devise_jwt_auth 0.1.7 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/devise_jwt_auth/concerns/resource_finder.rb +1 -1
- data/app/controllers/devise_jwt_auth/omniauth_callbacks_controller.rb +7 -14
- data/app/models/devise_jwt_auth/concerns/confirmable_support.rb +2 -12
- data/app/models/devise_jwt_auth/concerns/user.rb +0 -2
- data/app/validators/devise_jwt_auth_email_validator.rb +12 -3
- data/lib/devise_jwt_auth/blacklist.rb +1 -1
- data/lib/devise_jwt_auth/version.rb +1 -1
- data/lib/generators/devise_jwt_auth/USAGE +1 -1
- data/lib/generators/devise_jwt_auth/install_generator_helpers.rb +1 -1
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +1 -1
- data/test/controllers/custom/custom_passwords_controller_test.rb +2 -2
- data/test/controllers/demo_group_controller_test.rb +0 -24
- data/test/controllers/demo_mang_controller_test.rb +0 -216
- data/test/controllers/demo_user_controller_test.rb +1 -411
- data/test/controllers/devise_jwt_auth/omniauth_callbacks_controller_test.rb +3 -3
- data/test/controllers/devise_jwt_auth/passwords_controller_test.rb +5 -5
- data/test/controllers/devise_jwt_auth/registrations_controller_test.rb +0 -12
- data/test/controllers/overrides/passwords_controller_test.rb +0 -5
- data/test/dummy/config/environments/development.rb +2 -2
- data/test/dummy/config/initializers/devise_jwt_auth.rb +1 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/config.ru +1 -1
- data/test/dummy/tmp/generators/app/models/user.rb +8 -9
- data/test/dummy/tmp/generators/db/migrate/{20201208044024_devise_jwt_auth_create_users.rb → 20220123023137_devise_jwt_auth_create_users.rb} +1 -1
- data/test/lib/devise_jwt_auth/blacklist_test.rb +2 -2
- data/test/lib/devise_jwt_auth/token_factory_test.rb +1 -1
- data/test/models/user_test.rb +0 -36
- metadata +6 -24
- data/test/dummy/tmp/generators/app/models/mang.rb +0 -9
- data/test/dummy/tmp/generators/config/routes.rb +0 -9
- data/test/dummy/tmp/generators/db/migrate/20201208044024_devise_jwt_auth_create_mangs.rb +0 -54
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f4dbb49ae0d62dcc2e5b23374e972178509d1e936c1246d85828631ceb07b65a
|
4
|
+
data.tar.gz: d4d15235f408dce8fd1c2107007ea4fbf2e48e0ab01315cba67b9f4451fffd92
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a46230b6210496f7ee97b54a357aaf6c36625a7083f33440cf02371914a11bb44329da3516df8b0d6d1bd4524b474715577fc430431d001ef9b6b1bf3b70035e
|
7
|
+
data.tar.gz: bbea37a5d6460fefb600d084d387045d9fefbc14196bdfd23d31d0ae2d8cdb89538d1250781d7a69a379b86a3255397e913610a0d18d30e193220b77ebd6e791
|
@@ -16,7 +16,7 @@ module DeviseJwtAuth::Concerns::ResourceFinder
|
|
16
16
|
end
|
17
17
|
|
18
18
|
def find_resource(field, value)
|
19
|
-
@resource = if resource_class.try(:
|
19
|
+
@resource = if resource_class.try(:connection_db_config).try(:[], :adapter).try(:include?, 'mysql')
|
20
20
|
# fix for mysql default case insensitivity
|
21
21
|
resource_class.where("BINARY #{field} = ? AND provider= ?", value, provider).first
