devise_token_auth 0.1.32.beta10 → 0.1.32

data/app/controllers/devise_token_auth/token_validations_controller.rb

@@ -6,6 +6,7 @@ module DeviseTokenAuth
     def validate_token
       # @resource will have been set by set_user_token concern
       if @resource
+        yield if block_given?
         render json: {
           success: true,
           data: @resource.token_validation_response
@@ -13,7 +14,7 @@ module DeviseTokenAuth
       else
         render json: {
           success: false,
-          errors: ["Invalid login credentials"]
+          errors: [I18n.t("devise_token_auth.token_validations.invalid")]
         }, status: 401
       end
     end

data/app/models/devise_token_auth/concerns/user.rb

@@ -21,7 +21,9 @@ module DeviseTokenAuth::Concerns::User
       self.devise_modules.delete(:omniauthable)
     end
 
-    serialize :tokens, JSON
+    unless tokens_has_json_column_type?
+      serialize :tokens, JSON
+    end
 
     validates :email, presence: true, email: true, if: Proc.new { |u| u.provider == 'email' }
     validates_presence_of :uid, if: Proc.new { |u| u.provider != 'email' }
@@ -76,18 +78,21 @@ module DeviseTokenAuth::Concerns::User
       # fall back to "default" config name
       opts[:client_config] ||= "default"
 
-      if respond_to?(:pending_reconfirmation?) && pending_reconfirmation?
-        opts[:to] = unconfirmed_email
-      else
-        opts[:to] = email
-      end
-
       send_devise_notification(:reset_password_instructions, token, opts)
 
       token
     end
   end
 
+  module ClassMethods
+    protected
+    
+
+    def tokens_has_json_column_type?
+      table_exists? && self.columns_hash['tokens'] && self.columns_hash['tokens'].type.in?([:json, :jsonb])
+    end
+  end
+
 
   def valid_token?(token, client_id='default')
     client_id ||= 'default'
@@ -218,16 +223,14 @@ module DeviseTokenAuth::Concerns::User
   protected
 
 
-  # NOTE: ensure that fragment comes AFTER querystring for proper $location
-  # parsing using AngularJS.
   def generate_url(url, params = {})
     uri = URI(url)
 
     res = "#{uri.scheme}://#{uri.host}"
     res += ":#{uri.port}" if (uri.port and uri.port != 80 and uri.port != 443)
     res += "#{uri.path}" if uri.path
-    res += "##{uri.fragment}" if uri.fragment
     res += "?#{params.to_query}"
+    res += "##{uri.fragment}" if uri.fragment
 
     return res
   end
@@ -248,10 +251,12 @@ module DeviseTokenAuth::Concerns::User
   end
 
   def destroy_expired_tokens
-    self.tokens.delete_if{|cid,v|
-      expiry = v[:expiry] || v["expiry"]
-      DateTime.strptime(expiry.to_s, '%s') < Time.now
-    }
+    if self.tokens
+      self.tokens.delete_if do |cid, v|
+        expiry = v[:expiry] || v["expiry"]
+        DateTime.strptime(expiry.to_s, '%s') < Time.now
+      end
+    end
   end
 
 end

data/app/validators/email_validator.rb

@@ -1,7 +1,7 @@
 class EmailValidator < ActiveModel::EachValidator
   def validate_each(record, attribute, value)
     unless value =~ /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
-      record.errors[attribute] << (options[:message] || 'is not an email')
+      record.errors[attribute] << (options[:message] || I18n.t("errors.not_email"))
     end
   end
 end

data/config/locales/en.yml

@@ -0,0 +1,30 @@
+en:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "A confirmation email was sent to your account at %{email}. You must follow the instructions in the email before your account can be activated"
+      bad_credentials: "Invalid login credentials. Please try again."
+      not_supported: "Use POST /sign_in to sign in. GET is not supported."
+      user_not_found: "User was not found or was not logged in."
+    token_validations:
+      invalid: "Invalid login credentials"
+    registrations:
+      missing_confirm_success_url: "Missing `confirm_success_url` param."
+      redirect_url_not_allowed: "Redirect to %{redirect_url} not allowed."
+      email_already_exists: "An account already exists for %{email}"
+      account_with_uid_destroyed: "Account with uid %{uid} has been destroyed."
+      account_to_destroy_not_found: "Unable to locate account for destruction."
+      user_not_found: "User not found."
+    passwords:
+      missing_email: "You must provide an email address."
+      missing_redirect_url: "Missing redirect url."
+      not_allowed_redirect_url: "Redirect to %{redirect_url} not allowed."
+      sended: "An email has been sent to %{email} containing instructions for resetting your password."
+      user_not_found: "Unable to find user with email '%{email}'."
+      password_not_required: "This account does not require a password. Sign in using your %{provider} account instead."
+      missing_passwords: 'You must fill out the fields labeled "password" and "password confirmation".'
+      successfully_updated: "Your password has been successfully updated."
+
+  errors:
+    validate_sign_up_params: "Please submit proper sign up data in request body."
+    validate_account_update_params: "Please submit proper account update data in request body."
+    not_email: "is not an email"

