devise_invitable 1.5.3 → 1.5.5

checksums.yaml

@@ -1,7 +1,7 @@
----
-SHA1:
-  metadata.gz: 34b7a909db3f99e89240bf2b81107b5981e656cb
-  data.tar.gz: 47f3c423acd3c430232c028e130174c23720081e
-SHA512:
-  metadata.gz: fb028f99d4fc760cdecc7f747b3070fa7c2373d3e5655cdb51c2526245a546f1c8b4b84175810b9b8c1df33f054a0b5b1c4190f2280eda5d31f6f7377e7cffbf
-  data.tar.gz: e04a795483022a82a601790ad24d682934322e45348026bd6a3b387b8284b41ca8403e55afddaf57b51d630961cb2650e8fbcea15d9144c07d3e1fde8f23976f
+--- 
+SHA1: 
+  metadata.gz: c73f548d678402b25124902905d122de26316161
+  data.tar.gz: 39b1f217bf6a01ab772a462f5488f75a519b15fb
+SHA512: 
+  metadata.gz: 6150c3a9debc6a2974662801bff49a4bc3ab5ef1c6c24ca9a31d355d5633f48b591c99d80349a3feb4319b6bddf33ad5ae6159e2131fcd03b17aeed52b593f15
+  data.tar.gz: a6e3025090643913f77bcbb4d20c8a31db17573eb62e26a13256d6ffc83bc4812f0b84182c2e75456575761192a22b8f637be0f0c859e5dc315641491dd00b5f

data/CHANGELOG

@@ -1,3 +1,14 @@
+- Ensure that all invited user passwords conform to a format
+- Call set_minimum_password_length (if exists) on accept invitation as devise does
+- Controllers inheriting from Devise::InvitationsController will now use 'devise.invitations' translations
+  when using Devise >= 3.5. See https://github.com/plataformatec/devise/pull/3407 for more details.
+- Add invitation due date to mailer
+
+= 1.5.3
+
+- Fix #585, avoid generating new password if there already is a encrypted one
+- Give error if trying to register with a registered email
+
 = 1.5.2
 
 - Fix #571, accept invitation when password changes only if reset_password_token was present

data/README.rdoc

@@ -185,7 +185,7 @@ To change behaviour of inviting or accepting users, you can simply override two
     # should return an instance of resource class
     def invite_resource
       ## skip sending emails on invite
-      resource_class.invite!(invite_params, current_inviter) do |u|
+      super do |u|
         u.skip_invitation = true
       end
     end
@@ -247,21 +247,21 @@ the value is temporarily available when you invite a user and will be decrypted
 
   accept_user_invitation_url(:invitation_token => user.raw_invitation_token)
 
-When skip_invitation is used, you must also then set the invitation_sent_at field when the user is sent their
-token. Failure to do so will yield "Invalid invitation token" errors when the user attempts to accept the invite.
+When <tt>skip_invitation</tt> is used, you must also then set the <tt>invitation_sent_at</tt> field when the user is sent their
+token. Failure to do so will yield <tt>Invalid invitation token</tt> error when the user attempts to accept the invite.
 You can set it like so:
 
   user.deliver_invitation
 
-You can add :skip_invitation to attributes hash if skip_invitation is added to attr_accessible.
+You can add <tt>:skip_invitation</tt> to attributes hash if <tt>skip_invitation</tt> is added to <tt>attr_accessible</tt>.
 
   User.invite!(:email => "new_user@example.com", :name => "John Doe", :skip_invitation => true)
   # => the record will be created, but the invitation email will not be sent
 
-Skip_invitation skips sending the email, but sets invitation_token, so <tt>invited_to_sign_up?</tt> on the
+<tt>skip_invitation</tt> skips sending the email, but sets <tt>invitation_token</tt>, so <tt>invited_to_sign_up?</tt> on the
 resulting user returns true.
 
