devise_jwt_auth 0.1.7 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6e367cc70c205aa734cc853ed99f7b69c63a03c6c3c0c16c86b8b0861e8ab0e6
-  data.tar.gz: bd0ee641f3e19c7f13ca6c7935635677e1373fc4b6989faa02ddb56cb9914296
+  metadata.gz: f4dbb49ae0d62dcc2e5b23374e972178509d1e936c1246d85828631ceb07b65a
+  data.tar.gz: d4d15235f408dce8fd1c2107007ea4fbf2e48e0ab01315cba67b9f4451fffd92
 SHA512:
-  metadata.gz: 172caadc1dcd6f5b04c7c000d190a636b350d9706425fbcfa1ce477f6975f0bad0f2aea98d711f7d55fce41e6e023a5a00a9d56253bcc1b8f59603218a8353cb
-  data.tar.gz: fe1e7273990e9cdd5a02ed9d122a0dff4e20f354d41c3d96e63c94d313e73f363a877b91ebbe3e623ae7020fffb3951aed1970f07c48db6696dd9ff26e066b43
+  metadata.gz: a46230b6210496f7ee97b54a357aaf6c36625a7083f33440cf02371914a11bb44329da3516df8b0d6d1bd4524b474715577fc430431d001ef9b6b1bf3b70035e
+  data.tar.gz: bbea37a5d6460fefb600d084d387045d9fefbc14196bdfd23d31d0ae2d8cdb89538d1250781d7a69a379b86a3255397e913610a0d18d30e193220b77ebd6e791

data/app/controllers/devise_jwt_auth/concerns/resource_finder.rb

@@ -16,7 +16,7 @@ module DeviseJwtAuth::Concerns::ResourceFinder
   end
 
   def find_resource(field, value)
-    @resource = if resource_class.try(:connection_config).try(:[], :adapter).try(:include?, 'mysql')
+    @resource = if resource_class.try(:connection_db_config).try(:[], :adapter).try(:include?, 'mysql')
                   # fix for mysql default case insensitivity
                   resource_class.where("BINARY #{field} = ? AND provider= ?", value, provider).first
                 else

data/app/controllers/devise_jwt_auth/omniauth_callbacks_controller.rb

@@ -18,8 +18,8 @@ module DeviseJwtAuth
 
       # preserve omniauth info for success route. ignore 'extra' in twitter
       # auth response to avoid CookieOverflow.
-      session['dta.omniauth.auth'] = request.env['omniauth.auth'].except('extra')
-      session['dta.omniauth.params'] = request.env['omniauth.params']
+      session['dja.omniauth.auth'] = request.env['omniauth.auth'].except('extra')
+      session['dja.omniauth.params'] = request.env['omniauth.params']
 
       redirect_to redirect_route
     end
@@ -90,7 +90,7 @@ module DeviseJwtAuth
     # it. redirect_callbacks is called upon returning from successful omniauth
     # authentication, and the target params live in an omniauth-specific
     # request.env variable. this variable is then persisted thru the redirect
-    # using our own dta.omniauth.params session var. the omniauth_success
+    # using our own dja.omniauth.params session var. the omniauth_success
     # method will access that session var and then destroy it immediately
     # after use.  In the failure case, finally, the omniauth params
     # are added as query params in our monkey patch to OmniAuth in engine.rb
@@ -98,8 +98,8 @@ module DeviseJwtAuth
       unless defined?(@_omniauth_params)
         if request.env['omniauth.params']&.any?
           @_omniauth_params = request.env['omniauth.params']
-        elsif session['dta.omniauth.params']&.any?
-          @_omniauth_params ||= session.delete('dta.omniauth.params')
+        elsif session['dja.omniauth.params']&.any?
+          @_omniauth_params ||= session.delete('dja.omniauth.params')
           @_omniauth_params
         elsif params['omniauth_window_type']
           @_omniauth_params =
@@ -163,11 +163,11 @@ module DeviseJwtAuth
       omniauth_params['omniauth_window_type']
     end
 
-    # this sesison value is set by the redirect_callbacks method. its purpose
+    # this session value is set by the redirect_callbacks method. its purpose
     # is to persist the omniauth auth hash value thru a redirect. the value
     # must be destroyed immediatly after it is accessed by omniauth_success
     def auth_hash
-      @_auth_hash ||= session.delete('dta.omniauth.auth')
+      @_auth_hash ||= session.delete('dja.omniauth.auth')
       @_auth_hash
     end
 
