devise_token_auth 0.1.34 → 0.1.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devise_token_auth might be problematic. Click here for more details.

Files changed (29) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +73 -2
  3. data/app/controllers/devise_token_auth/application_controller.rb +1 -0
  4. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +2 -0
  5. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +135 -136
  6. data/app/controllers/devise_token_auth/passwords_controller.rb +112 -65
  7. data/app/controllers/devise_token_auth/registrations_controller.rb +91 -50
  8. data/app/controllers/devise_token_auth/sessions_controller.rb +53 -26
  9. data/app/controllers/devise_token_auth/token_validations_controller.rb +18 -8
  10. data/app/models/devise_token_auth/concerns/user.rb +5 -3
  11. data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
  12. data/config/locales/pl.yml +30 -0
  13. data/lib/devise_token_auth/rails/routes.rb +5 -2
  14. data/lib/devise_token_auth/version.rb +1 -1
  15. data/lib/generators/devise_token_auth/install_generator.rb +11 -0
  16. data/test/controllers/custom/custom_passwords_controller_test.rb +15 -0
  17. data/test/controllers/custom/custom_registrations_controller_test.rb +9 -0
  18. data/test/controllers/custom/custom_sessions_controller_test.rb +9 -0
  19. data/test/controllers/custom/custom_token_validations_controller_test.rb +9 -0
  20. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +4 -4
  21. data/test/dummy/app/controllers/custom/passwords_controller.rb +5 -0
  22. data/test/dummy/app/controllers/custom/registrations_controller.rb +6 -0
  23. data/test/dummy/app/controllers/custom/sessions_controller.rb +6 -0
  24. data/test/dummy/app/controllers/custom/token_validations_controller.rb +6 -0
  25. data/test/dummy/db/test.sqlite3 +0 -0
  26. data/test/dummy/log/test.log +44662 -0
  27. data/test/dummy/tmp/generators/db/migrate/{20150809052321_devise_token_auth_create_users.rb → 20151013023615_devise_token_auth_create_users.rb} +0 -0
  28. metadata +9 -9
  29. data/config/routes.rb +0 -6
data/app/controllers/devise_token_auth/passwords_controller.rb CHANGED
@@ -7,41 +7,31 @@ module DeviseTokenAuth
7
7
  # sending emails
8
8
  def create
9
9
  unless resource_params[:email]
10
- return render json: {
11
- success: false,
12
- errors: [I18n.t("devise_token_auth.passwords.missing_email")]
13
- }, status: 401
10
+ return render_create_error_missing_email
14
11
  end
15
12
 
16
13
  # give redirect value from params priority
17
- redirect_url = params[:redirect_url]
14
+ @redirect_url = params[:redirect_url]
18
15
 
19
16
  # fall back to default value if provided
20
- redirect_url ||= DeviseTokenAuth.default_password_reset_url
17
+ @redirect_url ||= DeviseTokenAuth.default_password_reset_url
21
18
 
22
- unless redirect_url
23
- return render json: {
24
- success: false,
25
- errors: [I18n.t("devise_token_auth.passwords.missing_redirect_url")]
26
- }, status: 401
19
+ unless @redirect_url
20
+ return render_create_error_missing_redirect_url
27
21
  end
28
22
 
29
23
  # if whitelist is set, validate redirect_url against whitelist
30
24
  if DeviseTokenAuth.redirect_whitelist
31
- unless DeviseTokenAuth.redirect_whitelist.include?(redirect_url)
32
- return render json: {
33
- status: 'error',
34
- data: @resource.as_json,
35
- errors: [I18n.t("devise_token_auth.passwords.not_allowed_redirect_url", redirect_url: redirect_url)]
36
- }, status: 403
25
+ unless DeviseTokenAuth.redirect_whitelist.include?(@redirect_url)
26
+ return render_create_error_not_allowed_redirect_url
37
27
  end
38
28
  end
39
29
 
40
30
  # honor devise configuration for case_insensitive_keys
41
31
  if resource_class.case_insensitive_keys.include?(:email)
42
- email = resource_params[:email].downcase
32
+ @email = resource_params[:email].downcase
43
33
  else
44
- email = resource_params[:email]
34
+ @email = resource_params[:email]
45
35
  end
46
36
 
47
37
  q = "uid = ? AND provider='email'"
@@ -51,42 +41,35 @@ module DeviseTokenAuth
51
41
  q = "BINARY uid = ? AND provider='email'"
52
42
  end
53
43
 
