devise_token_auth 0.1.42 → 0.1.43.beta1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise_token_auth might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +39 -38
- data/app/controllers/devise_token_auth/application_controller.rb +15 -0
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +38 -0
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +21 -19
- data/app/controllers/devise_token_auth/confirmations_controller.rb +12 -7
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +3 -7
- data/app/controllers/devise_token_auth/passwords_controller.rb +16 -26
- data/app/controllers/devise_token_auth/registrations_controller.rb +6 -2
- data/app/controllers/devise_token_auth/sessions_controller.rb +3 -14
- data/app/controllers/devise_token_auth/unlocks_controller.rb +105 -0
- data/app/models/devise_token_auth/concerns/user.rb +29 -12
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +5 -8
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/initializers/devise.rb +1 -1
- data/config/locales/da-DK.yml +50 -0
- data/config/locales/en.yml +4 -0
- data/lib/devise_token_auth/controllers/helpers.rb +30 -20
- data/lib/devise_token_auth/rails/routes.rb +1 -1
- data/lib/devise_token_auth/url.rb +1 -1
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +2 -1
- data/lib/generators/devise_token_auth/templates/user.rb +1 -1
- data/test/controllers/custom/custom_confirmations_controller_test.rb +5 -10
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +15 -16
- data/test/controllers/custom/custom_passwords_controller_test.rb +28 -34
- data/test/controllers/custom/custom_registrations_controller_test.rb +23 -21
- data/test/controllers/custom/custom_sessions_controller_test.rb +16 -18
- data/test/controllers/custom/custom_token_validations_controller_test.rb +13 -11
- data/test/controllers/demo_group_controller_test.rb +19 -5
- data/test/controllers/demo_mang_controller_test.rb +37 -16
- data/test/controllers/demo_user_controller_test.rb +70 -38
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +40 -22
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +108 -82
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +127 -145
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +258 -274
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +112 -117
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +14 -15
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +194 -0
- data/test/controllers/overrides/confirmations_controller_test.rb +8 -9
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +16 -12
- data/test/controllers/overrides/passwords_controller_test.rb +19 -15
- data/test/controllers/overrides/registrations_controller_test.rb +7 -7
- data/test/controllers/overrides/sessions_controller_test.rb +6 -6
- data/test/controllers/overrides/token_validations_controller_test.rb +7 -4
- data/test/dummy/app/controllers/auth_origin_controller.rb +2 -2
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +0 -2
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +11 -7
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +10 -8
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +1 -1
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +2 -2
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +2 -2
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +1 -1
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +1 -1
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +2 -1
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +1 -1
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +2 -1
- data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +2 -1
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +2 -1
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +2 -1
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +2 -1
- data/test/dummy/db/schema.rb +157 -162
- data/test/dummy/tmp/generators/app/models/user.rb +1 -1
- data/test/dummy/tmp/generators/db/migrate/{20170517171822_devise_token_auth_create_users.rb → 20171014052631_devise_token_auth_create_users.rb} +2 -1
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +5 -1
- data/test/models/user_test.rb +35 -1
- data/test/test_helper.rb +17 -11
- metadata +85 -80
|
@@ -7,7 +7,7 @@ module DeviseTokenAuth
|
|
|
7
7
|
|
|
8
8
|
def create
|
|
9
9
|
@resource = resource_class.new(sign_up_params)
|
|
10
|
-
@resource.provider =
|
|
10
|
+
@resource.provider = provider
|
|
11
11
|
|
|
12
12
|
# honor devise configuration for case_insensitive_keys
|
|
13
13
|
if resource_class.case_insensitive_keys.include?(:email)
|
|
@@ -38,6 +38,10 @@ module DeviseTokenAuth
|
|
|
38
38
|
# override email confirmation, must be sent manually from ctrl
|
|
39
39
|
resource_class.set_callback("create", :after, :send_on_create_confirmation_instructions)
|
|
40
40
|
resource_class.skip_callback("create", :after, :send_on_create_confirmation_instructions)
|
|
41
|
+
if @resource.respond_to? :skip_confirmation_notification!