@@ -190,13 +190,6 @@ module DeviseJwtAuth
         config: @config,
         uid: @resource.uid
       )
-      # @auth_params = {
-      #   auth_token: @token.token,
-      #   client_id:  @token.client,
-      #   uid:        @resource.uid,
-      #   expiry:     @token.expiry,
-      #   config:     @config
-      # }
       @auth_params.merge!(oauth_registration: true) if @oauth_registration
       @auth_params
     end

data/app/models/devise_jwt_auth/concerns/confirmable_support.rb

@@ -9,22 +9,12 @@ module DeviseJwtAuth::Concerns::ConfirmableSupport
     # for not to use `will_save_change_to_email?` & `email_changed?` methods.
     def postpone_email_change?
       postpone = self.class.reconfirmable &&
-                 email_value_in_database != email &&
+                 email_was != email &&
                  !@bypass_confirmation_postpone &&
                  email.present? &&
-                 (!@skip_reconfirmation_in_callback || !email_value_in_database.nil?)
+                 (!@skip_reconfirmation_in_callback || !email_was.nil?)
       @bypass_confirmation_postpone = false
       postpone
     end
   end
-
-  protected
-
-  def email_value_in_database
-    if Devise.rails51? && respond_to?(:email_in_database)
-      email_in_database
-    else
-      email_was
-    end
-  end
 end

data/app/models/devise_jwt_auth/concerns/user.rb

@@ -106,8 +106,6 @@ module DeviseJwtAuth::Concerns::User
 
   def build_auth_url(base_url, args)
     args[:uid]    = uid
-    args[:expiry] = tokens[args[:client_id]]['expiry']
-
     DeviseJwtAuth::Url.generate(base_url, args)
   end
 

data/app/validators/devise_jwt_auth_email_validator.rb

@@ -2,10 +2,19 @@
 
 # Email field validator.
 class DeviseJwtAuthEmailValidator < ActiveModel::EachValidator
-  def validate_each(record, attribute, value)
-    return if value =~ /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
+  EMAIL_REGEXP = /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
+
+  class << self
+    def validate?(email)
+      email =~ EMAIL_REGEXP
+    end
+  end
 
-    record.errors[attribute] << email_invalid_message
+  def validate_each(record, attribute, value)
+    unless DeviseJwtAuthEmailValidator.validate?(value)
+      # record.errors[attribute] << email_invalid_message
+      record.errors.add(attribute, email_invalid_message)
+    end
   end
 
   private

data/lib/devise_jwt_auth/blacklist.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 
 # don't serialize tokens
-Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION << :tokens
+Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION << :tokens

data/lib/devise_jwt_auth/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module DeviseJwtAuth
-  VERSION = '0.1.7'
+  VERSION = '0.2.0'
 end

data/lib/generators/devise_jwt_auth/USAGE

@@ -8,7 +8,7 @@ Arguments:
              # 'User'
   MOUNT_PATH # The path at which to mount the authentication routes. Default is
              # 'auth'. More detail documentation is here:
-             # https://devise-token-auth.gitbook.io/devise-token-auth/usage
+             # https://github.com/aarona/devise_jwt_auth
 
 Example:
   rails generate devise_jwt_auth:install User auth

data/lib/generators/devise_jwt_auth/install_generator_helpers.rb

@@ -84,7 +84,7 @@ module DeviseJwtAuth
           end
 
           def postgresql?
-            config = ActiveRecord::Base.configurations[Rails.env]
+            config = ActiveRecord::Base.connection_db_config.configuration_hash
             config && config['adapter'] == 'postgresql'
           end
 

data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb

@@ -19,7 +19,7 @@ class Custom::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
     end
 
     test 'yield resource to block on omniauth_success success' do
-      @redirect_url = 'http://ng-token-auth.dev/'
+      @redirect_url = 'http://ng-jwt-auth.dev/'
       get '/nice_user_auth/facebook',
           params: { auth_origin_url: @redirect_url,
                     omniauth_window_type: 'newWindow' }

data/test/controllers/custom/custom_passwords_controller_test.rb

@@ -8,7 +8,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
 
     before do
       @resource = create(:user, :confirmed)
-      @redirect_url = 'http://ng-token-auth.dev'
+      @redirect_url = 'http://ng-jwt-auth.dev'
     end
 
     test 'yield resource to block on create success' do
@@ -29,7 +29,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
 
     test 'yield resource to block on edit success' do
       @resource = create(:user)
-      @redirect_url = 'http://ng-token-auth.dev'
+      @redirect_url = 'http://ng-jwt-auth.dev'
 
       post :create,
            params: { email: @resource.email,

data/test/controllers/demo_group_controller_test.rb

@@ -16,33 +16,17 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest
         @resource = create(:user, :confirmed)
         @resource_auth_headers = @resource.create_named_token_pair
 
