devise_token_auth 0.1.37.beta1 → 0.1.37.beta2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devise_token_auth might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +4 -4
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +1 -0
- data/app/controllers/devise_token_auth/passwords_controller.rb +1 -7
- data/app/models/devise_token_auth/concerns/user.rb +1 -1
- data/config/locales/en.yml +3 -1
- data/config/locales/es.yml +3 -1
- data/lib/devise_token_auth/version.rb +1 -1
- data/test/controllers/demo_user_controller_test.rb +25 -0
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +5 -5
- data/test/dummy/tmp/generators/app/models/user.rb +4 -0
- data/test/dummy/tmp/generators/db/migrate/{20151025010329_devise_token_auth_create_users.rb → 20151025020205_devise_token_auth_create_users.rb} +0 -0
- metadata +3 -5
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +0 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 828689f466c5670121ec9ec6d35ae3dea553ca7a
|
4
|
+
data.tar.gz: cee530a6eaeb934c6455481108a2af6e47626087
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8fd45280e414f23a0c360dfced38fe6f6c5bc0ddbf6b9dc5c74f8935c5d78a321fad9263d147206f2dbe65089f84b964e4a31c4e6de2e1161267cd912f198835
|
7
|
+
data.tar.gz: f7ca9de3d57dbb5667522e00d45d6c628d511571076d4bddf4075b2ee5fc718867a858ca8efe9fe139fedd8b19e4215df01b860fd985875ee9eda642fb27c075
|
data/README.md
CHANGED
@@ -135,16 +135,16 @@ The following routes are available for use by your client. These routes live rel
|
|
135
135
|
|
136
136
|
| path | method | purpose |
|
137
137
|
|:-----|:-------|:--------|
|
138
|
-
| / | POST | Email registration.
|
138
|
+
| / | POST | Email registration. Requires **`email`**, **`password`**, and **`password_confirmation`** params. A verification email will be sent to the email address provided. Accepted params can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. |
|
139
139
|
| / | DELETE | Account deletion. This route will destroy users identified by their **`uid`** and **`auth_token`** headers. |
|
140
140
|
| / | PUT | Account updates. This route will update an existing user's account settings. The default accepted params are **`password`** and **`password_confirmation`**, but this can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. If **`config.check_current_password_before_update`** is set to `:attributes` the **`current_password`** param is checked before any update, if it is set to `:password` the **`current_password`** param is checked only if the request updates user password. |
|
141
|
-
| /sign_in | POST | Email authentication.
|
141
|
+
| /sign_in | POST | Email authentication. Requires **`email`** and **`password`** as params. This route will return a JSON representation of the `User` model on successful login along with the `access-token` and `client` in the header of the response. |
|
142
142
|
| /sign_out | DELETE | Use this route to end the user's current session. This route will invalidate the user's authentication token. |
|
143
143
|
| /:provider | GET | Set this route as the destination for client authentication. Ideally this will happen in an external window or popup. [Read more](#omniauth-authentication). |
|
144
144
|
| /:provider/callback | GET/POST | Destination for the oauth2 provider's callback uri. `postMessage` events containing the authenticated user's data will be sent back to the main client window from this page. [Read more](#omniauth-authentication). |
|
145
|
-
| /validate_token | GET | Use this route to validate tokens on return visits to the client.
|
145
|
+
| /validate_token | GET | Use this route to validate tokens on return visits to the client. Requires **`uid`**, **`client`**, and **`access-token`** as params. These values should correspond to the columns in your `User` table of the same names. |
|
146
146
|
| /password | POST | Use this route to send a password reset confirmation email to users that registered by email. Accepts **`email`** and **`redirect_url`** as params. The user matching the `email` param will be sent instructions on how to reset their password. `redirect_url` is the url to which the user will be redirected after visiting the link contained in the email. |
|
147
|
-
| /password | PUT | Use this route to change users' passwords.
|
147
|
+
| /password | PUT | Use this route to change users' passwords. Requires **`password`** and **`password_confirmation`** as params. This route is only valid for users that registered by email (OAuth2 users will receive an error). It also checks **`current_password`** if **`config.check_current_password_before_update`** is not set `false` (disabled by default). |
|
148
148
|
| /password/edit | GET | Verify user by password reset token. This route is the destination URL for password reset confirmation. This route must contain **`reset_password_token`** and **`redirect_url`** params. These values will be set automatically by the confirmation email that is generated by the password reset request. |
|
149
149
|
|
150
150
|
[Jump here](#usage-cont) for more usage information.
|
@@ -125,6 +125,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
|
|
125
125
|
|
126
126
|
|
127
127
|
def is_batch_request?(user, client_id)
|
128
|
+
not params[:unbatch] and
|
128
129
|
user.tokens[client_id] and
|
129
130
|
user.tokens[client_id]['updated_at'] and
|
130
131
|
Time.parse(user.tokens[client_id]['updated_at']) > @request_started_at - DeviseTokenAuth.batch_request_buffer_throttle
|
@@ -103,7 +103,7 @@ module DeviseTokenAuth
|
|
103
103
|
config: params[:config]
|
104
104
|
}))
|
105
105
|
else
|
106
|
-
|
106
|
+
raise ActionController::RoutingError.new('Not Found')
|
107
107
|
end
|
108
108
|
end
|
109
109
|
|
@@ -179,12 +179,6 @@ module DeviseTokenAuth
|
|
179
179
|
}, status: @error_status
|
180
180
|
end
|
181
181
|
|
182
|
-
def render_edit_error
|
183
|
-
render json: {
|
184
|
-
success: false
|
185
|
-
}, status: 404
|
186
|
-
end
|
187
|
-
|
188
182
|
def render_update_error_unauthorized
|
189
183
|
render json: {
|
190
184
|
success: false,
|
@@ -233,7 +233,7 @@ module DeviseTokenAuth::Concerns::User
|
|
233
233
|
# only validate unique email among users that registered by email
|
234
234
|
def unique_email_user
|
235
235
|
if provider == 'email' and self.class.where(provider: 'email', email: email).count > 0
|
236
|
-
errors.add(:email, :already_in_use
|
236
|
+
errors.add(:email, :already_in_use)
|
237
237
|
end
|
238
238
|
end
|
239
239
|
|
data/config/locales/en.yml
CHANGED
@@ -27,4 +27,6 @@ en:
|
|
27
27
|
errors:
|
28
28
|
validate_sign_up_params: "Please submit proper sign up data in request body."
