devise_jwt_auth 0.1.6 → 0.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9c1a405bebeaa7813dc0b99465db4530d29bf458fe392dd968f11b8abc5b11ab
-  data.tar.gz: d1c81c134b4031df4ef862041a4dfc4a0bc021f2cd538c020c23aaccc485e298
+  metadata.gz: 6e367cc70c205aa734cc853ed99f7b69c63a03c6c3c0c16c86b8b0861e8ab0e6
+  data.tar.gz: bd0ee641f3e19c7f13ca6c7935635677e1373fc4b6989faa02ddb56cb9914296
 SHA512:
-  metadata.gz: 06141ad295c58d63e8f4e87bc26be3af1b223b52ac2a865329c0ea438bfb7409e7e0466ad2fb1a70b156ba773346dca676d04b6f3fe00e1297b900a3cc482bdd
-  data.tar.gz: b7de2ecb350212b5fc8e91b0066bd5cb5050ca1e5c1c344a116b8d2ce77273b5f8066dc654a26ab0412bb4d8e5b679f4852a16c022cee60a04b0408e2f0a1a12
+  metadata.gz: 172caadc1dcd6f5b04c7c000d190a636b350d9706425fbcfa1ce477f6975f0bad0f2aea98d711f7d55fce41e6e023a5a00a9d56253bcc1b8f59603218a8353cb
+  data.tar.gz: fe1e7273990e9cdd5a02ed9d122a0dff4e20f354d41c3d96e63c94d313e73f363a877b91ebbe3e623ae7020fffb3951aed1970f07c48db6696dd9ff26e066b43

data/app/controllers/devise_jwt_auth/application_controller.rb

@@ -20,20 +20,6 @@ module DeviseJwtAuth
       DeviseJwtAuth.redirect_whitelist && !DeviseJwtAuth::Url.whitelisted?(redirect_url)
     end
 
-    def build_redirect_headers(access_token, _client, redirect_header_options = {})
-      {
-        # DeviseJwtAuth.headers_names[:"access-token"] => access_token,
-        # DeviseJwtAuth.headers_names[:"client"] => client,
-        config: params[:config],
-
-        # Legacy parameters which may be removed in a future release.
-        # Consider using "client" and "access-token" in client code.
-        # See: github.com/lynndylanhurley/devise_jwt_auth/issues/993
-        # :client_id => client,
-        token: access_token
-      }.merge(redirect_header_options)
-    end
-
     def params_for_resource(resource)
       devise_parameter_sanitizer.instance_values['permitted'][resource].each do |type|
         params[type.to_s] ||= request.headers[type.to_s] unless request.headers[type.to_s].nil?

data/app/controllers/devise_jwt_auth/concerns/set_user_by_token.rb

@@ -23,7 +23,7 @@ module DeviseJwtAuth::Concerns::SetUserByToken
     end
 
     # user has already been found and authenticated
-    return @resource if @resource&.is_a?(rc)
+    return @resource if @resource.is_a?(rc)
 
     # TODO: Look for the access token in an 'Authentication' header
     token = request.headers[DeviseJwtAuth.access_token_name]
@@ -67,7 +67,7 @@ module DeviseJwtAuth::Concerns::SetUserByToken
     end
 
     # user has already been found and authenticated
-    return @resource if @resource&.is_a?(rc)
+    return @resource if @resource.is_a?(rc)
 
     token = request.cookies[DeviseJwtAuth.refresh_token_name]
 

data/app/controllers/devise_jwt_auth/passwords_controller.rb

@@ -4,7 +4,7 @@ module DeviseJwtAuth
   class PasswordsController < DeviseJwtAuth::ApplicationController
     before_action :validate_redirect_url_param, only: [:create, :edit]
 
-    # this action is responsible for generating password reset tokens and sending emails
+    # This action is responsible for generating password reset tokens and sending emails
     def create
       return render_create_error_missing_email unless resource_params[:email]
 
@@ -16,8 +16,7 @@ module DeviseJwtAuth
         @resource.send_reset_password_instructions(
           email: @email,
           provider: 'email',
-          redirect_url: @redirect_url,
-          client_config: params[:config_name]
+          redirect_url: @redirect_url
         )
 
         if @resource.errors.empty?
@@ -30,15 +29,11 @@ module DeviseJwtAuth
       end
     end
 
-    # this is where users arrive after visiting the password reset confirmation link
+    # This is where users arrive after visiting the password reset confirmation link.
     def edit
-      # if a user is not found, return nil
       @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])
 
       if @resource&.reset_password_period_valid?
-        # TODO: add a token invalidator
-        # token = @resource.create_token unless require_client_password_reset_token?
-
         # ensure that user is confirmed
         @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at
 