54
- @resource = resource_class.where(q, email).first
44
+ @resource = resource_class.where(q, @email).first
55
45
 
56
- errors = nil
57
- error_status = 400
46
+ @errors = nil
47
+ @error_status = 400
58
48
 
59
49
  if @resource
60
50
  yield if block_given?
61
51
  @resource.send_reset_password_instructions({
62
- email: email,
52
+ email: @email,
63
53
  provider: 'email',
64
- redirect_url: redirect_url,
54
+ redirect_url: @redirect_url,
65
55
  client_config: params[:config_name]
66
56
  })
67
57
 
68
58
  if @resource.errors.empty?
69
- render json: {
70
- success: true,
71
- message: I18n.t("devise_token_auth.passwords.sended", email: email)
72
- }
59
+ return render_create_success
73
60
  else
74
- errors = @resource.errors
61
+ @errors = @resource.errors
75
62
  end
76
63
  else
77
- errors = [I18n.t("devise_token_auth.passwords.user_not_found", email: email)]
78
- error_status = 404
64
+ @errors = [I18n.t("devise_token_auth.passwords.user_not_found", email: @email)]
65
+ @error_status = 404
79
66
  end
80
67
 
81
- if errors
82
- render json: {
83
- success: false,
84
- errors: errors,
85
- }, status: error_status
68
+ if @errors
69
+ return render_create_error
86
70
  end
87
71
  end
88
72
 
89
-
90
73
  # this is where users arrive after visiting the password reset confirmation link
91
74
  def edit
92
75
  @resource = resource_class.reset_password_by_token({
@@ -117,54 +100,36 @@ module DeviseTokenAuth
117
100
  config: params[:config]
118
101
  }))
119
102
  else
120
- render json: {
121
- success: false
122
- }, status: 404
103
+ render_edit_error
123
104
  end
124
105
  end
125
106
 
126
107
  def update
127
108
  # make sure user is authorized
128
109
  unless @resource
129
- return render json: {
130
- success: false,
131
- errors: ['Unauthorized']
132
- }, status: 401
110
+ return render_update_error_unauthorized
133
111
  end
134
112
 
135
113
  # make sure account doesn't use oauth2 provider
136
114
  unless @resource.provider == 'email'
137
- return render json: {
138
- success: false,
139
- errors: [I18n.t("devise_token_auth.passwords.password_not_required", provider: @resource.provider.humanize)]
140
- }, status: 422
115
+ return render_update_error_password_not_required
141
116
  end
142
117
 
143
118
  # ensure that password params were sent
144
119
  unless password_resource_params[:password] and password_resource_params[:password_confirmation]
145
- return render json: {
146
- success: false,
147
- errors: [I18n.t("devise_token_auth.passwords.missing_passwords")]
148
- }, status: 422
120
+ return render_update_error_missing_password
149
121
  end
150
122
 
151
123
  if @resource.send(resource_update_method, password_resource_params)
152
124
  yield if block_given?
153
- return render json: {
154
- success: true,
155
- data: {
156
- user: @resource,
157
- message: I18n.t("devise_token_auth.passwords.successfully_updated")
158
- }
159
- }
125
+ return render_update_success
160
126
  else
161
- return render json: {
162
- success: false,
163
- errors: @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
164
- }, status: 422
127
+ return render_update_error
165
128
  end
166
129
  end
167
130
 
131
+ protected
132
+
168
133
  def resource_update_method
169
134
  if DeviseTokenAuth.check_current_password_before_update != false
170
135
  "update_with_password"
@@ -173,13 +138,95 @@ module DeviseTokenAuth
173
138
  end
174
139
  end
175
140
 
176
- def password_resource_params
177
- params.permit(devise_parameter_sanitizer.for(:account_update))
141
+ def render_create_error_missing_email
142
+ render json: {
143
+ success: false,
144
+ errors: [I18n.t("devise_token_auth.passwords.missing_email")]
145
+ }, status: 401
146
+ end
147
+
148
+ def render_create_error_missing_redirect_url
149
+ render json: {
150
+ success: false,
151
+ errors: [I18n.t("devise_token_auth.passwords.missing_redirect_url")]
152
+ }, status: 401
153
+ end
154
+
155
+ def render_create_error_not_allowed_redirect_url
156
+ render json: {
157
+ status: 'error',
158
+ data: @resource.as_json,
159
+ errors: [I18n.t("devise_token_auth.passwords.not_allowed_redirect_url", redirect_url: @redirect_url)]
160
+ }, status: 403
161
+ end
162
+
163
+ def render_create_success
164
+ render json: {
165
+ success: true,
166
+ message: I18n.t("devise_token_auth.passwords.sended", email: @email)
167
+ }
168
+ end
169
+
170
+ def render_create_error
171
+ render json: {
172
+ success: false,
173
+ errors: @errors,
174
+ }, status: @error_status
175
+ end
176
+
177
+ def render_edit_error
178
+ render json: {
179
+ success: false
180
+ }, status: 404
178
181
  end
179
182
 
