devise_invitable 1.4.1 → 1.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devise_invitable might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG +2 -0
- data/README.rdoc +4 -0
- data/app/controllers/devise/invitations_controller.rb +9 -4
- data/config/locales/en.yml +1 -0
- data/lib/devise_invitable.rb +5 -0
- data/lib/devise_invitable/model.rb +9 -4
- data/lib/devise_invitable/parameter_sanitizer.rb +1 -1
- data/lib/devise_invitable/version.rb +1 -1
- data/lib/generators/devise_invitable/install_generator.rb +5 -0
- data/test/integration/invitation_test.rb +36 -1
- data/test/rails_app/config/application.rb +1 -0
- data/test/rails_app/config/initializers/devise.rb +5 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 751224bca4a80bf6eb364d3c11d58a2771d36acf
|
|
4
|
+
data.tar.gz: e5a102a756fd4061ee2bffdc345dfc1dd94f15f5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d7ed72e6393da5bd986570e981d13c3bc3b1d39af6b12c0ebc7499e4b95d838ed8458833f631f766934c46808b2a9c2026a78d307c2f78196b9addecc4541d57
|
|
7
|
+
data.tar.gz: 5ace95e6bdb544c6e67669d7c6576ba09a74985c92974db6a43a2898b28080cf2bb9d7615acf138969efc24c4949e2149dc1ed51dea4c7512c6933d52c9ccbf5
|
data/CHANGELOG
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
Override valid_password? and unauthenticated_message instead of active_for_authentication? and inactive_message, active_for_authentication? doesn't work for default behavior of invited users without password
|
|
2
|
+
|
|
1
3
|
= 1.4.0
|
|
2
4
|
Override active_for_authentication? and inactive_message instead of valid_password?
|
|
3
5
|
To use counter_cache, invited_by_counter_cache must be set, no more checking of invitations_count to enable counter cache
|
data/README.rdoc
CHANGED
|
@@ -132,6 +132,8 @@ or directly as parameters to the <tt>devise</tt> method:
|
|
|
132
132
|
|
|
133
133
|
* invited_by_class_name: The class name of the inviting model. If this is nil, polymorphic association is used.
|
|
134
134
|
|
|
135
|
+
* allow_insecure_sign_in_after_accept: automatically sign in the user after they set a password. Enabled by default.
|
|
136
|
+
|
|
135
137
|
For more details, see <tt>config/initializers/devise.rb</tt> (after you invoked the "devise_invitable:install" generator described above).
|
|
136
138
|
|
|
137
139
|
== Configuring views
|
|
@@ -355,6 +357,7 @@ DeviseInvitable uses flash messages with I18n with the flash keys <tt>:send_inst
|
|
|
355
357
|
send_instructions: 'An invitation email has been sent to %{email}.'
|
|
356
358
|
invitation_token_invalid: 'The invitation token provided is not valid!'
|
|
357
359
|
updated: 'Your password was set successfully. You are now signed in.'
|
|
360
|
+
updated_not_active: 'Your password was set successfully.'
|
|
358
361
|
|
|
359
362
|
You can also create distinct messages based on the resource you've configured using the singular name given in routes:
|
|
360
363
|
|
|
@@ -365,6 +368,7 @@ You can also create distinct messages based on the resource you've configured us
|
|
|
365
368
|
send_instructions: 'A new user invitation has been sent to %{email}.'
|
|
366
369
|
invitation_token_invalid: 'Your invitation token is not valid!'
|
|
367
370
|
updated: 'Welcome on board! You are now signed in.'
|
|
371
|
+
updated_not_active: 'Welcome on board! Sign in to continue.'
|
|
368
372
|
|
|
369
373
|
The DeviseInvitable mailer uses the same pattern as Devise to create mail subject messages:
|
|
370
374
|
|
|
@@ -43,10 +43,15 @@ class Devise::InvitationsController < DeviseController
|
|
|
43
43
|
yield resource if block_given?
|
|
44
44
|
|
|
45
45
|
if invitation_accepted
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
46
|
+
if Devise.allow_insecure_sign_in_after_accept
|
|
47
|
+
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
|
|
48
|
+
set_flash_message :notice, flash_message if is_flashing_format?
|
|
49
|
+
sign_in(resource_name, resource)
|
|
50
|
+
respond_with resource, :location => after_accept_path_for(resource)
|
|
51
|
+
else
|
|
52
|
+
set_flash_message :notice, :updated_not_active if is_flashing_format?