|
22
22
|
else
|
@@ -18,8 +18,8 @@ module DeviseJwtAuth
|
|
18
18
|
|
19
19
|
# preserve omniauth info for success route. ignore 'extra' in twitter
|
20
20
|
# auth response to avoid CookieOverflow.
|
21
|
-
session['
|
22
|
-
session['
|
21
|
+
session['dja.omniauth.auth'] = request.env['omniauth.auth'].except('extra')
|
22
|
+
session['dja.omniauth.params'] = request.env['omniauth.params']
|
23
23
|
|
24
24
|
redirect_to redirect_route
|
25
25
|
end
|
@@ -90,7 +90,7 @@ module DeviseJwtAuth
|
|
90
90
|
# it. redirect_callbacks is called upon returning from successful omniauth
|
91
91
|
# authentication, and the target params live in an omniauth-specific
|
92
92
|
# request.env variable. this variable is then persisted thru the redirect
|
93
|
-
# using our own
|
93
|
+
# using our own dja.omniauth.params session var. the omniauth_success
|
94
94
|
# method will access that session var and then destroy it immediately
|
95
95
|
# after use. In the failure case, finally, the omniauth params
|
96
96
|
# are added as query params in our monkey patch to OmniAuth in engine.rb
|
@@ -98,8 +98,8 @@ module DeviseJwtAuth
|
|
98
98
|
unless defined?(@_omniauth_params)
|
99
99
|
if request.env['omniauth.params']&.any?
|
100
100
|
@_omniauth_params = request.env['omniauth.params']
|
101
|
-
elsif session['
|
102
|
-
@_omniauth_params ||= session.delete('
|
101
|
+
elsif session['dja.omniauth.params']&.any?
|
102
|
+
@_omniauth_params ||= session.delete('dja.omniauth.params')
|
103
103
|
@_omniauth_params
|
104
104
|
elsif params['omniauth_window_type']
|
105
105
|
@_omniauth_params =
|
@@ -163,11 +163,11 @@ module DeviseJwtAuth
|
|
163
163
|
omniauth_params['omniauth_window_type']
|
164
164
|
end
|
165
165
|
|
166
|
-
# this
|
166
|
+
# this session value is set by the redirect_callbacks method. its purpose
|
167
167
|
# is to persist the omniauth auth hash value thru a redirect. the value
|
168
168
|
# must be destroyed immediatly after it is accessed by omniauth_success
|
169
169
|
def auth_hash
|
170
|
-
@_auth_hash ||= session.delete('
|
170
|
+
@_auth_hash ||= session.delete('dja.omniauth.auth')
|
171
171
|
@_auth_hash
|
172
172
|
end
|
173
173
|
|
@@ -190,13 +190,6 @@ module DeviseJwtAuth
|
|
190
190
|
config: @config,
|
191
191
|
uid: @resource.uid
|
192
192
|
)
|
193
|
-
# @auth_params = {
|
194
|
-
# auth_token: @token.token,
|
195
|
-
# client_id: @token.client,
|
196
|
-
# uid: @resource.uid,
|
197
|
-
# expiry: @token.expiry,
|
198
|
-
# config: @config
|
199
|
-
# }
|
200
193
|
@auth_params.merge!(oauth_registration: true) if @oauth_registration
|
201
194
|
@auth_params
|
202
195
|
end
|
@@ -9,22 +9,12 @@ module DeviseJwtAuth::Concerns::ConfirmableSupport
|
|
9
9
|
# for not to use `will_save_change_to_email?` & `email_changed?` methods.
|
10
10
|
def postpone_email_change?
|
11
11
|
postpone = self.class.reconfirmable &&
|
12
|
-
|
12
|
+
email_was != email &&
|
13
13
|
!@bypass_confirmation_postpone &&
|
14
14
|
email.present? &&
|
15
|
-
(!@skip_reconfirmation_in_callback || !
|
15
|
+
(!@skip_reconfirmation_in_callback || !email_was.nil?)
