devise_invitable 1.5.1 → 1.5.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise_invitable might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 09f7285fbf0dcc7da0b16e9a26bbc9c385e19720
4
- data.tar.gz: 0b862b791cd58df3fc8ad6eba813c76534e89cba
3
+ metadata.gz: 21840c71f560017345f75d9152e44b295ccb8043
4
+ data.tar.gz: 8470539a88ef73abb3ef396a4c043e9405eecd57
5
5
  SHA512:
6
- metadata.gz: 8bf23dd018217299609a033f0ea3666a4f0358580a6b2a14bff4405666ae82217de809b1fdac77a12269349337d8756a601c635e427962fa343c81d4bdf0c765
7
- data.tar.gz: 560b395e0616d53b6b2d3164cd9ccd34a017517256f627a098c4971b4b85a55f41f61810f735dc2c51d9afcfb1acf848574bf1b32e2185b8ec47b9afe47d946c
6
+ metadata.gz: 451e491d4a3a8135bc4d1447d1b9035624f2be5757f03544fe1bf8925e0b08df1317a57ec93cb20f293e5dc77397e3c1ba6a6e854f1b8a7646804ce6b43258fc
7
+ data.tar.gz: ee5f07eb0c08aca5310d36b42eb7fa20fee2bbc657a101a79981c5072e6da3593a813ca79bb08ef05d3494db65e228017f692dc96645c1e62b9ff3c4f189e4f8
data/CHANGELOG CHANGED
@@ -1,11 +1,69 @@
1
+ = 1.5.2
2
+
3
+ - Fix #571, accept invitation when password changes only if reset_password_token was present
4
+ - Add support for setting invited_by foreign key
5
+ - Set random initial password for invited users
6
+ - Don't override password while User.invite!
7
+
8
+ = 1.5.1
9
+
10
+ - Fix #562 Avoid using after_password_reset
11
+ - Fix #564
12
+
13
+ Compare: https://github.com/scambra/devise_invitable/compare/v1.5.0...v1.5.1
14
+
15
+ = 1.5.0
16
+
1
17
  Override valid_password? and unauthenticated_message instead of active_for_authentication? and inactive_message, active_for_authentication? doesn't work for default behavior of invited users without password
2
18
 
19
+ - Get list & check for user(s) created by invite irrespective of status
20
+ - Update simple_form template's hash syntax
21
+ - Update migration template's hash syntax
22
+ - Check if after_password_reset is defined
23
+
24
+ Compare: https://github.com/scambra/devise_invitable/compare/v1.4.2...v1.5.0
25
+
26
+ = 1.4.2
27
+
28
+ - Add option to allow controlling of auto sign in functionality for security
29
+ - Add intermediate method in active_for_authentication? for more flexibility
30
+ - Add intermediate block_from_invitation? method for more flexibility
31
+ - Fix undefined method `invite_key_fields'
32
+ - Fix override valid_password? instead of active_for_authentication? (fixes #541)
33
+
34
+ Compare: https://github.com/scambra/devise_invitable/compare/v1.4.1...v1.4.2
35
+
36
+ = 1.4.1
37
+
38
+ - Begin testing against devise 3.4
39
+ - Use current_inviter to get redirect path after invite
40
+ (https://github.com/scambra/devise_invitable/pull/523)
41
+
42
+ Compare: https://github.com/scambra/devise_invitable/compare/v1.4.0...v1.4.1
43
+
3
44
  = 1.4.0
45
+
4
46
  Override active_for_authentication? and inactive_message instead of valid_password?
5
47
  To use counter_cache, invited_by_counter_cache must be set, no more checking of invitations_count to enable counter cache
6
48
 
