devise_jwt_auth 0.1.1 → 0.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/app/controllers/devise_jwt_auth/application_controller.rb +15 -13
- data/app/controllers/devise_jwt_auth/concerns/resource_finder.rb +2 -6
- data/app/controllers/devise_jwt_auth/concerns/{set_user_by_jwt_token.rb → set_user_by_token.rb} +23 -19
- data/app/controllers/devise_jwt_auth/confirmations_controller.rb +10 -19
- data/app/controllers/devise_jwt_auth/omniauth_callbacks_controller.rb +32 -33
- data/app/controllers/devise_jwt_auth/passwords_controller.rb +29 -19
- data/app/controllers/devise_jwt_auth/refresh_token_controller.rb +4 -1
- data/app/controllers/devise_jwt_auth/registrations_controller.rb +40 -21
- data/app/controllers/devise_jwt_auth/sessions_controller.rb +21 -21
- data/app/controllers/devise_jwt_auth/unlocks_controller.rb +5 -4
- data/app/models/devise_jwt_auth/concerns/active_record_support.rb +3 -0
- data/app/models/devise_jwt_auth/concerns/confirmable_support.rb +7 -4
- data/app/models/devise_jwt_auth/concerns/mongoid_support.rb +3 -0
- data/app/models/devise_jwt_auth/concerns/tokens_serialization.rb +4 -1
- data/app/models/devise_jwt_auth/concerns/user.rb +18 -9
- data/app/models/devise_jwt_auth/concerns/user_omniauth_callbacks.rb +11 -3
- data/app/validators/devise_jwt_auth_email_validator.rb +5 -4
- data/lib/devise_jwt_auth/blacklist.rb +2 -0
- data/lib/devise_jwt_auth/controllers/url_helpers.rb +1 -2
- data/lib/devise_jwt_auth/engine.rb +4 -4
- data/lib/devise_jwt_auth/rails/routes.rb +35 -24
- data/lib/devise_jwt_auth/token_factory.rb +3 -2
- data/lib/devise_jwt_auth/url.rb +2 -4
- data/lib/devise_jwt_auth/version.rb +1 -1
- data/lib/generators/devise_jwt_auth/install_generator.rb +7 -6
- data/lib/generators/devise_jwt_auth/install_generator_helpers.rb +27 -6
- data/lib/generators/devise_jwt_auth/install_mongoid_generator.rb +3 -2
- data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth.rb +15 -16
- data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth_create_users.rb.erb +15 -11
- data/lib/generators/devise_jwt_auth/templates/user.rb.erb +2 -2
- data/test/controllers/custom/custom_confirmations_controller_test.rb +2 -2
- data/test/controllers/custom/custom_passwords_controller_test.rb +4 -4
- data/test/controllers/custom/custom_refresh_token_controller_test.rb +2 -3
- data/test/controllers/custom/custom_registrations_controller_test.rb +2 -2
- data/test/controllers/demo_mang_controller_test.rb +206 -210
- data/test/controllers/demo_user_controller_test.rb +358 -374
- data/test/controllers/devise_jwt_auth/confirmations_controller_test.rb +5 -5
- data/test/controllers/devise_jwt_auth/omniauth_callbacks_controller_test.rb +6 -7
- data/test/controllers/devise_jwt_auth/passwords_controller_test.rb +11 -13
- data/test/controllers/devise_jwt_auth/refresh_token_controller_test.rb +8 -12
- data/test/controllers/devise_jwt_auth/registrations_controller_test.rb +23 -25
- data/test/controllers/devise_jwt_auth/sessions_controller_test.rb +32 -34
- data/test/controllers/devise_jwt_auth/unlocks_controller_test.rb +2 -2
- data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
- data/test/controllers/overrides/passwords_controller_test.rb +1 -1
- data/test/controllers/overrides/refresh_token_controller_test.rb +1 -2
- data/test/controllers/overrides/registrations_controller_test.rb +1 -1