|
29
29
|
validate_account_update_params: "Please submit proper account update data in request body."
|
30
|
-
not_email: "is not an email"
|
30
|
+
not_email: "is not an email"
|
31
|
+
message:
|
32
|
+
already_in_use: already in use
|
data/config/locales/es.yml
CHANGED
@@ -27,4 +27,6 @@ es:
|
|
27
27
|
errors:
|
28
28
|
validate_sign_up_params: "Los datos introducidos en la solicitud de acceso no son válidos."
|
29
29
|
validate_account_update_params: "Los datos introducidos en la solicitud de actualización no son válidos."
|
30
|
-
not_email: "no es un correo electrónico"
|
30
|
+
not_email: "no es un correo electrónico"
|
31
|
+
messages:
|
32
|
+
already_in_use: ya ha sido ocupado
|
@@ -201,6 +201,31 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
|
|
201
201
|
end
|
202
202
|
end
|
203
203
|
|
204
|
+
describe 'unbatch' do
|
205
|
+
before do
|
206
|
+
@resource.reload
|
207
|
+
age_token(@resource, @client_id)
|
208
|
+
|
209
|
+
get '/demo/members_only', {}, @auth_headers
|
210
|
+
|
211
|
+
@first_is_batch_request = assigns(:is_batch_request)
|
212
|
+
@first_user = assigns(:resource).dup
|
213
|
+
@first_access_token = response.headers['access-token']
|
214
|
+
@first_response_status = response.status
|
215
|
+
|
216
|
+
get '/demo/members_only?unbatch=true', {}, @auth_headers
|
217
|
+
|
218
|
+
@second_is_batch_request = assigns(:is_batch_request)
|
219
|
+
@second_user = assigns(:resource)
|
220
|
+
@second_access_token = response.headers['access-token']
|
221
|
+
@second_response_status = response.status
|
222
|
+
end
|
223
|
+
|
224
|
+
it 'should NOT treat the second request as a batch request when "unbatch" param is set' do
|
225
|
+
refute @second_is_batch_request
|
226
|
+
end
|
227
|
+
end
|
228
|
+
|
204
229
|
describe 'time out' do
|
205
230
|
before do
|
206
231
|
@resource.reload
|
@@ -123,13 +123,13 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
|
|
123
123
|
end
|
124
124
|
|
125
125
|
describe 'password reset link failure' do
|
126
|
-
test '
|
127
|
-
|
128
|
-
|
126
|
+
test 'response should return 404' do
|
127
|
+
assert_raises(ActionController::RoutingError) {
|
128
|
+
xhr :get, :edit, {
|
129
|
+
reset_password_token: "bogus",
|
129
130
|
redirect_url: @mail_redirect_url
|
131
|
+
}
|
130
132
|
}
|
131
|
-
|
132
|
-
assert_equal 404, response.status
|
133
133
|
end
|
134
134
|
end
|
135
135
|
|
File without changes
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_token_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.37.
|
4
|
+
version: 0.1.37.beta2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Lynn Hurley
|
@@ -207,10 +207,9 @@ files:
|
|
207
207
|
- test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb
|
208
208
|
- test/dummy/db/schema.rb
|
209
209
|
- test/dummy/lib/migration_database_helper.rb
|
210
|
-
- test/dummy/tmp/generators/app/controllers/application_controller.rb
|
211
210
|
- test/dummy/tmp/generators/app/models/user.rb
|
212
211
|
- test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
|
213
|
-
- test/dummy/tmp/generators/db/migrate/
|
212
|
+
- test/dummy/tmp/generators/db/migrate/20151025020205_devise_token_auth_create_users.rb
|
214
213
|
- test/integration/navigation_test.rb
|
215
214
|
- test/lib/devise_token_auth/url_test.rb
|
216
215
|
- test/lib/generators/devise_token_auth/install_generator_test.rb
|
@@ -324,10 +323,9 @@ test_files:
|
|
324
323
|
- test/dummy/db/schema.rb
|
325
324
|
- test/dummy/lib/migration_database_helper.rb
|
326
325
|
- test/dummy/README.rdoc
|
327
|
-
- test/dummy/tmp/generators/app/controllers/application_controller.rb
|
328
326
|
- test/dummy/tmp/generators/app/models/user.rb
|
329
327
|
- test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
|
330
|
-
- test/dummy/tmp/generators/db/migrate/
|
328
|
+
- test/dummy/tmp/generators/db/migrate/20151025020205_devise_token_auth_create_users.rb
|
331
329
|
- test/integration/navigation_test.rb
|
332
330
|
- test/lib/devise_token_auth/url_test.rb
|
333
331
|
- test/lib/generators/devise_token_auth/install_generator_test.rb
|