49
+ Compare: https://github.com/scambra/devise_invitable/compare/v1.3.6...v1.4.0
50
+
51
+ = 1.3.6
52
+
53
+ - Regenerate invitation token each time even if "skip_invitation" was true
54
+ - Add passing a block to instance #invite! method
55
+ - Improvements to tests
56
+
57
+ Compare: https://github.com/scambra/devise_invitable/compare/v1.3.5...v1.3.6
58
+
59
+ = 1.3.5
60
+
61
+ No notes yet, contributions welcome.
62
+
7
63
  = 1.3.0
64
+
8
65
  Now devise 3.1 compatible, @token must be used instead of @resource.invitation_token in mail views
9
66
 
10
67
  = 1.2.0
68
+
11
69
  Add invitation_created_at column which is set when invitation is created even when sending is skipped. This new field is used to check invitation period valid
data/README.rdoc CHANGED
@@ -1,9 +1,9 @@
1
1
  = DeviseInvitable
2
- {<img src="https://travis-ci.org/scambra/devise_invitable.png"/>}[http://travis-ci.org/scambra/devise_invitable] {<img src="https://codeclimate.com/github/scambra/devise_invitable/badges/gpa.svg"/}[https://codeclimate.com/github/scambra/devise_invitable]
2
+ {<img src="https://travis-ci.org/scambra/devise_invitable.png"/>}[https://travis-ci.org/scambra/devise_invitable] {<img src="https://codeclimate.com/github/scambra/devise_invitable/badges/gpa.svg"/}[https://codeclimate.com/github/scambra/devise_invitable]
3
3
 
4
- It adds support to devise[http://github.com/plataformatec/devise] for sending invitations by email (it requires to be authenticated) and accept the invitation setting the password.
4
+ It adds support to devise[https://github.com/plataformatec/devise] for sending invitations by email (it requires to be authenticated) and accept the invitation setting the password.
5
5
 
6
- DeviseInvitable currently supports Rails 3 and 4, if you want to use it with Rails 2.3 you must install version {0.2.3}[http://rubygems.org/gems/devise_invitable/versions/0.2.3]
6
+ DeviseInvitable currently supports Rails 3 and 4, if you want to use it with Rails 2.3 you must install version {0.2.3}[https://rubygems.org/gems/devise_invitable/versions/0.2.3]
7
7
 
8
8
  If you want to use devise 3.0.x, you must use 1.2.1, newer versions require devise >= 3.1.0
9
9
 
@@ -132,6 +132,8 @@ or directly as parameters to the <tt>devise</tt> method:
132
132
 
133
133
  * invited_by_class_name: The class name of the inviting model. If this is nil, polymorphic association is used.
134
134
 
135
+ * invited_by_foreign_key: The foreign key to the inviting model (only used if invited_by_class_name is set, otherwise :invited_by_id)
136
+
135
137
  * allow_insecure_sign_in_after_accept: automatically sign in the user after they set a password. Enabled by default.
136
138
 
137
139
  For more details, see <tt>config/initializers/devise.rb</tt> (after you invoked the "devise_invitable:install" generator described above).
@@ -150,11 +152,11 @@ Then turn scoped views on in config/initializers/devise.rb:
150
152
 
151
153
  config.scoped_views = true
152
154
 
153
- Please refer to {Devise's README}[http://github.com/plataformatec/devise] for more information about views.
155
+ Please refer to {Devise's README}[https://github.com/plataformatec/devise] for more information about views.
154
156
 
155
157
  == Configuring controllers
156
158
 
157
- To change the controller's behavior, create a controller that inherits from <tt>Devise::InvitationsController</tt>. The available methods are: new, create, edit, and update. You should read the {original controllers source}[https://raw.github.com/scambra/devise_invitable/master/app/controllers/devise/invitations_controller.rb] before editing any of these actions. Your controller might now look something like this:
159
+ To change the controller's behavior, create a controller that inherits from <tt>Devise::InvitationsController</tt>. The available methods are: new, create, edit, and update. You should read the {original controllers source}[https://github.com/scambra/devise_invitable/blob/master/app/controllers/devise/invitations_controller.rb] before editing any of these actions. Your controller might now look something like this:
158
160
 
159
161
  class Users::InvitationsController < Devise::InvitationsController
160
162
  def update
@@ -200,7 +202,7 @@ To change behaviour of inviting or accepting users, you can simply override two
200
202
 