- data/test/dummy/app/controllers/application_controller.rb +1 -1
- data/test/dummy/app/controllers/custom/refresh_token_controller.rb +2 -1
- data/test/dummy/app/controllers/custom/registrations_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +4 -4
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +4 -4
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +4 -4
- data/test/dummy/app/controllers/overrides/refresh_token_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +2 -2
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
- data/test/dummy/app/models/concerns/favorite_color.rb +11 -9
- data/test/dummy/config.ru +2 -2
- data/test/dummy/config/application.rb +1 -0
- data/test/dummy/config/boot.rb +1 -1
- data/test/dummy/config/environments/test.rb +11 -7
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +2 -2
- data/test/dummy/config/routes.rb +8 -8
- data/test/dummy/db/migrate/{20140715061447_devise_token_auth_create_users.rb → 20140715061447_devise_jwt_auth_create_users.rb} +0 -0
- data/test/dummy/db/migrate/{20140715061805_devise_token_auth_create_mangs.rb → 20140715061805_devise_jwt_auth_create_mangs.rb} +0 -0
- data/test/dummy/db/migrate/{20141222035835_devise_token_auth_create_only_email_users.rb → 20141222035835_devise_jwt_auth_create_only_email_users.rb} +9 -9
- data/test/dummy/db/migrate/{20141222053502_devise_token_auth_create_unregisterable_users.rb → 20141222053502_devise_jwt_auth_create_unregisterable_users.rb} +0 -0
- data/test/dummy/db/migrate/{20150708104536_devise_token_auth_create_unconfirmable_users.rb → 20150708104536_devise_jwt_auth_create_unconfirmable_users.rb} +0 -0
- data/test/dummy/db/migrate/{20160103235141_devise_token_auth_create_scoped_users.rb → 20160103235141_devise_jwt_auth_create_scoped_users.rb} +0 -0
- data/test/dummy/db/migrate/{20160629184441_devise_token_auth_create_lockable_users.rb → 20160629184441_devise_jwt_auth_create_lockable_users.rb} +0 -0
- data/test/dummy/db/migrate/{20190924101113_devise_token_auth_create_confirmable_users.rb → 20190924101113_devise_jwt_auth_create_confirmable_users.rb} +6 -5
- data/test/dummy/db/schema.rb +170 -170
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +6 -0
- data/test/dummy/tmp/generators/app/models/user.rb +9 -0
- data/test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb +73 -0
- data/test/dummy/tmp/generators/db/migrate/20201006030349_devise_jwt_auth_create_users.rb +54 -0
- data/test/factories/users.rb +5 -3
- data/test/lib/devise_jwt_auth/token_factory_test.rb +6 -6
- data/test/lib/generators/devise_jwt_auth/install_generator_test.rb +3 -20
- data/test/lib/generators/devise_jwt_auth/install_generator_with_namespace_test.rb +4 -21
- data/test/models/concerns/tokens_serialization_test.rb +68 -68
- data/test/models/user_test.rb +35 -37
- data/test/support/controllers/routes.rb +7 -5
- data/test/test_helper.rb +1 -1
- metadata +70 -76
@@ -3,7 +3,6 @@
|
|
3
3
|
module DeviseJwtAuth
|
4
4
|
class PasswordsController < DeviseJwtAuth::ApplicationController
|
5
5
|
before_action :validate_redirect_url_param, only: [:create, :edit]
|
6
|
-
# skip_after_action :update_auth_header, only: [:create, :edit]
|
7
6
|
|
8
7
|
# this action is responsible for generating password reset tokens and sending emails
|
9
8
|
def create
|
@@ -22,7 +21,7 @@ module DeviseJwtAuth
|
|
22
21
|
)
|
23
22
|
|
24
23
|
if @resource.errors.empty?
