devise_jwt_auth 0.1.6 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9c1a405bebeaa7813dc0b99465db4530d29bf458fe392dd968f11b8abc5b11ab
4
- data.tar.gz: d1c81c134b4031df4ef862041a4dfc4a0bc021f2cd538c020c23aaccc485e298
3
+ metadata.gz: 6e367cc70c205aa734cc853ed99f7b69c63a03c6c3c0c16c86b8b0861e8ab0e6
4
+ data.tar.gz: bd0ee641f3e19c7f13ca6c7935635677e1373fc4b6989faa02ddb56cb9914296
5
5
  SHA512:
6
- metadata.gz: 06141ad295c58d63e8f4e87bc26be3af1b223b52ac2a865329c0ea438bfb7409e7e0466ad2fb1a70b156ba773346dca676d04b6f3fe00e1297b900a3cc482bdd
7
- data.tar.gz: b7de2ecb350212b5fc8e91b0066bd5cb5050ca1e5c1c344a116b8d2ce77273b5f8066dc654a26ab0412bb4d8e5b679f4852a16c022cee60a04b0408e2f0a1a12
6
+ metadata.gz: 172caadc1dcd6f5b04c7c000d190a636b350d9706425fbcfa1ce477f6975f0bad0f2aea98d711f7d55fce41e6e023a5a00a9d56253bcc1b8f59603218a8353cb
7
+ data.tar.gz: fe1e7273990e9cdd5a02ed9d122a0dff4e20f354d41c3d96e63c94d313e73f363a877b91ebbe3e623ae7020fffb3951aed1970f07c48db6696dd9ff26e066b43
@@ -20,20 +20,6 @@ module DeviseJwtAuth
20
20
  DeviseJwtAuth.redirect_whitelist && !DeviseJwtAuth::Url.whitelisted?(redirect_url)
21
21
  end
22
22
 
23
- def build_redirect_headers(access_token, _client, redirect_header_options = {})
24
- {
25
- # DeviseJwtAuth.headers_names[:"access-token"] => access_token,
26
- # DeviseJwtAuth.headers_names[:"client"] => client,
27
- config: params[:config],
28
-
29
- # Legacy parameters which may be removed in a future release.
30
- # Consider using "client" and "access-token" in client code.
31
- # See: github.com/lynndylanhurley/devise_jwt_auth/issues/993
32
- # :client_id => client,
33
- token: access_token
34
- }.merge(redirect_header_options)
35
- end
36
-
37
23
  def params_for_resource(resource)
38
24
  devise_parameter_sanitizer.instance_values['permitted'][resource].each do |type|
39
25
  params[type.to_s] ||= request.headers[type.to_s] unless request.headers[type.to_s].nil?
@@ -23,7 +23,7 @@ module DeviseJwtAuth::Concerns::SetUserByToken
23
23
  end
24
24
 
25
25
  # user has already been found and authenticated
26
- return @resource if @resource&.is_a?(rc)
26
+ return @resource if @resource.is_a?(rc)
27
27
 
28
28
  # TODO: Look for the access token in an 'Authentication' header
29
29
  token = request.headers[DeviseJwtAuth.access_token_name]
@@ -67,7 +67,7 @@ module DeviseJwtAuth::Concerns::SetUserByToken
67
67
  end
68
68
 
69
69
  # user has already been found and authenticated
70
- return @resource if @resource&.is_a?(rc)
70
+ return @resource if @resource.is_a?(rc)
71
71
 
72
72
  token = request.cookies[DeviseJwtAuth.refresh_token_name]
73
73
 
@@ -4,7 +4,7 @@ module DeviseJwtAuth
4
4
  class PasswordsController < DeviseJwtAuth::ApplicationController
5
5
  before_action :validate_redirect_url_param, only: [:create, :edit]
6
6
 
7
- # this action is responsible for generating password reset tokens and sending emails
7
+ # This action is responsible for generating password reset tokens and sending emails
8
8
  def create
9
9
  return render_create_error_missing_email unless resource_params[:email]
10
10
 
