devise_token_auth 0.1.34 → 0.1.35
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise_token_auth might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +73 -2
- data/app/controllers/devise_token_auth/application_controller.rb +1 -0
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +2 -0
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +135 -136
- data/app/controllers/devise_token_auth/passwords_controller.rb +112 -65
- data/app/controllers/devise_token_auth/registrations_controller.rb +91 -50
- data/app/controllers/devise_token_auth/sessions_controller.rb +53 -26
- data/app/controllers/devise_token_auth/token_validations_controller.rb +18 -8
- data/app/models/devise_token_auth/concerns/user.rb +5 -3
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/pl.yml +30 -0
- data/lib/devise_token_auth/rails/routes.rb +5 -2
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +11 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +15 -0
- data/test/controllers/custom/custom_registrations_controller_test.rb +9 -0
- data/test/controllers/custom/custom_sessions_controller_test.rb +9 -0
- data/test/controllers/custom/custom_token_validations_controller_test.rb +9 -0
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +4 -4
- data/test/dummy/app/controllers/custom/passwords_controller.rb +5 -0
- data/test/dummy/app/controllers/custom/registrations_controller.rb +6 -0
- data/test/dummy/app/controllers/custom/sessions_controller.rb +6 -0
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +6 -0
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/test.log +44662 -0
- data/test/dummy/tmp/generators/db/migrate/{20150809052321_devise_token_auth_create_users.rb → 20151013023615_devise_token_auth_create_users.rb} +0 -0
- metadata +9 -9
- data/config/routes.rb +0 -6
@@ -7,41 +7,31 @@ module DeviseTokenAuth
|
|
7
7
|
# sending emails
|
8
8
|
def create
|
9
9
|
unless resource_params[:email]
|
10
|
-
return
|
11
|
-
success: false,
|
12
|
-
errors: [I18n.t("devise_token_auth.passwords.missing_email")]
|
13
|
-
}, status: 401
|
10
|
+
return render_create_error_missing_email
|
14
11
|
end
|
15
12
|
|
16
13
|
# give redirect value from params priority
|
17
|
-
redirect_url = params[:redirect_url]
|
14
|
+
@redirect_url = params[:redirect_url]
|
18
15
|
|
19
16
|
# fall back to default value if provided
|
20
|
-
redirect_url ||= DeviseTokenAuth.default_password_reset_url
|
17
|
+
@redirect_url ||= DeviseTokenAuth.default_password_reset_url
|
21
18
|
|
22
|
-
unless redirect_url
|
23
|
-
return
|
24
|
-
success: false,
|
25
|
-
errors: [I18n.t("devise_token_auth.passwords.missing_redirect_url")]
|
26
|
-
}, status: 401
|
19
|
+
unless @redirect_url
|
20
|
+
return render_create_error_missing_redirect_url
|
27
21
|
end
|
28
22
|
|
29
23
|
# if whitelist is set, validate redirect_url against whitelist
|
30
24
|
if DeviseTokenAuth.redirect_whitelist
|
31
|
-
unless DeviseTokenAuth.redirect_whitelist.include?(redirect_url)
|
32
|
-
return
|
33
|
-
status: 'error',
|
34
|
-
data: @resource.as_json,
|
35
|
-
errors: [I18n.t("devise_token_auth.passwords.not_allowed_redirect_url", redirect_url: redirect_url)]
|
36
|
-
}, status: 403
|
25
|
+
unless DeviseTokenAuth.redirect_whitelist.include?(@redirect_url)
|
26
|
+
return render_create_error_not_allowed_redirect_url
|
37
27
|
end
|
38
28
|
end
|
39
29
|
|
40
30
|
# honor devise configuration for case_insensitive_keys
|
41
31
|
if resource_class.case_insensitive_keys.include?(:email)
|
42
|
-
email = resource_params[:email].downcase
|
32
|
+
@email = resource_params[:email].downcase
|
43
33
|
else
|
44
|
-
email = resource_params[:email]
|
34
|
+
@email = resource_params[:email]
|
45
35
|
end
|
46
36
|
|
47
37
|
q = "uid = ? AND provider='email'"
|
@@ -51,42 +41,35 @@ module DeviseTokenAuth
|
|
51
41
|
q = "BINARY uid = ? AND provider='email'"
|
52
42
|
end
|
53
43
|
|
54
|
-
@resource = resource_class.where(q, email).first
|
44
|
+
@resource = resource_class.where(q, @email).first
|
55
45
|
|
56
|
-
errors = nil
|
57
|
-
error_status = 400
|
46
|
+
@errors = nil
|
47
|
+
@error_status = 400
|
58
48
|
|
59
49
|
if @resource
|
60
50
|
yield if block_given?
