devise_invitable 1.4.1 → 1.4.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise_invitable might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG +2 -0
- data/README.rdoc +4 -0
- data/app/controllers/devise/invitations_controller.rb +9 -4
- data/config/locales/en.yml +1 -0
- data/lib/devise_invitable.rb +5 -0
- data/lib/devise_invitable/model.rb +9 -4
- data/lib/devise_invitable/parameter_sanitizer.rb +1 -1
- data/lib/devise_invitable/version.rb +1 -1
- data/lib/generators/devise_invitable/install_generator.rb +5 -0
- data/test/integration/invitation_test.rb +36 -1
- data/test/rails_app/config/application.rb +1 -0
- data/test/rails_app/config/initializers/devise.rb +5 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 751224bca4a80bf6eb364d3c11d58a2771d36acf
|
4
|
+
data.tar.gz: e5a102a756fd4061ee2bffdc345dfc1dd94f15f5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d7ed72e6393da5bd986570e981d13c3bc3b1d39af6b12c0ebc7499e4b95d838ed8458833f631f766934c46808b2a9c2026a78d307c2f78196b9addecc4541d57
|
7
|
+
data.tar.gz: 5ace95e6bdb544c6e67669d7c6576ba09a74985c92974db6a43a2898b28080cf2bb9d7615acf138969efc24c4949e2149dc1ed51dea4c7512c6933d52c9ccbf5
|
data/CHANGELOG
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
Override valid_password? and unauthenticated_message instead of active_for_authentication? and inactive_message, active_for_authentication? doesn't work for default behavior of invited users without password
|
2
|
+
|
1
3
|
= 1.4.0
|
2
4
|
Override active_for_authentication? and inactive_message instead of valid_password?
|
3
5
|
To use counter_cache, invited_by_counter_cache must be set, no more checking of invitations_count to enable counter cache
|
data/README.rdoc
CHANGED
@@ -132,6 +132,8 @@ or directly as parameters to the <tt>devise</tt> method:
|
|
132
132
|
|
133
133
|
* invited_by_class_name: The class name of the inviting model. If this is nil, polymorphic association is used.
|
134
134
|
|
135
|
+
* allow_insecure_sign_in_after_accept: automatically sign in the user after they set a password. Enabled by default.
|
136
|
+
|
135
137
|
For more details, see <tt>config/initializers/devise.rb</tt> (after you invoked the "devise_invitable:install" generator described above).
|
136
138
|
|
137
139
|
== Configuring views
|
@@ -355,6 +357,7 @@ DeviseInvitable uses flash messages with I18n with the flash keys <tt>:send_inst
|
|
355
357
|
send_instructions: 'An invitation email has been sent to %{email}.'
|
356
358
|
invitation_token_invalid: 'The invitation token provided is not valid!'
|
357
359
|
updated: 'Your password was set successfully. You are now signed in.'
|
360
|
+
updated_not_active: 'Your password was set successfully.'
|
358
361
|
|
359
362
|
You can also create distinct messages based on the resource you've configured using the singular name given in routes:
|
360
363
|
|
@@ -365,6 +368,7 @@ You can also create distinct messages based on the resource you've configured us
|
|
365
368
|
send_instructions: 'A new user invitation has been sent to %{email}.'
|
366
369
|
invitation_token_invalid: 'Your invitation token is not valid!'
|
367
370
|
updated: 'Welcome on board! You are now signed in.'
|
371
|
+
updated_not_active: 'Welcome on board! Sign in to continue.'
|
368
372
|
|
369
373
|
The DeviseInvitable mailer uses the same pattern as Devise to create mail subject messages:
|
370
374
|
|
@@ -43,10 +43,15 @@ class Devise::InvitationsController < DeviseController
|
|
43
43
|
yield resource if block_given?
|
44
44
|
|
45
45
|
if invitation_accepted
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
46
|
+
if Devise.allow_insecure_sign_in_after_accept
|
47
|
+
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
|
48
|
+
set_flash_message :notice, flash_message if is_flashing_format?
|
49
|
+
sign_in(resource_name, resource)
|
50
|
+
respond_with resource, :location => after_accept_path_for(resource)
|
51
|
+
else
|
52
|
+
set_flash_message :notice, :updated_not_active if is_flashing_format?
