devise_invitable 1.4.1 → 1.4.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise_invitable might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3baf83979bda300001727d86af188f93a91bf95c
4
- data.tar.gz: 74d6ac1f55c041e7075e4c1e8ec026e470fdfe12
3
+ metadata.gz: 751224bca4a80bf6eb364d3c11d58a2771d36acf
4
+ data.tar.gz: e5a102a756fd4061ee2bffdc345dfc1dd94f15f5
5
5
  SHA512:
6
- metadata.gz: 0b08b0b990d88fd99aed53e4d3082db8354bda2e5046fad13901debde5ecb614ba5cdcea7e11709798ea16d4dc99dac27dbd622534179cf1d9a3cbaaaba38bda
7
- data.tar.gz: 3ca119718132addd0b7b331ac4fe81c4e21852b6480ef10c3ed742492b82e86e6fbd01f84957e5a7b6426aba2bbd5eaeb8f65460730399f3e286e125355ca77f
6
+ metadata.gz: d7ed72e6393da5bd986570e981d13c3bc3b1d39af6b12c0ebc7499e4b95d838ed8458833f631f766934c46808b2a9c2026a78d307c2f78196b9addecc4541d57
7
+ data.tar.gz: 5ace95e6bdb544c6e67669d7c6576ba09a74985c92974db6a43a2898b28080cf2bb9d7615acf138969efc24c4949e2149dc1ed51dea4c7512c6933d52c9ccbf5
data/CHANGELOG CHANGED
@@ -1,3 +1,5 @@
1
+ Override valid_password? and unauthenticated_message instead of active_for_authentication? and inactive_message, active_for_authentication? doesn't work for default behavior of invited users without password
2
+
1
3
  = 1.4.0
2
4
  Override active_for_authentication? and inactive_message instead of valid_password?
3
5
  To use counter_cache, invited_by_counter_cache must be set, no more checking of invitations_count to enable counter cache
data/README.rdoc CHANGED
@@ -132,6 +132,8 @@ or directly as parameters to the <tt>devise</tt> method:
132
132
 
133
133
  * invited_by_class_name: The class name of the inviting model. If this is nil, polymorphic association is used.
134
134
 
135
+ * allow_insecure_sign_in_after_accept: automatically sign in the user after they set a password. Enabled by default.
136
+
135
137
  For more details, see <tt>config/initializers/devise.rb</tt> (after you invoked the "devise_invitable:install" generator described above).
136
138
 
137
139
  == Configuring views
@@ -355,6 +357,7 @@ DeviseInvitable uses flash messages with I18n with the flash keys <tt>:send_inst
355
357
  send_instructions: 'An invitation email has been sent to %{email}.'
356
358
  invitation_token_invalid: 'The invitation token provided is not valid!'
357
359
  updated: 'Your password was set successfully. You are now signed in.'
360
+ updated_not_active: 'Your password was set successfully.'
358
361
 
359
362
  You can also create distinct messages based on the resource you've configured using the singular name given in routes:
360
363
 
@@ -365,6 +368,7 @@ You can also create distinct messages based on the resource you've configured us
365
368
  send_instructions: 'A new user invitation has been sent to %{email}.'
366
369
  invitation_token_invalid: 'Your invitation token is not valid!'
367
370
  updated: 'Welcome on board! You are now signed in.'
371
+ updated_not_active: 'Welcome on board! Sign in to continue.'
368
372
 
369
373
  The DeviseInvitable mailer uses the same pattern as Devise to create mail subject messages:
370
374
 
@@ -43,10 +43,15 @@ class Devise::InvitationsController < DeviseController
43
43
  yield resource if block_given?
44
44
 