@@ -16,8 +16,7 @@ module DeviseJwtAuth
16
16
  @resource.send_reset_password_instructions(
17
17
  email: @email,
18
18
  provider: 'email',
19
- redirect_url: @redirect_url,
20
- client_config: params[:config_name]
19
+ redirect_url: @redirect_url
21
20
  )
22
21
 
23
22
  if @resource.errors.empty?
@@ -30,15 +29,11 @@ module DeviseJwtAuth
30
29
  end
31
30
  end
32
31
 
33
- # this is where users arrive after visiting the password reset confirmation link
32
+ # This is where users arrive after visiting the password reset confirmation link.
34
33
  def edit
35
- # if a user is not found, return nil
36
34
  @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])
37
35
 
38
36
  if @resource&.reset_password_period_valid?
39
- # TODO: add a token invalidator
40
- # token = @resource.create_token unless require_client_password_reset_token?
41
-
42
37
  # ensure that user is confirmed
43
38
  @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at
44
39
 
@@ -49,22 +44,16 @@ module DeviseJwtAuth
49
44
  yield @resource if block_given?
50
45
 
51
46
  if require_client_password_reset_token?
47
+ clear_refresh_token_cookie
48
+
52
49
  redirect_to DeviseJwtAuth::Url.generate(
53
50
  @redirect_url,
54
51
  reset_password_token: resource_params[:reset_password_token]
55
52
  )
56
53
  else
57
- redirect_header_options = { reset_password: true }
58
- redirect_headers = @resource.create_named_token_pair
59
- .merge(redirect_header_options)
60
-
61
54
  # TODO: do we put the refresh token here?
62
- # we do if token exists (see line 41)
63
55
  update_refresh_token_cookie
64
-
65
- redirect_to_link = DeviseJwtAuth::Url.generate(@redirect_url, redirect_headers)
66
-
67
- redirect_to redirect_to_link
56
+ redirect_to @redirect_url
68
57
  end
69
58
  else
70
59
  render_edit_error
@@ -72,12 +61,11 @@ module DeviseJwtAuth
72
61
  end
73
62
 
74
63
  def update
75
- # make sure user is authorized
64
+ # Make sure user is authorized. Either by a reset_password_token or a valid access token.
76
65
  if require_client_password_reset_token? && resource_params[:reset_password_token]
77
66
  @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])
78
- return render_update_error_unauthorized unless @resource
79
67
 
80
- # @token = @resource.create_token
68
+ return render_update_error_unauthorized unless @resource
81
69
  else
82
70
  @resource = set_user_by_token
83
71
  end
@@ -2,7 +2,7 @@
2
2
 
3
3
  <p><%= t '.request_reset_link_msg' %></p>
4
4
 
5
- <p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s).html_safe %></p>
5
+ <p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, redirect_url: message['redirect-url'].to_s).html_safe %></p>
6
6
 
7
7
  <p><%= t '.ignore_mail_msg' %></p>
8
8
  <p><%= t '.no_changes_msg' %></p>
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module DeviseJwtAuth
4
- VERSION = '0.1.6'
4
+ VERSION = '0.1.7'
5
5
  end
@@ -29,13 +29,13 @@ DeviseJwtAuth.setup do |config|
29
29
  # config.access_token_name = 'access-token'
30
30
 
31
31
  # This is the refresh token encryption key. You should set this in an
32
- # environment variable or secret key base that isn't store in a repository.
32
+ # environment variable or secret key base that isn't stored in a repository.
33
33
  # Also, its a good idea to NOT use the same key for access tokens.
34
34
  config.refresh_token_encryption_key = 'your-refresh-token-secret-key-here'
35
35
 
36
- # This is the refresh token encryption key. You should set this in an
37
- # environment variable or secret key base that isn't store in a repository.
38
- # Also, its a good idea to NOT use the same key for access tokens.
36
+ # This is the access token encryption key. You should set this in an
37
+ # environment variable or secret key base that isn't stored in a repository.
38
+ # Also, its a good idea to NOT use the same key for refresh tokens.
39
39
  config.access_token_encryption_key = 'your-access-token-secret-key-here'
40
40
 
41
41
  # This route will be the prefix for all oauth2 redirect callbacks. For
@@ -19,7 +19,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
19
19
  @mail = ActionMailer::Base.deliveries.last
20
20
  @resource.reload
21
21
 