@@ -49,22 +44,16 @@ module DeviseJwtAuth
         yield @resource if block_given?
 
         if require_client_password_reset_token?
+          clear_refresh_token_cookie
+
           redirect_to DeviseJwtAuth::Url.generate(
             @redirect_url,
             reset_password_token: resource_params[:reset_password_token]
           )
         else
-          redirect_header_options = { reset_password: true }
-          redirect_headers = @resource.create_named_token_pair
-                               .merge(redirect_header_options)
-
           # TODO: do we put the refresh token here?
-          # we do if token exists (see line 41)
           update_refresh_token_cookie
-
-          redirect_to_link = DeviseJwtAuth::Url.generate(@redirect_url, redirect_headers)
-
-          redirect_to redirect_to_link
+          redirect_to @redirect_url
         end
       else
         render_edit_error
@@ -72,12 +61,11 @@ module DeviseJwtAuth
     end
 
     def update
-      # make sure user is authorized
+      # Make sure user is authorized. Either by a reset_password_token or a valid access token.
       if require_client_password_reset_token? && resource_params[:reset_password_token]
         @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])
-        return render_update_error_unauthorized unless @resource
 
-        # @token = @resource.create_token
+        return render_update_error_unauthorized unless @resource
       else
         @resource = set_user_by_token
       end

data/app/views/devise/mailer/reset_password_instructions.html.erb

@@ -2,7 +2,7 @@
 
 <p><%= t '.request_reset_link_msg' %></p>
 
-<p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s).html_safe %></p>
+<p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, redirect_url: message['redirect-url'].to_s).html_safe %></p>
 
 <p><%= t '.ignore_mail_msg' %></p>
 <p><%= t '.no_changes_msg' %></p>

data/lib/devise_jwt_auth/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module DeviseJwtAuth
-  VERSION = '0.1.6'
+  VERSION = '0.1.7'
 end

data/lib/generators/devise_jwt_auth/templates/devise_jwt_auth.rb

@@ -29,13 +29,13 @@ DeviseJwtAuth.setup do |config|
   # config.access_token_name = 'access-token'
 
   # This is the refresh token encryption key. You should set this in an
-  # environment variable or secret key base that isn't store in a repository.
+  # environment variable or secret key base that isn't stored in a repository.
   # Also, its a good idea to NOT use the same key for access tokens.
   config.refresh_token_encryption_key = 'your-refresh-token-secret-key-here'
 
-  # This is the refresh token encryption key. You should set this in an
-  # environment variable or secret key base that isn't store in a repository.
-  # Also, its a good idea to NOT use the same key for access tokens.
+  # This is the access token encryption key. You should set this in an
+  # environment variable or secret key base that isn't stored in a repository.
+  # Also, its a good idea to NOT use the same key for refresh tokens.
   config.access_token_encryption_key = 'your-access-token-secret-key-here'
 
   # This route will be the prefix for all oauth2 redirect callbacks. For

data/test/controllers/custom/custom_passwords_controller_test.rb

@@ -19,7 +19,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
       @mail = ActionMailer::Base.deliveries.last
       @resource.reload
 
-      @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
+      # @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
       @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
       @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)"/)[1]
 
@@ -39,7 +39,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
       @mail = ActionMailer::Base.deliveries.last
       @resource.reload
 
-      @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
+      # @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
       @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
       @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)"/)[1]
 

data/test/controllers/devise_jwt_auth/passwords_controller_test.rb

@@ -109,7 +109,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
             assert @data['errors']
             assert_equal @data['errors'],
                          [I18n.t('devise_jwt_auth.passwords.user_not_found',
-                                 email: 'chester@cheet.ah')]
+                         email: 'chester@cheet.ah')]
           end
 
           test 'response should not have refresh cookie' do
@@ -143,7 +143,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
             @resource.reload
             @data = JSON.parse(response.body)
 
-            @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
+            # @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
             @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
             @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)"/)[1]
           end
@@ -178,9 +178,9 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
             assert_equal @redirect_url, @mail_redirect_url
           end
 
-          test 'the client config name should fall back to "default"' do
-            assert_equal 'default', @mail_config_name
-          end
+          # test 'the client config name should fall back to "default"' do
+          #   assert_equal 'default', @mail_config_name
+          # end
 
           test 'the email body should contain a link with reset token as a query param' do
             user = User.reset_password_by_token(reset_password_token: @mail_reset_token)
@@ -209,9 +209,9 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
               raw_qs = response.location.split('?')[1]
               @qs = Rack::Utils.parse_nested_query(raw_qs)
 