201
203
  == Strong Parameters
202
204
 
203
- When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing DeviseInvitable to handle this concern at the controller as well. Read about it in {devise README}[http://github.com/plataformatec/devise#strong-parameters]
205
+ When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing DeviseInvitable to handle this concern at the controller as well. Read about it in {devise README}[https://github.com/plataformatec/devise#strong-parameters]
204
206
 
205
207
  There are just two actions in DeviseInvitable that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permited parameters by default are:
206
208
 
@@ -310,7 +312,7 @@ Instead, in your views, put a link to <tt>new_user_invitation_path</tt> or <tt>n
310
312
 
311
313
  After an invitation is created and sent, the inviter will be redirected to after_invite_path_for(resource_name), which is stored path or the same path as after_sign_in_path_for by default.
312
314
 
313
- After an invitation is accepted, the invitee will be redirected to after_accept_path_for(resource), which is the same path as after_sign_in_path_for by default. If you want to override the path, override invitations controller and define after_accept_path_for method. This is useful in the common case that a user is invited to a specific location in your application. More on {Devise's README}[http://github.com/plataformatec/devise], "Controller filters and helpers" section.
315
+ After an invitation is accepted, the invitee will be redirected to after_accept_path_for(resource), which is the same path as after_sign_in_path_for by default. If you want to override the path, override invitations controller and define after_accept_path_for method. This is useful in the common case that a user is invited to a specific location in your application. More on {Devise's README}[https://github.com/plataformatec/devise], "Controller filters and helpers" section.
314
316
 
315
317
  The invitation email includes a link to accept the invitation that looks like this: <tt>/users/invitation/accept?invitation_token=abcd123</tt>. When clicked, the invited must set a password in order to accept its invitation. Note that if the invitation_token is not present or not valid, the invited is redirected to after_sign_out_path_for(resource_name).
316
318
 
@@ -409,9 +411,9 @@ To test DeviseInvitable for the ActiveRecord ORM with RVM, Ruby 1.9.2, and Rubyg
409
411
 
410
412
  Check them all at:
411
413
 
412
- http://github.com/scambra/devise_invitable/contributors
414
+ https://github.com/scambra/devise_invitable/contributors
413
415
 
414
- Special thanks to rymai[http://github.com/rymai] for the Rails 3 support, his fork was a great help.
416
+ Special thanks to rymai[https://github.com/rymai] for the Rails 3 support, his fork was a great help.
415
417
 
416
418
  == Note on Patches/Pull Requests
417
419
 
@@ -4,8 +4,8 @@ class DeviseInvitable::RegistrationsController < Devise::RegistrationsController
4
4
  def build_resource(hash = nil)
5
5
  hash ||= resource_params || {}
6
6
  if hash[:email]
7
- self.resource = resource_class.where(:email => hash[:email], :encrypted_password => '').first
8
- if self.resource
7
+ self.resource = resource_class.where(:email => hash[:email]).first
8
+ if self.resource and self.resource.invited_to_sign_up?
9
9
  self.resource.attributes = hash
10
10
  self.resource.send_confirmation_instructions if self.resource.confirmation_required_for_invited?
11
11
  self.resource.accept_invitation
@@ -62,6 +62,11 @@ module Devise
62
62
  mattr_accessor :invited_by_class_name
63
63
  @@invited_by_class_name = nil
64
64
 
65
+ # Public: The foreign key to the inviting model (if invited_by_class_name is set)
66
+ # (default: :invited_by_id)
67
+ mattr_accessor :invited_by_foreign_key
68
+ @@invited_by_foreign_key = nil
69
+
65
70
  # Public: The column name used for counter_cache column. If this is nil,
66
71
  # the #invited_by association is declared without counter_cache. (default: nil)
67
72
  mattr_accessor :invited_by_counter_cache
@@ -34,6 +34,9 @@ module Devise
34
34
  else
35
35
  {:polymorphic => true}
36
36
  end
37
+ if fk = Devise.invited_by_foreign_key
38
+ belongs_to_options[:foreign_key] = fk
39
+ end
37
40
  if defined?(ActiveRecord) && defined?(ActiveRecord::Base) && self < ActiveRecord::Base
38
41
  counter_cache = Devise.invited_by_counter_cache
39
42
  belongs_to_options.merge! :counter_cache => counter_cache if counter_cache
@@ -43,8 +46,6 @@ module Devise
43
46
  include ActiveSupport::Callbacks
44
47
  define_callbacks :invitation_accepted
45
48
 
