RubyGems - devise_jwt_auth - Versions diffs - 0.1.4 → 0.2.0 - Mend

devise_jwt_auth 0.1.4 → 0.2.0

Files changed (88) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7477d1f078d762ffca1b359a0b487d33816238f9cde0567a9e35731eb323b65e
-  data.tar.gz: ebed2ca767f26b34ccae1cde42ec8c62352f3cbb14a11e2f3f6c2566217b0ee5
+  metadata.gz: f4dbb49ae0d62dcc2e5b23374e972178509d1e936c1246d85828631ceb07b65a
+  data.tar.gz: d4d15235f408dce8fd1c2107007ea4fbf2e48e0ab01315cba67b9f4451fffd92
 SHA512:
-  metadata.gz: eb35296a86e539a9464bb086a7a2c25802a258f5e9de9f9b9eb177d93f2d0fac20767eed1115a9b9910c67a1e2f806ca16a7cd334356b1e74653ad19015164c5
-  data.tar.gz: df54db926c3e38c54fcf46f284491f13e8b4f5c1be052aebbb2d2ce007139749a67b6c1e91104f39ca6f95c90f355fa168bb32a2879d0c9d83e727b199fe6d6d
+  metadata.gz: a46230b6210496f7ee97b54a357aaf6c36625a7083f33440cf02371914a11bb44329da3516df8b0d6d1bd4524b474715577fc430431d001ef9b6b1bf3b70035e
+  data.tar.gz: bbea37a5d6460fefb600d084d387045d9fefbc14196bdfd23d31d0ae2d8cdb89538d1250781d7a69a379b86a3255397e913610a0d18d30e193220b77ebd6e791

data/README.md CHANGED Viewed

@@ -57,7 +57,7 @@ See our [Contribution Guidelines](https://github.com/aarona/devise_jwt_auth/blob
 ## Live Demos
-Live demos will hopefully be added in the future. At the very least, I'm planning on creating a Rails/React proof of concept repo that you can clone and run locally.
+Live demos will hopefully be added in the future. Currently, I have a [repository](https://github.com/aarona/dja_example) available that is a proof of concept for DJA that uses React as the client. However, the example application only supports sigining up, sigining in and singing out. It doesn't provide a way to reset a user's password for example and other things that DJA supports. Those will be added in the near future.
 ## License

data/app/controllers/devise_jwt_auth/application_controller.rb CHANGED Viewed

@@ -20,20 +20,6 @@ module DeviseJwtAuth
       DeviseJwtAuth.redirect_whitelist && !DeviseJwtAuth::Url.whitelisted?(redirect_url)
     end
-    def build_redirect_headers(access_token, client, redirect_header_options = {})
-      {
-        # DeviseJwtAuth.headers_names[:"access-token"] => access_token,
-        # DeviseJwtAuth.headers_names[:"client"] => client,
-        :config => params[:config],
-        # Legacy parameters which may be removed in a future release.
-        # Consider using "client" and "access-token" in client code.
-        # See: github.com/lynndylanhurley/devise_jwt_auth/issues/993
-        # :client_id => client,
-        :token => access_token
-      }.merge(redirect_header_options)
-    end
     def params_for_resource(resource)
       devise_parameter_sanitizer.instance_values['permitted'][resource].each do |type|
         params[type.to_s] ||= request.headers[type.to_s] unless request.headers[type.to_s].nil?
@@ -42,20 +28,23 @@ module DeviseJwtAuth
     end
     def resource_class(m = nil)
-      if m
-        mapping = Devise.mappings[m]
-      else
-        mapping = Devise.mappings[resource_name] || Devise.mappings.values.first
-      end
+      mapping = if m
+                  Devise.mappings[m]
+                else
+                  Devise.mappings[resource_name] || Devise.mappings.values.first
+                end
       mapping.to
     end
     def json_api?
       return false unless defined?(ActiveModel::Serializer)
-      return ActiveModel::Serializer.setup do |config|
-        config.adapter == :json_api
-      end if ActiveModel::Serializer.respond_to?(:setup)
+      if ActiveModel::Serializer.respond_to?(:setup)
+        return ActiveModel::Serializer.setup do |config|
+          config.adapter == :json_api
+        end
+      end
       ActiveModelSerializers.config.adapter == :json_api
     end