-To check if a perticular user is created by invitation, irrespective to state of invitation one can use <tt>created_by_invite?</tt>
+To check if a particular user is created by invitation, irrespective to state of invitation one can use <tt>created_by_invite?</tt>
 
 **Warning**
 

data/app/controllers/devise/invitations_controller.rb

@@ -31,6 +31,7 @@ class Devise::InvitationsController < DeviseController
 
   # GET /resource/invitation/accept?invitation_token=abcdef
   def edit
+    set_minimum_password_length if respond_to? :set_minimum_password_length
     resource.invitation_token = params[:invitation_token]
     render :edit
   end
@@ -103,5 +104,8 @@ class Devise::InvitationsController < DeviseController
     devise_parameter_sanitizer.sanitize(:accept_invitation)
   end
 
+  def translation_scope
+    'devise.invitations'
+  end
 end
 

data/app/views/devise/mailer/invitation_instructions.html.erb

@@ -4,4 +4,8 @@
 
 <p><%= link_to t("devise.mailer.invitation_instructions.accept"), accept_invitation_url(@resource, :invitation_token => @token) %></p>
 
+<% if @resource.invitation_due_at %>
+  <p><%= t("devise.mailer.invitation_instructions.accept_until", due_date: l(@resource.invitation_due_at, format: :'devise.mailer.invitation_instructions.accept_until_format')) %></p>
+<% end %>
+
 <p><%= t("devise.mailer.invitation_instructions.ignore").html_safe %></p>

data/config/locales/en.yml

@@ -21,4 +21,11 @@ en:
         hello: "Hello %{email}"
         someone_invited_you: "Someone has invited you to %{url}, you can accept it through the link below."
         accept: "Accept invitation"
+        accept_until: "This invitation will be due in %{due_date}."
         ignore: "If you don't want to accept the invitation, please ignore this email.<br />Your account won't be created until you access the link above and set your password."
+  time:
+    formats:
+      devise:
+        mailer:
+          invitation_instructions:
+            accept_until_format: "%B %d, %Y %I:%M %p"

data/lib/devise_invitable/controllers/helpers.rb

@@ -2,7 +2,6 @@ module DeviseInvitable::Controllers::Helpers
   extend ActiveSupport::Concern
 
   included do
-    hide_action :after_invite_path_for, :after_accept_path_for
   end
   
   def after_invite_path_for(resource)

data/lib/devise_invitable/model.rb

@@ -34,9 +34,9 @@ module Devise
         else
           {:polymorphic => true}
         end
-	if fk = Devise.invited_by_foreign_key
-	  belongs_to_options[:foreign_key] = fk
-	end
+        if fk = Devise.invited_by_foreign_key
+          belongs_to_options[:foreign_key] = fk
+        end
         if defined?(ActiveRecord) && defined?(ActiveRecord::Base) && self < ActiveRecord::Base
           counter_cache = Devise.invited_by_counter_cache
           belongs_to_options.merge! :counter_cache => counter_cache if counter_cache
@@ -109,8 +109,8 @@ module Devise
       end
 
       # Reset invitation token and send invitation again
-      def invite!(invited_by = nil)
-        # This is an order-dependant assignment, this can't be moved 
+      def invite!(invited_by = nil, options = {})
+        # This is an order-dependant assignment, this can't be moved
         was_invited = invited_to_sign_up?
 
         # Required to workaround confirmable model's confirmation_required? method
@@ -131,7 +131,7 @@ module Devise
 
         if save(:validate => false)
           self.invited_by.decrement_invitation_limit! if !was_invited and self.invited_by.present?
-          deliver_invitation unless skip_invitation
+          deliver_invitation(options) unless skip_invitation
         end
       end
 
@@ -164,10 +164,10 @@ module Devise
       end
 
       # Deliver the invitation email
-      def deliver_invitation
+      def deliver_invitation(options = {})
         generate_invitation_token! unless @raw_invitation_token
         self.update_attribute :invitation_sent_at, Time.now.utc unless self.invitation_sent_at
-        send_devise_notification(:invitation_instructions, @raw_invitation_token)
+        send_devise_notification(:invitation_instructions, @raw_invitation_token, options)
       end
 
       # provide alias to the encrypted invitation_token stored by devise
@@ -179,6 +179,13 @@ module Devise
         respond_to?(:confirmation_required?, true) && confirmation_required?
       end
 
