devise_jwt_auth 0.1.6 → 0.1.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9c1a405bebeaa7813dc0b99465db4530d29bf458fe392dd968f11b8abc5b11ab
4
- data.tar.gz: d1c81c134b4031df4ef862041a4dfc4a0bc021f2cd538c020c23aaccc485e298
3
+ metadata.gz: 6e367cc70c205aa734cc853ed99f7b69c63a03c6c3c0c16c86b8b0861e8ab0e6
4
+ data.tar.gz: bd0ee641f3e19c7f13ca6c7935635677e1373fc4b6989faa02ddb56cb9914296
5
5
  SHA512:
6
- metadata.gz: 06141ad295c58d63e8f4e87bc26be3af1b223b52ac2a865329c0ea438bfb7409e7e0466ad2fb1a70b156ba773346dca676d04b6f3fe00e1297b900a3cc482bdd
7
- data.tar.gz: b7de2ecb350212b5fc8e91b0066bd5cb5050ca1e5c1c344a116b8d2ce77273b5f8066dc654a26ab0412bb4d8e5b679f4852a16c022cee60a04b0408e2f0a1a12
6
+ metadata.gz: 172caadc1dcd6f5b04c7c000d190a636b350d9706425fbcfa1ce477f6975f0bad0f2aea98d711f7d55fce41e6e023a5a00a9d56253bcc1b8f59603218a8353cb
7
+ data.tar.gz: fe1e7273990e9cdd5a02ed9d122a0dff4e20f354d41c3d96e63c94d313e73f363a877b91ebbe3e623ae7020fffb3951aed1970f07c48db6696dd9ff26e066b43
@@ -20,20 +20,6 @@ module DeviseJwtAuth
20
20
  DeviseJwtAuth.redirect_whitelist && !DeviseJwtAuth::Url.whitelisted?(redirect_url)
21
21
  end
22
22
 
23
- def build_redirect_headers(access_token, _client, redirect_header_options = {})
24
- {
25
- # DeviseJwtAuth.headers_names[:"access-token"] => access_token,
26
- # DeviseJwtAuth.headers_names[:"client"] => client,
27
- config: params[:config],
28
-
29
- # Legacy parameters which may be removed in a future release.
30
- # Consider using "client" and "access-token" in client code.
31
- # See: github.com/lynndylanhurley/devise_jwt_auth/issues/993
32
- # :client_id => client,
33
- token: access_token
34
- }.merge(redirect_header_options)
35
- end
36
-
37
23
  def params_for_resource(resource)
38
24
  devise_parameter_sanitizer.instance_values['permitted'][resource].each do |type|
39
25
  params[type.to_s] ||= request.headers[type.to_s] unless request.headers[type.to_s].nil?
@@ -23,7 +23,7 @@ module DeviseJwtAuth::Concerns::SetUserByToken
23
23
  end
24
24
 
25
25
  # user has already been found and authenticated
26
- return @resource if @resource&.is_a?(rc)
26
+ return @resource if @resource.is_a?(rc)
27
27
 
28
28
  # TODO: Look for the access token in an 'Authentication' header
29
29
  token = request.headers[DeviseJwtAuth.access_token_name]
@@ -67,7 +67,7 @@ module DeviseJwtAuth::Concerns::SetUserByToken
67
67
  end
68
68
 
69
69
  # user has already been found and authenticated
70
- return @resource if @resource&.is_a?(rc)
70
+ return @resource if @resource.is_a?(rc)
71
71
 
72
72
  token = request.cookies[DeviseJwtAuth.refresh_token_name]
73
73
 
@@ -4,7 +4,7 @@ module DeviseJwtAuth
4
4
  class PasswordsController < DeviseJwtAuth::ApplicationController
5
5
  before_action :validate_redirect_url_param, only: [:create, :edit]
6
6
 
7
- # this action is responsible for generating password reset tokens and sending emails
7
+ # This action is responsible for generating password reset tokens and sending emails
8
8
  def create
9
9
  return render_create_error_missing_email unless resource_params[:email]
10
10
 