data/app/controllers/devise_jwt_auth/concerns/resource_finder.rb CHANGED Viewed

@@ -8,19 +8,15 @@ module DeviseJwtAuth::Concerns::ResourceFinder
     # honor Devise configuration for case_insensitive keys
     q_value = resource_params[field.to_sym]
-    if resource_class.case_insensitive_keys.include?(field.to_sym)
-      q_value.downcase!
-    end
+    q_value.downcase! if resource_class.case_insensitive_keys.include?(field.to_sym)
-    if resource_class.strip_whitespace_keys.include?(field.to_sym)
-      q_value.strip!
-    end
+    q_value.strip! if resource_class.strip_whitespace_keys.include?(field.to_sym)
     q_value
   end
   def find_resource(field, value)
-    @resource = if resource_class.try(:connection_config).try(:[], :adapter).try(:include?, 'mysql')
+    @resource = if resource_class.try(:connection_db_config).try(:[], :adapter).try(:include?, 'mysql')
                   # fix for mysql default case insensitivity
                   resource_class.where("BINARY #{field} = ? AND provider= ?", value, provider).first
                 else

data/app/controllers/devise_jwt_auth/concerns/set_user_by_token.rb CHANGED Viewed

@@ -5,7 +5,6 @@ module DeviseJwtAuth::Concerns::SetUserByToken
   include DeviseJwtAuth::Concerns::ResourceFinder
   included do
   end
   protected
@@ -22,10 +21,10 @@ module DeviseJwtAuth::Concerns::SetUserByToken
       devise_warden_user = warden.user(rc.to_s.underscore.to_sym)
       @resource = devise_warden_user if devise_warden_user
     end
     # user has already been found and authenticated
-    return @resource if @resource && @resource.is_a?(rc)
+    return @resource if @resource.is_a?(rc)
     # TODO: Look for the access token in an 'Authentication' header
     token = request.headers[DeviseJwtAuth.access_token_name]
     return unless token
@@ -33,8 +32,9 @@ module DeviseJwtAuth::Concerns::SetUserByToken
     payload = DeviseJwtAuth::TokenFactory.decode_access_token(token)
     return if payload.empty?
     return if payload && payload['sub'].blank?
     uid = payload['sub']
     # mitigate timing attacks by finding by uid instead of auth token
     user = uid && rc.dta_find_by(uid: uid)
     scope = rc.to_s.underscore.to_sym
@@ -46,10 +46,10 @@ module DeviseJwtAuth::Concerns::SetUserByToken
       else
         sign_in(scope, user, store: false, event: :fetch, bypass: DeviseJwtAuth.bypass_sign_in)
       end
-      return @resource = user
+      @resource = user
     else
       # zero all values previously set values
-      return @resource = nil
+      @resource = nil
     end
   end
@@ -65,10 +65,10 @@ module DeviseJwtAuth::Concerns::SetUserByToken
       devise_warden_user = warden.user(rc.to_s.underscore.to_sym)
       @resource = devise_warden_user if devise_warden_user
     end
     # user has already been found and authenticated
-    return @resource if @resource && @resource.is_a?(rc)
+    return @resource if @resource.is_a?(rc)
     token = request.cookies[DeviseJwtAuth.refresh_token_name]
     return unless token
@@ -76,6 +76,7 @@ module DeviseJwtAuth::Concerns::SetUserByToken
     payload = DeviseJwtAuth::TokenFactory.decode_refresh_token(token)
     return if payload.empty?
     return if payload && payload['sub'].blank?
     uid = payload['sub']
     # mitigate timing attacks by finding by uid instead of auth token
@@ -89,13 +90,12 @@ module DeviseJwtAuth::Concerns::SetUserByToken
       else
         sign_in(scope, user, store: false, event: :fetch, bypass: DeviseJwtAuth.bypass_sign_in)
       end
-      return @resource = user
+      @resource = user
     else
       # zero all values previously set values
-      return @resource = nil
+      @resource = nil
     end
   end
   def update_refresh_token_cookie
     response.set_cookie(DeviseJwtAuth.refresh_token_name,
@@ -103,9 +103,13 @@ module DeviseJwtAuth::Concerns::SetUserByToken
                         path: '/auth/refresh_token', # TODO: Use configured auth path
                         expires: Time.zone.now + DeviseJwtAuth.refresh_token_lifespan,
                         httponly: true,
-                        secure: Rails.env.production?
-    )
+                        secure: Rails.env.production?)
+  end
+  def clear_refresh_token_cookie
+    response.set_cookie(DeviseJwtAuth.refresh_token_name,
+                        value: '',
+                        path: '/auth/refresh_token', # TODO: Use configured auth path
+                        expires: Time.zone.now)
   end
-end
+end