|
16
16
|
@bypass_confirmation_postpone = false
|
17
17
|
postpone
|
18
18
|
end
|
19
19
|
end
|
20
|
-
|
21
|
-
protected
|
22
|
-
|
23
|
-
def email_value_in_database
|
24
|
-
if Devise.rails51? && respond_to?(:email_in_database)
|
25
|
-
email_in_database
|
26
|
-
else
|
27
|
-
email_was
|
28
|
-
end
|
29
|
-
end
|
30
20
|
end
|
@@ -2,10 +2,19 @@
|
|
2
2
|
|
3
3
|
# Email field validator.
|
4
4
|
class DeviseJwtAuthEmailValidator < ActiveModel::EachValidator
|
5
|
-
|
6
|
-
|
5
|
+
EMAIL_REGEXP = /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
|
6
|
+
|
7
|
+
class << self
|
8
|
+
def validate?(email)
|
9
|
+
email =~ EMAIL_REGEXP
|
10
|
+
end
|
11
|
+
end
|
7
12
|
|
8
|
-
|
13
|
+
def validate_each(record, attribute, value)
|
14
|
+
unless DeviseJwtAuthEmailValidator.validate?(value)
|
15
|
+
# record.errors[attribute] << email_invalid_message
|
16
|
+
record.errors.add(attribute, email_invalid_message)
|
17
|
+
end
|
9
18
|
end
|
10
19
|
|
11
20
|
private
|
@@ -8,7 +8,7 @@ Arguments:
|
|
8
8
|
# 'User'
|
9
9
|
MOUNT_PATH # The path at which to mount the authentication routes. Default is
|
10
10
|
# 'auth'. More detail documentation is here:
|
11
|
-
# https://
|
11
|
+
# https://github.com/aarona/devise_jwt_auth
|
12
12
|
|
13
13
|
Example:
|
14
14
|
rails generate devise_jwt_auth:install User auth
|
@@ -19,7 +19,7 @@ class Custom::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
|
|
19
19
|
end
|
20
20
|
|
21
21
|
test 'yield resource to block on omniauth_success success' do
|
22
|
-
@redirect_url = 'http://ng-
|
22
|
+
@redirect_url = 'http://ng-jwt-auth.dev/'
|
23
23
|
get '/nice_user_auth/facebook',
|
24
24
|
params: { auth_origin_url: @redirect_url,
|
25
25
|
omniauth_window_type: 'newWindow' }
|
@@ -8,7 +8,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
|
|
8
8
|
|
9
9
|
before do
|
10
10
|
@resource = create(:user, :confirmed)
|
11
|
-
@redirect_url = 'http://ng-
|
11
|
+
@redirect_url = 'http://ng-jwt-auth.dev'
|
12
12
|
end
|
13
13
|
|
14
14
|
test 'yield resource to block on create success' do
|
@@ -29,7 +29,7 @@ class Custom::PasswordsControllerTest < ActionController::TestCase
|
|
29
29
|
|
30
30
|
test 'yield resource to block on edit success' do
|
31
31
|
@resource = create(:user)
|
32
|
-
@redirect_url = 'http://ng-
|
32
|
+
@redirect_url = 'http://ng-jwt-auth.dev'
|
33
33
|
|
34
34
|
post :create,
|
35
35
|
params: { email: @resource.email,
|
@@ -16,33 +16,17 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest
|
|
16
16
|
@resource = create(:user, :confirmed)
|
17
17
|
@resource_auth_headers = @resource.create_named_token_pair
|
18
18
|
|
19
|
-
# @resource_token = @resource_auth_headers['access-token']
|
20
|
-
# @resource_client_id = @resource_auth_headers['client']
|
21
|
-
# @resource_expiry = @resource_auth_headers['expiry']
|
22
|
-
|
23
19
|
# mang
|
24
20
|
@mang = create(:mang_user, :confirmed)
|
25
21
|
|
26
22
|
@mang_auth_headers = @mang.create_named_token_pair
|
27
|
-
|
28
|
-
# @mang_token = @mang_auth_headers['access-token']
|
29
|
-
# @mang_client_id = @mang_auth_headers['client']
|
30
|
-
# @mang_expiry = @mang_auth_headers['expiry']
|
31
23
|
end
|
32
24
|
|
33
25
|
describe 'user access' do
|
34
26