|
|
42
|
+
# Fix duplicate e-mails by disabling Devise confirmation e-mail
|
|
43
|
+
@resource.skip_confirmation_notification!
|
|
44
|
+
end
|
|
41
45
|
if @resource.save
|
|
42
46
|
yield @resource if block_given?
|
|
43
47
|
|
|
@@ -55,7 +59,7 @@ module DeviseTokenAuth
|
|
|
55
59
|
|
|
56
60
|
@resource.tokens[@client_id] = {
|
|
57
61
|
token: BCrypt::Password.create(@token),
|
|
58
|
-
expiry: (Time.now +
|
|
62
|
+
expiry: (Time.now + @resource.token_lifespan).to_i
|
|
59
63
|
}
|
|
60
64
|
|
|
61
65
|
@resource.save!
|
|
@@ -14,19 +14,9 @@ module DeviseTokenAuth
|
|
|
14
14
|
|
|
15
15
|
@resource = nil
|
|
16
16
|
if field
|
|
17
|
-
q_value =
|
|
17
|
+
q_value = get_case_insensitive_field_from_resource_params(field)
|
|
18
18
|
|
|
19
|
-
|
|
20
|
-
q_value.downcase!
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
q = "#{field.to_s} = ? AND provider='email'"
|
|
24
|
-
|
|
25
|
-
if ActiveRecord::Base.connection.adapter_name.downcase.starts_with? 'mysql'
|
|
26
|
-
q = "BINARY " + q
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
@resource = resource_class.where(q, q_value).first
|
|
19
|
+
@resource = find_resource(field, q_value)
|
|
30
20
|
end
|
|
31
21
|
|
|
32
22
|
if @resource && valid_params?(field, q_value) && (!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
|
|
@@ -41,7 +31,7 @@ module DeviseTokenAuth
|
|
|
41
31
|
|
|
42
32
|
@resource.tokens[@client_id] = {
|
|
43
33
|
token: BCrypt::Password.create(@token),
|
|
44
|
-
expiry: (Time.now +
|
|
34
|
+
expiry: (Time.now + @resource.token_lifespan).to_i
|
|
45
35
|
}
|
|
46
36
|
@resource.save
|
|
47
37
|
|
|
@@ -142,7 +132,6 @@ module DeviseTokenAuth
|
|
|
142
132
|
}, status: 404
|
|
143
133
|
end
|
|
144
134
|
|
|
145
|
-
|
|
146
135
|
private
|
|
147
136
|
|
|
148
137
|
def resource_params
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
module DeviseTokenAuth
|
|
2
|
+
class UnlocksController < DeviseTokenAuth::ApplicationController
|
|
3
|
+
skip_after_action :update_auth_header, :only => [:create, :show]
|
|
4
|
+
|
|
5
|
+
# this action is responsible for generating unlock tokens and
|
|
6
|
+
# sending emails
|
|
7
|
+
def create
|
|
8
|
+
unless resource_params[:email]
|
|
9
|
+
return render_create_error_missing_email
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
@email = get_case_insensitive_field_from_resource_params(:email)
|
|
13
|
+
@resource = find_resource(:email, @email)
|
|
14
|
+
|
|
15
|
+
@errors = nil
|
|
16
|
+
@error_status = 400
|
|
17
|
+
|
|
18
|
+
if @resource
|
|
19
|
+
yield @resource if block_given?
|
|
20
|
+
|
|
21
|
+
@resource.send_unlock_instructions({
|
|
22
|
+
email: @email,
|
|
23
|
+
provider: 'email',
|
|
24
|
+
client_config: params[:config_name]
|
|
25
|
+
})
|
|
26
|
+
|
|
27
|
+
if @resource.errors.empty?