data/app/controllers/devise_jwt_auth/confirmations_controller.rb CHANGED Viewed

@@ -2,7 +2,6 @@
 module DeviseJwtAuth
   class ConfirmationsController < DeviseJwtAuth::ApplicationController
     def show
       @resource = resource_class.confirm_by_token(resource_params[:confirmation_token])
@@ -12,19 +11,12 @@ module DeviseJwtAuth
         redirect_header_options = { account_confirmation_success: true }
         if signed_in?(resource_name)
-          # token = signed_in_resource.create_token
-          # redirect_headers = build_redirect_headers(token.token,
-          #                                           token.client,
-          #                                           redirect_header_options)
-          redirect_headers = signed_in_resource.create_named_token_pair.
-                             merge(redirect_header_options)
+          redirect_headers = signed_in_resource.create_named_token_pair
+                               .merge(redirect_header_options)
-          # TODO: add a refresh token cookie in the response.
           update_refresh_token_cookie
-          #redirect_to_link = signed_in_resource.build_auth_url(redirect_url, redirect_headers)
+          # redirect_to_link = signed_in_resource.build_auth_url(redirect_url, redirect_headers)
           redirect_to_link = DeviseJwtAuth::Url.generate(redirect_url, redirect_headers)
         else
           redirect_to_link = DeviseJwtAuth::Url.generate(redirect_url, redirect_header_options)
@@ -46,11 +38,11 @@ module DeviseJwtAuth
       return render_not_found_error unless @resource
       @resource.send_confirmation_instructions({
-        redirect_url: redirect_url,
-        client_config: resource_params[:config_name]
-      })
+                                                 redirect_url: redirect_url,
+                                                 client_config: resource_params[:config_name]
+                                               })
-      return render_create_success
+      render_create_success
     end
     protected
@@ -61,8 +53,8 @@ module DeviseJwtAuth
     def render_create_success
       render json: {
-          success: true,
-          message: I18n.t('devise_jwt_auth.confirmations.sended', email: @email)
+        success: true,
+        message: I18n.t('devise_jwt_auth.confirmations.sended', email: @email)
       }
     end
@@ -83,6 +75,5 @@ module DeviseJwtAuth
         DeviseJwtAuth.default_confirm_success_url
       )
     end
   end
 end

data/app/controllers/devise_jwt_auth/omniauth_callbacks_controller.rb CHANGED Viewed