183
+ def render_update_error_unauthorized
184
+ render json: {
185
+ success: false,
186
+ errors: ['Unauthorized']
187
+ }, status: 401
188
+ end
189
+
190
+ def render_update_error_password_not_required
191
+ render json: {
192
+ success: false,
193
+ errors: [I18n.t("devise_token_auth.passwords.password_not_required", provider: @resource.provider.humanize)]
194
+ }, status: 422
195
+ end
196
+
197
+ def render_update_error_missing_password
198
+ render json: {
199
+ success: false,
200
+ errors: [I18n.t("devise_token_auth.passwords.missing_passwords")]
201
+ }, status: 422
202
+ end
203
+
204
+ def render_update_success
205
+ render json: {
206
+ success: true,
207
+ data: {
208
+ user: @resource,
209
+ message: I18n.t("devise_token_auth.passwords.successfully_updated")
210
+ }
211
+ }
212
+ end
213
+
214
+ def render_update_error
215
+ return render json: {
216
+ success: false,
217
+ errors: @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
218
+ }, status: 422
219
+ end
220
+
221
+ private
222
+
180
223
  def resource_params
181
224
  params.permit(:email, :password, :password_confirmation, :current_password, :reset_password_token)
182
225
  end
183
226
 
227
+ def password_resource_params
228
+ params.permit(devise_parameter_sanitizer.for(:account_update))
229
+ end
230
+
184
231
  end
185
232
  end
data/app/controllers/devise_token_auth/registrations_controller.rb CHANGED
@@ -17,28 +17,20 @@ module DeviseTokenAuth
17
17
  end
18
18
 
19
19
  # give redirect value from params priority
20
- redirect_url = params[:confirm_success_url]
20
+ @redirect_url = params[:confirm_success_url]
21
21
 
22
22
  # fall back to default value if provided
23
- redirect_url ||= DeviseTokenAuth.default_confirm_success_url
23
+ @redirect_url ||= DeviseTokenAuth.default_confirm_success_url
24
24
 
25
25
  # success redirect url is required
26
- if resource_class.devise_modules.include?(:confirmable) && !redirect_url
27
- return render json: {
28
- status: 'error',
29
- data: @resource.as_json,
30
- errors: [I18n.t("devise_token_auth.registrations.missing_confirm_success_url")]
31
- }, status: 403
26
+ if resource_class.devise_modules.include?(:confirmable) && !@redirect_url
27
+ return render_create_error_missing_confirm_success_url
32
28
  end
33
29
 
34
30
  # if whitelist is set, validate redirect_url against whitelist
35
31
  if DeviseTokenAuth.redirect_whitelist
36
- unless DeviseTokenAuth.redirect_whitelist.include?(redirect_url)
37
- return render json: {
38
- status: 'error',
39
- data: @resource.as_json,
40
- errors: [I18n.t("devise_token_auth.registrations.redirect_url_not_allowed", redirect_url: redirect_url)]
41
- }, status: 403
32
+ unless DeviseTokenAuth.redirect_whitelist.include?(@redirect_url)
33
+ return render_create_error_redirect_url_not_allowed
42
34
  end
43
35
  end
44
36
 
@@ -52,7 +44,7 @@ module DeviseTokenAuth
52
44
  # user will require email authentication
53
45
  @resource.send_confirmation_instructions({
54
46
  client_config: params[:config_name],
55
- redirect_url: redirect_url
47
+ redirect_url: @redirect_url
56
48
  })
57
49
 