|
25
|
-
|
24
|
+
render_create_success
|
26
25
|
else
|
27
26
|
render_create_error @resource.errors
|
28
27
|
end
|
@@ -36,12 +35,13 @@ module DeviseJwtAuth
|
|
36
35
|
# if a user is not found, return nil
|
37
36
|
@resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])
|
38
37
|
|
39
|
-
if @resource
|
38
|
+
if @resource&.reset_password_period_valid?
|
40
39
|
# TODO: add a token invalidator
|
41
40
|
# token = @resource.create_token unless require_client_password_reset_token?
|
42
41
|
|
43
42
|
# ensure that user is confirmed
|
44
43
|
@resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at
|
44
|
+
|
45
45
|
# allow user to change password once without current_password
|
46
46
|
@resource.allow_password_change = true if recoverable_enabled?
|
47
47
|
@resource.save!
|
@@ -49,16 +49,19 @@ module DeviseJwtAuth
|
|
49
49
|
yield @resource if block_given?
|
50
50
|
|
51
51
|
if require_client_password_reset_token?
|
52
|
-
redirect_to DeviseJwtAuth::Url.generate(
|
52
|
+
redirect_to DeviseJwtAuth::Url.generate(
|
53
|
+
@redirect_url,
|
54
|
+
reset_password_token: resource_params[:reset_password_token]
|
55
|
+
)
|
53
56
|
else
|
54
57
|
redirect_header_options = { reset_password: true }
|
55
|
-
redirect_headers = @resource.create_named_token_pair
|
56
|
-
|
58
|
+
redirect_headers = @resource.create_named_token_pair
|
59
|
+
.merge(redirect_header_options)
|
57
60
|
|
58
61
|
# TODO: do we put the refresh token here?
|
59
62
|
# we do if token exists (see line 41)
|
60
63
|
update_refresh_token_cookie
|
61
|
-
|
64
|
+
|
62
65
|
redirect_to_link = DeviseJwtAuth::Url.generate(@redirect_url, redirect_headers)
|
63
66
|
|
64
67
|
redirect_to redirect_to_link
|
@@ -82,9 +85,7 @@ module DeviseJwtAuth
|
|
82
85
|
return render_update_error_unauthorized unless @resource
|
83
86
|
|
84
87
|
# make sure account doesn't use oauth2 provider
|
85
|
-
unless @resource.provider == 'email'
|
86
|
-
return render_update_error_password_not_required
|
87
|
-
end
|
88
|
+
return render_update_error_password_not_required unless @resource.provider == 'email'
|
88
89
|
|
89
90
|
# ensure that password params were sent
|
90
91
|
unless password_resource_params[:password] && password_resource_params[:password_confirmation]
|
@@ -100,16 +101,20 @@ module DeviseJwtAuth
|
|
100
101
|
# send refresh cookie
|
101
102
|
# send access token
|
102
103
|
update_refresh_token_cookie
|
103
|
-
|
104
|
+
render_update_success
|
104
105
|
else
|
105
|
-
|
106
|
+
render_update_error
|
106
107
|
end
|
107
108
|
end
|
108
109
|
|
109
110
|
protected
|
110
111
|
|
111
112
|
def resource_update_method
|
112
|
-
allow_password_change =
|
113
|
+
allow_password_change =
|
114
|
+
recoverable_enabled? &&
|
115
|
+
@resource.allow_password_change == true ||
|
116
|
+
require_client_password_reset_token?