22
- @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
22
+ # @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
23
23
  @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
24
24
  @mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
25
25
 
@@ -39,7 +39,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
39
39
  @mail = ActionMailer::Base.deliveries.last
40
40
  @resource.reload
41
41
 
42
- @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
42
+ # @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
43
43
  @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
44
44
  @mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
45
45
 
@@ -109,7 +109,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
109
109
  assert @data['errors']
110
110
  assert_equal @data['errors'],
111
111
  [I18n.t('devise_jwt_auth.passwords.user_not_found',
112
- email: 'chester@cheet.ah')]
112
+ email: 'chester@cheet.ah')]
113
113
  end
114
114
 
115
115
  test 'response should not have refresh cookie' do
@@ -143,7 +143,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
143
143
  @resource.reload
144
144
  @data = JSON.parse(response.body)
145
145
 
146
- @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
146
+ # @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
147
147
  @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
148
148
  @mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
149
149
  end
@@ -178,9 +178,9 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
178
178
  assert_equal @redirect_url, @mail_redirect_url
179
179
  end
180
180
 
181
- test 'the client config name should fall back to "default"' do
182
- assert_equal 'default', @mail_config_name
183
- end
181
+ # test 'the client config name should fall back to "default"' do
182
+ # assert_equal 'default', @mail_config_name
183
+ # end
184
184
 
185
185
  test 'the email body should contain a link with reset token as a query param' do
186
186
  user = User.reset_password_by_token(reset_password_token: @mail_reset_token)
@@ -209,9 +209,9 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
209
209
  raw_qs = response.location.split('?')[1]
210
210
  @qs = Rack::Utils.parse_nested_query(raw_qs)
211
211
 
212
- @access_token = @qs[DeviseJwtAuth.access_token_name]
213
- @reset_password = @qs['reset_password']
214
- @refresh_token = response.cookies[DeviseJwtAuth.refresh_token_name]
212
+ # @access_token = @qs[DeviseJwtAuth.access_token_name]
213
+ # @reset_password = @qs['reset_password']
214
+ @refresh_token = response.cookies[DeviseJwtAuth.refresh_token_name]
215
215
  end
216
216
 
217
217
  test 'response should have success redirect status' do
@@ -219,14 +219,14 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
219
219
  end
220
220
 
221
221
  test 'response should contain auth params' do
222
- assert @access_token
223
- assert @reset_password
222
+ # assert @access_token
223
+ # assert @reset_password
224
224
  assert @refresh_token
225
225
  end
226
226
 
227
227
  test 'access and refresh tokens should be valid' do
228
- payload = DeviseJwtAuth::TokenFactory.decode_access_token(@access_token)
229
- assert payload['sub']
228
+ # payload = DeviseJwtAuth::TokenFactory.decode_access_token(@access_token)
229
+ # assert payload['sub']
230
230
  payload = DeviseJwtAuth::TokenFactory.decode_refresh_token(@refresh_token)
231
231
  assert payload['sub']
232
232
  end
@@ -851,17 +851,18 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
851
851
  before do
852
852
  @resource = create(:user, :confirmed)
853
853
  @redirect_url = 'http://ng-token-auth.dev'
854
- @config_name = 'altUser'
854
+ # @config_name = 'altUser'
855
855
 
856
856
  params = { email: @resource.email,
857
857
  redirect_url: @redirect_url,
858
- config_name: @config_name }
858
+ # config_name: @config_name
859
+ }
859
860
  get_reset_token params
860
861
  end
861
862
 
862
- test 'config_name param is included in the confirmation email link' do
863
- assert_equal @config_name, @mail_config_name
864
- end
863
+ # test 'config_name param is included in the confirmation email link' do
864
+ # assert_equal @config_name, @mail_config_name
865
+ # end
865
866
  end
866
867
 
867
868
  def get_reset_token(params = nil)
@@ -871,7 +872,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
871
872
  @mail = ActionMailer::Base.deliveries.last
872
873
  @resource.reload
873
874
 