@@ -16,8 +16,7 @@ module DeviseJwtAuth
16
16
  @resource.send_reset_password_instructions(
17
17
  email: @email,
18
18
  provider: 'email',
19
- redirect_url: @redirect_url,
20
- client_config: params[:config_name]
19
+ redirect_url: @redirect_url
21
20
  )
22
21
 
23
22
  if @resource.errors.empty?
@@ -30,15 +29,11 @@ module DeviseJwtAuth
30
29
  end
31
30
  end
32
31
 
33
- # this is where users arrive after visiting the password reset confirmation link
32
+ # This is where users arrive after visiting the password reset confirmation link.
34
33
  def edit
35
- # if a user is not found, return nil
36
34
  @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])
37
35
 
38
36
  if @resource&.reset_password_period_valid?
39
- # TODO: add a token invalidator
40
- # token = @resource.create_token unless require_client_password_reset_token?
41
-
42
37
  # ensure that user is confirmed
43
38
  @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at
44
39
 
@@ -49,22 +44,16 @@ module DeviseJwtAuth
49
44
  yield @resource if block_given?
50
45
 
51
46
  if require_client_password_reset_token?
47
+ clear_refresh_token_cookie
48
+
52
49
  redirect_to DeviseJwtAuth::Url.generate(
53
50
  @redirect_url,
54
51
  reset_password_token: resource_params[:reset_password_token]
55
52
  )
56
53
  else
57
- redirect_header_options = { reset_password: true }
58
- redirect_headers = @resource.create_named_token_pair
59
- .merge(redirect_header_options)
60
-
61
54
  # TODO: do we put the refresh token here?
62
- # we do if token exists (see line 41)
63
55
  update_refresh_token_cookie
64
-
65
- redirect_to_link = DeviseJwtAuth::Url.generate(@redirect_url, redirect_headers)
66
-
67
- redirect_to redirect_to_link
56
+ redirect_to @redirect_url
68
57
  end
69
58
  else
70
59
  render_edit_error
@@ -72,12 +61,11 @@ module DeviseJwtAuth
72
61
  end
73
62
 
74
63
  def update
75
- # make sure user is authorized
64
+ # Make sure user is authorized. Either by a reset_password_token or a valid access token.
76
65
  if require_client_password_reset_token? && resource_params[:reset_password_token]
77
66
  @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])
78
- return render_update_error_unauthorized unless @resource
79
67
 
80
- # @token = @resource.create_token
68
+ return render_update_error_unauthorized unless @resource
81
69
  else
82
70
  @resource = set_user_by_token
83
71
  end
@@ -2,7 +2,7 @@
2
2
 
3
3
  <p><%= t '.request_reset_link_msg' %></p>
4
4
 
5
- <p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s).html_safe %></p>
5
+ <p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, redirect_url: message['redirect-url'].to_s).html_safe %></p>
6
6
 
7
7
  <p><%= t '.ignore_mail_msg' %></p>
8
8
  <p><%= t '.no_changes_msg' %></p>
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module DeviseJwtAuth
4
- VERSION = '0.1.6'
4
+ VERSION = '0.1.7'
5
5
  end
@@ -29,13 +29,13 @@ DeviseJwtAuth.setup do |config|
29
29
  # config.access_token_name = 'access-token'
30
30
 
31
31
  # This is the refresh token encryption key. You should set this in an
32
- # environment variable or secret key base that isn't store in a repository.
32
+ # environment variable or secret key base that isn't stored in a repository.
33
33
  # Also, its a good idea to NOT use the same key for access tokens.
34
34
  config.refresh_token_encryption_key = 'your-refresh-token-secret-key-here'
35
35
 
36
- # This is the refresh token encryption key. You should set this in an
37
- # environment variable or secret key base that isn't store in a repository.
38
- # Also, its a good idea to NOT use the same key for access tokens.
36
+ # This is the access token encryption key. You should set this in an
37
+ # environment variable or secret key base that isn't stored in a repository.
38
+ # Also, its a good idea to NOT use the same key for refresh tokens.
39
39
  config.access_token_encryption_key = 'your-access-token-secret-key-here'
40
40
 
41
41
  # This route will be the prefix for all oauth2 redirect callbacks. For
@@ -19,7 +19,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
19
19
  @mail = ActionMailer::Base.deliveries.last
20
20
  @resource.reload
21
21
 