@@ -7,12 +7,10 @@ module DeviseJwtAuth
     before_action :validate_auth_origin_url_param
     skip_before_action :set_user_by_jwt_token, raise: false
-    # skip_after_action :update_auth_header
     # intermediary route for successful omniauth authentication. omniauth does
     # not support multiple models, so we must resort to this terrible hack.
     def redirect_callbacks
       # derive target redirect route from 'resource_class' param, which was set
       # before authentication.
       devise_mapping = get_devise_mapping
@@ -20,8 +18,8 @@ module DeviseJwtAuth
       # preserve omniauth info for success route. ignore 'extra' in twitter
       # auth response to avoid CookieOverflow.
-      session['dta.omniauth.auth'] = request.env['omniauth.auth'].except('extra')
-      session['dta.omniauth.params'] = request.env['omniauth.params']
+      session['dja.omniauth.auth'] = request.env['omniauth.auth'].except('extra')
+      session['dja.omniauth.params'] = request.env['omniauth.params']
       redirect_to redirect_route
     end
@@ -29,15 +27,17 @@ module DeviseJwtAuth
     def get_redirect_route(devise_mapping)
       path = "#{Devise.mappings[devise_mapping.to_sym].fullpath}/#{params[:provider]}/callback"
       klass = request.scheme == 'https' ? URI::HTTPS : URI::HTTP
-      redirect_route = klass.build(host: request.host, port: request.port, path: path).to_s
+      klass.build(host: request.host, port: request.port, path: path).to_s
     end
     def get_devise_mapping
-       # derive target redirect route from 'resource_class' param, which was set
-       # before authentication.
-       devise_mapping = [request.env['omniauth.params']['namespace_name'],
-                         request.env['omniauth.params']['resource_class'].underscore.gsub('/', '_')].compact.join('_')
-    rescue NoMethodError => err
+      # derive target redirect route from 'resource_class' param, which was set
+      # before authentication.
+      [
+        request.env['omniauth.params']['namespace_name'],
+        request.env['omniauth.params']['resource_class'].underscore.gsub('/', '_')
+      ].compact.join('_')
+    rescue NoMethodError
       default_devise_mapping
     end
@@ -45,13 +45,13 @@ module DeviseJwtAuth
     # find the mapping in `omniauth.params`.
     #
     # One example use-case here is for IDP-initiated SAML login.  In that
-    # case, there will have been no initial request in which to save
+    # case, there will have been no initial request in which to save
     # the devise mapping.  If you are in a situation like that, and
     # your app allows for you to determine somehow what the devise
     # mapping should be (because, for example, it is always the same),
     # then you can handle it by overriding this method.
     def default_devise_mapping
-      raise NotImplementedError.new('no default_devise_mapping set')
+      raise NotImplementedError, 'no default_devise_mapping set'
     end
     def omniauth_success
@@ -78,10 +78,11 @@ module DeviseJwtAuth
       render_data_or_redirect('authFailure', error: @error)
     end
-    def validate_auth_origin_url_param
-      return render_error_not_allowed_auth_origin_url if auth_origin_url && blacklisted_redirect_url?(auth_origin_url)
+    def validate_auth_origin_url_param
+      return unless auth_origin_url && blacklisted_redirect_url?(auth_origin_url)
+      render_error_not_allowed_auth_origin_url
     end
     protected
@@ -89,25 +90,25 @@ module DeviseJwtAuth
     # it. redirect_callbacks is called upon returning from successful omniauth
     # authentication, and the target params live in an omniauth-specific
     # request.env variable. this variable is then persisted thru the redirect
-    # using our own dta.omniauth.params session var. the omniauth_success
+    # using our own dja.omniauth.params session var. the omniauth_success
     # method will access that session var and then destroy it immediately
     # after use.  In the failure case, finally, the omniauth params
     # are added as query params in our monkey patch to OmniAuth in engine.rb
     def omniauth_params
       unless defined?(@_omniauth_params)
-        if request.env['omniauth.params'] && request.env['omniauth.params'].any?
+        if request.env['omniauth.params']&.any?
           @_omniauth_params = request.env['omniauth.params']
-        elsif session['dta.omniauth.params'] && session['dta.omniauth.params'].any?