874
- @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
875
+ # @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
875
876
  @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
876
877
  @mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
877
878
  end
@@ -6,9 +6,6 @@ module Overrides
6
6
  @resource = resource_class.confirm_by_token(params[:confirmation_token])
7
7
 
8
8
  if @resource&.id
9
- # token = @resource.create_token
10
- # @resource.save!
11
-
12
9
  update_refresh_token_cookie
13
10
  redirect_header_options = {
14
11
  account_confirmation_success: true,
@@ -19,16 +16,6 @@ module Overrides
19
16
  .merge(redirect_header_options)
20
17
  redirect_to_link = DeviseJwtAuth::Url.generate(params[:redirect_url], redirect_headers)
21
18
  redirect_to redirect_to_link
22
- # redirect_header_options = {
23
- # account_confirmation_success: true,
24
- # config: params[:config],
25
- # override_proof: '(^^,)'
26
- # }
27
- # redirect_headers = build_redirect_headers(token.token,
28
- # token.client,
29
- # redirect_header_options)
30
- # redirect_to(@resource.build_auth_url(params[:redirect_url],
31
- # redirect_headers))
32
19
  else
33
20
  raise ActionController::RoutingError, 'Not Found'
34
21
  end
@@ -11,8 +11,6 @@ module Overrides
11
11
  )
12
12
 
13
13
  if @resource&.id
14
- # token = @resource.create_token
15
-
16
14
  # ensure that user is confirmed
17
15
  @resource.skip_confirmation! unless @resource.confirmed_at
18
16
 
@@ -27,16 +25,6 @@ module Overrides
27
25
  .merge(redirect_header_options)
28
26
  redirect_to_link = DeviseJwtAuth::Url.generate(params[:redirect_url], redirect_headers)
29
27
  redirect_to redirect_to_link
30
-
31
- # redirect_header_options = {
32
- # override_proof: OVERRIDE_PROOF,
33
- # reset_password: true
34
- # }
35
- # redirect_headers = build_redirect_headers(token.token,
36
- # token.client,
37
- # redirect_header_options)
38
- # redirect_to(@resource.build_auth_url(params[:redirect_url],
39
- # redirect_headers))
40
28
  else
41
29
  raise ActionController::RoutingError, 'Not Found'
42
30
  end
@@ -0,0 +1,9 @@
1
+ # frozen_string_literal: true
2
+
3
+ class Mang < ActiveRecord::Base
4
+ # Include default devise modules. Others available are:
5
+ # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
6
+ devise :database_authenticatable, :registerable,
7
+ :recoverable, :rememberable, :validatable
8
+ include DeviseJwtAuth::Concerns::User
9
+ end
@@ -29,13 +29,13 @@ DeviseJwtAuth.setup do |config|
29
29
  # config.access_token_name = 'access-token'
30
30
 
31
31
  # This is the refresh token encryption key. You should set this in an
32
- # environment variable or secret key base that isn't store in a repository.
32
+ # environment variable or secret key base that isn't stored in a repository.
33
33
  # Also, its a good idea to NOT use the same key for access tokens.
34
34
  config.refresh_token_encryption_key = 'your-refresh-token-secret-key-here'
35
35
 
36
- # This is the refresh token encryption key. You should set this in an
37
- # environment variable or secret key base that isn't store in a repository.
38
- # Also, its a good idea to NOT use the same key for access tokens.
36
+ # This is the access token encryption key. You should set this in an
37
+ # environment variable or secret key base that isn't stored in a repository.
38
+ # Also, its a good idea to NOT use the same key for refresh tokens.
39
39
  config.access_token_encryption_key = 'your-access-token-secret-key-here'
40
40
 