|
61
51
|
@resource.send_reset_password_instructions({
|
62
|
-
email: email,
|
52
|
+
email: @email,
|
63
53
|
provider: 'email',
|
64
|
-
redirect_url: redirect_url,
|
54
|
+
redirect_url: @redirect_url,
|
65
55
|
client_config: params[:config_name]
|
66
56
|
})
|
67
57
|
|
68
58
|
if @resource.errors.empty?
|
69
|
-
|
70
|
-
success: true,
|
71
|
-
message: I18n.t("devise_token_auth.passwords.sended", email: email)
|
72
|
-
}
|
59
|
+
return render_create_success
|
73
60
|
else
|
74
|
-
errors = @resource.errors
|
61
|
+
@errors = @resource.errors
|
75
62
|
end
|
76
63
|
else
|
77
|
-
errors = [I18n.t("devise_token_auth.passwords.user_not_found", email: email)]
|
78
|
-
error_status = 404
|
64
|
+
@errors = [I18n.t("devise_token_auth.passwords.user_not_found", email: @email)]
|
65
|
+
@error_status = 404
|
79
66
|
end
|
80
67
|
|
81
|
-
if errors
|
82
|
-
|
83
|
-
success: false,
|
84
|
-
errors: errors,
|
85
|
-
}, status: error_status
|
68
|
+
if @errors
|
69
|
+
return render_create_error
|
86
70
|
end
|
87
71
|
end
|
88
72
|
|
89
|
-
|
90
73
|
# this is where users arrive after visiting the password reset confirmation link
|
91
74
|
def edit
|
92
75
|
@resource = resource_class.reset_password_by_token({
|
@@ -117,54 +100,36 @@ module DeviseTokenAuth
|
|
117
100
|
config: params[:config]
|
118
101
|
}))
|
119
102
|
else
|
120
|
-
|
121
|
-
success: false
|
122
|
-
}, status: 404
|
103
|
+
render_edit_error
|
123
104
|
end
|
124
105
|
end
|
125
106
|
|
126
107
|
def update
|
127
108
|
# make sure user is authorized
|
128
109
|
unless @resource
|
129
|
-
return
|
130
|
-
success: false,
|
131
|
-
errors: ['Unauthorized']
|
132
|
-
}, status: 401
|
110
|
+
return render_update_error_unauthorized
|
133
111
|
end
|
134
112
|
|
135
113
|
# make sure account doesn't use oauth2 provider
|
136
114
|
unless @resource.provider == 'email'
|
137
|
-
return
|
138
|
-
success: false,
|
139
|
-
errors: [I18n.t("devise_token_auth.passwords.password_not_required", provider: @resource.provider.humanize)]
|
140
|
-
}, status: 422
|
115
|
+
return render_update_error_password_not_required
|
141
116
|
end
|
142
117
|
|
143
118
|
# ensure that password params were sent
|
144
119
|
unless password_resource_params[:password] and password_resource_params[:password_confirmation]
|
145
|
-
return
|
146
|
-
success: false,
|
147
|
-
errors: [I18n.t("devise_token_auth.passwords.missing_passwords")]
|
148
|
-
}, status: 422
|
120
|
+
return render_update_error_missing_password
|
149
121
|
end
|
150
122
|
|
151
123
|
if @resource.send(resource_update_method, password_resource_params)
|
152
124
|
yield if block_given?
