.yml
+- config/locales/id.yml
 - config/locales/it.yml
 - config/locales/ja.yml
 - config/locales/ko.yml
@@ -186,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.9
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: An invitation strategy for Devise