22
- @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
22
+ # @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
23
23
  @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
24
24
  @mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
25
25
 
@@ -39,7 +39,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
39
39
  @mail = ActionMailer::Base.deliveries.last
40
40
  @resource.reload
41
41
 
42
- @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
42
+ # @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
43
43
  @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
44
44
  @mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
45
45
 
@@ -109,7 +109,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
109
109
  assert @data['errors']
110
110
  assert_equal @data['errors'],
111
111
  [I18n.t('devise_jwt_auth.passwords.user_not_found',
112
- email: 'chester@cheet.ah')]
112
+ email: 'chester@cheet.ah')]
113
113
  end
114
114
 
115
115
  test 'response should not have refresh cookie' do
@@ -143,7 +143,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
143
143
  @resource.reload
144
144
  @data = JSON.parse(response.body)
145
145
 
146
- @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
146
+ # @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
147
147
  @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
148
148
  @mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
149
149
  end
@@ -178,9 +178,9 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
178
178
  assert_equal @redirect_url, @mail_redirect_url
179
179
  end
180
180
 
181
- test 'the client config name should fall back to "default"' do
182
- assert_equal 'default', @mail_config_name
183
- end
181
+ # test 'the client config name should fall back to "default"' do
182
+ # assert_equal 'default', @mail_config_name
183
+ # end
184
184
 
185
185
  test 'the email body should contain a link with reset token as a query param' do
186
186
  user = User.reset_password_by_token(reset_password_token: @mail_reset_token)
@@ -209,9 +209,9 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
209
209
  raw_qs = response.location.split('?')[1]
210
210
  @qs = Rack::Utils.parse_nested_query(raw_qs)
211
211
 
212
- @access_token = @qs[DeviseJwtAuth.access_token_name]
213
- @reset_password = @qs['reset_password']
214
- @refresh_token = response.cookies[DeviseJwtAuth.refresh_token_name]
212
+ # @access_token = @qs[DeviseJwtAuth.access_token_name]
213
+ # @reset_password = @qs['reset_password']
214
+ @refresh_token = response.cookies[DeviseJwtAuth.refresh_token_name]
215
215
  end
216
216
 
217
217
  test 'response should have success redirect status' do
@@ -219,14 +219,14 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
219
219
  end
220
220
 
221
221
  test 'response should contain auth params' do
222
- assert @access_token
223
- assert @reset_password
222
+ # assert @access_token
223
+ # assert @reset_password
224
224
  assert @refresh_token
225
225
  end
226
226
 
227
227
  test 'access and refresh tokens should be valid' do
228
- payload = DeviseJwtAuth::TokenFactory.decode_access_token(@access_token)
229
- assert payload['sub']
228
+ # payload = DeviseJwtAuth::TokenFactory.decode_access_token(@access_token)
229
+ # assert payload['sub']
230
230
  payload = DeviseJwtAuth::TokenFactory.decode_refresh_token(@refresh_token)
231
231
  assert payload['sub']
232
232
  end
@@ -851,17 +851,18 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
851
851
  before do
852
852
  @resource = create(:user, :confirmed)
853
853
  @redirect_url = 'http://ng-token-auth.dev'
854
- @config_name = 'altUser'
854
+ # @config_name = 'altUser'
855
855
 
856
856
  params = { email: @resource.email,
857
857
  redirect_url: @redirect_url,
858
- config_name: @config_name }
858
+ # config_name: @config_name
859
+ }
859
860
  get_reset_token params
860
861
  end
861
862
 
862
- test 'config_name param is included in the confirmation email link' do
863
- assert_equal @config_name, @mail_config_name
864
- end
863
+ # test 'config_name param is included in the confirmation email link' do
864
+ # assert_equal @config_name, @mail_config_name
865
+ # end
865
866
  end
866
867
 
867
868
  def get_reset_token(params = nil)
@@ -871,7 +872,7 @@ class DeviseJwtAuth::PasswordsControllerTest < ActionController::TestCase
871
872
  @mail = ActionMailer::Base.deliveries.last
872
873
  @resource.reload
873
874
 