|
153
|
-
return
|
154
|
-
success: true,
|
155
|
-
data: {
|
156
|
-
user: @resource,
|
157
|
-
message: I18n.t("devise_token_auth.passwords.successfully_updated")
|
158
|
-
}
|
159
|
-
}
|
125
|
+
return render_update_success
|
160
126
|
else
|
161
|
-
return
|
162
|
-
success: false,
|
163
|
-
errors: @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
|
164
|
-
}, status: 422
|
127
|
+
return render_update_error
|
165
128
|
end
|
166
129
|
end
|
167
130
|
|
131
|
+
protected
|
132
|
+
|
168
133
|
def resource_update_method
|
169
134
|
if DeviseTokenAuth.check_current_password_before_update != false
|
170
135
|
"update_with_password"
|
@@ -173,13 +138,95 @@ module DeviseTokenAuth
|
|
173
138
|
end
|
174
139
|
end
|
175
140
|
|
176
|
-
def
|
177
|
-
|
141
|
+
def render_create_error_missing_email
|
142
|
+
render json: {
|
143
|
+
success: false,
|
144
|
+
errors: [I18n.t("devise_token_auth.passwords.missing_email")]
|
145
|
+
}, status: 401
|
146
|
+
end
|
147
|
+
|
148
|
+
def render_create_error_missing_redirect_url
|
149
|
+
render json: {
|
150
|
+
success: false,
|
151
|
+
errors: [I18n.t("devise_token_auth.passwords.missing_redirect_url")]
|
152
|
+
}, status: 401
|
153
|
+
end
|
154
|
+
|
155
|
+
def render_create_error_not_allowed_redirect_url
|
156
|
+
render json: {
|
157
|
+
status: 'error',
|
158
|
+
data: @resource.as_json,
|
159
|
+
errors: [I18n.t("devise_token_auth.passwords.not_allowed_redirect_url", redirect_url: @redirect_url)]
|
160
|
+
}, status: 403
|
161
|
+
end
|
162
|
+
|
163
|
+
def render_create_success
|
164
|
+
render json: {
|
165
|
+
success: true,
|
166
|
+
message: I18n.t("devise_token_auth.passwords.sended", email: @email)
|
167
|
+
}
|
168
|
+
end
|
169
|
+
|
170
|
+
def render_create_error
|
171
|
+
render json: {
|
172
|
+
success: false,
|
173
|
+
errors: @errors,
|
174
|
+
}, status: @error_status
|
175
|
+
end
|
176
|
+
|
177
|
+
def render_edit_error
|
178
|
+
render json: {
|
179
|
+
success: false
|
180
|
+
}, status: 404
|
178
181
|
end
|
179
182
|
|
183
|
+
def render_update_error_unauthorized
|
184
|
+
render json: {
|
185
|
+
success: false,
|
186
|
+
errors: ['Unauthorized']
|
187
|
+
}, status: 401
|
188
|
+
end
|
189
|
+
|
190
|
+
def render_update_error_password_not_required
|
191
|
+
render json: {
|
192
|
+
success: false,
|
193
|
+
errors: [I18n.t("devise_token_auth.passwords.password_not_required", provider: @resource.provider.humanize)]
|
194
|
+
}, status: 422
|
195
|
+
end
|
196
|
+
|
197
|
+
def render_update_error_missing_password
|
198
|
+
render json: {
|
199
|
+
success: false,
|
200
|
+
errors: [I18n.t("devise_token_auth.passwords.missing_passwords")]
|
201
|
+
}, status: 422
|
202
|
+
end
|
203
|
+
|
204
|
+
def render_update_success
|
205
|
+
render json: {
|
206
|
+
success: true,
|
207
|
+
data: {
|
208
|
+
user: @resource,
|
209
|
+
message: I18n.t("devise_token_auth.passwords.successfully_updated")
|
210
|
+
}
|
211
|
+
}
|
212
|
+
end
|
213
|
+
|
214
|
+
def render_update_error
|
215
|
+
return render json: {
|
216
|
+
success: false,
|
217
|
+
errors: @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
|
218
|
+
}, status: 422
|
219
|
+
end
|
220
|
+
|
221
|
+
private
|
222
|
+
|
180
223
|
def resource_params
|
181
224
|
params.permit(:email, :password, :password_confirmation, :current_password, :reset_password_token)
|
182
225
|
end
|
183
226
|
|
227
|
+
def password_resource_params
|
228
|
+
params.permit(devise_parameter_sanitizer.for(:account_update))
|
229
|
+
end
|
230
|
+
|
184
231
|
end
|
185