58
50
  else
@@ -69,26 +61,14 @@ module DeviseTokenAuth
69
61
 
70
62
  update_auth_header
71
63
  end
72
-
73
- render json: {
74
- status: 'success',
75
- data: @resource.as_json
76
- }
64
+ render_create_success
77
65
  else
78
66
  clean_up_passwords @resource
79
- render json: {
80
- status: 'error',
81
- data: @resource.as_json,
82
- errors: @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
83
- }, status: 403
67
+ render_create_error
84
68
  end
85
69
  rescue ActiveRecord::RecordNotUnique
86
70
  clean_up_passwords @resource
87
- render json: {
88
- status: 'error',
89
- data: @resource.as_json,
90
- errors: [I18n.t("devise_token_auth.registrations.email_already_exists", email: @resource.email)]
91
- }, status: 403
71
+ render_create_error_email_already_exists
92
72
  end
93
73
  end
94
74
 
@@ -96,21 +76,12 @@ module DeviseTokenAuth
96
76
  if @resource
97
77
  if @resource.send(resource_update_method, account_update_params)
98
78
  yield @resource if block_given?
99
- render json: {
100
- status: 'success',
101
- data: @resource.as_json
102
- }
79
+ render_update_success
103
80
  else
104
- render json: {
105
- status: 'error',
106
- errors: @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
107
- }, status: 403
81
+ render_update_error
108
82
  end
109
83
  else
110
- render json: {
111
- status: 'error',
112
- errors: [I18n.t("devise_token_auth.registrations.user_not_found")]
113
- }, status: 404
84
+ render_update_error_user_not_found
114
85
  end
115
86
  end
116
87
 
@@ -119,15 +90,9 @@ module DeviseTokenAuth
119
90
  @resource.destroy
120
91
  yield @resource if block_given?
121
92
 
122
- render json: {
123
- status: 'success',
124
- message: I18n.t("devise_token_auth.registrations.account_with_uid_destroyed", uid: @resource.uid)
125
- }
93
+ render_destroy_success
126
94
  else
127
- render json: {
128
- status: 'error',
129
- errors: [I18n.t("devise_token_auth.registrations.account_to_destroy_not_found")]
130
- }, status: 404
95
+ render_destroy_error
131
96
  end
132
97
  end
133
98
 
@@ -139,6 +104,82 @@ module DeviseTokenAuth
139
104
  params.permit(devise_parameter_sanitizer.for(:account_update))
140
105
  end
141
106
 
107
+ protected
108
+
109
+ def render_create_error_missing_confirm_success_url
110
+ render json: {
111
+ status: 'error',
112
+ data: @resource.as_json,
113
+ errors: [I18n.t("devise_token_auth.registrations.missing_confirm_success_url")]
114
+ }, status: 403
115
+ end
116
+
117
+ def render_create_error_redirect_url_not_allowed
118
+ render json: {
119
+ status: 'error',
120
+ data: @resource.as_json,
121
+ errors: [I18n.t("devise_token_auth.registrations.redirect_url_not_allowed", redirect_url: @redirect_url)]
122
+ }, status: 403
123
+ end
124
+
125
+ def render_create_success
126
+ render json: {
127
+ status: 'success',
128
+ data: @resource.as_json
129
+ }
130
+ end
131
+
132
+ def render_create_error
133
+ render json: {
134
+ status: 'error',
135
+ data: @resource.as_json,
136
+ errors: @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
137
+ }, status: 403
138
+ end
139
+
140
+ def render_create_error_email_already_exists
141
+ render json: {
142
+ status: 'error',
143
+ data: @resource.as_json,
144
+ errors: [I18n.t("devise_token_auth.registrations.email_already_exists", email: @resource.email)]
145
+ }, status: 403
146
+ end
147
+
148
+ def render_update_success
149
+ render json: {
150
+ status: 'success',
151
+ data: @resource.as_json
152
+ }
153
+ end
154
+
155
+ def render_update_error
156
+ render json: {
157
+ status: 'error',
158
+ errors: @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
159
+ }, status: 403
160
+ end
161
+
162
+ def render_update_error_user_not_found
163
+ render json: {
164
+ status: 'error',
165
+ errors: [I18n.t("devise_token_auth.registrations.user_not_found")]
166
+ }, status: 404
167
+ end
168
+
169
+ def render_destroy_success
170
+ render json: {
171
+ status: 'success',
172
+ message: I18n.t("devise_token_auth.registrations.account_with_uid_destroyed", uid: @resource.uid)
173
+ }
174
+ end
175
+
176
+ def render_destroy_error
177
+ render json: {
178
+ status: 'error',
179
+ errors: [I18n.t("devise_token_auth.registrations.account_to_destroy_not_found")]
180
+ }, status: 404
181
+ end
182
+
142
183
  private
143
184
 
144
185
  def resource_update_method