|
|
53
|
+
respond_with resource, :location => new_session_path(resource_name)
|
|
54
|
+
end
|
|
50
55
|
else
|
|
51
56
|
respond_with_navigational(resource){ render :edit }
|
|
52
57
|
end
|
data/config/locales/en.yml
CHANGED
|
@@ -6,6 +6,7 @@ en:
|
|
|
6
6
|
send_instructions: "An invitation email has been sent to %{email}."
|
|
7
7
|
invitation_token_invalid: "The invitation token provided is not valid!"
|
|
8
8
|
updated: "Your password was set successfully. You are now signed in."
|
|
9
|
+
updated_not_active: "Your password was set successfully."
|
|
9
10
|
no_invitations_remaining: "No invitations remaining"
|
|
10
11
|
invitation_removed: "Your invitation was removed."
|
|
11
12
|
new:
|
data/lib/devise_invitable.rb
CHANGED
|
@@ -66,6 +66,11 @@ module Devise
|
|
|
66
66
|
# the #invited_by association is declared without counter_cache. (default: nil)
|
|
67
67
|
mattr_accessor :invited_by_counter_cache
|
|
68
68
|
@@invited_by_counter_cache = nil
|
|
69
|
+
|
|
70
|
+
# Public: Auto-login after the user accepts the invite. If this is false,
|
|
71
|
+
# the user will need to manually log in after accepting the invite (default: false).
|
|
72
|
+
mattr_accessor :allow_insecure_sign_in_after_accept
|
|
73
|
+
@@allow_insecure_sign_in_after_accept = true
|
|
69
74
|
end
|
|
70
75
|
|
|
71
76
|
Devise.add_module :invitable, :controller => :invitations, :model => 'devise_invitable/model', :route => {:invitation => [nil, :new, :accept]}
|
|
@@ -134,12 +134,12 @@ module Devise
|
|
|
134
134
|
end
|
|
135
135
|
|
|
136
136
|
# Only verify password when is not invited
|
|
137
|
-
def
|
|
138
|
-
super unless
|
|
137
|
+
def valid_password?(password)
|
|
138
|
+
super unless block_from_invitation?
|
|
139
139
|
end
|
|
140
140
|
|
|
141
|
-
def
|
|
142
|
-
|
|
141
|
+
def unauthenticated_message
|
|
142
|
+
block_from_invitation? ? :invited : super
|
|
143
143
|
end
|
|
144
144
|
|
|
145
145
|
def after_password_reset
|
|
@@ -179,6 +179,10 @@ module Devise
|
|
|
179
179
|
@skip_password ||= false
|
|
180
180
|
end
|
|
181
181
|
|
|
182
|
+
def block_from_invitation?
|
|
183
|
+
invited_to_sign_up?
|
|
184
|
+
end
|
|
185
|
+
|
|
182
186
|
# Checks if the invitation for the user is within the limit time.
|
|
183
187
|
# We do this by calculating if the difference between today and the
|
|
184
188
|
# invitation sent date does not exceed the invite for time configured.
|
|
@@ -303,6 +307,7 @@ module Devise
|
|
|
303
307
|
Devise::Models.config(self, :invitation_limit)
|
|
304
308
|
Devise::Models.config(self, :invite_key)
|
|
305
309
|
Devise::Models.config(self, :resend_invitation)
|
|
310
|
+
Devise::Models.config(self, :allow_insecure_sign_in_after_accept)
|
|
306
311
|
end
|
|
307
312
|
end
|
|
308
313
|
end
|
|
@@ -20,7 +20,7 @@ module DeviseInvitable
|
|
|
20
20
|
def attributes_for_with_invitable(kind)
|
|
21
21
|
case kind
|
|
22
22
|
when :invite
|
|
23
|
-
resource_class.invite_key_fields
|
|
23
|
+
resource_class.respond_to?(:invite_key_fields) ? resource_class.invite_key_fields : []
|
|
24
24
|
when :accept_invitation
|
|
25
25
|
[:password, :password_confirmation, :invitation_token]
|
|
26
26
|
else attributes_for_without_invitable(kind)