+      def invitation_due_at
+        return nil unless self.class.invite_for
+
+        time = self.invitation_created_at || self.invitation_sent_at
+        time + self.class.invite_for
+      end
+
       protected
 
         def block_from_invitation?
@@ -242,7 +249,7 @@ module Devise
         # email is resent unless resend_invitation is set to false.
         # Attributes must contain the user's email, other attributes will be
         # set in the record
-        def _invite(attributes={}, invited_by=nil, &block)
+        def _invite(attributes={}, invited_by=nil, options = {}, &block)
           invite_key_array = invite_key_fields
           attributes_hash = {}
           invite_key_array.each do |k,v|
@@ -255,7 +262,7 @@ module Devise
           invitable.assign_attributes(attributes)
           invitable.invited_by = invited_by
           unless invitable.password || invitable.encrypted_password.present?
-            invitable.password = Devise.friendly_token[0, 20]
+            invitable.password = random_password
           end
 
           invitable.valid? if self.validate_on_invite
@@ -268,16 +275,16 @@ module Devise
           end
 
           yield invitable if block_given?
-          mail = invitable.invite! if invitable.errors.empty?
+          mail = invitable.invite!(nil, options) if invitable.errors.empty?
           [invitable, mail]
         end
 
-        def invite!(attributes={}, invited_by=nil, &block)
-          _invite(attributes.with_indifferent_access, invited_by, &block).first
+        def invite!(attributes={}, invited_by=nil, options = {}, &block)
+          _invite(attributes.with_indifferent_access, invited_by, options, &block).first
         end
 
-        def invite_mail!(attributes={}, invited_by=nil, &block)
-          _invite(attributes, invited_by, &block).last
+        def invite_mail!(attributes={}, invited_by=nil, options = {}, &block)
+          _invite(attributes, invited_by, options, &block).last
         end
 
         # Attempt to find a user by it's invitation_token to set it's password.
@@ -320,8 +327,18 @@ module Devise
         Devise::Models.config(self, :resend_invitation)
         Devise::Models.config(self, :allow_insecure_sign_in_after_accept)
 
+        private
+
+        # The random password, as set after an invitation, must conform
+        # to any password format validation rules of the application.
+        # This default fixes the most common scenarios: Passwords must contain
+        # lower + upper case, a digit and a symbol.
+        # For more unusual rules, this method can be overridden.
+        def random_password
+          "aA1!" + Devise.friendly_token[0, 20]
+        end
+
       end
     end
   end
 end
-

data/lib/devise_invitable/version.rb

@@ -1,3 +1,3 @@
 module DeviseInvitable
-  VERSION = '1.5.3'
+  VERSION = '1.5.5'
 end

data/test/mailers/invitation_mail_test.rb

@@ -66,4 +66,30 @@ class InvitationMailTest < ActionMailer::TestCase
     invitation_url_regexp = %r{<a href=\"http://#{host}/users/invitation/accept\?invitation_token=#{Thread.current[:token]}">}
     assert_match invitation_url_regexp, body
   end
+
+  test 'body should have invitation due date when it exists' do
+    host = ActionMailer::Base.default_url_options[:host]
+    user
+    body = mail.body.decoded
+
+    due_date_regexp = %r{#{I18n.l user.invitation_due_at, format: :'devise.mailer.invitation_instructions.accept_until_format' }}
+    assert_match due_date_regexp, body
+  end
+
+  test 'options are passed to the delivery method' do
+    class CustomMailer < Devise::Mailer
+      class << self
+        def invitation_instructions(record, name, options = {})
+          fail 'Options not as expected' unless options[:invited_at].is_a?(Time)
+          new(record, name, options)
+        end
+      end
+
+      def initialize(*args); end
+      def deliver; end
+    end
+    Devise.mailer = CustomMailer
+
+    User.invite!({ email: 'valid@email.com' }, nil, { invited_at: Time.now })
+  end
 end

data/test/model_tests_helper.rb

@@ -1,5 +1,6 @@
 class ActiveSupport::TestCase
   def setup_mailer
+    Devise.mailer = Devise::Mailer
     ActionMailer::Base.deliveries = []
   end
 

data/test/models/invitable_test.rb

@@ -122,6 +122,22 @@ class InvitableTest < ActiveSupport::TestCase
     assert !user.valid_invitation?
   end
 