874
- @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
875
+ # @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
875
876
  @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
876
877
  @mail_reset_token = @mail.body.match(/reset_password_token=(.*)"/)[1]
877
878
  end
@@ -6,9 +6,6 @@ module Overrides
6
6
  @resource = resource_class.confirm_by_token(params[:confirmation_token])
7
7
 
8
8
  if @resource&.id
9
- # token = @resource.create_token
10
- # @resource.save!
11
-
12
9
  update_refresh_token_cookie
13
10
  redirect_header_options = {
14
11
  account_confirmation_success: true,
@@ -19,16 +16,6 @@ module Overrides
19
16
  .merge(redirect_header_options)
20
17
  redirect_to_link = DeviseJwtAuth::Url.generate(params[:redirect_url], redirect_headers)
21
18
  redirect_to redirect_to_link
22
- # redirect_header_options = {
23
- # account_confirmation_success: true,
24
- # config: params[:config],
25
- # override_proof: '(^^,)'
26
- # }
27
- # redirect_headers = build_redirect_headers(token.token,
28
- # token.client,
29
- # redirect_header_options)
30
- # redirect_to(@resource.build_auth_url(params[:redirect_url],
31
- # redirect_headers))
32
19
  else
33
20
  raise ActionController::RoutingError, 'Not Found'
34
21
  end
@@ -11,8 +11,6 @@ module Overrides
11
11
  )
12
12
 
13
13
  if @resource&.id
14
- # token = @resource.create_token
15
-
16
14
  # ensure that user is confirmed
17
15
  @resource.skip_confirmation! unless @resource.confirmed_at
18
16
 
@@ -27,16 +25,6 @@ module Overrides
27
25
  .merge(redirect_header_options)
28
26
  redirect_to_link = DeviseJwtAuth::Url.generate(params[:redirect_url], redirect_headers)
29
27
  redirect_to redirect_to_link
30
-
31
- # redirect_header_options = {
32
- # override_proof: OVERRIDE_PROOF,
33
- # reset_password: true
34
- # }
35
- # redirect_headers = build_redirect_headers(token.token,
36
- # token.client,
37
- # redirect_header_options)
38
- # redirect_to(@resource.build_auth_url(params[:redirect_url],
39
- # redirect_headers))
40
28
  else
41
29
  raise ActionController::RoutingError, 'Not Found'
42
30
  end
@@ -0,0 +1,9 @@
1
+ # frozen_string_literal: true
2
+
3
+ class Mang < ActiveRecord::Base
4
+ # Include default devise modules. Others available are:
5
+ # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
6
+ devise :database_authenticatable, :registerable,
7
+ :recoverable, :rememberable, :validatable
8
+ include DeviseJwtAuth::Concerns::User
9
+ end
@@ -29,13 +29,13 @@ DeviseJwtAuth.setup do |config|
29
29
  # config.access_token_name = 'access-token'
30
30
 
31
31
  # This is the refresh token encryption key. You should set this in an
32
- # environment variable or secret key base that isn't store in a repository.
32
+ # environment variable or secret key base that isn't stored in a repository.
33
33
  # Also, its a good idea to NOT use the same key for access tokens.
34
34
  config.refresh_token_encryption_key = 'your-refresh-token-secret-key-here'
35
35
 
36
- # This is the refresh token encryption key. You should set this in an
37
- # environment variable or secret key base that isn't store in a repository.
38
- # Also, its a good idea to NOT use the same key for access tokens.
36
+ # This is the access token encryption key. You should set this in an
37
+ # environment variable or secret key base that isn't stored in a repository.
38
+ # Also, its a good idea to NOT use the same key for refresh tokens.
39
39
  config.access_token_encryption_key = 'your-access-token-secret-key-here'
40
40
 