-              @access_token   = @qs[DeviseJwtAuth.access_token_name]
-              @reset_password = @qs['reset_password']
-              @refresh_token  = response.cookies[DeviseJwtAuth.refresh_token_name]
+              # @access_token   = @qs[DeviseJwtAuth.access_token_name]
+              # @reset_password = @qs['reset_password']
+              @refresh_token = response.cookies[DeviseJwtAuth.refresh_token_name]
             end
 
             test 'response should have success redirect status' do
@@ -219,14 +219,14 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
             end
 
             test 'response should contain auth params' do
-              assert @access_token
-              assert @reset_password
+              # assert @access_token
+              # assert @reset_password
               assert @refresh_token
             end
 
             test 'access and refresh tokens should be valid' do
-              payload = DeviseJwtAuth::TokenFactory.decode_access_token(@access_token)
-              assert payload['sub']
+              # payload = DeviseJwtAuth::TokenFactory.decode_access_token(@access_token)
+              # assert payload['sub']
               payload = DeviseJwtAuth::TokenFactory.decode_refresh_token(@refresh_token)
               assert payload['sub']
             end
@@ -851,17 +851,18 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
       before do
         @resource = create(:user, :confirmed)
         @redirect_url = 'http://ng-token-auth.dev'
-        @config_name  = 'altUser'
+        # @config_name  = 'altUser'
 
         params = { email: @resource.email,
                    redirect_url: @redirect_url,
-                   config_name: @config_name }
+                   # config_name: @config_name
+                  }
         get_reset_token params
       end
 
-      test 'config_name param is included in the confirmation email link' do
-        assert_equal @config_name, @mail_config_name
-      end
+      # test 'config_name param is included in the confirmation email link' do
+      #   assert_equal @config_name, @mail_config_name
+      # end
     end
 
     def get_reset_token(params = nil)
@@ -871,7 +872,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
       @mail = ActionMailer::Base.deliveries.last
       @resource.reload
 
-      @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
+      # @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
       @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
       @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)"/)[1]
     end

data/test/dummy/app/controllers/overrides/confirmations_controller.rb

@@ -6,9 +6,6 @@ module Overrides
       @resource = resource_class.confirm_by_token(params[:confirmation_token])
 
       if @resource&.id
-        # token = @resource.create_token
-        # @resource.save!
-
         update_refresh_token_cookie
         redirect_header_options = {
           account_confirmation_success: true,
@@ -19,16 +16,6 @@ module Overrides
                              .merge(redirect_header_options)
         redirect_to_link = DeviseJwtAuth::Url.generate(params[:redirect_url], redirect_headers)
         redirect_to redirect_to_link
-        # redirect_header_options = {
-        #   account_confirmation_success: true,
-        #   config: params[:config],
-        #   override_proof: '(^^,)'
-        # }
-        # redirect_headers = build_redirect_headers(token.token,
-        #                                           token.client,
-        #                                           redirect_header_options)
-        # redirect_to(@resource.build_auth_url(params[:redirect_url],
-        #                                      redirect_headers))
       else
         raise ActionController::RoutingError, 'Not Found'
       end

data/test/dummy/app/controllers/overrides/passwords_controller.rb

@@ -11,8 +11,6 @@ module Overrides
       )
 
       if @resource&.id
-        # token = @resource.create_token
-
         # ensure that user is confirmed
         @resource.skip_confirmation! unless @resource.confirmed_at
 
@@ -27,16 +25,6 @@ module Overrides
                              .merge(redirect_header_options)
         redirect_to_link = DeviseJwtAuth::Url.generate(params[:redirect_url], redirect_headers)
         redirect_to redirect_to_link
-
-        # redirect_header_options = {
-        #   override_proof: OVERRIDE_PROOF,
-        #   reset_password: true
-        # }
-        # redirect_headers = build_redirect_headers(token.token,
-        #                                           token.client,
-        #                                           redirect_header_options)
-        # redirect_to(@resource.build_auth_url(params[:redirect_url],
-        #                                      redirect_headers))
       else
         raise ActionController::RoutingError, 'Not Found'
       end

data/test/dummy/tmp/generators/app/models/mang.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class Mang < ActiveRecord::Base
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :validatable
+  include DeviseJwtAuth::Concerns::User
+end

data/test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb

@@ -29,13 +29,13 @@ DeviseJwtAuth.setup do |config|
   # config.access_token_name = 'access-token'
 
