devise_token_auth 0.1.40 → 0.1.41

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise_token_auth might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f3e318b47eb34d368c22c9fb6858d558e877322f
4
- data.tar.gz: 36100cc69480a97cfcd99ab3ef0ec6bf142b9e89
3
+ metadata.gz: 7392f1f0c526ffaf68386a5da93b6f08ede568ba
4
+ data.tar.gz: b993167fdee34a8f83d5d7d9434d6e57803ea9bd
5
5
  SHA512:
6
- metadata.gz: 5b9d347ffaa08b281d78a9155c26093824ec8fea9e21693dc1e6a699a8254d409d5dee86606561607aa33675eceb5282c02525ce2df2c5e282d3f20b23709e33
7
- data.tar.gz: d851b30ebc2fe9d7fce6ad65cfb7b7bd507abc34757743c0487736f13fedd2627166c82c129d9e0ba2609810fcbfe3d405900a247ef79ba144544830b5844834
6
+ metadata.gz: a90f7c15f43dfdb9bbb515f0d65bc6072fd27fd17f52ce005934bbfc65ef7b79f0f9a6a86d64c93dc112aa9904bb9fc9ac462fcea99aeb5b307545d2305c632d
7
+ data.tar.gz: 2002638e1d32b76a7b75472794418fbf462b1c4090d9ad2e2a6e065f75aeb296665d0247b6d5783846db04e6c6acabd61c8070a61272485cf9b677ddee29ea00
@@ -47,7 +47,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
47
47
  end
48
48
 
49
49
  # user has already been found and authenticated
50
- return @resource if @resource and @resource.class == rc
50
+ return @resource if @resource && @resource.class == rc
51
51
 
52
52
  # ensure we clear the client_id
53
53
  if !@token
@@ -58,7 +58,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
58
58
  return false unless @token
59
59
 
60
60
  # mitigate timing attacks by finding by uid instead of auth token
61
- user = uid && rc.find_by_uid(uid)
61
+ user = uid && rc.find_by(uid: uid)
62
62
 
63
63
  if user && user.valid_token?(@token, @client_id)
64
64
  # sign_in with bypass: true will be deprecated in the next version of Devise
@@ -78,12 +78,12 @@ module DeviseTokenAuth::Concerns::SetUserByToken
78
78
 
79
79
  def update_auth_header
80
80
  # cannot save object if model has invalid params
81
- return unless @resource and @resource.valid? and @client_id
81
+ return unless @resource && @resource.valid? && @client_id
82
82
 
83
83
  # Generate new client_id with existing authentication
84
84
  @client_id = nil unless @used_auth_by_token
85
85
 
86
- if @used_auth_by_token and not DeviseTokenAuth.change_headers_on_each_request
86
+ if @used_auth_by_token && !DeviseTokenAuth.change_headers_on_each_request
87
87
  # should not append auth header if @resource related token was
88
88
  # cleared by sign out in the meantime
89
89
  return if @resource.reload.tokens[@client_id].nil?
@@ -142,9 +142,9 @@ module DeviseTokenAuth::Concerns::SetUserByToken
142
142
 
143
143
 
144
144
  def is_batch_request?(user, client_id)
145
- not params[:unbatch] and
146
- user.tokens[client_id] and
147
- user.tokens[client_id]['updated_at'] and
145
+ !params[:unbatch] &&
146
+ user.tokens[client_id] &&
147
+ user.tokens[client_id]['updated_at'] &&
148
148
  Time.parse(user.tokens[client_id]['updated_at']) > @request_started_at - DeviseTokenAuth.batch_request_buffer_throttle
149
149
  end
150
150
  end
@@ -3,7 +3,7 @@ module DeviseTokenAuth
3
3
  def show
4
4
  @resource = resource_class.confirm_by_token(params[:confirmation_token])
5
5
 
6
- if @resource and @resource.id
6
+ if @resource && @resource.id
7
7
  # create client id
8
8
  client_id = SecureRandom.urlsafe_base64(nil, false)
9
9
  token = SecureRandom.urlsafe_base64(nil, false)
@@ -14,7 +14,8 @@ module DeviseTokenAuth
14
14
  devise_mapping = [request.env['omniauth.params']['namespace_name'],
15
15
  request.env['omniauth.params']['resource_class'].underscore.gsub('/', '_')].compact.join('_')
16
16
  path = "#{Devise.mappings[devise_mapping.to_sym].fullpath}/#{params[:provider]}/callback"
17
- redirect_route = URI::HTTP.build(scheme: request.scheme, host: request.host, port: request.port, path: path).to_s
17
+ klass = request.scheme == 'https' ? URI::HTTPS : URI::HTTP
18
+ redirect_route = klass.build(host: request.host, port: request.port, path: path).to_s
18
19
 