41
41
  # This route will be the prefix for all oauth2 redirect callbacks. For
@@ -0,0 +1,9 @@
1
+ Rails.application.routes.draw do
2
+ mount_devise_jwt_auth_for 'User', at: 'auth'
3
+
4
+ mount_devise_jwt_auth_for 'Mang', at: 'mangs'
5
+ as :mang do
6
+ # Define routes for Mang within this block.
7
+ end
8
+ patch '/chong', to: 'bong#index'
9
+ end
@@ -0,0 +1,54 @@
1
+ # frozen_string_literal: true
2
+
3
+ class DeviseJwtAuthCreateMangs < ActiveRecord::Migration[6.0]
4
+ def change
5
+ create_table(:mangs) do |t|
6
+ ## Required
7
+ t.string :provider, null: false, default: 'email'
8
+ t.string :uid, null: false, default: ''
9
+
10
+ ## User Info
11
+ t.string :name
12
+ t.string :nickname
13
+ t.string :image
14
+ t.string :email
15
+
16
+ ## Database authenticatable
17
+ t.string :encrypted_password, null: false, default: ''
18
+
19
+ ## Recoverable
20
+ t.string :reset_password_token
21
+ t.datetime :reset_password_sent_at
22
+ t.boolean :allow_password_change, default: false
23
+
24
+ ## Rememberable
25
+ t.datetime :remember_created_at
26
+
27
+ ## Trackable
28
+ # t.integer :sign_in_count, default: 0, null: false
29
+ # t.datetime :current_sign_in_at
30
+ # t.datetime :last_sign_in_at
31
+ # t.string :current_sign_in_ip
32
+ # t.string :last_sign_in_ip
33
+
34
+ ## Confirmable
35
+ t.string :confirmation_token
36
+ t.datetime :confirmed_at
37
+ t.datetime :confirmation_sent_at
38
+ t.string :unconfirmed_email # Only if using reconfirmable
39
+
40
+ ## Lockable
41
+ # t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
42
+ # t.string :unlock_token # Only if unlock strategy is :email or :both
43
+ # t.datetime :locked_at
44
+
45
+ t.timestamps
46
+ end
47
+
48
+ add_index :mangs, :email, unique: true
49
+ add_index :mangs, [:uid, :provider], unique: true
50
+ add_index :mangs, :reset_password_token, unique: true
51
+ add_index :mangs, :confirmation_token, unique: true
52
+ # add_index :mangs, :unlock_token, unique: true
53
+ end
54
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_jwt_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.6
4
+ version: 0.1.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aaron A
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-06 00:00:00.000000000 Z
11
+ date: 2020-12-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise
@@ -334,10 +334,12 @@ files:
334
334
  - test/dummy/db/migrate/20190924101113_devise_jwt_auth_create_confirmable_users.rb
335
335
  - test/dummy/db/schema.rb
336
336
  - test/dummy/lib/migration_database_helper.rb
337
- - test/dummy/tmp/generators/app/controllers/application_controller.rb
337
+ - test/dummy/tmp/generators/app/models/mang.rb
338
338
  - test/dummy/tmp/generators/app/models/user.rb
339
339
  - test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb
340
- - test/dummy/tmp/generators/db/migrate/20201006030349_devise_jwt_auth_create_users.rb
340
+ - test/dummy/tmp/generators/config/routes.rb
341
+ - test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_mangs.rb
342
+ - test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_users.rb
341
343
  - test/factories/users.rb
342
344
  - test/lib/devise_jwt_auth/blacklist_test.rb
343
345
  - test/lib/devise_jwt_auth/token_factory_test.rb
@@ -392,10 +394,12 @@ test_files:
392
394
  - test/test_helper.rb
393
395
  - test/dummy/lib/migration_database_helper.rb
394
396
  - test/dummy/config.ru
395
- - test/dummy/tmp/generators/db/migrate/20201006030349_devise_jwt_auth_create_users.rb
397
+ - test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_mangs.rb
398
+ - test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_users.rb
399
+ - test/dummy/tmp/generators/config/routes.rb
396
400
  - test/dummy/tmp/generators/config/initializers/devise_jwt_auth.rb
401
+ - test/dummy/tmp/generators/app/models/mang.rb
397
402
  - test/dummy/tmp/generators/app/models/user.rb
398
- - test/dummy/tmp/generators/app/controllers/application_controller.rb
399
403
  - test/dummy/db/migrate/20150708104536_devise_jwt_auth_create_unconfirmable_users.rb
400
404
  - test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb
401
405
  - test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb
@@ -1,6 +0,0 @@
1
- class ApplicationController < ActionController::Base
2
- include DeviseJwtAuth::Concerns::SetUserByToken
3
- def whatever
4
- 'whatever'
5
- end
6
- end