46
- attr_writer :skip_password
47
-
48
49
  scope :no_active_invitation, lambda { where(:invitation_token => nil) }
49
50
  if defined?(Mongoid) && defined?(Mongoid::Document) && self < Mongoid::Document
50
51
  scope :created_by_invite, lambda { where(:invitation_sent_at.ne => nil) }
@@ -63,7 +64,7 @@ module Devise
63
64
 
64
65
  def self.required_fields(klass)
65
66
  fields = [:invitation_token, :invitation_created_at, :invitation_sent_at, :invitation_accepted_at,
66
- :invitation_limit, :invited_by_id, :invited_by_type]
67
+ :invitation_limit, Devise.invited_by_foreign_key || :invited_by_id, :invited_by_type]
67
68
  fields << :invitations_count if defined?(ActiveRecord) && self < ActiveRecord::Base
68
69
  fields -= [:invited_by_type] if Devise.invited_by_class_name
69
70
  fields
@@ -151,8 +152,9 @@ module Devise
151
152
  end
152
153
 
153
154
  def clear_reset_password_token
155
+ reset_password_token_present = reset_password_token.present?
154
156
  super
155
- accept_invitation! if invited_to_sign_up?
157
+ accept_invitation! if reset_password_token_present && invited_to_sign_up?
156
158
  end
157
159
 
158
160
  def clear_errors_on_valid_keys
@@ -178,14 +180,6 @@ module Devise
178
180
  end
179
181
 
180
182
  protected
181
- # Overriding the method in Devise's :validatable module so password is not required on inviting
182
- def password_required?
183
- !skip_password && super
184
- end
185
-
186
- def skip_password
187
- @skip_password ||= false
188
- end
189
183
 
190
184
  def block_from_invitation?
191
185
  invited_to_sign_up?
@@ -260,8 +254,10 @@ module Devise
260
254
  invitable = find_or_initialize_with_errors(invite_key_array, attributes_hash)
261
255
  invitable.assign_attributes(attributes)
262
256
  invitable.invited_by = invited_by
257
+ unless invitable.password
258
+ invitable.password = Devise.friendly_token[0, 20]
259
+ end
263
260
 
264
- invitable.skip_password = true
265
261
  invitable.valid? if self.validate_on_invite
266
262
  if invitable.new_record?
267
263
  invitable.clear_errors_on_valid_keys if !self.validate_on_invite
@@ -1,3 +1,3 @@
1
1
  module DeviseInvitable
2
- VERSION = '1.5.1'
2
+ VERSION = '1.5.2'
3
3
  end
@@ -12,12 +12,6 @@ class DeviseInvitableAddTo<%= table_name.camelize %> < ActiveRecord::Migration
12
12
  t.index :invitation_token, unique: true # for invitable
13
13
  t.index :invited_by_id
14
14
  end
15
-
16
- # And allow null encrypted_password and password_salt:
17
- change_column_null :<%= table_name %>, :encrypted_password, true
18
- <% if class_name.constantize.columns_hash['password_salt'] -%>
19
- change_column_null :<%= table_name %>, :password_salt, true
20
- <% end -%>
21
15
  end
22
16
 