19
20
  # preserve omniauth info for success route. ignore 'extra' in twitter
20
21
  # auth response to avoid CookieOverflow.
@@ -76,7 +76,7 @@ module DeviseTokenAuth
76
76
  reset_password_token: resource_params[:reset_password_token]
77
77
  })
78
78
 
79
- if @resource and @resource.id
79
+ if @resource && @resource.id
80
80
  client_id = SecureRandom.urlsafe_base64(nil, false)
81
81
  token = SecureRandom.urlsafe_base64(nil, false)
82
82
  token_hash = BCrypt::Password.create(token)
@@ -119,7 +119,7 @@ module DeviseTokenAuth
119
119
  end
120
120
 
121
121
  # ensure that password params were sent
122
- unless password_resource_params[:password] and password_resource_params[:password_confirmation]
122
+ unless password_resource_params[:password] && password_resource_params[:password_confirmation]
123
123
  return render_update_error_missing_password
124
124
  end
125
125
 
@@ -186,7 +186,7 @@ module DeviseTokenAuth
186
186
  def resource_update_method
187
187
  if DeviseTokenAuth.check_current_password_before_update == :attributes
188
188
  "update_with_password"
189
- elsif DeviseTokenAuth.check_current_password_before_update == :password and account_update_params.has_key?(:password)
189
+ elsif DeviseTokenAuth.check_current_password_before_update == :password && account_update_params.has_key?(:password)
190
190
  "update_with_password"
191
191
  elsif account_update_params.has_key?(:current_password)
192
192
  "update_with_password"
@@ -29,7 +29,7 @@ module DeviseTokenAuth
29
29
  @resource = resource_class.where(q, q_value).first
30
30
  end
31
31
 
32
- if @resource and valid_params?(field, q_value) and (!@resource.respond_to?(:active_for_authentication?) or @resource.active_for_authentication?)
32
+ if @resource && valid_params?(field, q_value) && (!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
33
33
  valid_password = @resource.valid_password?(resource_params[:password])
34
34
  if (@resource.respond_to?(:valid_for_authentication?) && !@resource.valid_for_authentication? { valid_password }) || !valid_password
35
35
  render_create_error_bad_credentials
@@ -50,7 +50,7 @@ module DeviseTokenAuth
50
50
  yield @resource if block_given?
51
51
 
52
52
  render_create_success
53
- elsif @resource and not (!@resource.respond_to?(:active_for_authentication?) or @resource.active_for_authentication?)
53
+ elsif @resource && !(!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
54
54
  render_create_error_not_confirmed
55
55
  else
56
56
  render_create_error_bad_credentials
@@ -63,7 +63,7 @@ module DeviseTokenAuth
63
63
  client_id = remove_instance_variable(:@client_id) if @client_id
64
64
  remove_instance_variable(:@token) if @token
65
65
 
66
- if user and client_id and user.tokens[client_id]
66
+ if user && client_id && user.tokens[client_id]
67
67
  user.tokens.delete(client_id)
68
68
  user.save!
69
69
 
@@ -95,7 +95,15 @@ module DeviseTokenAuth::Concerns::User
95
95
 
96
96
 
97
97
  def tokens_has_json_column_type?
98
- table_exists? && self.columns_hash['tokens'] && self.columns_hash['tokens'].type.in?([:json, :jsonb])
98
+ database_exists? && table_exists? && self.columns_hash['tokens'] && self.columns_hash['tokens'].type.in?([:json, :jsonb])
99
+ end
100
+
101
+ def database_exists?
102
+ ActiveRecord::Base.connection
103
+ rescue ActiveRecord::NoDatabaseError
104
+ false
105
+ else
106
+ true
99
107
  end
100
108
  end
101
109
 
@@ -127,10 +135,10 @@ module DeviseTokenAuth::Concerns::User
127
135
 
128
136
  return true if (
129
137
  # ensure that expiry and token are set
130
- expiry and token and
138
+ expiry && token &&
131
139
 
132
140
  # ensure that the token has not yet expired
133
- DateTime.strptime(expiry.to_s, '%s') > Time.now and
141
+ DateTime.strptime(expiry.to_s, '%s') > Time.now &&
134
142
 
135
143
  # ensure that the token is valid
136
144
  DeviseTokenAuth::Concerns::User.tokens_match?(token_hash, token)
@@ -147,10 +155,10 @@ module DeviseTokenAuth::Concerns::User
147
155
 
148
156
  return true if (
149
157
  # ensure that the last token and its creation time exist
150
- updated_at and last_token and
158
+ updated_at && last_token &&
151
159
 
152
160
  # ensure that previous token falls within the batch buffer throttle time of the last request
153
- Time.parse(updated_at) > Time.now - DeviseTokenAuth.batch_request_buffer_throttle and
161
+ Time.parse(updated_at) > Time.now - DeviseTokenAuth.batch_request_buffer_throttle &&
154
162
 
155
163
  # ensure that the token is valid
156
164
  ::BCrypt::Password.new(last_token) == token
@@ -166,7 +174,7 @@ module DeviseTokenAuth::Concerns::User
166
174
  token_hash = ::BCrypt::Password.create(token)
167
175
  expiry = (Time.now + DeviseTokenAuth.token_lifespan).to_i
168
176
 
169
- if self.tokens[client_id] and self.tokens[client_id]['token']
177
+ if self.tokens[client_id] && self.tokens[client_id]['token']
170
178
  last_token = self.tokens[client_id]['token']
171
179
  end
172
180
 
@@ -189,7 +197,7 @@ module DeviseTokenAuth::Concerns::User
189
197
  expiry = self.tokens[client_id]['expiry'] || self.tokens[client_id][:expiry]
190
198
 
191
199
  max_clients = DeviseTokenAuth.max_number_of_devices
192
- while self.tokens.keys.length > 0 and max_clients < self.tokens.keys.length
200
+ while self.tokens.keys.length > 0 && max_clients < self.tokens.keys.length
193
201
  oldest_token = self.tokens.min_by { |cid, v| v[:expiry] || v["expiry"] }
194
202
  self.tokens.delete(oldest_token.first)
195
203
  end
@@ -17,7 +17,7 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
17
17
 
18
18
  # only validate unique email among users that registered by email
19
19
  def unique_email_user
20
- if provider == 'email' and self.class.where(provider: 'email', email: email).count > 0
20
+ if provider == 'email' && self.class.where(provider: 'email', email: email).count > 0
21
21
  errors.add(:email, :taken)
22
22
  end
23
23
  end
@@ -0,0 +1,46 @@
1
+ sq:
2
+ devise_token_auth:
3
+ sessions:
4
+ not_confirmed: "Një email konfirmues është dërguar tek llogaria juaj '%{email}'. Ju duhet të ndiqni udhëzimet në email përpara se të bëhet aktivizimi i llogarisë tuaj."
5
+ bad_credentials: "Kredencialet e qasjes nuk janë në rregull. Ju lutemi, provoni përsëri."
6
+ not_supported: "Përdorni POST/sign_in për t'u kyçur. GET nuk lejohet në këtë rast."
7
+ user_not_found: "Përdoruesi nuk u gjet ose nuk është i kyçur."
8
+ token_validations:
9
+ invalid: "Kredencialet për kyçje nuk janë në rregull."
10
+ registrations:
11
+ missing_confirm_success_url: "Mungon parametri 'confirm_success_url'."
12
+ redirect_url_not_allowed: "Nuk lejohet shkuarja tek adresa '%{redirect_url}'."
13
+ email_already_exists: "Një llogari është regjistruar më parë me adresën '%{email}'"
14
+ account_with_uid_destroyed: "Llogaria me UID-në '%{uid}' është fshirë."
15
+ account_to_destroy_not_found: "Nuk u gjet llogaria për fshirje."
16
+ user_not_found: "Përdoruesi nuk u gjet."
17
+ passwords:
18
+ missing_email: "Ju duhet të jepni një email adresë."
19
+ missing_redirect_url: "Mungon URL-ja për ridërgim."
20
+ not_allowed_redirect_url: "Nuk lejohet shkuarja tek URL-ja '%{redirect_url}'."
21
+ sended: "Një email është dërguar tek email adresa '%{email}' që përmban udhëzime për rikthim të fjalëkalimit tuaj."
22
+ user_not_found: "Nuk u gjet përdoruesi me email adresën '%{email}'."
23
+ password_not_required: "Kjo llogari nuk kërkon fjalëkalim. Në vend të fjalëkalimit, përdorni llogarinë '%{provider}'."
24
+ missing_passwords: "Ju duhet t'i mbushni fushat e etiketuara si 'Fjalëkalimi' dhe 'Konfirmo fjalëkalimin'."
25
+ successfully_updated: "Fjalëkalimi juaj është ndryshuar me sukses."
26
+ errors:
27
+ messages:
28
+ validate_sign_up_params: "Ju lutemi, dërgoni të dhëna të duhura në trupin e kërkesës."
29
+ validate_account_update_params: "Ju lutemi, dërgoni të dhëna të duhura për ndryshim në trupin e kërkesës."
30
+ not_email: "nuk është email"
31
+ devise:
32
+ mailer:
33
+ confirmation_instructions:
34
+ confirm_link_msg: "Ju mund ta konfirmoni email adresën e llogarisë tuaj përmes lidhjes më poshtë:"
35
+ confirm_account_link: "Konfirmo llogarinë time"
36
+ reset_password_instructions:
37
+ request_reset_link_msg: "Dikush ka kërkuar një lidhje për të ndryshuar fjalëkalimin tuaj. Ju mund ta bëni këtë përmes lidhjes më poshtë."
38
+ password_change_link: "Ndrysho fjalëkalimin tim"
39
+ ignore_mail_msg: "Nëse nuk e keni kërkuar këtë, ju lutemi injorojeni këtë email."
40
+ no_changes_msg: "Fjalëkalimi juaj nuk do të ndryshohet derisa t'i qaseni lidhjes më sipër dhe ta krijoni një fjalëkalim të ri."
41
+ unlock_instructions:
42
+ account_lock_msg: "Llogaria juaj është bllokuar për shkak të numrit të tepërt të përpjekjeve të pa suksesshme për t'u kyçur."
43
+ unlock_link_msg: "Klikoni lidhjen më poshtë për të zhbllokuar llogarinë tuaj:"
44
+ unlock_link: "Zhblloko llogarinë time"
45
+ hello: "tungjatjeta"
46
+ welcome: "mirësevini"
@@ -39,7 +39,7 @@ module DeviseTokenAuth
39
39
 
40
40
  unless current_#{group_name}
41
41
  return render json: {
42
- errors: ["Authorized users only."]
42
+ errors: [I18n.t('devise.failure.unauthenticated')]
43
43
  }, status: 401
44
44
  end
45
45
  end
@@ -110,7 +110,7 @@ module DeviseTokenAuth
110
110
  def authenticate_#{mapping}!
111
111
  unless current_#{mapping}
112
112
  return render json: {
113
- errors: ["Authorized users only."]
113
+ errors: [I18n.t('devise.failure.unauthenticated')]
114
114
  }, status: 401
115
115
  end
116
116
  end
@@ -57,7 +57,7 @@ module ActionDispatch::Routing
57
57
  get "#{full_path}/validate_token", controller: "#{token_validations_ctrl}", action: "validate_token"
58
58
 
59
59
  # omniauth routes. only define if omniauth is installed and not skipped.
60
- if defined?(::OmniAuth) and not opts[:skip].include?(:omniauth_callbacks)
60
+ if defined?(::OmniAuth) && !opts[:skip].include?(:omniauth_callbacks)
61
61
  match "#{full_path}/failure", controller: omniauth_ctrl, action: "omniauth_failure", via: [:get]
62
62
  match "#{full_path}/:provider/callback", controller: omniauth_ctrl, action: "omniauth_success", via: [:get]
63
63
 
@@ -4,7 +4,7 @@ module DeviseTokenAuth::Url
4
4
  uri = URI(url)
5
5
 
6
6
  res = "#{uri.scheme}://#{uri.host}"
7
- res += ":#{uri.port}" if (uri.port and uri.port != 80 and uri.port != 443)
7
+ res += ":#{uri.port}" if (uri.port && uri.port != 80 && uri.port != 443)
8
8
  res += "#{uri.path}" if uri.path
9
9
  query = [uri.query, params.to_query].reject(&:blank?).join('&')
10
10
  res += "?#{query}"
@@ -1,3 +1,3 @@
1
1
  module DeviseTokenAuth
2
- VERSION = "0.1.40"
2
+ VERSION = "0.1.41"
3
3
  end
@@ -3,7 +3,7 @@ module Overrides
3
3
  OVERRIDE_PROOF = "(^^,)"
4
4
 
5
5
  def create
6
- @resource = resource_class.find_by_email(resource_params[:email])
6
+ @resource = resource_class.find_by(email: resource_params[:email])
7
7
 
8
8
  if @resource and valid_params?(:email, resource_params[:email]) and @resource.valid_password?(resource_params[:password]) and @resource.confirmed?
9
9
  # create client id
@@ -20,7 +20,5 @@ module Dummy
20
20
  # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
21
21
  # config.i18n.default_locale = :de
22
22
  config.autoload_paths << Rails.root.join('lib')
23
-
24
- config.active_record.raise_in_transactional_callbacks = true
25
23
  end
26
24
  end
@@ -13,8 +13,13 @@ Rails.application.configure do
13
13
  config.eager_load = false
14
14
 
15
15
  # Configure static asset server for tests with Cache-Control for performance.
16
- config.serve_static_files = true
17
- config.static_cache_control = 'public, max-age=3600'
16
+ Rails::VERSION::MAJOR == 5 ?
17
+ (config.public_file_server.enabled = true) :
18
+ (config.serve_static_files = true)
19
+
20
+ Rails::VERSION::MAJOR == 5 ?
21
+ (config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }) :
22
+ (config.static_cache_control = 'public, max-age=3600')
18
23
 
19
24
  # Show full error reports and disable caching.
20
25
  config.consider_all_requests_local = true
@@ -29,7 +29,7 @@ module DeviseTokenAuth
29
29
  end
30
30
 
31
31
  test 'migration file contains rails version' do
32
- assert_migration 'db/migrate/devise_token_auth_create_users.rb', /4.2/
32
+ assert_migration 'db/migrate/devise_token_auth_create_users.rb', /#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}/
33
33
  end
34
34
 
35
35
  test 'subsequent runs raise no errors' do
@@ -48,14 +48,17 @@ module DeviseTokenAuth
48
48
  # make dir if not exists
49
49
  FileUtils.mkdir_p(@dir)
50
50
 
51
+ # account for rails version 5
52
+ active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
53
+
51
54
  @f = File.open(@fname, 'w') {|f|
52
55
  f.write <<-RUBY
53
- class User < ActiveRecord::Base
56
+ class User < #{active_record_needle}
54
57
 
55
- def whatever
56
- puts 'whatever'
57
- end
58
- end
58
+ def whatever
59
+ puts 'whatever'
60
+ end
61
+ end
59
62
  RUBY
60
63
  }
61
64
 
@@ -91,9 +94,9 @@ end
91
94
 
92
95
  @f = File.open(@fname, 'w') {|f|
93
96
  f.write <<-RUBY
94
- Rails.application.routes.draw do
95
- patch '/chong', to: 'bong#index'
96
- end
97
+ Rails.application.routes.draw do
98
+ patch '/chong', to: 'bong#index'
99
+ end
97
100
  RUBY
98
101
  }
99
102
 
@@ -151,11 +154,11 @@ end
151
154
 
152
155
  @f = File.open(@fname, 'w') {|f|
153
156
  f.write <<-RUBY
154
- class ApplicationController < ActionController::Base
155
- def whatever
156
- 'whatever'
157
- end
158
- end
157
+ class ApplicationController < ActionController::Base
158
+ def whatever
159
+ 'whatever'
160
+ end
161
+ end
159
162
  RUBY
160
163
  }
161
164
 
@@ -1,13 +1,11 @@
1
- require "codeclimate-test-reporter"
2
- #require 'simplecov'
1
+ require 'simplecov'
3
2
 
4
3
  #SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
5
4
  #SimpleCov::Formatter::HTMLFormatter,
6
5
  #CodeClimate::TestReporter::Formatter
7
6
  #]
8
7
 
9
- #SimpleCov.start 'rails'
10
- CodeClimate::TestReporter.start
8
+ SimpleCov.start 'rails'
11
9
 
12
10
  ENV["RAILS_ENV"] = "test"
13
11
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_token_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.40
4
+ version: 0.1.41
5
5
  platform: ruby
6
6
  authors:
7
7
  - Lynn Hurley
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-01-20 00:00:00.000000000 Z
11
+ date: 2017-05-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -33,7 +33,7 @@ dependencies:
33
33
  version: 3.5.2
34
34
  - - "<="
35
35
  - !ruby/object:Gem::Version
36
- version: '4.2'
36
+ version: 4.2.1
37
37
  type: :runtime
38
38
  prerelease: false
39
39
  version_requirements: !ruby/object:Gem::Requirement
@@ -43,7 +43,7 @@ dependencies:
43
43
  version: 3.5.2
44
44
  - - "<="
45
45
  - !ruby/object:Gem::Version
46
- version: '4.2'
46
+ version: 4.2.1
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: sqlite3
49
49
  requirement: !ruby/object:Gem::Requirement
@@ -124,6 +124,7 @@ files:
124
124
  - config/locales/pt.yml
125
125
  - config/locales/ro.yml
126
126
  - config/locales/ru.yml
127
+ - config/locales/sq.yml
127
128
  - config/locales/zh-CN.yml
128
129
  - config/locales/zh-HK.yml
129
130
  - config/locales/zh-TW.yml