|
53
|
+
respond_with resource, :location => new_session_path(resource_name)
|
54
|
+
end
|
50
55
|
else
|
51
56
|
respond_with_navigational(resource){ render :edit }
|
52
57
|
end
|
data/config/locales/en.yml
CHANGED
@@ -6,6 +6,7 @@ en:
|
|
6
6
|
send_instructions: "An invitation email has been sent to %{email}."
|
7
7
|
invitation_token_invalid: "The invitation token provided is not valid!"
|
8
8
|
updated: "Your password was set successfully. You are now signed in."
|
9
|
+
updated_not_active: "Your password was set successfully."
|
9
10
|
no_invitations_remaining: "No invitations remaining"
|
10
11
|
invitation_removed: "Your invitation was removed."
|
11
12
|
new:
|
data/lib/devise_invitable.rb
CHANGED
@@ -66,6 +66,11 @@ module Devise
|
|
66
66
|
# the #invited_by association is declared without counter_cache. (default: nil)
|
67
67
|
mattr_accessor :invited_by_counter_cache
|
68
68
|
@@invited_by_counter_cache = nil
|
69
|
+
|
70
|
+
# Public: Auto-login after the user accepts the invite. If this is false,
|
71
|
+
# the user will need to manually log in after accepting the invite (default: false).
|
72
|
+
mattr_accessor :allow_insecure_sign_in_after_accept
|
73
|
+
@@allow_insecure_sign_in_after_accept = true
|
69
74
|
end
|
70
75
|
|
71
76
|
Devise.add_module :invitable, :controller => :invitations, :model => 'devise_invitable/model', :route => {:invitation => [nil, :new, :accept]}
|
@@ -134,12 +134,12 @@ module Devise
|
|
134
134
|
end
|
135
135
|
|
136
136
|
# Only verify password when is not invited
|
137
|
-
def
|
138
|
-
super unless
|
137
|
+
def valid_password?(password)
|
138
|
+
super unless block_from_invitation?
|
139
139
|
end
|
140
140
|
|
141
|
-
def
|
142
|
-
|
141
|
+
def unauthenticated_message
|
142
|
+
block_from_invitation? ? :invited : super
|
143
143
|
end
|
144
144
|
|
145
145
|
def after_password_reset
|
@@ -179,6 +179,10 @@ module Devise
|
|
179
179
|
@skip_password ||= false
|
180
180
|
end
|
181
181
|
|
182
|
+
def block_from_invitation?
|
183
|
+
invited_to_sign_up?
|
184
|
+
end
|
185
|
+
|
182
186
|
# Checks if the invitation for the user is within the limit time.
|
183
187
|
# We do this by calculating if the difference between today and the
|
184
188
|
# invitation sent date does not exceed the invite for time configured.
|
@@ -303,6 +307,7 @@ module Devise
|
|
303
307
|
Devise::Models.config(self, :invitation_limit)
|
304
308
|
Devise::Models.config(self, :invite_key)
|
305
309
|
Devise::Models.config(self, :resend_invitation)
|
310
|
+
Devise::Models.config(self, :allow_insecure_sign_in_after_accept)
|
306
311
|
end
|
307
312
|
end
|
308
313
|
end
|
@@ -20,7 +20,7 @@ module DeviseInvitable
|
|
20
20
|
def attributes_for_with_invitable(kind)
|
21
21
|
case kind
|
22
22
|
when :invite
|
23
|
-
resource_class.invite_key_fields
|
23
|
+
resource_class.respond_to?(:invite_key_fields) ? resource_class.invite_key_fields : []
|
24
24
|
when :accept_invitation
|
25
25
|
[:password, :password_confirmation, :invitation_token]
|
26
26
|
else attributes_for_without_invitable(kind)