|
before do
|
35
|
-
# ensure that request is not treated as batch request
|
36
|
-
# age_token(@resource, @resource_client_id)
|
37
|
-
|
38
27
|
get '/demo/members_only_group',
|
39
28
|
params: {},
|
40
29
|
headers: @resource_auth_headers
|
41
|
-
|
42
|
-
@resp_token = response.headers['access-token']
|
43
|
-
@resp_client_id = response.headers['client']
|
44
|
-
@resp_expiry = response.headers['expiry']
|
45
|
-
@resp_uid = response.headers['uid']
|
46
30
|
end
|
47
31
|
|
48
32
|
test 'request is successful' do
|
@@ -82,17 +66,9 @@ class DemoGroupControllerTest < ActionDispatch::IntegrationTest
|
|
82
66
|
|
83
67
|
describe 'mang access' do
|
84
68
|
before do
|
85
|
-
# ensure that request is not treated as batch request
|
86
|
-
# age_token(@mang, @mang_client_id)
|
87
|
-
|
88
69
|
get '/demo/members_only_group',
|
89
70
|
params: {},
|
90
71
|
headers: @mang_auth_headers
|
91
|
-
|
92
|
-
@resp_token = response.headers['access-token']
|
93
|
-
@resp_client_id = response.headers['client']
|
94
|
-
@resp_expiry = response.headers['expiry']
|
95
|
-
@resp_uid = response.headers['uid']
|
96
72
|
end
|
97
73
|
|
98
74
|
test 'request is successful' do
|
@@ -14,25 +14,13 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
14
14
|
before do
|
15
15
|
@resource = create(:mang_user, :confirmed)
|
16
16
|
@auth_headers = @resource.create_named_token_pair
|
17
|
-
|
18
|
-
# @token = @auth_headers['access-token']
|
19
|
-
# @client_id = @auth_headers['client']
|
20
|
-
# @expiry = @auth_headers['expiry']
|
21
17
|
end
|
22
18
|
|
23
19
|
describe 'successful request' do
|
24
20
|
before do
|
25
|
-
# ensure that request is not treated as batch request
|
26
|
-
# age_token(@resource, @client_id)
|
27
|
-
|
28
21
|
get '/demo/members_only_mang',
|
29
22
|
params: {},
|
30
23
|
headers: @auth_headers
|
31
|
-
|
32
|
-
# @resp_token = response.headers['access-token']
|
33
|
-
# @resp_client_id = response.headers['client']
|
34
|
-
# @resp_expiry = response.headers['expiry']
|
35
|
-
# @resp_uid = response.headers['uid']
|
36
24
|
end
|
37
25
|
|
38
26
|
describe 'devise mappings' do
|
@@ -56,42 +44,6 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
56
44
|
it 'should return success status' do
|
57
45
|
assert_equal 200, response.status
|
58
46
|
end
|
59
|
-
|
60
|
-
# it 'should receive new token after successful request' do
|
61
|
-
# refute_equal @token, @resp_token
|
62
|
-
# end
|
63
|
-
#
|
64
|
-
# it 'should preserve the client id from the first request' do
|
65
|
-
# assert_equal @client_id, @resp_client_id
|
66
|
-
# end
|
67
|
-
#
|
68
|
-
# it "should return the user's uid in the auth header" do
|
69
|
-
# assert_equal @resource.uid, @resp_uid
|
70
|
-
# end
|
71
|
-
#
|
72
|
-
# it 'should not treat this request as a batch request' do
|
73
|
-
# refute assigns(:is_batch_request)
|
74
|
-
# end
|
75
|
-
#
|
76
|
-
# describe 'subsequent requests' do
|
77
|
-
# before do
|
78
|
-
# @resource.reload
|
79
|
-
# # ensure that request is not treated as batch request
|
80
|
-
# # age_token(@resource, @client_id)
|
81
|
-
#
|
82
|
-
# get '/demo/members_only_mang',
|
83
|
-
# params: {},
|
84
|
-
# headers: @auth_headers.merge('access-token' => @resp_token)
|
