devise_token_auth 0.1.37.beta1 → 0.1.37.beta2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of devise_token_auth might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d25ee0a65f522b743b8e5b7a3ae0c2da989e6a91
4
- data.tar.gz: 3f7550db2e481f2061b78239412ecd5f06b09b9a
3
+ metadata.gz: 828689f466c5670121ec9ec6d35ae3dea553ca7a
4
+ data.tar.gz: cee530a6eaeb934c6455481108a2af6e47626087
5
5
  SHA512:
6
- metadata.gz: a90613e650e7c54c40109ad46809d1487f80eb74e75f2be01db0e96470dc2bdec5a682a0a8d6f4b62fcefacf11b839e1f4053d5547a077373eca00101f2952cc
7
- data.tar.gz: b9c26b21a28271fd9646672e61cbae61d2bb8bdda78f21f1c90569c748ec0db1768f827dc983f8fe8cea1035d62c0fe977c758e2ee6046fb4923d08773ccf3b8
6
+ metadata.gz: 8fd45280e414f23a0c360dfced38fe6f6c5bc0ddbf6b9dc5c74f8935c5d78a321fad9263d147206f2dbe65089f84b964e4a31c4e6de2e1161267cd912f198835
7
+ data.tar.gz: f7ca9de3d57dbb5667522e00d45d6c628d511571076d4bddf4075b2ee5fc718867a858ca8efe9fe139fedd8b19e4215df01b860fd985875ee9eda642fb27c075
data/README.md CHANGED
@@ -135,16 +135,16 @@ The following routes are available for use by your client. These routes live rel
135
135
 
136
136
  | path | method | purpose |
137
137
  |:-----|:-------|:--------|
138
- | / | POST | Email registration. Accepts **`email`**, **`password`**, and **`password_confirmation`** params. A verification email will be sent to the email address provided. Accepted params can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. |
138
+ | / | POST | Email registration. Requires **`email`**, **`password`**, and **`password_confirmation`** params. A verification email will be sent to the email address provided. Accepted params can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. |
139
139
  | / | DELETE | Account deletion. This route will destroy users identified by their **`uid`** and **`auth_token`** headers. |
140
140
  | / | PUT | Account updates. This route will update an existing user's account settings. The default accepted params are **`password`** and **`password_confirmation`**, but this can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. If **`config.check_current_password_before_update`** is set to `:attributes` the **`current_password`** param is checked before any update, if it is set to `:password` the **`current_password`** param is checked only if the request updates user password. |
141
- | /sign_in | POST | Email authentication. Accepts **`email`** and **`password`** as params. This route will return a JSON representation of the `User` model on successful login. |
141
+ | /sign_in | POST | Email authentication. Requires **`email`** and **`password`** as params. This route will return a JSON representation of the `User` model on successful login along with the `access-token` and `client` in the header of the response. |
142
142
  | /sign_out | DELETE | Use this route to end the user's current session. This route will invalidate the user's authentication token. |
143
143
  | /:provider | GET | Set this route as the destination for client authentication. Ideally this will happen in an external window or popup. [Read more](#omniauth-authentication). |
144
144
  | /:provider/callback | GET/POST | Destination for the oauth2 provider's callback uri. `postMessage` events containing the authenticated user's data will be sent back to the main client window from this page. [Read more](#omniauth-authentication). |
145
- | /validate_token | GET | Use this route to validate tokens on return visits to the client. Accepts **`uid`** and **`access-token`** as params. These values should correspond to the columns in your `User` table of the same names. |
145
+ | /validate_token | GET | Use this route to validate tokens on return visits to the client. Requires **`uid`**, **`client`**, and **`access-token`** as params. These values should correspond to the columns in your `User` table of the same names. |
146
146
  | /password | POST | Use this route to send a password reset confirmation email to users that registered by email. Accepts **`email`** and **`redirect_url`** as params. The user matching the `email` param will be sent instructions on how to reset their password. `redirect_url` is the url to which the user will be redirected after visiting the link contained in the email. |
147
- | /password | PUT | Use this route to change users' passwords. Accepts **`password`** and **`password_confirmation`** as params. This route is only valid for users that registered by email (OAuth2 users will receive an error). It also checks **`current_password`** if **`config.check_current_password_before_update`** is not set `false` (disabled by default). |
147
+ | /password | PUT | Use this route to change users' passwords. Requires **`password`** and **`password_confirmation`** as params. This route is only valid for users that registered by email (OAuth2 users will receive an error). It also checks **`current_password`** if **`config.check_current_password_before_update`** is not set `false` (disabled by default). |
148
148
  | /password/edit | GET | Verify user by password reset token. This route is the destination URL for password reset confirmation. This route must contain **`reset_password_token`** and **`redirect_url`** params. These values will be set automatically by the confirmation email that is generated by the password reset request. |
149
149
 
150
150
  [Jump here](#usage-cont) for more usage information.
@@ -125,6 +125,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
125
125
 
126
126
 
127
127
  def is_batch_request?(user, client_id)
128
+ not params[:unbatch] and
128
129
  user.tokens[client_id] and
129
130
  user.tokens[client_id]['updated_at'] and
130
131
  Time.parse(user.tokens[client_id]['updated_at']) > @request_started_at - DeviseTokenAuth.batch_request_buffer_throttle
@@ -103,7 +103,7 @@ module DeviseTokenAuth
103
103
  config: params[:config]
104
104
  }))
105
105
  else
106
- render_edit_error
106
+ raise ActionController::RoutingError.new('Not Found')
107
107
  end
108
108
  end
109
109
 