232
|
end
|
@@ -17,28 +17,20 @@ module DeviseTokenAuth
|
|
17
17
|
end
|
18
18
|
|
19
19
|
# give redirect value from params priority
|
20
|
-
redirect_url = params[:confirm_success_url]
|
20
|
+
@redirect_url = params[:confirm_success_url]
|
21
21
|
|
22
22
|
# fall back to default value if provided
|
23
|
-
redirect_url ||= DeviseTokenAuth.default_confirm_success_url
|
23
|
+
@redirect_url ||= DeviseTokenAuth.default_confirm_success_url
|
24
24
|
|
25
25
|
# success redirect url is required
|
26
|
-
if resource_class.devise_modules.include?(:confirmable) &&
|
27
|
-
return
|
28
|
-
status: 'error',
|
29
|
-
data: @resource.as_json,
|
30
|
-
errors: [I18n.t("devise_token_auth.registrations.missing_confirm_success_url")]
|
31
|
-
}, status: 403
|
26
|
+
if resource_class.devise_modules.include?(:confirmable) && !@redirect_url
|
27
|
+
return render_create_error_missing_confirm_success_url
|
32
28
|
end
|
33
29
|
|
34
30
|
# if whitelist is set, validate redirect_url against whitelist
|
35
31
|
if DeviseTokenAuth.redirect_whitelist
|
36
|
-
unless DeviseTokenAuth.redirect_whitelist.include?(redirect_url)
|
37
|
-
return
|
38
|
-
status: 'error',
|
39
|
-
data: @resource.as_json,
|
40
|
-
errors: [I18n.t("devise_token_auth.registrations.redirect_url_not_allowed", redirect_url: redirect_url)]
|
41
|
-
}, status: 403
|
32
|
+
unless DeviseTokenAuth.redirect_whitelist.include?(@redirect_url)
|
33
|
+
return render_create_error_redirect_url_not_allowed
|
42
34
|
end
|
43
35
|
end
|
44
36
|
|
@@ -52,7 +44,7 @@ module DeviseTokenAuth
|
|
52
44
|
# user will require email authentication
|
53
45
|
@resource.send_confirmation_instructions({
|
54
46
|
client_config: params[:config_name],
|
55
|
-
redirect_url: redirect_url
|
47
|
+
redirect_url: @redirect_url
|
56
48
|
})
|
57
49
|
|
58
50
|
else
|
@@ -69,26 +61,14 @@ module DeviseTokenAuth
|
|
69
61
|
|
70
62
|
update_auth_header
|
71
63
|
end
|
72
|
-
|
73
|
-
render json: {
|
74
|
-
status: 'success',
|
75
|
-
data: @resource.as_json
|
76
|
-
}
|
64
|
+
render_create_success
|
77
65
|
else
|
78
66
|
clean_up_passwords @resource
|
79
|
-
|
80
|
-
status: 'error',
|
81
|
-
data: @resource.as_json,
|
82
|
-
errors: @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
|
83
|
-
}, status: 403
|
67
|
+
render_create_error
|
84
68
|
end
|
85
69
|
rescue ActiveRecord::RecordNotUnique
|
86
70
|
clean_up_passwords @resource
|
87
|
-
|
88
|
-
status: 'error',
|
89
|
-
data: @resource.as_json,
|
90
|
-
errors: [I18n.t("devise_token_auth.registrations.email_already_exists", email: @resource.email)]
|
91
|
-
}, status: 403
|
71
|
+
render_create_error_email_already_exists
|
92
72
|
end
|
93
73
|
end
|
94
74
|
|
@@ -96,21 +76,12 @@ module DeviseTokenAuth
|
|
96
76
|
if @resource
|
97
77
|
if @resource.send(resource_update_method, account_update_params)
|
98
78
|
yield @resource if block_given?
|
99
|
-
|
100
|
-
status: 'success',
|
101
|
-
data: @resource.as_json
|
102
|
-
}
|
79
|
+
render_update_success
|
103
80
|
else
|
104
|
-
|
105
|
-
status: 'error',
|
106
|
-
errors: @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
|
107
|
-
}, status: 403
|
81
|
+
render_update_error
|
108
82
|
end
|
109
83
|
else
|
110
|
-
|
111
|
-
status: 'error',
|
112
|
-
errors: [I18n.t("devise_token_auth.registrations.user_not_found")]
|
113
|
-
}, status: 404
|
84
|
+
render_update_error_user_not_found
|
114
85
|
end
|
115
86
|
end
|
116
87
|
|
@@ -119,15 +90,9 @@ module DeviseTokenAuth
|
|
119
90
|
@resource.destroy
|
120
91
|
yield @resource if block_given?
