devise_token_auth 0.1.37.beta1 → 0.1.37.beta2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise_token_auth might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d25ee0a65f522b743b8e5b7a3ae0c2da989e6a91
4
- data.tar.gz: 3f7550db2e481f2061b78239412ecd5f06b09b9a
3
+ metadata.gz: 828689f466c5670121ec9ec6d35ae3dea553ca7a
4
+ data.tar.gz: cee530a6eaeb934c6455481108a2af6e47626087
5
5
  SHA512:
6
- metadata.gz: a90613e650e7c54c40109ad46809d1487f80eb74e75f2be01db0e96470dc2bdec5a682a0a8d6f4b62fcefacf11b839e1f4053d5547a077373eca00101f2952cc
7
- data.tar.gz: b9c26b21a28271fd9646672e61cbae61d2bb8bdda78f21f1c90569c748ec0db1768f827dc983f8fe8cea1035d62c0fe977c758e2ee6046fb4923d08773ccf3b8
6
+ metadata.gz: 8fd45280e414f23a0c360dfced38fe6f6c5bc0ddbf6b9dc5c74f8935c5d78a321fad9263d147206f2dbe65089f84b964e4a31c4e6de2e1161267cd912f198835
7
+ data.tar.gz: f7ca9de3d57dbb5667522e00d45d6c628d511571076d4bddf4075b2ee5fc718867a858ca8efe9fe139fedd8b19e4215df01b860fd985875ee9eda642fb27c075
data/README.md CHANGED
@@ -135,16 +135,16 @@ The following routes are available for use by your client. These routes live rel
135
135
 
136
136
  | path | method | purpose |
137
137
  |:-----|:-------|:--------|
138
- | / | POST | Email registration. Accepts **`email`**, **`password`**, and **`password_confirmation`** params. A verification email will be sent to the email address provided. Accepted params can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. |
138
+ | / | POST | Email registration. Requires **`email`**, **`password`**, and **`password_confirmation`** params. A verification email will be sent to the email address provided. Accepted params can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. |
139
139
  | / | DELETE | Account deletion. This route will destroy users identified by their **`uid`** and **`auth_token`** headers. |
140
140
  | / | PUT | Account updates. This route will update an existing user's account settings. The default accepted params are **`password`** and **`password_confirmation`**, but this can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. If **`config.check_current_password_before_update`** is set to `:attributes` the **`current_password`** param is checked before any update, if it is set to `:password` the **`current_password`** param is checked only if the request updates user password. |
141
- | /sign_in | POST | Email authentication. Accepts **`email`** and **`password`** as params. This route will return a JSON representation of the `User` model on successful login. |
141
+ | /sign_in | POST | Email authentication. Requires **`email`** and **`password`** as params. This route will return a JSON representation of the `User` model on successful login along with the `access-token` and `client` in the header of the response. |
142
142
  | /sign_out | DELETE | Use this route to end the user's current session. This route will invalidate the user's authentication token. |
143
143
  | /:provider | GET | Set this route as the destination for client authentication. Ideally this will happen in an external window or popup. [Read more](#omniauth-authentication). |
144
144
  | /:provider/callback | GET/POST | Destination for the oauth2 provider's callback uri. `postMessage` events containing the authenticated user's data will be sent back to the main client window from this page. [Read more](#omniauth-authentication). |
145
- | /validate_token | GET | Use this route to validate tokens on return visits to the client. Accepts **`uid`** and **`access-token`** as params. These values should correspond to the columns in your `User` table of the same names. |
145
+ | /validate_token | GET | Use this route to validate tokens on return visits to the client. Requires **`uid`**, **`client`**, and **`access-token`** as params. These values should correspond to the columns in your `User` table of the same names. |
146
146
  | /password | POST | Use this route to send a password reset confirmation email to users that registered by email. Accepts **`email`** and **`redirect_url`** as params. The user matching the `email` param will be sent instructions on how to reset their password. `redirect_url` is the url to which the user will be redirected after visiting the link contained in the email. |
147
- | /password | PUT | Use this route to change users' passwords. Accepts **`password`** and **`password_confirmation`** as params. This route is only valid for users that registered by email (OAuth2 users will receive an error). It also checks **`current_password`** if **`config.check_current_password_before_update`** is not set `false` (disabled by default). |
147
+ | /password | PUT | Use this route to change users' passwords. Requires **`password`** and **`password_confirmation`** as params. This route is only valid for users that registered by email (OAuth2 users will receive an error). It also checks **`current_password`** if **`config.check_current_password_before_update`** is not set `false` (disabled by default). |
148
148
  | /password/edit | GET | Verify user by password reset token. This route is the destination URL for password reset confirmation. This route must contain **`reset_password_token`** and **`redirect_url`** params. These values will be set automatically by the confirmation email that is generated by the password reset request. |
149
149
 
150
150
  [Jump here](#usage-cont) for more usage information.
@@ -125,6 +125,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
125
125
 
126
126
 
127
127
  def is_batch_request?(user, client_id)
128
+ not params[:unbatch] and
128
129
  user.tokens[client_id] and
129
130
  user.tokens[client_id]['updated_at'] and
130
131
  Time.parse(user.tokens[client_id]['updated_at']) > @request_started_at - DeviseTokenAuth.batch_request_buffer_throttle
@@ -103,7 +103,7 @@ module DeviseTokenAuth
103
103
  config: params[:config]
104
104
  }))
105
105
  else
106
- render_edit_error
106
+ raise ActionController::RoutingError.new('Not Found')
107
107
  end
108
108
  end
109
109
 