-          @_omniauth_params ||= session.delete('dta.omniauth.params')
+        elsif session['dja.omniauth.params']&.any?
+          @_omniauth_params ||= session.delete('dja.omniauth.params')
           @_omniauth_params
         elsif params['omniauth_window_type']
-          @_omniauth_params = params.slice('omniauth_window_type', 'auth_origin_url', 'resource_class', 'origin')
+          @_omniauth_params =
+            params.slice('omniauth_window_type', 'auth_origin_url', 'resource_class', 'origin')
         else
           @_omniauth_params = {}
         end
       end
       @_omniauth_params
     end
     # break out provider attribute assignment for easy method extension
@@ -120,14 +121,13 @@ module DeviseJwtAuth
     def whitelisted_params
       whitelist = params_for_resource(:sign_up)
-      whitelist.inject({}) do |coll, key|
+      whitelist.each_with_object({}) do |key, coll|
         param = omniauth_params[key.to_s]
         coll[key] = param if param
-        coll
       end
     end
-    def resource_class(mapping = nil)
+    def resource_class(_mapping = nil)
       if omniauth_params['resource_class']
         omniauth_params['resource_class'].constantize
       elsif params['resource_class']
@@ -149,25 +149,25 @@ module DeviseJwtAuth
       omniauth_params['auth_origin_url'] || omniauth_params['origin']
     end
     def auth_origin_url
-      if unsafe_auth_origin_url && blacklisted_redirect_url?(unsafe_auth_origin_url)
-        return nil
-      end
-      return unsafe_auth_origin_url
+      return nil if unsafe_auth_origin_url && blacklisted_redirect_url?(unsafe_auth_origin_url)
+      unsafe_auth_origin_url
     end
     # in the success case, omniauth_window_type is in the omniauth_params.
     # in the failure case, it is in a query param.  See monkey patch above
     def omniauth_window_type
-      omniauth_params.nil? ? params['omniauth_window_type'] : omniauth_params['omniauth_window_type']
+      return params['omniauth_window_type'] if omniauth_params.nil?
+      omniauth_params['omniauth_window_type']
     end
-    # this sesison value is set by the redirect_callbacks method. its purpose
+    # this session value is set by the redirect_callbacks method. its purpose
     # is to persist the omniauth auth hash value thru a redirect. the value
     # must be destroyed immediatly after it is accessed by omniauth_success
     def auth_hash
-      @_auth_hash ||= session.delete('dta.omniauth.auth')
+      @_auth_hash ||= session.delete('dja.omniauth.auth')
       @_auth_hash
     end
@@ -190,13 +190,6 @@ module DeviseJwtAuth
         config: @config,
         uid: @resource.uid
       )
-      # @auth_params = {
-      #   auth_token: @token.token,
-      #   client_id:  @token.client,
-      #   uid:        @resource.uid,
-      #   expiry:     @token.expiry,
-      #   config:     @config
-      # }
       @auth_params.merge!(oauth_registration: true) if @oauth_registration
       @auth_params
     end
@@ -208,7 +201,10 @@ module DeviseJwtAuth
     end
     def render_error_not_allowed_auth_origin_url
-      message = I18n.t('devise_jwt_auth.omniauth.not_allowed_redirect_url', redirect_url: unsafe_auth_origin_url)
+      message =
+        I18n.t('devise_jwt_auth.omniauth.not_allowed_redirect_url',
+               redirect_url: unsafe_auth_origin_url)
       render_data_or_redirect('authFailure', error: message)
     end
@@ -218,7 +214,6 @@ module DeviseJwtAuth
     end
     def render_data_or_redirect(message, data, user_data = {})
       # We handle inAppBrowser and newWindow the same, but it is nice
       # to support values in case people need custom implementations for each case
       # (For example, nbrustein does not allow new users to be created if logging in with
@@ -245,7 +240,7 @@ module DeviseJwtAuth
     end
     def fallback_render(text)
-        render inline: %Q(
+      render inline: %(
             <html>
                     <head></head>
@@ -271,9 +266,7 @@ module DeviseJwtAuth
         provider: auth_hash['provider']
       ).first_or_initialize
-      if @resource.new_record?
-        handle_new_resource
-      end
+      handle_new_resource if @resource.new_record?
       # sync user info with provider, update/generate auth token
       assign_provider_attrs(@resource, auth_hash)
@@ -287,5 +280,4 @@ module DeviseJwtAuth
       @resource
     end
   end
 end