-        # @resource_token     = @resource_auth_headers['access-token']
-        # @resource_client_id = @resource_auth_headers['client']
-        # @resource_expiry    = @resource_auth_headers['expiry']
-
         # mang
         @mang = create(:mang_user, :confirmed)
 
         @mang_auth_headers = @mang.create_named_token_pair
-
-        # @mang_token     = @mang_auth_headers['access-token']
-        # @mang_client_id = @mang_auth_headers['client']
-        # @mang_expiry    = @mang_auth_headers['expiry']
       end
 
       describe 'user access' do
         before do
-          # ensure that request is not treated as batch request
-          # age_token(@resource, @resource_client_id)
-
           get '/demo/members_only_group',
               params: {},
               headers: @resource_auth_headers
-
-          @resp_token       = response.headers['access-token']
-          @resp_client_id   = response.headers['client']
-          @resp_expiry      = response.headers['expiry']
-          @resp_uid         = response.headers['uid']
         end
 
         test 'request is successful' do
@@ -82,17 +66,9 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest
 
       describe 'mang access' do
         before do
-          # ensure that request is not treated as batch request
-          # age_token(@mang, @mang_client_id)
-
           get '/demo/members_only_group',
               params: {},
               headers: @mang_auth_headers
-
-          @resp_token       = response.headers['access-token']
-          @resp_client_id   = response.headers['client']
-          @resp_expiry      = response.headers['expiry']
-          @resp_uid         = response.headers['uid']
         end
 
         test 'request is successful' do

data/test/controllers/demo_mang_controller_test.rb

@@ -14,25 +14,13 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
       before do
         @resource = create(:mang_user, :confirmed)
         @auth_headers = @resource.create_named_token_pair
-
-        # @token     = @auth_headers['access-token']
-        # @client_id = @auth_headers['client']
-        # @expiry    = @auth_headers['expiry']
       end
 
       describe 'successful request' do
         before do
-          # ensure that request is not treated as batch request
-          # age_token(@resource, @client_id)
-
           get '/demo/members_only_mang',
               params: {},
               headers: @auth_headers
-
-          # @resp_token       = response.headers['access-token']
-          # @resp_client_id   = response.headers['client']
-          # @resp_expiry      = response.headers['expiry']
-          # @resp_uid         = response.headers['uid']
         end
 
         describe 'devise mappings' do
@@ -56,42 +44,6 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
         it 'should return success status' do
           assert_equal 200, response.status
         end
-
-        #         it 'should receive new token after successful request' do
-        #           refute_equal @token, @resp_token
-        #         end
-        #
-        #         it 'should preserve the client id from the first request' do
-        #           assert_equal @client_id, @resp_client_id
-        #         end
-        #
-        #         it "should return the user's uid in the auth header" do
-        #           assert_equal @resource.uid, @resp_uid
-        #         end
-        #
-        #         it 'should not treat this request as a batch request' do
-        #           refute assigns(:is_batch_request)
-        #         end
-        #
-        #         describe 'subsequent requests' do
-        #           before do
-        #             @resource.reload
-        #             # ensure that request is not treated as batch request
-        #             # age_token(@resource, @client_id)
-        #
-        #             get '/demo/members_only_mang',
-        #             params: {},
-        #             headers: @auth_headers.merge('access-token' => @resp_token)
-        #           end
-        #
-        #           it 'should not treat this request as a batch request' do
-        #             refute assigns(:is_batch_request)
-        #           end
-        #
-        #           it 'should allow a new request to be made using new token' do
-        #             assert_equal 200, response.status
-        #           end
-        #         end
       end
 