@@ -179,12 +179,6 @@ module DeviseTokenAuth
179
179
  }, status: @error_status
180
180
  end
181
181
 
182
- def render_edit_error
183
- render json: {
184
- success: false
185
- }, status: 404
186
- end
187
-
188
182
  def render_update_error_unauthorized
189
183
  render json: {
190
184
  success: false,
@@ -233,7 +233,7 @@ module DeviseTokenAuth::Concerns::User
233
233
  # only validate unique email among users that registered by email
234
234
  def unique_email_user
235
235
  if provider == 'email' and self.class.where(provider: 'email', email: email).count > 0
236
- errors.add(:email, :already_in_use, default: "address is already in use")
236
+ errors.add(:email, :already_in_use)
237
237
  end
238
238
  end
239
239
 
@@ -27,4 +27,6 @@ en:
27
27
  errors:
28
28
  validate_sign_up_params: "Please submit proper sign up data in request body."
29
29
  validate_account_update_params: "Please submit proper account update data in request body."
30
- not_email: "is not an email"
30
+ not_email: "is not an email"
31
+ message:
32
+ already_in_use: already in use
@@ -27,4 +27,6 @@ es:
27
27
  errors:
28
28
  validate_sign_up_params: "Los datos introducidos en la solicitud de acceso no son válidos."
29
29
  validate_account_update_params: "Los datos introducidos en la solicitud de actualización no son válidos."
30
- not_email: "no es un correo electrónico"
30
+ not_email: "no es un correo electrónico"
31
+ messages:
32
+ already_in_use: ya ha sido ocupado
@@ -1,3 +1,3 @@
1
1
  module DeviseTokenAuth
2
- VERSION = "0.1.37.beta1"
2
+ VERSION = "0.1.37.beta2"
3
3
  end
@@ -201,6 +201,31 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
201
201
  end
202
202
  end
203
203
 
204
+ describe 'unbatch' do
205
+ before do
206
+ @resource.reload
207
+ age_token(@resource, @client_id)
208
+
209
+ get '/demo/members_only', {}, @auth_headers
210
+
211
+ @first_is_batch_request = assigns(:is_batch_request)
212
+ @first_user = assigns(:resource).dup
213
+ @first_access_token = response.headers['access-token']
214
+ @first_response_status = response.status
215
+
216
+ get '/demo/members_only?unbatch=true', {}, @auth_headers
217
+
218
+ @second_is_batch_request = assigns(:is_batch_request)
219
+ @second_user = assigns(:resource)
220
+ @second_access_token = response.headers['access-token']
221
+ @second_response_status = response.status
222
+ end
223
+
224
+ it 'should NOT treat the second request as a batch request when "unbatch" param is set' do
225
+ refute @second_is_batch_request
226
+ end
227
+ end
228
+
204
229
  describe 'time out' do
205
230
  before do
206
231
  @resource.reload
@@ -123,13 +123,13 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
123
123
  end
124
124
 
125
125
  describe 'password reset link failure' do
126
- test 'respone should return 404' do
127
- xhr :get, :edit, {
128
- reset_password_token: 'bogus',
126
+ test 'response should return 404' do
127
+ assert_raises(ActionController::RoutingError) {
128
+ xhr :get, :edit, {
129
+ reset_password_token: "bogus",
129
130
  redirect_url: @mail_redirect_url
131
+ }
130
132
  }
131
-
132
- assert_equal 404, response.status
133
133
  end
134
134
  end
135
135
 
@@ -4,4 +4,8 @@ class User < ActiveRecord::Base
4
4
  :recoverable, :rememberable, :trackable, :validatable,
5
5
  :confirmable, :omniauthable
6
6
  include DeviseTokenAuth::Concerns::User
7
+
8
+ def whatever
9
+ puts 'whatever'
10
+ end
7
11
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_token_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.37.beta1
4
+ version: 0.1.37.beta2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Lynn Hurley
@@ -207,10 +207,9 @@ files:
207
207
  - test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb
208
208
  - test/dummy/db/schema.rb
209
209
  - test/dummy/lib/migration_database_helper.rb
210
- - test/dummy/tmp/generators/app/controllers/application_controller.rb
211
210
  - test/dummy/tmp/generators/app/models/user.rb
212
211
  - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
213
- - test/dummy/tmp/generators/db/migrate/20151025010329_devise_token_auth_create_users.rb
212
+ - test/dummy/tmp/generators/db/migrate/20151025020205_devise_token_auth_create_users.rb
214
213
  - test/integration/navigation_test.rb
215
214
  - test/lib/devise_token_auth/url_test.rb
216
215
  - test/lib/generators/devise_token_auth/install_generator_test.rb
@@ -324,10 +323,9 @@ test_files:
324
323
  - test/dummy/db/schema.rb
325
324
  - test/dummy/lib/migration_database_helper.rb
326
325
  - test/dummy/README.rdoc
327
- - test/dummy/tmp/generators/app/controllers/application_controller.rb
328
326
  - test/dummy/tmp/generators/app/models/user.rb
329
327
  - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
330
- - test/dummy/tmp/generators/db/migrate/20151025010329_devise_token_auth_create_users.rb
328
+ - test/dummy/tmp/generators/db/migrate/20151025020205_devise_token_auth_create_users.rb
331
329
  - test/integration/navigation_test.rb
332
330
  - test/lib/devise_token_auth/url_test.rb
333
331
  - test/lib/generators/devise_token_auth/install_generator_test.rb
@@ -1,6 +0,0 @@
1
- class ApplicationController < ActionController::Base
2
- include DeviseTokenAuth::Concerns::SetUserByToken
3
- def whatever
4
- 'whatever'
5
- end
6
- end