|
@@ -57,6 +57,11 @@ module DeviseInvitable
|
|
57
57
|
# Default: nil
|
58
58
|
# config.invited_by_counter_cache = :invitations_count
|
59
59
|
|
60
|
+
# Auto-login after the user accepts the invite. If this is false,
|
61
|
+
# the user will need to manually log in after accepting the invite.
|
62
|
+
# Default: false
|
63
|
+
# config.allow_insecure_sign_in_after_accept = true
|
64
|
+
|
60
65
|
CONTENT
|
61
66
|
end
|
62
67
|
end
|
@@ -64,6 +64,25 @@ class InvitationTest < ActionDispatch::IntegrationTest
|
|
64
64
|
assert_equal root_path, current_path
|
65
65
|
end
|
66
66
|
|
67
|
+
test 'invited user without password should not be able to sign in' do
|
68
|
+
user = User.invite!(:email => "valid@email.com")
|
69
|
+
user.password = 'test'
|
70
|
+
sign_in_as_user user
|
71
|
+
|
72
|
+
assert_equal new_user_session_path, current_path
|
73
|
+
assert page.has_css?('p#alert', :text => 'You have a pending invitation, accept it to finish creating your account.')
|
74
|
+
end
|
75
|
+
|
76
|
+
test 'invited user with password should not be able to sign in' do
|
77
|
+
user = User.invite!(:email => "valid@email.com")
|
78
|
+
user.password = '987654321'
|
79
|
+
user.save
|
80
|
+
sign_in_as_user user
|
81
|
+
|
82
|
+
assert_equal new_user_session_path, current_path
|
83
|
+
assert page.has_css?('p#alert', :text => 'You have a pending invitation, accept it to finish creating your account.')
|
84
|
+
end
|
85
|
+
|
67
86
|
test 'not authenticated user with invalid invitation token should not be able to set his password' do
|
68
87
|
user = User.invite!(:email => "valid@email.com")
|
69
88
|
user.accept_invitation!
|
@@ -106,10 +125,26 @@ class InvitationTest < ActionDispatch::IntegrationTest
|
|
106
125
|
assert user.reload.valid_password?('987654321')
|
107
126
|
end
|
108
127
|
|
109
|
-
test 'sign in user automatically after setting it\'s password' do
|
128
|
+
test 'sign in user automatically after setting it\'s password if config.allow_insecure_sign_in_after_accept is true' do
|
129
|
+
original_option_value = Devise.allow_insecure_sign_in_after_accept
|
130
|
+
Devise.allow_insecure_sign_in_after_accept = true
|
131
|
+
|
110
132
|
User.invite!(:email => "valid@email.com")
|
111
133
|
set_password :invitation_token => Thread.current[:token]
|
134
|
+
|
112
135
|
assert_equal root_path, current_path
|
136
|
+
Devise.allow_insecure_sign_in_after_accept = original_option_value
|
137
|
+
end
|
138
|
+
|
139
|
+
test 'does not sign in user automatically after setting it\'s password if config.allow_insecure_sign_in_after_accept is false' do
|
140
|
+
original_option_value = Devise.allow_insecure_sign_in_after_accept
|
141
|
+
Devise.allow_insecure_sign_in_after_accept = false
|
142
|
+
|
143
|
+
User.invite!(:email => "valid@email.com")
|
144
|
+
set_password :invitation_token => Thread.current[:token]
|
145
|
+
|
146
|
+
assert_equal new_user_session_path, current_path
|
147
|
+
Devise.allow_insecure_sign_in_after_accept = original_option_value
|
113
148
|
end
|
114
149
|
|
115
150
|
test 'clear token and set invitation_accepted_at after recover password instead of accept_invitation' do
|
@@ -129,6 +129,11 @@ Devise.setup do |config|
|
|
129
129
|
# Default: nil
|
130
130
|
config.invited_by_counter_cache = :invitations_count
|
131
131
|
|
132
|
+
# Auto-login after the user accepts the invite. If this is false,
|
133
|
+
# the user will need to manually log in after accepting the invite.
|
134
|
+
# Default: true
|
135
|
+
# config.allow_insecure_sign_in_after_accept = false
|
136
|
+
|
132
137
|
# ==> Configuration for :confirmable
|
133
138
|
# A period that the user is allowed to access the website even without
|
134
139
|
# confirming his account. For instance, if set to 2.days, the user will be
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_invitable
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.4.
|
4
|
+
version: 1.4.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sergio Cambra
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-03-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|