45
45
  if invitation_accepted
46
- flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
47
- set_flash_message :notice, flash_message if is_flashing_format?
48
- sign_in(resource_name, resource)
49
- respond_with resource, :location => after_accept_path_for(resource)
46
+ if Devise.allow_insecure_sign_in_after_accept
47
+ flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
48
+ set_flash_message :notice, flash_message if is_flashing_format?
49
+ sign_in(resource_name, resource)
50
+ respond_with resource, :location => after_accept_path_for(resource)
51
+ else
52
+ set_flash_message :notice, :updated_not_active if is_flashing_format?
53
+ respond_with resource, :location => new_session_path(resource_name)
54
+ end
50
55
  else
51
56
  respond_with_navigational(resource){ render :edit }
52
57
  end
@@ -6,6 +6,7 @@ en:
6
6
  send_instructions: "An invitation email has been sent to %{email}."
7
7
  invitation_token_invalid: "The invitation token provided is not valid!"
8
8
  updated: "Your password was set successfully. You are now signed in."
9
+ updated_not_active: "Your password was set successfully."
9
10
  no_invitations_remaining: "No invitations remaining"
10
11
  invitation_removed: "Your invitation was removed."
11
12
  new:
@@ -66,6 +66,11 @@ module Devise
66
66
  # the #invited_by association is declared without counter_cache. (default: nil)
67
67
  mattr_accessor :invited_by_counter_cache
68
68
  @@invited_by_counter_cache = nil
69
+
70
+ # Public: Auto-login after the user accepts the invite. If this is false,
71
+ # the user will need to manually log in after accepting the invite (default: false).
72
+ mattr_accessor :allow_insecure_sign_in_after_accept
73
+ @@allow_insecure_sign_in_after_accept = true
69
74
  end
70
75
 
71
76
  Devise.add_module :invitable, :controller => :invitations, :model => 'devise_invitable/model', :route => {:invitation => [nil, :new, :accept]}
@@ -134,12 +134,12 @@ module Devise
134
134
  end
135
135
 
136
136
  # Only verify password when is not invited
137
- def active_for_authentication?
138
- super unless invited_to_sign_up?
137
+ def valid_password?(password)
138
+ super unless block_from_invitation?
139
139
  end
140
140
 
141
- def inactive_message
142
- invited_to_sign_up? ? :invited : super
141
+ def unauthenticated_message
142
+ block_from_invitation? ? :invited : super
143
143
  end
144
144
 
145
145
  def after_password_reset
@@ -179,6 +179,10 @@ module Devise
179
179
  @skip_password ||= false
180
180
  end
181
181
 
182
+ def block_from_invitation?
183
+ invited_to_sign_up?
184
+ end
185
+
182
186
  # Checks if the invitation for the user is within the limit time.
183
187
  # We do this by calculating if the difference between today and the
184
188
  # invitation sent date does not exceed the invite for time configured.
@@ -303,6 +307,7 @@ module Devise
303
307
  Devise::Models.config(self, :invitation_limit)
304
308
  Devise::Models.config(self, :invite_key)
305
309
  Devise::Models.config(self, :resend_invitation)
310
+ Devise::Models.config(self, :allow_insecure_sign_in_after_accept)
306
311
  end
307
312
  end
308
313
  end
@@ -20,7 +20,7 @@ module DeviseInvitable
20
20
  def attributes_for_with_invitable(kind)
21
21
  case kind
22
22
  when :invite
23
- resource_class.invite_key_fields
23
+ resource_class.respond_to?(:invite_key_fields) ? resource_class.invite_key_fields : []
24
24
  when :accept_invitation
25
25
  [:password, :password_confirmation, :invitation_token]
26
26
  else attributes_for_without_invitable(kind)
@@ -1,3 +1,3 @@
1
1
  module DeviseInvitable
2
- VERSION = '1.4.1'
2
+ VERSION = '1.4.2'
3
3
  end
@@ -57,6 +57,11 @@ module DeviseInvitable
57
57
  # Default: nil
58
58
  # config.invited_by_counter_cache = :invitations_count
59
59
 