|
117
|
+
|
113
118
|
if DeviseJwtAuth.check_current_password_before_update == false || allow_password_change
|
114
119
|
'update'
|
115
120
|
else
|
@@ -128,9 +133,10 @@ module DeviseJwtAuth
|
|
128
133
|
def render_error_not_allowed_redirect_url
|
129
134
|
response = {
|
130
135
|
status: 'error',
|
131
|
-
data:
|
136
|
+
data: resource_data
|
132
137
|
}
|
133
|
-
message = I18n.t('devise_jwt_auth.passwords.not_allowed_redirect_url',
|
138
|
+
message = I18n.t('devise_jwt_auth.passwords.not_allowed_redirect_url',
|
139
|
+
redirect_url: @redirect_url)
|
134
140
|
render_error(422, message, response)
|
135
141
|
end
|
136
142
|
|
@@ -157,7 +163,8 @@ module DeviseJwtAuth
|
|
157
163
|
end
|
158
164
|
|
159
165
|
def render_update_error_password_not_required
|
160
|
-
render_error(422, I18n.t('devise_jwt_auth.passwords.password_not_required',
|
166
|
+
render_error(422, I18n.t('devise_jwt_auth.passwords.password_not_required',
|
167
|
+
provider: @resource.provider.humanize))
|
161
168
|
end
|
162
169
|
|
163
170
|
def render_update_error_missing_password
|
@@ -170,7 +177,7 @@ module DeviseJwtAuth
|
|
170
177
|
data: resource_data,
|
171
178
|
message: I18n.t('devise_jwt_auth.passwords.successfully_updated')
|
172
179
|
}.merge!(@resource.create_named_token_pair)
|
173
|
-
|
180
|
+
|
174
181
|
render json: response_body
|
175
182
|
end
|
176
183
|
|
@@ -203,11 +210,14 @@ module DeviseJwtAuth
|
|
203
210
|
)
|
204
211
|
|
205
212
|
return render_create_error_missing_redirect_url unless @redirect_url
|
206
|
-
|
213
|
+
|
214
|
+
render_error_not_allowed_redirect_url if blacklisted_redirect_url?(@redirect_url)
|
207
215
|
end
|
208
216
|
|
209
217
|
def reset_password_token_as_raw?(recoverable)
|
210
|
-
recoverable &&
|
218
|
+
recoverable &&
|
219
|
+
recoverable.reset_password_token.present? &&
|
220
|
+
!require_client_password_reset_token?
|
211
221
|
end
|
212
222
|
|
213
223
|
def require_client_password_reset_token?
|
@@ -1,6 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module DeviseJwtAuth
|
4
|
+
# Controller that handles sending refresh tokens.
|
4
5
|
class RefreshTokenController < DeviseJwtAuth::ApplicationController
|
5
6
|
before_action :set_user_by_refresh_token
|
6
7
|
|
@@ -14,6 +15,7 @@ module DeviseJwtAuth
|
|
14
15
|
end
|
15
16
|
|
16
17
|
protected
|
18
|
+
|
17
19
|
def resource_data
|
18
20
|
response_data = @resource.as_json
|
19
21
|
response_data['type'] = @resource.class.name.parameterize if json_api?
|
@@ -23,10 +25,11 @@ module DeviseJwtAuth
|
|
23
25
|
def render_refresh_token_success
|
24
26
|
response_data = {
|
25
27
|
status: 'success',
|
26
|
-
data:
|
28
|
+
data: resource_data
|
27
29
|
}
|
28
30
|
|
29
31
|
response_data.merge!(@resource.create_named_token_pair) if active_for_authentication?
|
32
|
+
|
30
33
|
render json: response_data
|
31
34
|
end
|
32
35
|
|
@@ -28,10 +28,17 @@ module DeviseJwtAuth
|
|
28
28
|
end
|
29
29
|
|
30
30
|
# if whitelist is set, validate redirect_url against whitelist
|
31
|
-
|
31
|
+
if blacklisted_redirect_url?(@redirect_url)
|
32
|
+
return render_create_error_redirect_url_not_allowed
|
33
|
+
end
|
32
34
|
|
33
35
|
# override email confirmation, must be sent manually from ctrl
|
34
|
-
callback_name = defined?(ActiveRecord) && resource_class < ActiveRecord::Base
|
36
|
+
callback_name = if defined?(ActiveRecord) && resource_class < ActiveRecord::Base
|
37
|
+
:commit
|
38
|
+
else
|
39
|
+
:create
|
40
|
+
end
|
41
|
+
|
35
42
|
resource_class.set_callback(callback_name, :after, :send_on_create_confirmation_instructions)
|
36
43
|
resource_class.skip_callback(callback_name, :after, :send_on_create_confirmation_instructions)
|
37
44
|
|
@@ -46,9 +53,9 @@ module DeviseJwtAuth
|
|
46
53
|
unless @resource.confirmed?