data/config/locales/es.yml

@@ -0,0 +1,30 @@
+es:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "Un correo electrónico de confirmación de su cuenta ha sido enviado a %{email}. Por favor, siga las instrucciones para validar su cuenta"
+      bad_credentials: "Identidad o contraseña no válida."
+      not_supported: "Use POST /sign_in para la conexión. GET no esta disponible."
+      user_not_found: "Usuario desconocido o no está conectado."
+    token_validations:
+      invalid: "Identidad o contraseña no válida."
+    registrations:
+      missing_confirm_success_url: "El parámetro `confirm_success_url` no esta presente."
+      redirect_url_not_allowed: "Redirección hacia %{redirect_url} no esta permitida."
+      email_already_exists: "Una cuenta ya existe con este correo electrónico: %{email}"
+      account_with_uid_destroyed: "La cuenta con el identificador %{uid} se ha eliminado."
+      account_to_destroy_not_found: "No se puede encontrar la cuenta a borrar."
+      user_not_found: "Usuario no encontrado."
+    passwords:
+      missing_email: "Debe incluir un correo electrónico."
+      missing_redirect_url: "Falta el Url de redirección."
+      not_allowed_redirect_url: "Redirección hacia %{redirect_url} no esta permitida."
+      sended: "Un correo electrónico ha sido enviado a %{email} con las instrucciones para restablecer su contraseña."
+      user_not_found: "No se pudo encontrar un usuario con este correo electrónico: '%{email}'."
+      password_not_required: "Esta cuenta no requiere contraseña. Iniciar sesión utilizando %{provider}."
+      missing_passwords: 'Debe llenar los campos "contraseña" y "confirmación de contraseña".'
+      successfully_updated: "Su contraseña ha sido actualizada con éxito."
+
+  errors:
+    validate_sign_up_params: "Los datos introducidos en la solicitud de acceso no son válidos."
+    validate_account_update_params: "Los datos introducidos en la solicitud de actualización no son válidos."
+    not_email: "no es un correo electrónico"

data/config/locales/fr.yml

@@ -0,0 +1,30 @@
+fr:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "Une email de confirmation de votre compte a été envoyé à %{email}. Merci de suivre les instructions afin de valider votre compte"
+      bad_credentials: "Mot de passe ou identifiant invalide."
+      not_supported: "Utilisez POST /sign_in pour la connexion. GET n'est pas supporté."
+      user_not_found: "L'utilisateur est inconnu ou n'est pas connecté."
+    token_validations:
+      invalid: "Mot de passe ou identifiant invalide."
+    registrations:
+      missing_confirm_success_url: "Le paramètre `confirm_success_url` est manquant."
+      redirect_url_not_allowed: "Redirection vers %{redirect_url} n'est pas autorisée."
+      email_already_exists: "Un compte existe déjà avec cet email: %{email}"
+      account_with_uid_destroyed: "Le compte avec l'identifiant %{uid} a été supprimé."
+      account_to_destroy_not_found: "Impossible de trouver le compte à supprimer."
+      user_not_found: "Utilisateur non trouvé."
+    passwords:
+      missing_email: "Vous devez soumettre un email."
+      missing_redirect_url: "Url de redirection manquante."
+      not_allowed_redirect_url: "Redirection vers %{redirect_url} n'est pas autorisée."
+      sended: "Un email a été envoyé à %{email} avec les instructions pour réinitialiser votre mot de passe."
+      user_not_found: "Impossible de trouver un utilisateur avec cet email: '%{email}'."
+      password_not_required: "Ce compte ne demande pas de mot de passe. Connectez vous plutôt en utilisant %{provider}."
+      missing_passwords: 'Vous devez remplir les champs "mt de passe" et "confirmation de mot de passe".'
+      successfully_updated: "Votre mot de passe a été correctement mis à jour."
+
+  errors:
+    validate_sign_up_params: "Les données de l'inscription dans le corps de la requête ne sont pas valides."
+    validate_account_update_params: "Les données de mise à jour dans le corps de la requête ne sont pas valides."
+    not_email: "n'est pas un email"

