devise_invitable 2.0.8 → 2.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1d79a9c9139872616687b6479929d53572f9634188eeb9a83a7fdb56c9a56de0
-  data.tar.gz: dd37eafdb0b8a074c11ab51c25b8faea114992cf640e599edb5b9fefec0eb9a3
+  metadata.gz: b8ff92d4a82378780e01c6d3cfe57ff0808b08d49a619e3a899e94a86e7ec46c
+  data.tar.gz: 174e7982212230032987ad9b6b1ed572b98fda73fc0652e095ae71c1b6282436
 SHA512:
-  metadata.gz: a275438d6791f2f3e06d3d7a0b83db15142ce0a24337f928e08ee7c9818aa517efaa070c73e2bfc280a28ef8cf1104a9aa6711c8325479c02a794a1b963ec9d5
-  data.tar.gz: cef6663d0ce1f61b87dcc73cf151afa55a4054983c8a580d2a94446887f5018a5ba604eea0a656495e2ae3755bc437457c1d109d1ae8faf775182417c4ca313f
+  metadata.gz: 25a25c7ec4df1183ef43d399f73cb7a4b661cc33df172d660dd551f658bebce01ac552c837608affeac59aeaaa85b137ad56247278fbe5a436ea15d03131b1e3
+  data.tar.gz: 07a394b356fb623ab7a8ca48486acd935ea5c69b86969ccae667d414bc6d7319ec2e5fe90c0cdc8ff2a9f46eace35bfd517df659fc445088f4e43a0f6536590c

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+## 2.0.9
+- Do not accept expired invitation on password reset ([#897](https://github.com/scambra/devise_invitable/pull/897))
+
 ## 2.0.8
 - Fix for turbo stream
 

data/config/locales/fr.yml

@@ -14,10 +14,8 @@ fr:
         legend: Envoyer l’invitation
         submit_button: Envoyer
       edit:
-        header: Confirmation
-        submit_button: Confirmer
-        new_password: Mot de passe
-        new_password_confirmation: Confirmation du mot de passe
+        header: Définissez votre mot de passe
+        submit_button: Définir mon mot de passe
     mailer:
       invitation_instructions:
         subject: 'Vous avez reçu une invitation'
@@ -31,4 +29,4 @@ fr:
       devise:
         mailer:
           invitation_instructions:
-            accept_until_format: "%B %d, %Y %I:%M %p"
+            accept_until_format: "%B %d, %Y %I:%M %p"

data/config/locales/id.yml

@@ -0,0 +1,31 @@
+id:
+  devise:
+    failure:
+      invited: "Anda memiliki undangan yang tertunda, harap terima undangan tersebut untuk menyelesaikan pembuatan akun Anda."
+    invitations:
+      send_instructions: "Email undangan telah dikirim ke %{email}."
+      invitation_token_invalid: "Token undangan yang diberikan tidak valid!"
+      updated: "Kata sandi Anda telah berhasil diatur. Anda sudah masuk."
+      updated_not_active: "Kata sandi Anda telah berhasil diatur."
+      no_invitations_remaining: "Tidak ada undangan tersisa."
+      invitation_removed: "Undangan Anda telah dihapus."
+      new:
+        header: "Kirim Undangan"
+        submit_button: "Kirim undangan"
+      edit:
+        header: "Atur kata sandi Anda"
+        submit_button: "Atur kata sandi"
+    mailer:
+      invitation_instructions:
+        subject: "Instruksi Undangan"
+        hello: "Halo %{email}"
+        someone_invited_you: "Seseorang telah mengundang Anda ke %{url}. Anda dapat menerima undangan ini melalui tautan di bawah ini."
+        accept: "Terima Undangan"
+        accept_until: "Undangan ini akan berakhir pada %{due_date}."
+        ignore: "Jika Anda tidak ingin menerima undangan ini, silakan abaikan email ini. Akun Anda tidak akan dibuat sampai Anda mengakses tautan di atas dan mengatur kata sandi Anda."
+  time:
+    formats:
+      devise:
+        mailer:
+          invitation_instructions:
+            accept_until_format: "%d %B %Y %H:%M:%S"

data/lib/devise_invitable/models.rb

@@ -195,7 +195,7 @@ module Devise
       def clear_reset_password_token
         reset_password_token_present = reset_password_token.present?
         super
-        accept_invitation! if reset_password_token_present && invited_to_sign_up?
+        accept_invitation! if reset_password_token_present && valid_invitation?
       end
 
       def clear_errors_on_valid_keys
@@ -231,7 +231,7 @@ module Devise
       def add_taken_error(key)
         errors.add(key, :taken)
       end
-    
+
       def invitation_taken?
         !invited_to_sign_up?
       end

data/lib/devise_invitable/version.rb

@@ -1,3 +1,3 @@
 module DeviseInvitable
-  VERSION = '2.0.8'.freeze
+  VERSION = '2.0.9'.freeze
 end

data/test/models/invitable_test.rb

@@ -279,6 +279,23 @@ class InvitableTest < ActiveSupport::TestCase
     refute_predicate user, :invited_to_sign_up?
   end
 
+  test 'should not accept expired invitation while resetting the password' do
+    User.stubs(:invite_for).returns(1.day)
+    user = User.invite!(email: 'valid@email.com')
+    assert user.invited_to_sign_up?
+    user.invitation_created_at = Time.now.utc - 2.days
+    token, user.reset_password_token = Devise.token_generator.generate(User, :reset_password_token)
+    user.reset_password_sent_at = Time.now.utc
+    user.save
+
+    assert user.reset_password_token.present?
+    assert user.invitation_token.present?
+    User.reset_password_by_token(reset_password_token: token, password: '123456789', password_confirmation: '123456789')
+    assert_nil user.reload.reset_password_token
+    assert user.reload.invitation_token.present?
+    assert user.reload.invited_to_sign_up?
+  end
+
   test 'should not accept invitation on failing to reset the password' do
     user = User.invite!(email: 'valid@email.com')
     assert user.invited_to_sign_up?
@@ -366,6 +383,42 @@ class InvitableTest < ActiveSupport::TestCase
     User.validate_on_invite = validate_on_invite
   end
 
+  test 'should not validate other attributes when validate_on_invite is disabled (for instance method)' do
+    validate_on_invite = User.validate_on_invite
+    User.validate_on_invite = false
+    user = new_user(email: 'valid@email.com', username: 'a' * 50)
+    user.invite!(nil, validate: false)
+    assert_empty user.errors
+    User.validate_on_invite = validate_on_invite
+  end
+
+  test 'should validate other attributes when validate_on_invite is disabled and validate option is enabled (for instance method)' do
+    validate_on_invite = User.validate_on_invite
+    User.validate_on_invite = false
+    user = new_user(email: 'valid@email.com', username: 'a' * 50)
+    user.invite!(nil, validate: true)
+    refute_empty user.errors[:username]
+    User.validate_on_invite = validate_on_invite
+  end
+
+  test 'should validate other attributes when validate_on_invite is enabled and validate option is disabled (for instance method)' do
+    validate_on_invite = User.validate_on_invite
+    User.validate_on_invite = true
+    user = new_user(email: 'valid@email.com', username: 'a' * 50)
+    user.invite!
+    refute_empty user.errors[:username]
+    User.validate_on_invite = validate_on_invite
+  end
+
+  test 'should validate other attributes when validate_on_invite is enabled and validate option is disabled explicitly (for instance method)' do
+    validate_on_invite = User.validate_on_invite
+    User.validate_on_invite = true
+    user = new_user(email: 'valid@email.com', username: 'a' * 50)
+    user.invite!(nil, validate: false)
+    assert_empty user.errors
+    User.validate_on_invite = validate_on_invite
+  end
+
   test 'should return a record with errors if user was found by e-mail' do
     existing_user = User.new(email: 'valid@email.com')
     existing_user.save(validate: false)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_invitable
 version: !ruby/object:Gem::Version
-  version: 2.0.8
+  version: 2.0.9
 platform: ruby
 authors:
 - Sergio Cambra
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-04-27 00:00:00.000000000 Z
+date: 2023-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer
@@ -78,6 +78,7 @@ files:
 - config/locales/et.yml
 - config/locales/fa.yml
 - config/locales/fr.yml
+- config/locales/id.yml
 - config/locales/it.yml
 - config/locales/ja.yml
 - config/locales/ko.yml