|
47
54
|
# user will require email authentication
|
48
55
|
@resource.send_confirmation_instructions({
|
49
|
-
|
50
|
-
|
51
|
-
|
56
|
+
client_config: params[:config_name],
|
57
|
+
redirect_url: @redirect_url
|
58
|
+
})
|
52
59
|
end
|
53
60
|
|
54
61
|
update_refresh_token_cookie if active_for_authentication?
|
@@ -98,17 +105,17 @@ module DeviseJwtAuth
|
|
98
105
|
@resource.provider = provider
|
99
106
|
|
100
107
|
# honor devise configuration for case_insensitive_keys
|
101
|
-
if resource_class.case_insensitive_keys.include?(:email)
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
108
|
+
@resource.email = if resource_class.case_insensitive_keys.include?(:email)
|
109
|
+
sign_up_params[:email].try(:downcase)
|
110
|
+
else
|
111
|
+
sign_up_params[:email]
|
112
|
+
end
|
106
113
|
end
|
107
114
|
|
108
115
|
def render_create_error_missing_confirm_success_url
|
109
116
|
response = {
|
110
117
|
status: 'error',
|
111
|
-
data:
|
118
|
+
data: resource_data
|
112
119
|
}
|
113
120
|
message = I18n.t('devise_jwt_auth.registrations.missing_confirm_success_url')
|
114
121
|
render_error(422, message, response)
|
@@ -117,26 +124,30 @@ module DeviseJwtAuth
|
|
117
124
|
def render_create_error_redirect_url_not_allowed
|
118
125
|
response = {
|
119
126
|
status: 'error',
|
120
|
-
data:
|
127
|
+
data: resource_data
|
121
128
|
}
|
122
|
-
message = I18n.t(
|
129
|
+
message = I18n.t(
|
130
|
+
'devise_jwt_auth.registrations.redirect_url_not_allowed',
|
131
|
+
redirect_url: @redirect_url
|
132
|
+
)
|
123
133
|
render_error(422, message, response)
|
124
134
|
end
|
125
135
|
|
126
136
|
def render_create_success
|
127
137
|
response_data = {
|
128
138
|
status: 'success',
|
129
|
-
data:
|
139
|
+
data: resource_data
|
130
140
|
}
|
131
141
|
|
132
142
|
response_data.merge!(@resource.create_named_token_pair) if active_for_authentication?
|
143
|
+
|
133
144
|
render json: response_data
|
134
145
|
end
|
135
146
|
|
136
147
|
def render_create_error
|
137
148
|
render json: {
|
138
149
|
status: 'error',
|
139
|
-
data:
|
150
|
+
data: resource_data,
|
140
151
|
errors: resource_errors
|
141
152
|
}, status: 422
|
142
153
|
end
|
@@ -144,7 +155,7 @@ module DeviseJwtAuth
|
|
144
155
|
def render_update_success
|
145
156
|
render json: {
|
146
157
|
status: 'success',
|
147
|
-
data:
|
158
|
+
data: resource_data
|
148
159
|
}
|
149
160
|
end
|
150
161
|
|
@@ -162,12 +173,17 @@ module DeviseJwtAuth
|
|
162
173
|
def render_destroy_success
|
163
174
|
render json: {
|
164
175
|
status: 'success',
|
165
|
-
message: I18n.t(
|
176
|
+
message: I18n.t(
|
177
|
+
'devise_jwt_auth.registrations.account_with_uid_destroyed',
|
178
|
+
uid: @resource.uid
|
179
|
+
)
|
166
180
|
}
|
167
181
|
end
|
168
182
|
|
169
183
|
def render_destroy_error
|
170
|
-
render_error(404,
|
184
|
+
render_error(404,
|
185
|
+
I18n.t('devise_jwt_auth.registrations.account_to_destroy_not_found'),
|
186
|
+
status: 'error')
|
171
187
|
end
|
172
188
|
|
173
189
|
private
|
@@ -175,7 +191,8 @@ module DeviseJwtAuth
|
|
175
191
|