data/lib/devise_token_auth/engine.rb

@@ -15,15 +15,17 @@ module DeviseTokenAuth
                  :omniauth_prefix,
                  :default_confirm_success_url,
                  :default_password_reset_url,
-                 :redirect_whitelist
+                 :redirect_whitelist,
+                 :check_current_password_before_update
 
-  self.change_headers_on_each_request = true
-  self.token_lifespan                 = 2.weeks
-  self.batch_request_buffer_throttle  = 5.seconds
-  self.omniauth_prefix                = '/omniauth'
-  self.default_confirm_success_url    = nil
-  self.default_password_reset_url     = nil
-  self.redirect_whitelist             = nil
+  self.change_headers_on_each_request       = true
+  self.token_lifespan                       = 2.weeks
+  self.batch_request_buffer_throttle        = 5.seconds
+  self.omniauth_prefix                      = '/omniauth'
+  self.default_confirm_success_url          = nil
+  self.default_password_reset_url           = nil
+  self.redirect_whitelist                   = nil
+  self.check_current_password_before_update = false
 
   def self.setup(&block)
     yield self

data/lib/devise_token_auth/version.rb

@@ -1,3 +1,3 @@
 module DeviseTokenAuth
-  VERSION = "0.1.32.beta10"
+  VERSION = "0.1.32"
 end

data/lib/generators/devise_token_auth/install_generator.rb

@@ -115,5 +115,33 @@ module DeviseTokenAuth
       end
       match
     end
+
+    def json_supported_database?
+      (postgres? && postgres_correct_version?) || (mysql? && mysql_correct_version?)
+    end
+
+    def postgres?
+      database_name == 'ActiveRecord::ConnectionAdapters::PostgreSQLAdapter'
+    end
+
+    def postgres_correct_version?
+      database_version > '9.3'
+    end
+
+    def mysql?
+      database_name == 'ActiveRecord::ConnectionAdapters::MysqlAdapter'
+    end
+
+    def mysql_correct_version?
+      database_version > '5.7.7'
+    end
+
+    def database_name
+      ActiveRecord::Base.connection.class.name
+    end
+
+    def database_version
+      ActiveRecord::Base.connection.select_value('SELECT VERSION()')
+    end
   end
 end

data/lib/generators/devise_token_auth/templates/devise_token_auth.rb

@@ -19,4 +19,10 @@ DeviseTokenAuth.setup do |config|
   # example, using the default '/omniauth', the github oauth2 provider will
   # redirect successful authentications to '/omniauth/github/callback'
   #config.omniauth_prefix = "/omniauth"
+
+  # By defult sending current password is not needed for the password update.
+  # Uncomment to enforce current_password param to be checked before all
+  # attribute updates. Set it to :password if you want it to be checked only if
+  # password is updated.
+  # config.check_current_password_before_update = :attributes
 end

data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb

@@ -2,7 +2,7 @@ class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
   def change
     create_table(:<%= user_class.pluralize.underscore %>) do |t|
       ## Required
-      t.string :provider, :null => false
+      t.string :provider, :null => false, :default => "email"
       t.string :uid, :null => false, :default => ""
 
       ## Database authenticatable
@@ -40,7 +40,7 @@ class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
       t.string :email
 
       ## Tokens
-      t.text :tokens
+      <%= json_supported_database? ? 't.json :tokens' : 't.text :tokens' %>
 
       t.timestamps
     end

data/test/controllers/custom/custom_confirmations_controller_test.rb

@@ -0,0 +1,26 @@
+require 'test_helper'
+
+class Custom::ConfirmationsControllerTest < ActionController::TestCase
+
+  describe Custom::ConfirmationsController do
+
+    before do
+      @redirect_url = Faker::Internet.url
+      @new_user = users(:unconfirmed_email_user)
+      @new_user.send_confirmation_instructions({
+        redirect_url: @redirect_url
+      })
+      @mail          = ActionMailer::Base.deliveries.last
+      @token         = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
+      @client_config = @mail.body.match(/config=([^&]*)&/)[1]
+
+      get :show, {confirmation_token: @token, redirect_url: @redirect_url}
+    end
+
+    test "yield resource to block on show success" do
+      assert @controller.show_block_called?, "show failed to yield resource to provided block"
+    end
+
+  end
+
+end