85
|
-
# end
|
86
|
-
#
|
87
|
-
# it 'should not treat this request as a batch request' do
|
88
|
-
# refute assigns(:is_batch_request)
|
89
|
-
# end
|
90
|
-
#
|
91
|
-
# it 'should allow a new request to be made using new token' do
|
92
|
-
# assert_equal 200, response.status
|
93
|
-
# end
|
94
|
-
# end
|
95
47
|
end
|
96
48
|
|
97
49
|
describe 'failed request' do
|
@@ -109,174 +61,6 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
|
|
109
61
|
assert_equal 401, response.status
|
110
62
|
end
|
111
63
|
end
|
112
|
-
|
113
|
-
# describe 'disable change_headers_on_each_request' do
|
114
|
-
# before do
|
115
|
-
# DeviseJwtAuth.change_headers_on_each_request = false
|
116
|
-
# @resource.reload
|
117
|
-
# # age_token(@resource, @client_id)
|
118
|
-
#
|
119
|
-
# get '/demo/members_only_mang',
|
120
|
-
# params: {},
|
121
|
-
# headers: @auth_headers
|
122
|
-
#
|
123
|
-
# @first_is_batch_request = assigns(:is_batch_request)
|
124
|
-
# @first_user = assigns(:resource).dup
|
125
|
-
# @first_access_token = response.headers['access-token']
|
126
|
-
# @first_response_status = response.status
|
127
|
-
#
|
128
|
-
# @resource.reload
|
129
|
-
# # age_token(@resource, @client_id)
|
130
|
-
#
|
131
|
-
# # use expired auth header
|
132
|
-
# get '/demo/members_only_mang',
|
133
|
-
# params: {},
|
134
|
-
# headers: @auth_headers
|
135
|
-
#
|
136
|
-
# @second_is_batch_request = assigns(:is_batch_request)
|
137
|
-
# @second_user = assigns(:resource).dup
|
138
|
-
# @second_access_token = response.headers['access-token']
|
139
|
-
# @second_response_status = response.status
|
140
|
-
# end
|
141
|
-
#
|
142
|
-
# after do
|
143
|
-
# DeviseJwtAuth.change_headers_on_each_request = true
|
144
|
-
# end
|
145
|
-
#
|
146
|
-
# it 'should allow the first request through' do
|
147
|
-
# assert_equal 200, @first_response_status
|
148
|
-
# end
|
149
|
-
#
|
150
|
-
# it 'should allow the second request through' do
|
151
|
-
# assert_equal 200, @second_response_status
|
152
|
-
# end
|
153
|
-
#
|
154
|
-
# it 'should return auth headers from the first request' do
|
155
|
-
# assert @first_access_token
|
156
|
-
# end
|
157
|
-
#
|
158
|
-
# it 'should not treat either requests as batch requests' do
|
159
|
-
# refute @first_is_batch_request
|
160
|
-
# refute @second_is_batch_request
|
161
|
-
# end
|
162
|
-
#
|
163
|
-
# it 'should return auth headers from the second request' do
|
164
|
-
# assert @second_access_token
|
165
|
-
# end
|
166
|
-
#
|
167
|
-
# it 'should define user during first request' do
|
168
|
-
# assert @first_user
|
169
|
-
# end
|
170
|
-
#
|
171
|
-
# it 'should define user during second request' do
|
172
|
-
# assert @second_user
|
173
|
-
# end
|
174
|
-
# end
|
175
|
-
#
|
176
|
-
# describe 'batch requests' do
|
177
|
-
# describe 'success' do
|
178
|
-
# before do
|
179
|
-
# # age_token(@resource, @client_id)
|
180
|
-
#
|
181
|
-
# get '/demo/members_only_mang',
|
182
|
-
# params: {},
|
183
|
-
# headers: @auth_headers
|
184
|
-
#
|
185
|
-
# @first_is_batch_request = assigns(:is_batch_request)
|
186
|
-
# @first_user = assigns(:resource)
|
187
|
-
# @first_access_token = response.headers['access-token']
|
188
|
-
#
|