def resource_update_method
|
176
192
|
if DeviseJwtAuth.check_current_password_before_update == :attributes
|
177
193
|
'update_with_password'
|
178
|
-
elsif DeviseJwtAuth.check_current_password_before_update == :password &&
|
194
|
+
elsif DeviseJwtAuth.check_current_password_before_update == :password &&
|
195
|
+
account_update_params.key?(:password)
|
179
196
|
'update_with_password'
|
180
197
|
elsif account_update_params.key?(:current_password)
|
181
198
|
'update_with_password'
|
@@ -189,10 +206,12 @@ module DeviseJwtAuth
|
|
189
206
|
end
|
190
207
|
|
191
208
|
def validate_account_update_params
|
192
|
-
validate_post_data account_update_params, I18n.t(
|
209
|
+
validate_post_data account_update_params, I18n.t(
|
210
|
+
'errors.messages.validate_account_update_params'
|
211
|
+
)
|
193
212
|
end
|
194
213
|
|
195
|
-
def validate_post_data
|
214
|
+
def validate_post_data(which, message)
|
196
215
|
render_error(:unprocessable_entity, message, status: 'error') if which.empty?
|
197
216
|
end
|
198
217
|
|
@@ -1,6 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
# see http://www.emilsoman.com/blog/2013/05/18/building-a-tested/
|
4
3
|
module DeviseJwtAuth
|
5
4
|
class SessionsController < DeviseJwtAuth::ApplicationController
|
6
5
|
before_action :set_user_by_token, only: [:destroy]
|
@@ -21,11 +20,17 @@ module DeviseJwtAuth
|
|
21
20
|
@resource = find_resource(field, q_value)
|
22
21
|
end
|
23
22
|
|
24
|
-
if @resource &&
|
23
|
+
if @resource &&
|
24
|
+
valid_params?(field, q_value) &&
|
25
|
+
(!@resource.respond_to?(:active_for_authentication?) ||
|
26
|
+
@resource.active_for_authentication?)
|
25
27
|
valid_password = @resource.valid_password?(resource_params[:password])
|
26
|
-
if (@resource.respond_to?(:valid_for_authentication?) &&
|
28
|
+
if (@resource.respond_to?(:valid_for_authentication?) &&
|
29
|
+
!@resource.valid_for_authentication? { valid_password }) ||
|
30
|
+
!valid_password
|
27
31
|
return render_create_error_bad_credentials
|
28
32
|
end
|
33
|
+
|
29
34
|
@token = @resource.create_token
|
30
35
|
@resource.save
|
31
36
|
|
@@ -35,7 +40,9 @@ module DeviseJwtAuth
|
|
35
40
|
|
36
41
|
update_refresh_token_cookie
|
37
42
|
render_create_success
|
38
|
-
elsif @resource &&
|
43
|
+
elsif @resource &&
|
44
|
+
!(!@resource.respond_to?(:active_for_authentication?) ||
|
45
|
+
@resource.active_for_authentication?)
|
39
46
|
if @resource.respond_to?(:locked_at) && @resource.locked_at
|
40
47
|
render_create_error_account_locked
|
41
48
|
else
|
@@ -48,18 +55,13 @@ module DeviseJwtAuth
|
|
48
55
|
|
49
56
|
def destroy
|
50
57
|
# TODO: logout? update token version?
|
51
|
-
|
58
|
+
|
52
59
|
# remove auth instance variables so that after_action does not run
|
53
60
|
user = remove_instance_variable(:@resource) if @resource
|
54
|
-
# client = @token.client if @token.client
|
55
|
-
# @token.clear!
|
56
|
-
|
57
|
-
if user # && client && user.tokens[client]
|
58
|
-
# user.tokens.delete(client)
|
59
|
-
# user.save!
|
60
61
|
|
62
|
+
if user
|
61
63
|
yield user if block_given?