       describe 'failed request' do
@@ -109,174 +61,6 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
           assert_equal 401, response.status
         end
       end
-
-      #       describe 'disable change_headers_on_each_request' do
-      #         before do
-      #           DeviseJwtAuth.change_headers_on_each_request = false
-      #           @resource.reload
-      #           # age_token(@resource, @client_id)
-      #
-      #           get '/demo/members_only_mang',
-      #               params: {},
-      #               headers: @auth_headers
-      #
-      #           @first_is_batch_request = assigns(:is_batch_request)
-      #           @first_user = assigns(:resource).dup
-      #           @first_access_token = response.headers['access-token']
-      #           @first_response_status = response.status
-      #
-      #           @resource.reload
-      #           # age_token(@resource, @client_id)
-      #
-      #           # use expired auth header
-      #           get '/demo/members_only_mang',
-      #               params: {},
-      #               headers: @auth_headers
-      #
-      #           @second_is_batch_request = assigns(:is_batch_request)
-      #           @second_user = assigns(:resource).dup
-      #           @second_access_token = response.headers['access-token']
-      #           @second_response_status = response.status
-      #         end
-      #
-      #         after do
-      #           DeviseJwtAuth.change_headers_on_each_request = true
-      #         end
-      #
-      #         it 'should allow the first request through' do
-      #           assert_equal 200, @first_response_status
-      #         end
-      #
-      #         it 'should allow the second request through' do
-      #           assert_equal 200, @second_response_status
-      #         end
-      #
-      #         it 'should return auth headers from the first request' do
-      #           assert @first_access_token
-      #         end
-      #
-      #         it 'should not treat either requests as batch requests' do
-      #           refute @first_is_batch_request
-      #           refute @second_is_batch_request
-      #         end
-      #
-      #         it 'should return auth headers from the second request' do
-      #           assert @second_access_token
-      #         end
-      #
-      #         it 'should define user during first request' do
-      #           assert @first_user
-      #         end
-      #
-      #         it 'should define user during second request' do
-      #           assert @second_user
-      #         end
-      #       end
-      #
-      #       describe 'batch requests' do
-      #         describe 'success' do
-      #           before do
-      #             # age_token(@resource, @client_id)
-      #
-      #             get '/demo/members_only_mang',
-      #                 params: {},
-      #                 headers: @auth_headers
-      #
-      #             @first_is_batch_request = assigns(:is_batch_request)
-      #             @first_user = assigns(:resource)
-      #             @first_access_token = response.headers['access-token']
-      #
-      #             get '/demo/members_only_mang',
-      #                 params: {},
-      #                 headers: @auth_headers
-      #
-      #             @second_is_batch_request = assigns(:is_batch_request)
-      #             @second_user = assigns(:resource)
-      #             @second_access_token = response.headers['access-token']
-      #           end
-      #
-      #           it 'should allow both requests through' do
-      #             assert_equal 200, response.status
-      #           end
-      #
-      #           it 'should not treat the first request as a batch request' do
-      #             refute @first_is_batch_request
-      #           end
-      #
-      #           it 'should treat the second request as a batch request' do
-      #             assert @second_is_batch_request
-      #           end
-      #
-      #           it 'should return access token for first (non-batch) request' do
-      #             assert @first_access_token
-      #           end
-      #
-      #           it 'should not return auth headers for second (batched) requests' do
-      #             assert_equal ' ', @second_access_token
-      #           end
-      #         end
-      #
-      #         describe 'time out' do
-      #           before do
-      #             @resource.reload
-      #             # age_token(@resource, @client_id)
-      #
-      #             get '/demo/members_only_mang',
-      #                 params: {},
-      #                 headers: @auth_headers
-      #
-      #             @first_is_batch_request = assigns(:is_batch_request)
-      #             @first_user = assigns(:resource).dup
-      #             @first_access_token = response.headers['access-token']
-      #             @first_response_status = response.status
-      #
-      #             @resource.reload
-      #             # age_token(@resource, @client_id)
-      #
-      #             # use expired auth header
-      #             get '/demo/members_only_mang',
-      #                 params: {},
-      #                 headers: @auth_headers
-      #
-      #             @second_is_batch_request = assigns(:is_batch_request)
-      #             @second_user = assigns(:resource)
-      #             @second_access_token = response.headers['access-token']
-      #             @second_response_status = response.status
-      #           end
-      #
-      #           it 'should allow the first request through' do
-      #             assert_equal 200, @first_response_status
-      #           end
-      #
-      #           it 'should not allow the second request through' do
-      #             assert_equal 401, @second_response_status
-      #           end
-      #
-      #           it 'should not treat first request as batch request' do
-      #             refute @second_is_batch_request
-      #           end
-      #
-      #           it 'should return auth headers from the first request' do
-      #             assert @first_access_token
-      #           end
-      #
-      #           it 'should not treat second request as batch request' do
-      #             refute @second_is_batch_request
-      #           end
-      #
-      #           it 'should not return auth headers from the second request' do
-      #             refute @second_access_token
-      #           end
-      #
-      #           it 'should define user during first request' do
-      #             assert @first_user
-      #           end
-      #
-      #           it 'should not define user during second request' do
-      #             refute @second_user
-      #           end
-      #         end
-      #       end
     end
   end
 end