+  test 'should return token validity when there is invite_for' do
+    User.stubs(:invite_for).returns(1.day)
+    user = User.invite!(:email => "valid@email.com")
+    sent_at = user.invitation_created_at || user.invitation_sent_at
+    valid_until = sent_at + User.invite_for
+
+    assert_equal user.invitation_due_at, valid_until
+  end
+
+  test 'should return nil as token validity when there is not invite_for' do
+    User.stubs(:invite_for).returns(nil)
+    user = User.invite!(:email => "valid@email.com")
+
+    assert_equal user.invitation_due_at, nil
+  end
+
   test 'should never generate the same invitation token for different users' do
     invitation_tokens = []
     3.times do
@@ -657,4 +673,18 @@ class InvitableTest < ActiveSupport::TestCase
     retval = user.reset_password!('anewpassword', 'anewpassword')
     assert_equal true, retval
   end
+
+  test 'should set initial password with variety of characters' do
+    PASSWORD_FORMAT = /\A
+        (?=.*\d)           # Must contain a digit
+        (?=.*[a-z])        # Must contain a lower case character
+        (?=.*[A-Z])        # Must contain an upper case character
+        (?=.*[[:^alnum:]]) # Must contain a symbol
+      /x
+    User.stubs(:invite_key).returns(:password => PASSWORD_FORMAT)
+    Devise.stubs(:friendly_token).returns('onlylowercaseletters')
+    user = User.invite!(:email => "valid@email.com")
+    assert user.persisted?
+    assert user.errors.empty?
+  end
 end

data/test/rails_app/config/locales/en.yml

@@ -3,6 +3,9 @@
 
 en:
   hello: "Hello world"
+  time:
+    formats:
+      short: "%b %d"
   devise:
     free_invitations:
       send_instructions: 'An invitation email has been sent to %{email}.'

metadata

@@ -1,71 +1,59 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification 
 name: devise_invitable
-version: !ruby/object:Gem::Version
-  version: 1.5.3
+version: !ruby/object:Gem::Version 
+  version: 1.5.5
 platform: ruby
-authors:
+authors: 
 - Sergio Cambra
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-30 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+
+date: 2015-12-17 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
   name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: 1.1.0
   type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
         version: 1.1.0
-- !ruby/object:Gem::Dependency
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
   name: actionmailer
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: 3.2.6
-    - - <
-      - !ruby/object:Gem::Version
-        version: '5'
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
         version: 3.2.6
     - - <
-      - !ruby/object:Gem::Version
-        version: '5'
-- !ruby/object:Gem::Dependency
+      - !ruby/object:Gem::Version 
+        version: "5"
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
   name: devise
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: 3.2.0
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
         version: 3.2.0
-description: It adds support for send invitations by email (it requires to be authenticated)
-  and accept the invitation by setting a password.
-email:
+  version_requirements: *id003
+description: It adds support for send invitations by email (it requires to be authenticated) and accept the invitation by setting a password.
+email: 
 - sergio@entrecables.com
 executables: []
+
 extensions: []
+
 extra_rdoc_files: []
-files:
+
+files: 
 - CHANGELOG
 - LICENSE
 - README.rdoc
@@ -146,33 +134,35 @@ files:
 - test/routes_test.rb
 - test/test_helper.rb
 homepage: https://github.com/scambra/devise_invitable
-licenses:
+licenses: 
 - MIT
 metadata: {}
+
 post_install_message: 
-rdoc_options:
+rdoc_options: 
 - --main
 - README.rdoc
 - --charset=UTF-8
-require_paths:
+require_paths: 
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  requirements:
-  - - '>='
-    - !ruby/object:Gem::Version
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
       version: 1.8.6
-required_rubygems_version: !ruby/object:Gem::Requirement
-  requirements:
-  - - '>='
-    - !ruby/object:Gem::Version
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
       version: 1.3.6
 requirements: []
+
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.4.6
 signing_key: 
 specification_version: 4
 summary: An invitation strategy for Devise
-test_files:
+test_files: 
 - test/functional/controller_helpers_test.rb
 - test/functional/registrations_controller_test.rb
 - test/generators/views_generator_test.rb