|
|
@@ -57,6 +57,11 @@ module DeviseInvitable
|
|
|
57
57
|
# Default: nil
|
|
58
58
|
# config.invited_by_counter_cache = :invitations_count
|
|
59
59
|
|
|
60
|
+
# Auto-login after the user accepts the invite. If this is false,
|
|
61
|
+
# the user will need to manually log in after accepting the invite.
|
|
62
|
+
# Default: false
|
|
63
|
+
# config.allow_insecure_sign_in_after_accept = true
|
|
64
|
+
|
|
60
65
|
CONTENT
|
|
61
66
|
end
|
|
62
67
|
end
|
|
@@ -64,6 +64,25 @@ class InvitationTest < ActionDispatch::IntegrationTest
|
|
|
64
64
|
assert_equal root_path, current_path
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
+
test 'invited user without password should not be able to sign in' do
|
|
68
|
+
user = User.invite!(:email => "valid@email.com")
|
|
69
|
+
user.password = 'test'
|
|
70
|
+
sign_in_as_user user
|
|
71
|
+
|
|
72
|
+
assert_equal new_user_session_path, current_path
|
|
73
|
+
assert page.has_css?('p#alert', :text => 'You have a pending invitation, accept it to finish creating your account.')
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
test 'invited user with password should not be able to sign in' do
|
|
77
|
+
user = User.invite!(:email => "valid@email.com")
|
|
78
|
+
user.password = '987654321'
|
|
79
|
+
user.save
|
|
80
|
+
sign_in_as_user user
|
|
81
|
+
|
|
82
|
+
assert_equal new_user_session_path, current_path
|
|
83
|
+
assert page.has_css?('p#alert', :text => 'You have a pending invitation, accept it to finish creating your account.')
|
|
84
|
+
end
|
|
85
|
+
|
|
67
86
|
test 'not authenticated user with invalid invitation token should not be able to set his password' do
|
|
68
87
|
user = User.invite!(:email => "valid@email.com")
|
|
69
88
|
user.accept_invitation!
|
|
@@ -106,10 +125,26 @@ class InvitationTest < ActionDispatch::IntegrationTest
|
|
|
106
125
|
assert user.reload.valid_password?('987654321')
|
|
107
126
|
end
|
|
108
127
|
|
|
109
|
-
test 'sign in user automatically after setting it\'s password' do
|
|
128
|
+
test 'sign in user automatically after setting it\'s password if config.allow_insecure_sign_in_after_accept is true' do
|
|
129
|
+
original_option_value = Devise.allow_insecure_sign_in_after_accept
|
|
130
|
+
Devise.allow_insecure_sign_in_after_accept = true
|
|
131
|
+
|
|
110
132
|
User.invite!(:email => "valid@email.com")
|
|
111
133
|
set_password :invitation_token => Thread.current[:token]
|
|
134
|
+
|
|
112
135
|
assert_equal root_path, current_path
|
|
136
|
+
Devise.allow_insecure_sign_in_after_accept = original_option_value
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
test 'does not sign in user automatically after setting it\'s password if config.allow_insecure_sign_in_after_accept is false' do
|
|
140
|
+
original_option_value = Devise.allow_insecure_sign_in_after_accept
|
|
141
|
+
Devise.allow_insecure_sign_in_after_accept = false
|
|
142
|
+
|
|
143
|
+
User.invite!(:email => "valid@email.com")
|
|
144
|
+
set_password :invitation_token => Thread.current[:token]
|
|
145
|
+
|
|
146
|
+
assert_equal new_user_session_path, current_path
|
|
147
|
+
Devise.allow_insecure_sign_in_after_accept = original_option_value
|
|
113
148
|
end
|
|
114
149
|
|
|
115
150
|
test 'clear token and set invitation_accepted_at after recover password instead of accept_invitation' do
|
|
@@ -129,6 +129,11 @@ Devise.setup do |config|
|
|
|
129
129
|
# Default: nil
|
|
130
130
|
config.invited_by_counter_cache = :invitations_count
|
|
131
131
|
|
|
132
|
+
# Auto-login after the user accepts the invite. If this is false,
|
|
133
|
+
# the user will need to manually log in after accepting the invite.
|
|
134
|
+
# Default: true
|
|
135
|
+
# config.allow_insecure_sign_in_after_accept = false
|
|
136
|
+
|
|
132
137
|
# ==> Configuration for :confirmable
|
|
133
138
|
# A period that the user is allowed to access the website even without
|
|
134
139
|
# confirming his account. For instance, if set to 2.days, the user will be
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_invitable
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.4.
|
|
4
|
+
version: 1.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sergio Cambra
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-03-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|