data/app/controllers/devise_jwt_auth/passwords_controller.rb CHANGED Viewed

@@ -3,9 +3,8 @@
 module DeviseJwtAuth
   class PasswordsController < DeviseJwtAuth::ApplicationController
     before_action :validate_redirect_url_param, only: [:create, :edit]
-    # skip_after_action :update_auth_header, only: [:create, :edit]
-    # this action is responsible for generating password reset tokens and sending emails
+    # This action is responsible for generating password reset tokens and sending emails
     def create
       return render_create_error_missing_email unless resource_params[:email]
@@ -17,12 +16,11 @@ module DeviseJwtAuth
         @resource.send_reset_password_instructions(
           email: @email,
           provider: 'email',
-          redirect_url: @redirect_url,
-          client_config: params[:config_name]
+          redirect_url: @redirect_url
         )
         if @resource.errors.empty?
-          return render_create_success
+          render_create_success
         else
           render_create_error @resource.errors
         end
@@ -31,17 +29,14 @@ module DeviseJwtAuth
       end
     end
-    # this is where users arrive after visiting the password reset confirmation link
+    # This is where users arrive after visiting the password reset confirmation link.
     def edit
-      # if a user is not found, return nil
       @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])
-      if @resource && @resource.reset_password_period_valid?
-        # TODO: add a token invalidator
-        # token = @resource.create_token unless require_client_password_reset_token?
+      if @resource&.reset_password_period_valid?
         # ensure that user is confirmed
         @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at
         # allow user to change password once without current_password
         @resource.allow_password_change = true if recoverable_enabled?
         @resource.save!
@@ -49,19 +44,16 @@ module DeviseJwtAuth
         yield @resource if block_given?
         if require_client_password_reset_token?
-          redirect_to DeviseJwtAuth::Url.generate(@redirect_url, reset_password_token: resource_params[:reset_password_token])
-        else
-          redirect_header_options = { reset_password: true }
-          redirect_headers = @resource.create_named_token_pair.
-                             merge(redirect_header_options)
+          clear_refresh_token_cookie
+          redirect_to DeviseJwtAuth::Url.generate(
+            @redirect_url,
+            reset_password_token: resource_params[:reset_password_token]
+          )
+        else
           # TODO: do we put the refresh token here?
-          # we do if token exists (see line 41)
           update_refresh_token_cookie
-          redirect_to_link = DeviseJwtAuth::Url.generate(@redirect_url, redirect_headers)
-          redirect_to redirect_to_link
+          redirect_to @redirect_url
         end
       else
         render_edit_error
@@ -69,12 +61,11 @@ module DeviseJwtAuth
     end
     def update
-      # make sure user is authorized
+      # Make sure user is authorized. Either by a reset_password_token or a valid access token.
       if require_client_password_reset_token? && resource_params[:reset_password_token]
         @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])
-        return render_update_error_unauthorized unless @resource
-        # @token = @resource.create_token
+        return render_update_error_unauthorized unless @resource
       else
         @resource = set_user_by_token
       end
@@ -82,9 +73,7 @@ module DeviseJwtAuth
       return render_update_error_unauthorized unless @resource
       # make sure account doesn't use oauth2 provider
-      unless @resource.provider == 'email'
-        return render_update_error_password_not_required
-      end
+      return render_update_error_password_not_required unless @resource.provider == 'email'
       # ensure that password params were sent
       unless password_resource_params[:password] && password_resource_params[:password_confirmation]
@@ -100,16 +89,20 @@ module DeviseJwtAuth
         # send refresh cookie
         # send access token
         update_refresh_token_cookie
-        return render_update_success
+        render_update_success
       else
-        return render_update_error
+        render_update_error
       end
     end
     protected
     def resource_update_method
-      allow_password_change = recoverable_enabled? && @resource.allow_password_change == true || require_client_password_reset_token?
+      allow_password_change =
+        recoverable_enabled? &&
+        @resource.allow_password_change == true ||
+        require_client_password_reset_token?
       if DeviseJwtAuth.check_current_password_before_update == false || allow_password_change
         'update'
       else
@@ -128,9 +121,10 @@ module DeviseJwtAuth
     def render_error_not_allowed_redirect_url
       response = {
         status: 'error',
-        data:   resource_data
+        data: resource_data
       }
-      message = I18n.t('devise_jwt_auth.passwords.not_allowed_redirect_url', redirect_url: @redirect_url)
+      message = I18n.t('devise_jwt_auth.passwords.not_allowed_redirect_url',
+                       redirect_url: @redirect_url)
       render_error(422, message, response)
     end
@@ -157,7 +151,8 @@ module DeviseJwtAuth
     end
     def render_update_error_password_not_required
-      render_error(422, I18n.t('devise_jwt_auth.passwords.password_not_required', provider: @resource.provider.humanize))
+      render_error(422, I18n.t('devise_jwt_auth.passwords.password_not_required',
+                               provider: @resource.provider.humanize))
     end
     def render_update_error_missing_password
@@ -170,7 +165,7 @@ module DeviseJwtAuth
         data: resource_data,
         message: I18n.t('devise_jwt_auth.passwords.successfully_updated')
       }.merge!(@resource.create_named_token_pair)
       render json: response_body
     end
@@ -203,11 +198,14 @@ module DeviseJwtAuth
       )
       return render_create_error_missing_redirect_url unless @redirect_url
-      return render_error_not_allowed_redirect_url if blacklisted_redirect_url?(@redirect_url)
+      render_error_not_allowed_redirect_url if blacklisted_redirect_url?(@redirect_url)
     end
     def reset_password_token_as_raw?(recoverable)
-      recoverable && recoverable.reset_password_token.present? && !require_client_password_reset_token?
+      recoverable &&
+        recoverable.reset_password_token.present? &&
+        !require_client_password_reset_token?
     end
     def require_client_password_reset_token?