|
121
92
|
|
122
|
-
|
123
|
-
status: 'success',
|
124
|
-
message: I18n.t("devise_token_auth.registrations.account_with_uid_destroyed", uid: @resource.uid)
|
125
|
-
}
|
93
|
+
render_destroy_success
|
126
94
|
else
|
127
|
-
|
128
|
-
status: 'error',
|
129
|
-
errors: [I18n.t("devise_token_auth.registrations.account_to_destroy_not_found")]
|
130
|
-
}, status: 404
|
95
|
+
render_destroy_error
|
131
96
|
end
|
132
97
|
end
|
133
98
|
|
@@ -139,6 +104,82 @@ module DeviseTokenAuth
|
|
139
104
|
params.permit(devise_parameter_sanitizer.for(:account_update))
|
140
105
|
end
|
141
106
|
|
107
|
+
protected
|
108
|
+
|
109
|
+
def render_create_error_missing_confirm_success_url
|
110
|
+
render json: {
|
111
|
+
status: 'error',
|
112
|
+
data: @resource.as_json,
|
113
|
+
errors: [I18n.t("devise_token_auth.registrations.missing_confirm_success_url")]
|
114
|
+
}, status: 403
|
115
|
+
end
|
116
|
+
|
117
|
+
def render_create_error_redirect_url_not_allowed
|
118
|
+
render json: {
|
119
|
+
status: 'error',
|
120
|
+
data: @resource.as_json,
|
121
|
+
errors: [I18n.t("devise_token_auth.registrations.redirect_url_not_allowed", redirect_url: @redirect_url)]
|
122
|
+
}, status: 403
|
123
|
+
end
|
124
|
+
|
125
|
+
def render_create_success
|
126
|
+
render json: {
|
127
|
+
status: 'success',
|
128
|
+
data: @resource.as_json
|
129
|
+
}
|
130
|
+
end
|
131
|
+
|
132
|
+
def render_create_error
|
133
|
+
render json: {
|
134
|
+
status: 'error',
|
135
|
+
data: @resource.as_json,
|
136
|
+
errors: @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
|
137
|
+
}, status: 403
|
138
|
+
end
|
139
|
+
|
140
|
+
def render_create_error_email_already_exists
|
141
|
+
render json: {
|
142
|
+
status: 'error',
|
143
|
+
data: @resource.as_json,
|
144
|
+
errors: [I18n.t("devise_token_auth.registrations.email_already_exists", email: @resource.email)]
|
145
|
+
}, status: 403
|
146
|
+
end
|
147
|
+
|
148
|
+
def render_update_success
|
149
|
+
render json: {
|
150
|
+
status: 'success',
|
151
|
+
data: @resource.as_json
|
152
|
+
}
|
153
|
+
end
|
154
|
+
|
155
|
+
def render_update_error
|
156
|
+
render json: {
|
157
|
+
status: 'error',
|
158
|
+
errors: @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
|
159
|
+
}, status: 403
|
160
|
+
end
|
161
|
+
|
162
|
+
def render_update_error_user_not_found
|
163
|
+
render json: {
|
164
|
+
status: 'error',
|
165
|
+
errors: [I18n.t("devise_token_auth.registrations.user_not_found")]
|
166
|
+
}, status: 404
|
167
|
+
end
|
168
|
+
|
169
|
+
def render_destroy_success
|
170
|
+
render json: {
|
171
|
+
status: 'success',
|
172
|
+
message: I18n.t("devise_token_auth.registrations.account_with_uid_destroyed", uid: @resource.uid)
|
173
|
+
}
|
174
|
+
end
|
175
|
+
|
176
|
+
def render_destroy_error
|
177
|
+
render json: {
|
178
|
+
status: 'error',
|
179
|
+
errors: [I18n.t("devise_token_auth.registrations.account_to_destroy_not_found")]
|
180
|
+
}, status: 404
|
181
|
+
end
|
182
|
+
|
142
183
|
private
|
143
184
|
|
144
185
|
def resource_update_method
|