|
62
|
-
|
64
|
+
clear_refresh_token_cookie
|
63
65
|
render_destroy_success
|
64
66
|
else
|
65
67
|
render_destroy_error
|
@@ -78,17 +80,15 @@ module DeviseJwtAuth
|
|
78
80
|
|
79
81
|
# iterate thru allowed auth keys, use first found
|
80
82
|
resource_class.authentication_keys.each do |k|
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
83
|
+
next unless resource_params[k]
|
84
|
+
|
85
|
+
auth_val = resource_params[k]
|
86
|
+
auth_key = k
|
87
|
+
break
|
86
88
|
end
|
87
89
|
|
88
90
|
# honor devise configuration for case_insensitive_keys
|
89
|
-
if resource_class.case_insensitive_keys.include?(auth_key)
|
90
|
-
auth_val.downcase!
|
91
|
-
end
|
91
|
+
auth_val.downcase! if resource_class.case_insensitive_keys.include?(auth_key)
|
92
92
|
|
93
93
|
{ key: auth_key, val: auth_val }
|
94
94
|
end
|
@@ -118,7 +118,7 @@ module DeviseJwtAuth
|
|
118
118
|
|
119
119
|
def render_destroy_success
|
120
120
|
render json: {
|
121
|
-
success:true
|
121
|
+
success: true
|
122
122
|
}, status: 200
|
123
123
|
end
|
124
124
|
|
@@ -22,7 +22,7 @@ module DeviseJwtAuth
|
|
22
22
|
)
|
23
23
|
|
24
24
|
if @resource.errors.empty?
|
25
|
-
|
25
|
+
render_create_success
|
26
26
|
else
|
27
27
|
render_create_error @resource.errors
|
28
28
|
end
|
@@ -38,8 +38,8 @@ module DeviseJwtAuth
|
|
38
38
|
yield @resource if block_given?
|
39
39
|
|
40
40
|
redirect_header_options = { unlock: true }
|
41
|
-
redirect_headers = @resource.create_named_token_pair
|
42
|
-
merge(redirect_header_options)
|
41
|
+
redirect_headers = @resource.create_named_token_pair
|
42
|
+
.merge(redirect_header_options)
|
43
43
|
|
44
44
|
update_refresh_token_cookie
|
45
45
|
redirect_url = after_unlock_path_for(@resource)
|
@@ -52,7 +52,8 @@ module DeviseJwtAuth
|
|
52
52
|
end
|
53
53
|
|
54
54
|
private
|
55
|
-
|
55
|
+
|
56
|
+
def after_unlock_path_for(_resource)
|
56
57
|
# TODO: This should probably be a configuration option at the very least.
|
57
58
|
# Use confirmation controller / tests as a template for building out this feature.
|
58
59
|
'/'
|
@@ -1,3 +1,6 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# ActiveSupport Concern for confirming users
|
1
4
|
module DeviseJwtAuth::Concerns::ConfirmableSupport
|
2
5
|
extend ActiveSupport::Concern
|
3
6
|
|
@@ -6,10 +9,10 @@ module DeviseJwtAuth::Concerns::ConfirmableSupport
|
|
6
9
|
# for not to use `will_save_change_to_email?` & `email_changed?` methods.
|
7
10
|
def postpone_email_change?
|
8
11
|
postpone = self.class.reconfirmable &&
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
12
|
+
email_value_in_database != email &&
|
13
|
+
!@bypass_confirmation_postpone &&
|
14
|
+
email.present? &&
|
15
|
+
(!@skip_reconfirmation_in_callback || !email_value_in_database.nil?)
|
13
16
|
@bypass_confirmation_postpone = false
|
14
17
|
postpone
|
15
18
|
end
|