23
17
  def down
@@ -25,9 +19,5 @@ class DeviseInvitableAddTo<%= table_name.camelize %> < ActiveRecord::Migration
25
19
  t.remove_references :invited_by, polymorphic: true
26
20
  t.remove :invitations_count, :invitation_limit, :invitation_sent_at, :invitation_accepted_at, :invitation_token, :invitation_created_at
27
21
  end
28
- change_column_null :<%= table_name %>, :encrypted_password, false
29
- <% if class_name.constantize.columns_hash['password_salt'] -%>
30
- change_column_null :<%= table_name %>, :password_salt,false
31
- <% end -%>
32
22
  end
33
23
  end
@@ -52,6 +52,10 @@ module DeviseInvitable
52
52
  # Default: nil
53
53
  # config.invited_by_class_name = 'User'
54
54
 
55
+ # The foreign key to the inviting model (if invited_by_class_name is set)
56
+ # Default: :invited_by_id
57
+ # config.invited_by_foreign_key = :invited_by_id
58
+
55
59
  # The column name used for counter_cache column. If this is nil,
56
60
  # the #invited_by association is declared without counter_cache.
57
61
  # Default: nil
@@ -25,7 +25,6 @@ class DeviseInvitable::RegistrationsControllerTest < ActionController::TestCase
25
25
  sign_out @issuer
26
26
 
27
27
  @invitee = User.where(:email => invitee_email).first
28
- assert @invitee.encrypted_password.blank?, "the password should be unset"
29
28
  assert_nil @invitee.invitation_accepted_at
30
29
  assert_not_nil @invitee.invitation_token
31
30
  assert !@invitee.confirmed?
@@ -99,7 +99,7 @@ class InvitationTest < ActionDispatch::IntegrationTest
99
99
  end
100
100
  assert_equal user_invitation_path, current_path
101
101
  assert page.has_css?('#error_explanation li', :text => /Password .*doesn\'t match/)
102
- assert user.encrypted_password.blank?
102
+ assert !user.confirmed?
103
103
  end
104
104
 
105
105
  test 'not authenticated user with valid data should be able to change his password' do
@@ -109,6 +109,7 @@ class InvitationTest < ActionDispatch::IntegrationTest
109
109
  assert_equal root_path, current_path
110
110
  assert page.has_css?('p#notice', :text => 'Your password was set successfully. You are now signed in.')
111
111
  assert user.reload.valid_password?('987654321')
112
+ assert user.confirmed?
112
113
  end
113
114
 
114
115
  test 'after entering invalid data user should still be able to set his password' do
@@ -118,7 +119,6 @@ class InvitationTest < ActionDispatch::IntegrationTest
118
119
  end
119
120
  assert_equal user_invitation_path, current_path
120
121
  assert page.has_css?('#error_explanation')
121
- assert user.encrypted_password.blank?
122
122
 
123
123
  set_password :visit => false
124
124
  assert page.has_css?('p#notice', :text => 'Your password was set successfully. You are now signed in.')
@@ -181,6 +181,11 @@ class InvitableTest < ActiveSupport::TestCase
181
181
  assert_not_equal old_encrypted_password, user.encrypted_password
182
182
  end
183
183
 
184
+ test 'should not override password on invite!' do
185
+ user = User.invite!(:email => "valid@email.com", :password => 'password', :password_confirmation => 'password', :skip_invitation => true)
186
+ assert user.valid?
187
+ end
188
+
184
189
  test 'should clear invitation token and set invitation_accepted_at while accepting the password' do
185
190
  user = User.invite!(:email => "valid@email.com")
186
191
  assert user.invitation_token.present?
@@ -124,6 +124,10 @@ Devise.setup do |config|
124
124
  # Default: nil
125
125
  # config.invited_by_class_name = 'User'
126
126
 
127
+ # The foreign key to the inviting model (if invited_by_class_name is set)
128
+ # Default: :invited_by_id
129
+ # config.invited_by_foreign_key = :invited_by_id
130
+
127
131
  # The column name used for counter_cache column. If this is nil,
128
132
  # the #invited_by association is declared without counter_cache.
129
133
  # Default: nil
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_invitable
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.1
4
+ version: 1.5.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sergio Cambra
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-06-16 00:00:00.000000000 Z
11
+ date: 2015-07-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler