devise_token_auth 0.1.38 → 0.1.39

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise_token_auth might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: aa39458371b7528fd21f448db0ee9925c85925c0
4
- data.tar.gz: a0eaf377f37b1a5c36ff93df23effaee5747ebb5
3
+ metadata.gz: 69aefa1a60b35d0639a7ce60d2145992a1421288
4
+ data.tar.gz: 99d081fe410204ca5b64eb0406a602731d564b4b
5
5
  SHA512:
6
- metadata.gz: 0cd833a8afc253f5c72622ef1536a10d0fc527ff830c089e3b6c8ce76c909dcd0a084d3c7cc6b563d663c009308043e3b2d8128c60d35dd5e58ba3df4f355d9f
7
- data.tar.gz: 29f59819d0a882b8dc83c9ac78f172b8b8e7f20b80b4c361d3867ddff89295be122e0ced3d82e7387f0eaa7ffdfedb911daf685552e272f24d83bfc1bc564cc1
6
+ metadata.gz: 187e75b7fc83677e77b11cadcdcb7f30ca60e825d246d83a5f68530ca1dd3aa034183f9750efd16b826c4ed83bd50f7b99e6eb48329b4933f5b6e7c7997c1894
7
+ data.tar.gz: 1b95f3264baece0776433da8f186c2e48a47b52f8308212ed1038c78458e4ddf5fc601560cdb191cc40a504a69d2faaa4cc339e5397094dedaf821dd7ab1c144
data/README.md CHANGED
@@ -136,7 +136,7 @@ The following routes are available for use by your client. These routes live rel
136
136
  | path | method | purpose |
137
137
  |:-----|:-------|:--------|
138
138
  | / | POST | Email registration. Requires **`email`**, **`password`**, and **`password_confirmation`** params. A verification email will be sent to the email address provided. Accepted params can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. |
139
- | / | DELETE | Account deletion. This route will destroy users identified by their **`uid`** and **`auth_token`** headers. |
139
+ | / | DELETE | Account deletion. This route will destroy users identified by their **`uid`**, **`access_token`** and **`client`** headers. |
140
140
  | / | PUT | Account updates. This route will update an existing user's account settings. The default accepted params are **`password`** and **`password_confirmation`**, but this can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. If **`config.check_current_password_before_update`** is set to `:attributes` the **`current_password`** param is checked before any update, if it is set to `:password` the **`current_password`** param is checked only if the request updates user password. |
141
141
  | /sign_in | POST | Email authentication. Requires **`email`** and **`password`** as params. This route will return a JSON representation of the `User` model on successful login along with the `access-token` and `client` in the header of the response. |
142
142
  | /sign_out | DELETE | Use this route to end the user's current session. This route will invalidate the user's authentication token. You must pass in **`uid`**, **`client`**, and **`access-token`** in the request headers. |
@@ -0,0 +1,54 @@
1
+ zh-CN:
2
+ devise_token_auth:
3
+ sessions:
4
+ not_confirmed: "您将在几分钟后收到一封电子邮件'%{email}',内有验证账号的步骤说明"
5
+ bad_credentials: "不正确的登录信息,请重试"
6
+ not_supported: "请使用 POST /sign_in 进行登录. GET 是不支持的."
7
+ user_not_found: "没有找到账号或没有成功登录"
8
+ token_validations:
9
+ invalid: "不正确的登录资料"
10
+ registrations:
11
+ missing_confirm_success_url: "缺少数据 'confirm_success_url'"
12
+ redirect_url_not_allowed: "不支持转向到 '%{redirect_url}'"
13
+ email_already_exists: "邮箱'%{email}'已被使用"
14
+ account_with_uid_destroyed: "账号 '%{uid}' 已被移除。"
15
+ account_to_destroy_not_found: "无法找到目标帐号。"
16
+ user_not_found: "找不到帐号。"
17
+ passwords:
18
+ missing_email: "必需提供邮箱。"
19
+ missing_redirect_url: "欠缺 redirect URL."
20
+ not_allowed_redirect_url: "不支持转向到 '%{redirect_url}'"
21
+ sended: "您将在几分钟后收到一封电子邮件'%{email},内含可重新设定密码的链接。"
22
+ user_not_found: "找不到帐号 '%{email}'。"
23
+ password_not_required: "这不是一个需要密码的帐号. 请使用 '%{provider}' 进行登入"
24
+ missing_passwords: "必需填写'密码'与'确认密码'。"
25
+ successfully_updated: "您的密码已被修改。"
26
+ errors:
27
+ messages:
28
+ already_in_use: "已被使用。"
29
+ validate_sign_up_params: "请在request body中填入有效的注册内容"
30
+ validate_account_update_params: "请在request body中填入有效的更新帐号资料"
31
+ not_email: "这不是一个合适的邮箱。"
32
+ devise:
33
+ mailer:
34
+ confirmation_instructions:
35
+ confirm_link_msg: "可以使用下面的链接确定你的邮箱"
36
+ confirm_account_link: "确定你的帐号"
37
+ reset_password_instructions:
38
+ request_reset_link_msg: "已申请修改您的密码,你可以用下面的链接进入"
39
+ password_change_link: "修改我的密码"
40
+ ignore_mail_msg: "如你没有申请,请忽略"
41
+ no_changes_msg: "在你点击上面链接前,你的密码都没有改变"
42
+ unlock_instructions:
43
+ account_lock_msg: "由于多次登入失败,我们已锁定你的帐号"
44
+ unlock_link_msg: "可以使用下面的链接解锁你的帐号"
45
+ unlock_link: "解锁帐号"
46
+ activerecord:
47
+ errors:
48
+ models:
49
+ user:
50
+ attributes:
51
+ email:
52
+ already_in_use: "邮箱已被使用"
53
+ hello: "你好"
54
+ welcome: "欢迎"
@@ -73,8 +73,22 @@ module ActionDispatch::Routing
73
73
 
74
74
  set_omniauth_path_prefix!(DeviseTokenAuth.omniauth_prefix)
75
75
 
76
+ redirect_params = {}.tap {|hash| qs.each{|k, v| hash[k] = v.first}}
77
+
78
+ if DeviseTokenAuth.redirect_whitelist
79
+ redirect_url = request.params['auth_origin_url']
80
+ unless DeviseTokenAuth.redirect_whitelist.include?(redirect_url)
81
+ message = I18n.t(
82
+ 'devise_token_auth.registrations.redirect_url_not_allowed',
83
+ redirect_url: redirect_url
84
+ )
85
+ redirect_params['message'] = message
86
+ next "#{::OmniAuth.config.path_prefix}/failure?#{redirect_params.to_param}"
87
+ end
88
+ end
89
+
76
90
  # re-construct the path for omniauth
77
- "#{::OmniAuth.config.path_prefix}/#{params[:provider]}?#{{}.tap {|hash| qs.each{|k, v| hash[k] = v.first}}.to_param}"
91
+ "#{::OmniAuth.config.path_prefix}/#{params[:provider]}?#{redirect_params.to_param}"
78
92
  }, via: [:get]
79
93
  end
80
94
  end
@@ -1,3 +1,3 @@
1
1
  module DeviseTokenAuth
2
- VERSION = "0.1.38"
2
+ VERSION = "0.1.39"
3
3
  end
@@ -1,4 +1,4 @@
1
- class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
1
+ class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration<%= '[' << Rails::VERSION::STRING[0..2] << ']'%>
2
2
  def change
3
3
  create_table(:<%= user_class.pluralize.underscore %>) do |t|
4
4
  ## Required
@@ -279,4 +279,46 @@ class OmniauthTest < ActionDispatch::IntegrationTest
279
279
  }
280
280
  end
281
281
  end
282
+
283
+ describe 'Using redirect_whitelist' do
284
+ before do
285
+ @user_email = 'slemp.diggler@sillybandz.gov'
286
+ OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
287
+ provider: 'facebook',
288
+ uid: '123545',
289
+ info: {
290
+ name: 'chong',
291
+ email: @user_email
292
+ }
293
+ )
294
+ @good_redirect_url = Faker::Internet.url
295
+ @bad_redirect_url = Faker::Internet.url
296
+ DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
297
+ end
298
+
299
+ teardown do
300
+ DeviseTokenAuth.redirect_whitelist = nil
301
+ end
302
+
303
+ test 'request using non-whitelisted redirect fail' do
304
+ get_via_redirect '/auth/facebook',
305
+ auth_origin_url: @bad_redirect_url,
306
+ omniauth_window_type: 'newWindow'
307
+
308
+ data_json = @response.body.match(/var data \= (.+)\;/)[1]
309
+ data = ActiveSupport::JSON.decode(data_json)
310
+ assert_equal "Redirect to '#{@bad_redirect_url}' not allowed.",
311
+ data['error']
312
+ end
313
+
314
+ test 'request to whitelisted redirect should succeed' do
315
+ get_via_redirect '/auth/facebook',
316
+ auth_origin_url: @good_redirect_url,
317
+ omniauth_window_type: 'newWindow'
318
+
319
+ data_json = @response.body.match(/var data \= (.+)\;/)[1]
320
+ data = ActiveSupport::JSON.decode(data_json)
321
+ assert_equal @user_email, data['email']
322
+ end
323
+ end
282
324
  end
@@ -0,0 +1,5 @@
1
+ <p><%= t(:welcome).capitalize + ' ' + @email %>!</p>
2
+
3
+ <p><%= t '.confirm_link_msg' %> </p>
4
+
5
+ <p><%= link_to t('.confirm_account_link'), confirmation_url(@resource, {confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']}).html_safe %></p>
@@ -0,0 +1,8 @@
1
+ <p><%= t(:hello).capitalize %> <%= @resource.email %>!</p>
2
+
3
+ <p><%= t '.request_reset_link_msg' %></p>
4
+
5
+ <p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s).html_safe %></p>
6
+
7
+ <p><%= t '.ignore_mail_msg' %></p>
8
+ <p><%= t '.no_changes_msg' %></p>
@@ -28,6 +28,10 @@ module DeviseTokenAuth
28
28
  assert_migration 'db/migrate/devise_token_auth_create_users.rb'
29
29
  end
30
30
 
31
+ test 'migration file contains rails version' do
32
+ assert_migration 'db/migrate/devise_token_auth_create_users.rb', /4.2/
33
+ end
34
+
31
35
  test 'subsequent runs raise no errors' do
32
36
  run_generator
33
37
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_token_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.38
4
+ version: 0.1.39
5
5
  platform: ruby
6
6
  authors:
7
7
  - Lynn Hurley
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-07-11 00:00:00.000000000 Z
11
+ date: 2016-08-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -122,6 +122,7 @@ files:
122
122
  - config/locales/pt-BR.yml
123
123
  - config/locales/pt.yml
124
124
  - config/locales/ru.yml
125
+ - config/locales/zh-CN.yml
125
126
  - config/locales/zh-HK.yml
126
127
  - config/locales/zh-TW.yml
127
128
  - lib/devise_token_auth.rb
@@ -221,9 +222,8 @@ files:
221
222
  - test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb
222
223
  - test/dummy/db/schema.rb
223
224
  - test/dummy/lib/migration_database_helper.rb
224
- - test/dummy/tmp/generators/app/models/user.rb
225
- - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
226
- - test/dummy/tmp/generators/db/migrate/20160711201448_devise_token_auth_create_users.rb
225
+ - test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
226
+ - test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
227
227
  - test/integration/navigation_test.rb
228
228
  - test/lib/devise_token_auth/url_test.rb
229
229
  - test/lib/generators/devise_token_auth/install_generator_test.rb
@@ -339,9 +339,8 @@ test_files:
339
339
  - test/dummy/db/schema.rb
340
340
  - test/dummy/lib/migration_database_helper.rb
341
341
  - test/dummy/README.rdoc
342
- - test/dummy/tmp/generators/app/models/user.rb
343
- - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
344
- - test/dummy/tmp/generators/db/migrate/20160711201448_devise_token_auth_create_users.rb
342
+ - test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
343
+ - test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
345
344
  - test/integration/navigation_test.rb
346
345
  - test/lib/devise_token_auth/url_test.rb
347
346
  - test/lib/generators/devise_token_auth/install_generator_test.rb
@@ -1,7 +0,0 @@
1
- class User < ActiveRecord::Base
2
- # Include default devise modules.
3
- devise :database_authenticatable, :registerable,
4
- :recoverable, :rememberable, :trackable, :validatable,
5
- :confirmable, :omniauthable
6
- include DeviseTokenAuth::Concerns::User
7
- end
@@ -1,48 +0,0 @@
1
- DeviseTokenAuth.setup do |config|
2
- # By default the authorization headers will change after each request. The
3
- # client is responsible for keeping track of the changing tokens. Change
4
- # this to false to prevent the Authorization header from changing after
5
- # each request.
6
- # config.change_headers_on_each_request = true
7
-
8
- # By default, users will need to re-authenticate after 2 weeks. This setting
9
- # determines how long tokens will remain valid after they are issued.
10
- # config.token_lifespan = 2.weeks
11
-
12
- # Sets the max number of concurrent devices per user, which is 10 by default.
13
- # After this limit is reached, the oldest tokens will be removed.
14
- # config.max_number_of_devices = 10
15
-
16
- # Sometimes it's necessary to make several requests to the API at the same
17
- # time. In this case, each request in the batch will need to share the same
18
- # auth token. This setting determines how far apart the requests can be while
19
- # still using the same auth token.
20
- # config.batch_request_buffer_throttle = 5.seconds
21
-
22
- # This route will be the prefix for all oauth2 redirect callbacks. For
23
- # example, using the default '/omniauth', the github oauth2 provider will
24
- # redirect successful authentications to '/omniauth/github/callback'
25
- # config.omniauth_prefix = "/omniauth"
26
-
27
- # By default sending current password is not needed for the password update.
28
- # Uncomment to enforce current_password param to be checked before all
29
- # attribute updates. Set it to :password if you want it to be checked only if
30
- # password is updated.
31
- # config.check_current_password_before_update = :attributes
32
-
33
- # By default we will use callbacks for single omniauth.
34
- # It depends on fields like email, provider and uid.
35
- # config.default_callbacks = true
36
-
37
- # Makes it possible to change the headers names
38
- # config.headers_names = {:'access-token' => 'access-token',
39
- # :'client' => 'client',
40
- # :'expiry' => 'expiry',
41
- # :'uid' => 'uid',
42
- # :'token-type' => 'token-type' }
43
-
44
- # By default, only Bearer Token authentication is implemented out of the box.
45
- # If, however, you wish to integrate with legacy Devise authentication, you can
46
- # do so by enabling this flag. NOTE: This feature is highly experimental!
47
- # config.enable_standard_devise_support = false
48
- end
@@ -1,54 +0,0 @@
1
- class DeviseTokenAuthCreateUsers < ActiveRecord::Migration
2
- def change
3
- create_table(:users) do |t|
4
- ## Required
5
- t.string :provider, :null => false, :default => "email"
6
- t.string :uid, :null => false, :default => ""
7
-
8
- ## Database authenticatable
9
- t.string :encrypted_password, :null => false, :default => ""
10
-
11
- ## Recoverable
12
- t.string :reset_password_token
13
- t.datetime :reset_password_sent_at
14
-
15
- ## Rememberable
16
- t.datetime :remember_created_at
17
-
18
- ## Trackable
19
- t.integer :sign_in_count, :default => 0, :null => false
20
- t.datetime :current_sign_in_at
21
- t.datetime :last_sign_in_at
22
- t.string :current_sign_in_ip
23
- t.string :last_sign_in_ip
24
-
25
- ## Confirmable
26
- t.string :confirmation_token
27
- t.datetime :confirmed_at
28
- t.datetime :confirmation_sent_at
29
- t.string :unconfirmed_email # Only if using reconfirmable
30
-
31
- ## Lockable
32
- # t.integer :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
33
- # t.string :unlock_token # Only if unlock strategy is :email or :both
34
- # t.datetime :locked_at
35
-
36
- ## User Info
37
- t.string :name
38
- t.string :nickname
39
- t.string :image
40
- t.string :email
41
-
42
- ## Tokens
43
- t.text :tokens
44
-
45
- t.timestamps
46
- end
47
-
48
- add_index :users, :email
49
- add_index :users, [:uid, :provider], :unique => true
50
- add_index :users, :reset_password_token, :unique => true
51
- # add_index :users, :confirmation_token, :unique => true
52
- # add_index :users, :unlock_token, :unique => true
53
- end
54
- end