@@ -179,12 +179,6 @@ module DeviseTokenAuth
179
179
  }, status: @error_status
180
180
  end
181
181
 
182
- def render_edit_error
183
- render json: {
184
- success: false
185
- }, status: 404
186
- end
187
-
188
182
  def render_update_error_unauthorized
189
183
  render json: {
190
184
  success: false,
@@ -233,7 +233,7 @@ module DeviseTokenAuth::Concerns::User
233
233
  # only validate unique email among users that registered by email
234
234
  def unique_email_user
235
235
  if provider == 'email' and self.class.where(provider: 'email', email: email).count > 0
236
- errors.add(:email, :already_in_use, default: "address is already in use")
236
+ errors.add(:email, :already_in_use)
237
237
  end
238
238
  end
239
239
 
@@ -27,4 +27,6 @@ en:
27
27
  errors:
28
28
  validate_sign_up_params: "Please submit proper sign up data in request body."
29
29
  validate_account_update_params: "Please submit proper account update data in request body."
30
- not_email: "is not an email"
30
+ not_email: "is not an email"
31
+ message:
32
+ already_in_use: already in use
@@ -27,4 +27,6 @@ es:
27
27
  errors:
28
28
  validate_sign_up_params: "Los datos introducidos en la solicitud de acceso no son válidos."
29
29
  validate_account_update_params: "Los datos introducidos en la solicitud de actualización no son válidos."
30
- not_email: "no es un correo electrónico"
30
+ not_email: "no es un correo electrónico"
31
+ messages:
32
+ already_in_use: ya ha sido ocupado
@@ -1,3 +1,3 @@
1
1
  module DeviseTokenAuth
2
- VERSION = "0.1.37.beta1"
2
+ VERSION = "0.1.37.beta2"
3
3
  end
@@ -201,6 +201,31 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
201
201
  end
202
202
  end
203
203
 
204
+ describe 'unbatch' do
205
+ before do
206
+ @resource.reload
207
+ age_token(@resource, @client_id)
208
+
209
+ get '/demo/members_only', {}, @auth_headers
210
+
211
+ @first_is_batch_request = assigns(:is_batch_request)
212
+ @first_user = assigns(:resource).dup
213
+ @first_access_token = response.headers['access-token']
214
+ @first_response_status = response.status
215
+
216
+ get '/demo/members_only?unbatch=true', {}, @auth_headers
217
+
218
+ @second_is_batch_request = assigns(:is_batch_request)
219
+ @second_user = assigns(:resource)
220
+ @second_access_token = response.headers['access-token']
221
+ @second_response_status = response.status
222
+ end
223
+
224
+ it 'should NOT treat the second request as a batch request when "unbatch" param is set' do
225
+ refute @second_is_batch_request
226
+ end
227
+ end
228
+
204
229
  describe 'time out' do
205
230
  before do
206
231
  @resource.reload
@@ -123,13 +123,13 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
123
123
  end
124
124
 
125
125
  describe 'password reset link failure' do
126
- test 'respone should return 404' do
127
- xhr :get, :edit, {
128
- reset_password_token: 'bogus',
126
+ test 'response should return 404' do
127
+ assert_raises(ActionController::RoutingError) {
128
+ xhr :get, :edit, {
129
+ reset_password_token: "bogus",
129
130
  redirect_url: @mail_redirect_url
131
+ }
130
132
  }
131
-
132
- assert_equal 404, response.status
133
133
  end
134
134
  end
135
135
 
@@ -4,4 +4,8 @@ class User < ActiveRecord::Base
4
4
  :recoverable, :rememberable, :trackable, :validatable,
5
5
  :confirmable, :omniauthable
6
6
  include DeviseTokenAuth::Concerns::User
7
+
8
+ def whatever
9
+ puts 'whatever'
10
+ end
7
11
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_token_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.37.beta1
4
+ version: 0.1.37.beta2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Lynn Hurley
@@ -207,10 +207,9 @@ files:
207
207
  - test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb
208
208
  - test/dummy/db/schema.rb
209
209
  - test/dummy/lib/migration_database_helper.rb
210
- - test/dummy/tmp/generators/app/controllers/application_controller.rb
211
210
  - test/dummy/tmp/generators/app/models/user.rb
212
211
  - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
213
- - test/dummy/tmp/generators/db/migrate/20151025010329_devise_token_auth_create_users.rb
212
+ - test/dummy/tmp/generators/db/migrate/20151025020205_devise_token_auth_create_users.rb
214
213
  - test/integration/navigation_test.rb
215
214
  - test/lib/devise_token_auth/url_test.rb
216
215
  - test/lib/generators/devise_token_auth/install_generator_test.rb
@@ -324,10 +323,9 @@ test_files:
324
323
  - test/dummy/db/schema.rb
325
324
  - test/dummy/lib/migration_database_helper.rb
326
325
  - test/dummy/README.rdoc
327
- - test/dummy/tmp/generators/app/controllers/application_controller.rb
328
326
  - test/dummy/tmp/generators/app/models/user.rb
329
327
  - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
330
- - test/dummy/tmp/generators/db/migrate/20151025010329_devise_token_auth_create_users.rb
328
+ - test/dummy/tmp/generators/db/migrate/20151025020205_devise_token_auth_create_users.rb
331
329
  - test/integration/navigation_test.rb
332
330
  - test/lib/devise_token_auth/url_test.rb
333
331
  - test/lib/generators/devise_token_auth/install_generator_test.rb
@@ -1,6 +0,0 @@
1
- class ApplicationController < ActionController::Base
2
- include DeviseTokenAuth::Concerns::SetUserByToken
3
- def whatever
4
- 'whatever'
5
- end
6
- end