60
+ # Auto-login after the user accepts the invite. If this is false,
61
+ # the user will need to manually log in after accepting the invite.
62
+ # Default: false
63
+ # config.allow_insecure_sign_in_after_accept = true
64
+
60
65
  CONTENT
61
66
  end
62
67
  end
@@ -64,6 +64,25 @@ class InvitationTest < ActionDispatch::IntegrationTest
64
64
  assert_equal root_path, current_path
65
65
  end
66
66
 
67
+ test 'invited user without password should not be able to sign in' do
68
+ user = User.invite!(:email => "valid@email.com")
69
+ user.password = 'test'
70
+ sign_in_as_user user
71
+
72
+ assert_equal new_user_session_path, current_path
73
+ assert page.has_css?('p#alert', :text => 'You have a pending invitation, accept it to finish creating your account.')
74
+ end
75
+
76
+ test 'invited user with password should not be able to sign in' do
77
+ user = User.invite!(:email => "valid@email.com")
78
+ user.password = '987654321'
79
+ user.save
80
+ sign_in_as_user user
81
+
82
+ assert_equal new_user_session_path, current_path
83
+ assert page.has_css?('p#alert', :text => 'You have a pending invitation, accept it to finish creating your account.')
84
+ end
85
+
67
86
  test 'not authenticated user with invalid invitation token should not be able to set his password' do
68
87
  user = User.invite!(:email => "valid@email.com")
69
88
  user.accept_invitation!
@@ -106,10 +125,26 @@ class InvitationTest < ActionDispatch::IntegrationTest
106
125
  assert user.reload.valid_password?('987654321')
107
126
  end
108
127
 
109
- test 'sign in user automatically after setting it\'s password' do
128
+ test 'sign in user automatically after setting it\'s password if config.allow_insecure_sign_in_after_accept is true' do
129
+ original_option_value = Devise.allow_insecure_sign_in_after_accept
130
+ Devise.allow_insecure_sign_in_after_accept = true
131
+
110
132
  User.invite!(:email => "valid@email.com")
111
133
  set_password :invitation_token => Thread.current[:token]
134
+
112
135
  assert_equal root_path, current_path
136
+ Devise.allow_insecure_sign_in_after_accept = original_option_value
137
+ end
138
+
139
+ test 'does not sign in user automatically after setting it\'s password if config.allow_insecure_sign_in_after_accept is false' do
140
+ original_option_value = Devise.allow_insecure_sign_in_after_accept
141
+ Devise.allow_insecure_sign_in_after_accept = false
142
+
143
+ User.invite!(:email => "valid@email.com")
144
+ set_password :invitation_token => Thread.current[:token]
145
+
146
+ assert_equal new_user_session_path, current_path
147
+ Devise.allow_insecure_sign_in_after_accept = original_option_value
113
148
  end
114
149
 
115
150
  test 'clear token and set invitation_accepted_at after recover password instead of accept_invitation' do
@@ -20,5 +20,6 @@ module RailsApp
20
20
  class Application < Rails::Application
21
21
  config.filter_parameters << :password
22
22
  config.action_mailer.default_url_options = { :host => "localhost:3000" }
23
+ config.i18n.enforce_available_locales = true
23
24
  end
24
25
  end
@@ -129,6 +129,11 @@ Devise.setup do |config|
129
129
  # Default: nil
130
130
  config.invited_by_counter_cache = :invitations_count
131
131
 
132
+ # Auto-login after the user accepts the invite. If this is false,
133
+ # the user will need to manually log in after accepting the invite.
134
+ # Default: true
135
+ # config.allow_insecure_sign_in_after_accept = false
136
+
132
137
  # ==> Configuration for :confirmable
133
138
  # A period that the user is allowed to access the website even without
134
139
  # confirming his account. For instance, if set to 2.days, the user will be
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_invitable
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.1
4
+ version: 1.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sergio Cambra
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-02-17 00:00:00.000000000 Z
11
+ date: 2015-03-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler