devise_jwt_auth 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +13 -0
- data/README.md +99 -0
- data/Rakefile +42 -0
- data/app/controllers/devise_jwt_auth/application_controller.rb +80 -0
- data/app/controllers/devise_jwt_auth/concerns/resource_finder.rb +44 -0
- data/app/controllers/devise_jwt_auth/concerns/set_user_by_jwt_token.rb +111 -0
- data/app/controllers/devise_jwt_auth/confirmations_controller.rb +88 -0
- data/app/controllers/devise_jwt_auth/omniauth_callbacks_controller.rb +291 -0
- data/app/controllers/devise_jwt_auth/passwords_controller.rb +217 -0
- data/app/controllers/devise_jwt_auth/refresh_token_controller.rb +41 -0
- data/app/controllers/devise_jwt_auth/registrations_controller.rb +203 -0
- data/app/controllers/devise_jwt_auth/sessions_controller.rb +131 -0
- data/app/controllers/devise_jwt_auth/unlocks_controller.rb +99 -0
- data/app/models/devise_jwt_auth/concerns/active_record_support.rb +16 -0
- data/app/models/devise_jwt_auth/concerns/confirmable_support.rb +27 -0
- data/app/models/devise_jwt_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_jwt_auth/concerns/tokens_serialization.rb +19 -0
- data/app/models/devise_jwt_auth/concerns/user.rb +117 -0
- data/app/models/devise_jwt_auth/concerns/user_omniauth_callbacks.rb +28 -0
- data/app/validators/devise_jwt_auth_email_validator.rb +23 -0
- data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
- data/app/views/devise_jwt_auth/omniauth_external_window.html.erb +38 -0
- data/config/locales/da-DK.yml +52 -0
- data/config/locales/de.yml +51 -0
- data/config/locales/en.yml +57 -0
- data/config/locales/es.yml +51 -0
- data/config/locales/fr.yml +51 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +48 -0
- data/config/locales/ja.yml +48 -0
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +32 -0
- data/config/locales/pl.yml +50 -0
- data/config/locales/pt-BR.yml +48 -0
- data/config/locales/pt.yml +50 -0
- data/config/locales/ro.yml +48 -0
- data/config/locales/ru.yml +52 -0
- data/config/locales/sq.yml +48 -0
- data/config/locales/sv.yml +52 -0
- data/config/locales/uk.yml +61 -0
- data/config/locales/vi.yml +52 -0
- data/config/locales/zh-CN.yml +48 -0
- data/config/locales/zh-HK.yml +50 -0
- data/config/locales/zh-TW.yml +50 -0
- data/lib/devise_jwt_auth.rb +14 -0
- data/lib/devise_jwt_auth/blacklist.rb +2 -0
- data/lib/devise_jwt_auth/controllers/helpers.rb +161 -0
- data/lib/devise_jwt_auth/controllers/url_helpers.rb +10 -0
- data/lib/devise_jwt_auth/engine.rb +96 -0
- data/lib/devise_jwt_auth/errors.rb +8 -0
- data/lib/devise_jwt_auth/rails/routes.rb +118 -0
- data/lib/devise_jwt_auth/token_factory.rb +51 -0
- data/lib/devise_jwt_auth/url.rb +44 -0
- data/lib/devise_jwt_auth/version.rb +5 -0
- data/lib/generators/devise_jwt_auth/USAGE +31 -0
- data/lib/generators/devise_jwt_auth/install_generator.rb +91 -0
- data/lib/generators/devise_jwt_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_jwt_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_jwt_auth/install_views_generator.rb +18 -0
- data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth.rb +74 -0
- data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth_create_users.rb.erb +51 -0
- data/lib/generators/devise_jwt_auth/templates/user.rb.erb +9 -0
- data/lib/generators/devise_jwt_auth/templates/user_mongoid.rb.erb +56 -0
- data/lib/tasks/devise_token_auth_tasks.rake +6 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +25 -0
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +33 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +79 -0
- data/test/controllers/custom/custom_refresh_token_controller_test.rb +36 -0
- data/test/controllers/custom/custom_registrations_controller_test.rb +59 -0
- data/test/controllers/custom/custom_sessions_controller_test.rb +39 -0
- data/test/controllers/demo_group_controller_test.rb +150 -0
- data/test/controllers/demo_mang_controller_test.rb +286 -0
- data/test/controllers/demo_user_controller_test.rb +650 -0
- data/test/controllers/devise_jwt_auth/confirmations_controller_test.rb +194 -0
- data/test/controllers/devise_jwt_auth/omniauth_callbacks_controller_test.rb +462 -0
- data/test/controllers/devise_jwt_auth/passwords_controller_test.rb +881 -0
- data/test/controllers/devise_jwt_auth/refresh_token_controller_test.rb +84 -0
- data/test/controllers/devise_jwt_auth/registrations_controller_test.rb +944 -0
- data/test/controllers/devise_jwt_auth/sessions_controller_test.rb +510 -0
- data/test/controllers/devise_jwt_auth/unlocks_controller_test.rb +197 -0
- data/test/controllers/overrides/confirmations_controller_test.rb +47 -0
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +53 -0
- data/test/controllers/overrides/passwords_controller_test.rb +65 -0
- data/test/controllers/overrides/refresh_token_controller_test.rb +37 -0
- data/test/controllers/overrides/registrations_controller_test.rb +47 -0
- data/test/controllers/overrides/sessions_controller_test.rb +35 -0
- data/test/dummy/README.rdoc +28 -0
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/active_record/lockable_user.rb +7 -0
- data/test/dummy/app/active_record/mang.rb +5 -0
- data/test/dummy/app/active_record/only_email_user.rb +7 -0
- data/test/dummy/app/active_record/scoped_user.rb +9 -0
- data/test/dummy/app/active_record/unconfirmable_user.rb +9 -0
- data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/application_controller.rb +18 -0
- data/test/dummy/app/controllers/auth_origin_controller.rb +7 -0
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +13 -0
- data/test/dummy/app/controllers/custom/passwords_controller.rb +39 -0
- data/test/dummy/app/controllers/custom/refresh_token_controller.rb +20 -0
- data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
- data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
- data/test/dummy/app/controllers/demo_group_controller.rb +15 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +14 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +27 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +37 -0
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +16 -0
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +45 -0
- data/test/dummy/app/controllers/overrides/refresh_token_controller.rb +22 -0
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +29 -0
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
- data/test/dummy/app/helpers/application_helper.rb +1058 -0
- data/test/dummy/app/models/concerns/favorite_color.rb +19 -0
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/config.ru +18 -0
- data/test/dummy/config/application.rb +48 -0
- data/test/dummy/config/application.yml.bk +0 -0
- data/test/dummy/config/boot.rb +11 -0
- data/test/dummy/config/environment.rb +7 -0
- data/test/dummy/config/environments/development.rb +46 -0
- data/test/dummy/config/environments/production.rb +84 -0
- data/test/dummy/config/environments/test.rb +50 -0
- data/test/dummy/config/initializers/assets.rb +10 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +9 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +5 -0
- data/test/dummy/config/initializers/devise.rb +290 -0
- data/test/dummy/config/initializers/devise_jwt_auth.rb +55 -0
- data/test/dummy/config/initializers/figaro.rb +3 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +6 -0
- data/test/dummy/config/initializers/inflections.rb +18 -0
- data/test/dummy/config/initializers/mime_types.rb +6 -0
- data/test/dummy/config/initializers/omniauth.rb +11 -0
- data/test/dummy/config/initializers/session_store.rb +5 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +16 -0
- data/test/dummy/config/routes.rb +57 -0
- data/test/dummy/config/spring.rb +3 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +58 -0
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +57 -0
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +8 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +7 -0
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +55 -0
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +56 -0
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +56 -0
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +56 -0
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +56 -0
- data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
- data/test/dummy/db/schema.rb +198 -0
- data/test/dummy/lib/migration_database_helper.rb +43 -0
- data/test/dummy/tmp/generators/app/models/user.rb +9 -0
- data/test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb +74 -0
- data/test/dummy/tmp/generators/config/routes.rb +4 -0
- data/test/dummy/tmp/generators/db/migrate/20200206224309_devise_jwt_auth_create_users.rb +51 -0
- data/test/factories/users.rb +41 -0
- data/test/lib/devise_jwt_auth/blacklist_test.rb +11 -0
- data/test/lib/devise_jwt_auth/token_factory_test.rb +115 -0
- data/test/lib/devise_jwt_auth/url_test.rb +26 -0
- data/test/lib/generators/devise_jwt_auth/install_generator_test.rb +219 -0
- data/test/lib/generators/devise_jwt_auth/install_generator_with_namespace_test.rb +224 -0
- data/test/lib/generators/devise_jwt_auth/install_views_generator_test.rb +25 -0
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +72 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +29 -0
- data/test/models/user_test.rb +110 -0
- data/test/support/controllers/routes.rb +43 -0
- data/test/test_helper.rb +91 -0
- metadata +503 -0
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module DeviseJwtAuth
|
|
4
|
+
class RefreshTokenController < DeviseJwtAuth::ApplicationController
|
|
5
|
+
before_action :set_user_by_refresh_token
|
|
6
|
+
|
|
7
|
+
def show
|
|
8
|
+
if @resource
|
|
9
|
+
yield @resource if block_given?
|
|
10
|
+
render_refresh_token_success
|
|
11
|
+
else
|
|
12
|
+
render_refresh_token_error
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
protected
|
|
17
|
+
def resource_data
|
|
18
|
+
response_data = @resource.as_json
|
|
19
|
+
response_data['type'] = @resource.class.name.parameterize if json_api?
|
|
20
|
+
response_data
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def render_refresh_token_success
|
|
24
|
+
response_data = {
|
|
25
|
+
status: 'success',
|
|
26
|
+
data: resource_data
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
response_data.merge!(@resource.create_named_token_pair) if active_for_authentication?
|
|
30
|
+
render json: response_data
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def render_refresh_token_error
|
|
34
|
+
render_error(401, I18n.t('devise_jwt_auth.token_validations.invalid'))
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def active_for_authentication?
|
|
38
|
+
!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
@@ -0,0 +1,203 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module DeviseJwtAuth
|
|
4
|
+
class RegistrationsController < DeviseJwtAuth::ApplicationController
|
|
5
|
+
before_action :set_user_by_token, only: [:destroy, :update]
|
|
6
|
+
before_action :validate_sign_up_params, only: :create
|
|
7
|
+
before_action :validate_account_update_params, only: :update
|
|
8
|
+
# skip_after_action :update_auth_header, only: [:create, :destroy]
|
|
9
|
+
|
|
10
|
+
def create
|
|
11
|
+
build_resource
|
|
12
|
+
|
|
13
|
+
unless @resource.present?
|
|
14
|
+
raise DeviseJwtAuth::Errors::NoResourceDefinedError,
|
|
15
|
+
"#{self.class.name} #build_resource does not define @resource,"\
|
|
16
|
+
' execution stopped.'
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# give redirect value from params priority
|
|
20
|
+
@redirect_url = params.fetch(
|
|
21
|
+
:confirm_success_url,
|
|
22
|
+
DeviseJwtAuth.default_confirm_success_url
|
|
23
|
+
)
|
|
24
|
+
|
|
25
|
+
# success redirect url is required
|
|
26
|
+
if confirmable_enabled? && !@redirect_url
|
|
27
|
+
return render_create_error_missing_confirm_success_url
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
# if whitelist is set, validate redirect_url against whitelist
|
|
31
|
+
return render_create_error_redirect_url_not_allowed if blacklisted_redirect_url?(@redirect_url)
|
|
32
|
+
|
|
33
|
+
# override email confirmation, must be sent manually from ctrl
|
|
34
|
+
callback_name = defined?(ActiveRecord) && resource_class < ActiveRecord::Base ? :commit : :create
|
|
35
|
+
resource_class.set_callback(callback_name, :after, :send_on_create_confirmation_instructions)
|
|
36
|
+
resource_class.skip_callback(callback_name, :after, :send_on_create_confirmation_instructions)
|
|
37
|
+
|
|
38
|
+
if @resource.respond_to? :skip_confirmation_notification!
|
|
39
|
+
# Fix duplicate e-mails by disabling Devise confirmation e-mail
|
|
40
|
+
@resource.skip_confirmation_notification!
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
if @resource.save
|
|
44
|
+
yield @resource if block_given?
|
|
45
|
+
|
|
46
|
+
unless @resource.confirmed?
|
|
47
|
+
# user will require email authentication
|
|
48
|
+
@resource.send_confirmation_instructions({
|
|
49
|
+
client_config: params[:config_name],
|
|
50
|
+
redirect_url: @redirect_url
|
|
51
|
+
})
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
update_refresh_token_cookie if active_for_authentication?
|
|
55
|
+
|
|
56
|
+
render_create_success
|
|
57
|
+
else
|
|
58
|
+
clean_up_passwords @resource
|
|
59
|
+
render_create_error
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def update
|
|
64
|
+
if @resource
|
|
65
|
+
if @resource.send(resource_update_method, account_update_params)
|
|
66
|
+
yield @resource if block_given?
|
|
67
|
+
render_update_success
|
|
68
|
+
else
|
|
69
|
+
render_update_error
|
|
70
|
+
end
|
|
71
|
+
else
|
|
72
|
+
render_update_error_user_not_found
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def destroy
|
|
77
|
+
if @resource
|
|
78
|
+
@resource.destroy
|
|
79
|
+
yield @resource if block_given?
|
|
80
|
+
render_destroy_success
|
|
81
|
+
else
|
|
82
|
+
render_destroy_error
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
def sign_up_params
|
|
87
|
+
params.permit(*params_for_resource(:sign_up))
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
def account_update_params
|
|
91
|
+
params.permit(*params_for_resource(:account_update))
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
protected
|
|
95
|
+
|
|
96
|
+
def build_resource
|
|
97
|
+
@resource = resource_class.new(sign_up_params)
|
|
98
|
+
@resource.provider = provider
|
|
99
|
+
|
|
100
|
+
# honor devise configuration for case_insensitive_keys
|
|
101
|
+
if resource_class.case_insensitive_keys.include?(:email)
|
|
102
|
+
@resource.email = sign_up_params[:email].try(:downcase)
|
|
103
|
+
else
|
|
104
|
+
@resource.email = sign_up_params[:email]
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
def render_create_error_missing_confirm_success_url
|
|
109
|
+
response = {
|
|
110
|
+
status: 'error',
|
|
111
|
+
data: resource_data
|
|
112
|
+
}
|
|
113
|
+
message = I18n.t('devise_jwt_auth.registrations.missing_confirm_success_url')
|
|
114
|
+
render_error(422, message, response)
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
def render_create_error_redirect_url_not_allowed
|
|
118
|
+
response = {
|
|
119
|
+
status: 'error',
|
|
120
|
+
data: resource_data
|
|
121
|
+
}
|
|
122
|
+
message = I18n.t('devise_jwt_auth.registrations.redirect_url_not_allowed', redirect_url: @redirect_url)
|
|
123
|
+
render_error(422, message, response)
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
def render_create_success
|
|
127
|
+
response_data = {
|
|
128
|
+
status: 'success',
|
|
129
|
+
data: resource_data
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
response_data.merge!(@resource.create_named_token_pair) if active_for_authentication?
|
|
133
|
+
render json: response_data
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
def render_create_error
|
|
137
|
+
render json: {
|
|
138
|
+
status: 'error',
|
|
139
|
+
data: resource_data,
|
|
140
|
+
errors: resource_errors
|
|
141
|
+
}, status: 422
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
def render_update_success
|
|
145
|
+
render json: {
|
|
146
|
+
status: 'success',
|
|
147
|
+
data: resource_data
|
|
148
|
+
}
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
def render_update_error
|
|
152
|
+
render json: {
|
|
153
|
+
status: 'error',
|
|
154
|
+
errors: resource_errors
|
|
155
|
+
}, status: 422
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
def render_update_error_user_not_found
|
|
159
|
+
render_error(404, I18n.t('devise_jwt_auth.registrations.user_not_found'), status: 'error')
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
def render_destroy_success
|
|
163
|
+
render json: {
|
|
164
|
+
status: 'success',
|
|
165
|
+
message: I18n.t('devise_jwt_auth.registrations.account_with_uid_destroyed', uid: @resource.uid)
|
|
166
|
+
}
|
|
167
|
+
end
|
|
168
|
+
|
|
169
|
+
def render_destroy_error
|
|
170
|
+
render_error(404, I18n.t('devise_jwt_auth.registrations.account_to_destroy_not_found'), status: 'error')
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
private
|
|
174
|
+
|
|
175
|
+
def resource_update_method
|
|
176
|
+
if DeviseJwtAuth.check_current_password_before_update == :attributes
|
|
177
|
+
'update_with_password'
|
|
178
|
+
elsif DeviseJwtAuth.check_current_password_before_update == :password && account_update_params.key?(:password)
|
|
179
|
+
'update_with_password'
|
|
180
|
+
elsif account_update_params.key?(:current_password)
|
|
181
|
+
'update_with_password'
|
|
182
|
+
else
|
|
183
|
+
'update'
|
|
184
|
+
end
|
|
185
|
+
end
|
|
186
|
+
|
|
187
|
+
def validate_sign_up_params
|
|
188
|
+
validate_post_data sign_up_params, I18n.t('errors.messages.validate_sign_up_params')
|
|
189
|
+
end
|
|
190
|
+
|
|
191
|
+
def validate_account_update_params
|
|
192
|
+
validate_post_data account_update_params, I18n.t('errors.messages.validate_account_update_params')
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
def validate_post_data which, message
|
|
196
|
+
render_error(:unprocessable_entity, message, status: 'error') if which.empty?
|
|
197
|
+
end
|
|
198
|
+
|
|
199
|
+
def active_for_authentication?
|
|
200
|
+
!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?
|
|
201
|
+
end
|
|
202
|
+
end
|
|
203
|
+
end
|
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
# see http://www.emilsoman.com/blog/2013/05/18/building-a-tested/
|
|
4
|
+
module DeviseJwtAuth
|
|
5
|
+
class SessionsController < DeviseJwtAuth::ApplicationController
|
|
6
|
+
before_action :set_user_by_token, only: [:destroy]
|
|
7
|
+
after_action :reset_session, only: [:destroy]
|
|
8
|
+
|
|
9
|
+
def new
|
|
10
|
+
render_new_error
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def create
|
|
14
|
+
# Check
|
|
15
|
+
field = (resource_params.keys.map(&:to_sym) & resource_class.authentication_keys).first
|
|
16
|
+
|
|
17
|
+
@resource = nil
|
|
18
|
+
if field
|
|
19
|
+
q_value = get_case_insensitive_field_from_resource_params(field)
|
|
20
|
+
|
|
21
|
+
@resource = find_resource(field, q_value)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
if @resource && valid_params?(field, q_value) && (!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
|
|
25
|
+
valid_password = @resource.valid_password?(resource_params[:password])
|
|
26
|
+
if (@resource.respond_to?(:valid_for_authentication?) && !@resource.valid_for_authentication? { valid_password }) || !valid_password
|
|
27
|
+
return render_create_error_bad_credentials
|
|
28
|
+
end
|
|
29
|
+
@token = @resource.create_token
|
|
30
|
+
@resource.save
|
|
31
|
+
|
|
32
|
+
sign_in(:user, @resource, store: false, bypass: false)
|
|
33
|
+
|
|
34
|
+
yield @resource if block_given?
|
|
35
|
+
|
|
36
|
+
render_create_success
|
|
37
|
+
elsif @resource && !(!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
|
|
38
|
+
if @resource.respond_to?(:locked_at) && @resource.locked_at
|
|
39
|
+
render_create_error_account_locked
|
|
40
|
+
else
|
|
41
|
+
render_create_error_not_confirmed
|
|
42
|
+
end
|
|
43
|
+
else
|
|
44
|
+
render_create_error_bad_credentials
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def destroy
|
|
49
|
+
# remove auth instance variables so that after_action does not run
|
|
50
|
+
user = remove_instance_variable(:@resource) if @resource
|
|
51
|
+
# client = @token.client if @token.client
|
|
52
|
+
# @token.clear!
|
|
53
|
+
|
|
54
|
+
if user # && client && user.tokens[client]
|
|
55
|
+
# user.tokens.delete(client)
|
|
56
|
+
# user.save!
|
|
57
|
+
|
|
58
|
+
yield user if block_given?
|
|
59
|
+
|
|
60
|
+
render_destroy_success
|
|
61
|
+
else
|
|
62
|
+
render_destroy_error
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
protected
|
|
67
|
+
|
|
68
|
+
def valid_params?(key, val)
|
|
69
|
+
resource_params[:password] && key && val
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
def get_auth_params
|
|
73
|
+
auth_key = nil
|
|
74
|
+
auth_val = nil
|
|
75
|
+
|
|
76
|
+
# iterate thru allowed auth keys, use first found
|
|
77
|
+
resource_class.authentication_keys.each do |k|
|
|
78
|
+
if resource_params[k]
|
|
79
|
+
auth_val = resource_params[k]
|
|
80
|
+
auth_key = k
|
|
81
|
+
break
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
# honor devise configuration for case_insensitive_keys
|
|
86
|
+
if resource_class.case_insensitive_keys.include?(auth_key)
|
|
87
|
+
auth_val.downcase!
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
{ key: auth_key, val: auth_val }
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
def render_new_error
|
|
94
|
+
render_error(405, I18n.t('devise_jwt_auth.sessions.not_supported'))
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
def render_create_success
|
|
98
|
+
render json: {
|
|
99
|
+
data: resource_data(resource_json: @resource.token_validation_response)
|
|
100
|
+
}
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
def render_create_error_not_confirmed
|
|
104
|
+
render_error(401, I18n.t('devise_jwt_auth.sessions.not_confirmed', email: @resource.email))
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
def render_create_error_account_locked
|
|
108
|
+
render_error(401, I18n.t('devise.mailer.unlock_instructions.account_lock_msg'))
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
def render_create_error_bad_credentials
|
|
112
|
+
render_error(401, I18n.t('devise_jwt_auth.sessions.bad_credentials'))
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
def render_destroy_success
|
|
116
|
+
render json: {
|
|
117
|
+
success:true
|
|
118
|
+
}, status: 200
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
def render_destroy_error
|
|
122
|
+
render_error(404, I18n.t('devise_jwt_auth.sessions.user_not_found'))
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
private
|
|
126
|
+
|
|
127
|
+
def resource_params
|
|
128
|
+
params.permit(*params_for_resource(:sign_in))
|
|
129
|
+
end
|
|
130
|
+
end
|
|
131
|
+
end
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module DeviseJwtAuth
|
|
4
|
+
class UnlocksController < DeviseJwtAuth::ApplicationController
|
|
5
|
+
# skip_after_action :update_auth_header, only: [:create, :show]
|
|
6
|
+
|
|
7
|
+
# this action is responsible for generating unlock tokens and
|
|
8
|
+
# sending emails
|
|
9
|
+
def create
|
|
10
|
+
return render_create_error_missing_email unless resource_params[:email]
|
|
11
|
+
|
|
12
|
+
@email = get_case_insensitive_field_from_resource_params(:email)
|
|
13
|
+
@resource = find_resource(:email, @email)
|
|
14
|
+
|
|
15
|
+
if @resource
|
|
16
|
+
yield @resource if block_given?
|
|
17
|
+
|
|
18
|
+
@resource.send_unlock_instructions(
|
|
19
|
+
email: @email,
|
|
20
|
+
provider: 'email',
|
|
21
|
+
client_config: params[:config_name]
|
|
22
|
+
)
|
|
23
|
+
|
|
24
|
+
if @resource.errors.empty?
|
|
25
|
+
return render_create_success
|
|
26
|
+
else
|
|
27
|
+
render_create_error @resource.errors
|
|
28
|
+
end
|
|
29
|
+
else
|
|
30
|
+
render_not_found_error
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def show
|
|
35
|
+
@resource = resource_class.unlock_access_by_token(params[:unlock_token])
|
|
36
|
+
|
|
37
|
+
if @resource.persisted?
|
|
38
|
+
# token = @resource.create_token
|
|
39
|
+
# @resource.save!
|
|
40
|
+
yield @resource if block_given?
|
|
41
|
+
|
|
42
|
+
redirect_header_options = { unlock: true }
|
|
43
|
+
redirect_headers = @resource.create_named_token_pair.
|
|
44
|
+
merge(redirect_header_options)
|
|
45
|
+
|
|
46
|
+
# TODO: add a refresh token cookie in the response.
|
|
47
|
+
update_refresh_token_cookie
|
|
48
|
+
redirect_url = after_unlock_path_for(@resource)
|
|
49
|
+
redirect_to_link = DeviseJwtAuth::Url.generate(redirect_url, redirect_headers)
|
|
50
|
+
|
|
51
|
+
# redirect_headers = build_redirect_headers(token.token,
|
|
52
|
+
# token.client,
|
|
53
|
+
# redirect_header_options)
|
|
54
|
+
# redirect_to(@resource.build_auth_url(after_unlock_path_for(@resource),
|
|
55
|
+
# redirect_headers))
|
|
56
|
+
|
|
57
|
+
redirect_to redirect_to_link
|
|
58
|
+
else
|
|
59
|
+
render_show_error
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
private
|
|
64
|
+
def after_unlock_path_for(resource)
|
|
65
|
+
#TODO: This should probably be a configuration option at the very least.
|
|
66
|
+
'/'
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def render_create_error_missing_email
|
|
70
|
+
render_error(401, I18n.t('devise_jwt_auth.unlocks.missing_email'))
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def render_create_success
|
|
74
|
+
render json: {
|
|
75
|
+
success: true,
|
|
76
|
+
message: I18n.t('devise_jwt_auth.unlocks.sended', email: @email)
|
|
77
|
+
}
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def render_create_error(errors)
|
|
81
|
+
render json: {
|
|
82
|
+
success: false,
|
|
83
|
+
errors: errors
|
|
84
|
+
}, status: 400
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
def render_show_error
|
|
88
|
+
raise ActionController::RoutingError, 'Not Found'
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
def render_not_found_error
|
|
92
|
+
render_error(404, I18n.t('devise_jwt_auth.unlocks.user_not_found', email: @email))
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
def resource_params
|
|
96
|
+
params.permit(:email, :unlock_token, :config)
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
end
|