data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb

@@ -0,0 +1,29 @@
+require 'test_helper'
+
+class Custom::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
+
+  describe Custom::OmniauthCallbacksController do
+
+    setup do
+      OmniAuth.config.test_mode = true
+      OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new({
+        :provider => 'facebook',
+        :uid => '123545',
+        :info => {
+          name: 'swong',
+          email: 'swongsong@yandex.ru'
+        }
+      })
+    end
+
+    test "yield resource to block on omniauth_sucess success" do
+      @redirect_url = "http://ng-token-auth.dev/"
+      get_via_redirect '/nice_user_auth/facebook', {
+        auth_origin_url: @redirect_url
+      }
+      assert @controller.omniauth_success_block_called?, "omniauth_success failed to yield resource to provided block"
+    end
+
+  end
+
+end

data/test/controllers/custom/custom_passwords_controller_test.rb

@@ -0,0 +1,66 @@
+require 'test_helper'
+
+class Custom::PasswordsControllerTest < ActionController::TestCase
+
+  describe Custom::PasswordsController do
+
+    before do
+      @resource = users(:confirmed_email_user)
+      @redirect_url = 'http://ng-token-auth.dev'
+    end
+
+    test "yield resource to block on create success" do
+      post :create, {
+        email:        @resource.email,
+        redirect_url: @redirect_url
+      }
+
+      @mail = ActionMailer::Base.deliveries.last
+      @resource.reload
+
+      @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
+      @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
+      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)\"/)[1]
+
+      assert @controller.create_block_called?, "create failed to yield resource to provided block"
+    end
+
+    test "yield resource to block on edit success" do
+      @resource = users(:unconfirmed_email_user)
+      @redirect_url = 'http://ng-token-auth.dev'
+
+      xhr :post, :create, {
+        email:        @resource.email,
+        redirect_url: @redirect_url
+      }
+
+      @mail = ActionMailer::Base.deliveries.last
+      @resource.reload
+
+      @mail_config_name  = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
+      @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
+      @mail_reset_token  = @mail.body.match(/reset_password_token=(.*)\"/)[1]
+
+      xhr :get, :edit, {
+        reset_password_token: @mail_reset_token,
+        redirect_url: @mail_redirect_url
+      }
+
+      @resource.reload
+      assert @controller.edit_block_called?, "edit failed to yield resource to provided block"
+    end
+
+    test "yield resource to block on update success" do
+      @auth_headers = @resource.create_new_auth_token
+      request.headers.merge!(@auth_headers)
+      @new_password = Faker::Internet.password
+      put :update, {
+        password: @new_password,
+        password_confirmation: @new_password
+      }
+      assert @controller.update_block_called?, "update failed to yield resource to provided block"
+    end
+
+  end
+
+end

data/test/controllers/custom/custom_registrations_controller_test.rb

@@ -35,7 +35,7 @@ class Custom::RegistrationsControllerTest < ActionDispatch::IntegrationTest
 
     test "yield resource to block on destroy success" do
       delete '/nice_user_auth', @auth_headers
-      assert @controller.destroy_block_called?, "update failed to yield resource to provided block"
+      assert @controller.destroy_block_called?, "destroy failed to yield resource to provided block"
     end
 
   end

data/test/controllers/custom/custom_sessions_controller_test.rb

@@ -0,0 +1,30 @@
+require 'test_helper'
+
+class Custom::SessionsControllerTest < ActionController::TestCase
+
+  describe Custom::SessionsController do
+
+    before do
+      @existing_user = users(:confirmed_email_user)
+      @existing_user.skip_confirmation!
+      @existing_user.save!
+    end
+
+    test "yield resource to block on create success" do
+      post :create, {
+        email: @existing_user.email,
+        password: 'secret123'
+      }
+      assert @controller.create_block_called?, "create failed to yield resource to provided block"
+    end
+
+    test "yield resource to block on destroy success" do
+      @auth_headers = @existing_user.create_new_auth_token
+      request.headers.merge!(@auth_headers)
+      delete :destroy, format: :json
+      assert @controller.destroy_block_called?, "destroy failed to yield resource to provided block"
+    end
+
+  end
+
+end