   # This is the refresh token encryption key. You should set this in an
-  # environment variable or secret key base that isn't store in a repository.
+  # environment variable or secret key base that isn't stored in a repository.
   # Also, its a good idea to NOT use the same key for access tokens.
   config.refresh_token_encryption_key = 'your-refresh-token-secret-key-here'
 
-  # This is the refresh token encryption key. You should set this in an
-  # environment variable or secret key base that isn't store in a repository.
-  # Also, its a good idea to NOT use the same key for access tokens.
+  # This is the access token encryption key. You should set this in an
+  # environment variable or secret key base that isn't stored in a repository.
+  # Also, its a good idea to NOT use the same key for refresh tokens.
   config.access_token_encryption_key = 'your-access-token-secret-key-here'
 
   # This route will be the prefix for all oauth2 redirect callbacks. For

data/test/dummy/tmp/generators/config/routes.rb

@@ -0,0 +1,9 @@
+            Rails.application.routes.draw do
+  mount_devise_jwt_auth_for 'User', at: 'auth'
+
+  mount_devise_jwt_auth_for 'Mang', at: 'mangs'
+  as :mang do
+    # Define routes for Mang within this block.
+  end
+              patch '/chong', to: 'bong#index'
+            end

data/test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_mangs.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+class DeviseJwtAuthCreateMangs < ActiveRecord::Migration[6.0]
+  def change
+    create_table(:mangs) do |t|
+      ## Required
+      t.string :provider, null: false, default: 'email'
+      t.string :uid, null: false, default: ''
+
+      ## User Info
+      t.string :name
+      t.string :nickname
+      t.string :image
+      t.string :email
+
+      ## Database authenticatable
+      t.string :encrypted_password, null: false, default: ''
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+      t.boolean  :allow_password_change, default: false
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Trackable
+      # t.integer  :sign_in_count, default: 0, null: false
+      # t.datetime :current_sign_in_at
+      # t.datetime :last_sign_in_at
+      # t.string   :current_sign_in_ip
+      # t.string   :last_sign_in_ip
+
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+      t.timestamps
+    end
+
+    add_index :mangs, :email,                unique: true
+    add_index :mangs, [:uid, :provider],     unique: true
+    add_index :mangs, :reset_password_token, unique: true
+    add_index :mangs, :confirmation_token,   unique: true
+    # add_index :mangs, :unlock_token,       unique: true
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_jwt_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.1.7
 platform: ruby
 authors:
 - Aaron A
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-06 00:00:00.000000000 Z
+date: 2020-12-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -334,10 +334,12 @@ files:
 - test/dummy/db/migrate/20190924101113_devise_jwt_auth_create_confirmable_users.rb
 - test/dummy/db/schema.rb
 - test/dummy/lib/migration_database_helper.rb
-- test/dummy/tmp/generators/app/controllers/application_controller.rb
+- test/dummy/tmp/generators/app/models/mang.rb
 - test/dummy/tmp/generators/app/models/user.rb
 - test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb
-- test/dummy/tmp/generators/db/migrate/20201006030349_devise_jwt_auth_create_users.rb
+- test/dummy/tmp/generators/config/routes.rb
+- test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_mangs.rb
+- test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_users.rb
 - test/factories/users.rb
 - test/lib/devise_jwt_auth/blacklist_test.rb
 - test/lib/devise_jwt_auth/token_factory_test.rb
@@ -392,10 +394,12 @@ test_files:
 - test/test_helper.rb
 - test/dummy/lib/migration_database_helper.rb
 - test/dummy/config.ru
-- test/dummy/tmp/generators/db/migrate/20201006030349_devise_jwt_auth_create_users.rb
+- test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_mangs.rb
+- test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_users.rb
+- test/dummy/tmp/generators/config/routes.rb
 - test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb
+- test/dummy/tmp/generators/app/models/mang.rb
 - test/dummy/tmp/generators/app/models/user.rb
-- test/dummy/tmp/generators/app/controllers/application_controller.rb
 - test/dummy/db/migrate/20150708104536_devise_jwt_auth_create_unconfirmable_users.rb
 - test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb
 - test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb

data/test/dummy/tmp/generators/app/controllers/application_controller.rb

@@ -1,6 +0,0 @@
-            class ApplicationController < ActionController::Base
-        include DeviseJwtAuth::Concerns::SetUserByToken
-              def whatever
-                'whatever'
-              end
-            end