189
|
-
# get '/demo/members_only_mang',
|
190
|
-
# params: {},
|
191
|
-
# headers: @auth_headers
|
192
|
-
#
|
193
|
-
# @second_is_batch_request = assigns(:is_batch_request)
|
194
|
-
# @second_user = assigns(:resource)
|
195
|
-
# @second_access_token = response.headers['access-token']
|
196
|
-
# end
|
197
|
-
#
|
198
|
-
# it 'should allow both requests through' do
|
199
|
-
# assert_equal 200, response.status
|
200
|
-
# end
|
201
|
-
#
|
202
|
-
# it 'should not treat the first request as a batch request' do
|
203
|
-
# refute @first_is_batch_request
|
204
|
-
# end
|
205
|
-
#
|
206
|
-
# it 'should treat the second request as a batch request' do
|
207
|
-
# assert @second_is_batch_request
|
208
|
-
# end
|
209
|
-
#
|
210
|
-
# it 'should return access token for first (non-batch) request' do
|
211
|
-
# assert @first_access_token
|
212
|
-
# end
|
213
|
-
#
|
214
|
-
# it 'should not return auth headers for second (batched) requests' do
|
215
|
-
# assert_equal ' ', @second_access_token
|
216
|
-
# end
|
217
|
-
# end
|
218
|
-
#
|
219
|
-
# describe 'time out' do
|
220
|
-
# before do
|
221
|
-
# @resource.reload
|
222
|
-
# # age_token(@resource, @client_id)
|
223
|
-
#
|
224
|
-
# get '/demo/members_only_mang',
|
225
|
-
# params: {},
|
226
|
-
# headers: @auth_headers
|
227
|
-
#
|
228
|
-
# @first_is_batch_request = assigns(:is_batch_request)
|
229
|
-
# @first_user = assigns(:resource).dup
|
230
|
-
# @first_access_token = response.headers['access-token']
|
231
|
-
# @first_response_status = response.status
|
232
|
-
#
|
233
|
-
# @resource.reload
|
234
|
-
# # age_token(@resource, @client_id)
|
235
|
-
#
|
236
|
-
# # use expired auth header
|
237
|
-
# get '/demo/members_only_mang',
|
238
|
-
# params: {},
|
239
|
-
# headers: @auth_headers
|
240
|
-
#
|
241
|
-
# @second_is_batch_request = assigns(:is_batch_request)
|
242
|
-
# @second_user = assigns(:resource)
|
243
|
-
# @second_access_token = response.headers['access-token']
|
244
|
-
# @second_response_status = response.status
|
245
|
-
# end
|
246
|
-
#
|
247
|
-
# it 'should allow the first request through' do
|
248
|
-
# assert_equal 200, @first_response_status
|
249
|
-
# end
|
250
|
-
#
|
251
|
-
# it 'should not allow the second request through' do
|
252
|
-
# assert_equal 401, @second_response_status
|
253
|
-
# end
|
254
|
-
#
|
255
|
-
# it 'should not treat first request as batch request' do
|
256
|
-
# refute @second_is_batch_request
|
257
|
-
# end
|
258
|
-
#
|
259
|
-
# it 'should return auth headers from the first request' do
|
260
|
-
# assert @first_access_token
|
261
|
-
# end
|
262
|
-
#
|
263
|
-
# it 'should not treat second request as batch request' do
|
264
|
-
# refute @second_is_batch_request
|
265
|
-
# end
|
266
|
-
#
|
267
|
-
# it 'should not return auth headers from the second request' do
|
268
|
-
# refute @second_access_token
|
269
|
-
# end
|
270
|
-
#
|
271
|
-
# it 'should define user during first request' do
|
272
|
-
# assert @first_user
|
273
|
-
# end
|
274
|
-
#
|
275
|
-
# it 'should not define user during second request' do
|
276
|
-
# refute @second_user
|
277
|
-
# end
|
278
|
-
# end
|
279
|
-
# end
|
280
64
|
end
|
281
65
|
end
|
282
66
|
end
|