41
41
  # This route will be the prefix for all oauth2 redirect callbacks. For
@@ -0,0 +1,9 @@
1
+ Rails.application.routes.draw do
2
+ mount_devise_jwt_auth_for 'User', at: 'auth'
3
+
4
+ mount_devise_jwt_auth_for 'Mang', at: 'mangs'
5
+ as :mang do
6
+ # Define routes for Mang within this block.
7
+ end
8
+ patch '/chong', to: 'bong#index'
9
+ end
@@ -0,0 +1,54 @@
1
+ # frozen_string_literal: true
2
+
3
+ class DeviseJwtAuthCreateMangs < ActiveRecord::Migration[6.0]
4
+ def change
5
+ create_table(:mangs) do |t|
6
+ ## Required
7
+ t.string :provider, null: false, default: 'email'
8
+ t.string :uid, null: false, default: ''
9
+
10
+ ## User Info
11
+ t.string :name
12
+ t.string :nickname
13
+ t.string :image
14
+ t.string :email
15
+
16
+ ## Database authenticatable
17
+ t.string :encrypted_password, null: false, default: ''
18
+
19
+ ## Recoverable
20
+ t.string :reset_password_token
21
+ t.datetime :reset_password_sent_at
22
+ t.boolean :allow_password_change, default: false
23
+
24
+ ## Rememberable
25
+ t.datetime :remember_created_at
26
+
27
+ ## Trackable
28
+ # t.integer :sign_in_count, default: 0, null: false
29
+ # t.datetime :current_sign_in_at
30
+ # t.datetime :last_sign_in_at
31
+ # t.string :current_sign_in_ip
32
+ # t.string :last_sign_in_ip
33
+
34
+ ## Confirmable
35
+ t.string :confirmation_token
36
+ t.datetime :confirmed_at
37
+ t.datetime :confirmation_sent_at
38
+ t.string :unconfirmed_email # Only if using reconfirmable
39
+
40
+ ## Lockable
41
+ # t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
42
+ # t.string :unlock_token # Only if unlock strategy is :email or :both
43
+ # t.datetime :locked_at
44
+
45
+ t.timestamps
46
+ end
47
+
48
+ add_index :mangs, :email, unique: true
49
+ add_index :mangs, [:uid, :provider], unique: true
50
+ add_index :mangs, :reset_password_token, unique: true
51
+ add_index :mangs, :confirmation_token, unique: true
52
+ # add_index :mangs, :unlock_token, unique: true
53
+ end
54
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_jwt_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.6
4
+ version: 0.1.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aaron A
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-06 00:00:00.000000000 Z
11
+ date: 2020-12-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise
@@ -334,10 +334,12 @@ files:
334
334
  - test/dummy/db/migrate/20190924101113_devise_jwt_auth_create_confirmable_users.rb
335
335
  - test/dummy/db/schema.rb
336
336
  - test/dummy/lib/migration_database_helper.rb
337
- - test/dummy/tmp/generators/app/controllers/application_controller.rb
337
+ - test/dummy/tmp/generators/app/models/mang.rb
338
338
  - test/dummy/tmp/generators/app/models/user.rb
339
339
  - test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb
340
- - test/dummy/tmp/generators/db/migrate/20201006030349_devise_jwt_auth_create_users.rb
340
+ - test/dummy/tmp/generators/config/routes.rb
341
+ - test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_mangs.rb
342
+ - test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_users.rb
341
343
  - test/factories/users.rb
342
344
  - test/lib/devise_jwt_auth/blacklist_test.rb
343
345
  - test/lib/devise_jwt_auth/token_factory_test.rb
@@ -392,10 +394,12 @@ test_files:
392
394
  - test/test_helper.rb
393
395
  - test/dummy/lib/migration_database_helper.rb
394
396
  - test/dummy/config.ru
395
- - test/dummy/tmp/generators/db/migrate/20201006030349_devise_jwt_auth_create_users.rb
397
+ - test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_mangs.rb
398
+ - test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_users.rb
399
+ - test/dummy/tmp/generators/config/routes.rb
396
400
  - test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb
401
+ - test/dummy/tmp/generators/app/models/mang.rb
397
402
  - test/dummy/tmp/generators/app/models/user.rb
398
- - test/dummy/tmp/generators/app/controllers/application_controller.rb
399
403
  - test/dummy/db/migrate/20150708104536_devise_jwt_auth_create_unconfirmable_users.rb
400
404
  - test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb
401
405
  - test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb
@@ -1,6 +0,0 @@
1
- class ApplicationController < ActionController::Base
2
- include DeviseJwtAuth::Concerns::SetUserByToken
3
- def whatever
4
- 'whatever'
5
- end
6
- end