|
|
28
|
+
return render_create_success
|
|
29
|
+
else
|
|
30
|
+
@errors = @resource.errors
|
|
31
|
+
end
|
|
32
|
+
else
|
|
33
|
+
@errors = [I18n.t("devise_token_auth.unlocks.user_not_found", email: @email)]
|
|
34
|
+
@error_status = 404
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
if @errors
|
|
38
|
+
return render_create_error
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def show
|
|
43
|
+
@resource = resource_class.unlock_access_by_token(params[:unlock_token])
|
|
44
|
+
|
|
45
|
+
if @resource && @resource.id
|
|
46
|
+
client_id = SecureRandom.urlsafe_base64(nil, false)
|
|
47
|
+
token = SecureRandom.urlsafe_base64(nil, false)
|
|
48
|
+
token_hash = BCrypt::Password.create(token)
|
|
49
|
+
expiry = (Time.now + DeviseTokenAuth.token_lifespan).to_i
|
|
50
|
+
|
|
51
|
+
@resource.tokens[client_id] = {
|
|
52
|
+
token: token_hash,
|
|
53
|
+
expiry: expiry
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
@resource.save!
|
|
57
|
+
yield @resource if block_given?
|
|
58
|
+
|
|
59
|
+
redirect_header_options = {unlock: true}
|
|
60
|
+
redirect_headers = build_redirect_headers(token,
|
|
61
|
+
client_id,
|
|
62
|
+
redirect_header_options)
|
|
63
|
+
redirect_to(@resource.build_auth_url(after_unlock_path_for(@resource),
|
|
64
|
+
redirect_headers))
|
|
65
|
+
else
|
|
66
|
+
render_show_error
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
private
|
|
71
|
+
def after_unlock_path_for(resource)
|
|
72
|
+
#TODO: This should probably be a configuration option at the very least.
|
|
73
|
+
'/'
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def render_create_error_missing_email
|
|
77
|
+
render json: {
|
|
78
|
+
success: false,
|
|
79
|
+
errors: [I18n.t("devise_token_auth.unlocks.missing_email")]
|
|
80
|
+
}, status: 401
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
def render_create_success
|
|
84
|
+
render json: {
|
|
85
|
+
success: true,
|
|
86
|
+
message: I18n.t("devise_token_auth.unlocks.sended", email: @email)
|
|
87
|
+
}
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
def render_create_error
|
|
91
|
+
render json: {
|
|
92
|
+
success: false,
|
|
93
|
+
errors: @errors,
|
|
94
|
+
}, status: @error_status
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
def render_show_error
|
|
98
|
+
raise ActionController::RoutingError.new('Not Found')
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
def resource_params
|
|
102
|
+
params.permit(:email, :unlock_token, :config)
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
end
|
|
@@ -41,12 +41,6 @@ module DeviseTokenAuth::Concerns::User
|
|
|
41
41
|
# remove old tokens if password has changed
|
|
42
42
|
before_save :remove_tokens_after_password_reset
|
|
43
43
|
|
|
44
|
-
# allows user to change password without current_password
|
|
45
|
-
attr_writer :allow_password_change
|
|
46
|
-
def allow_password_change
|
|
47
|
-
@allow_password_change || false
|
|
48
|
-
end
|
|
49
|
-
|
|
50
44
|
# don't use default devise email validation
|
|
51
45
|
def email_required?
|
|
52
46
|
false
|
|
@@ -56,6 +50,15 @@ module DeviseTokenAuth::Concerns::User
|
|
|
56
50
|
false
|
|
57
51
|
end
|
|
58
52
|
|
|
53
|
+
def will_save_change_to_email?
|
|
54
|
+
false
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def password_required?
|
|
58
|
+
return false unless provider == 'email'
|
|
59
|
+
super
|
|
60
|
+
end
|
|
61
|
+
|
|
59
62
|
# override devise method to include additional info as opts hash
|
|
60
63
|
def send_confirmation_instructions(opts=nil)
|
|
61
64
|
unless @raw_confirmation_token
|
|
@@ -88,6 +91,21 @@ module DeviseTokenAuth::Concerns::User
|
|
|
88
91
|
|
|
89
92
|
token
|
|
90
93
|
end
|
|
94
|
+
|
|
95
|
+
# override devise method to include additional info as opts hash
|
|
96
|
+
def send_unlock_instructions(opts=nil)
|
|
97
|
+
raw, enc = Devise.token_generator.generate(self.class, :unlock_token)
|
|
98
|
+
self.unlock_token = enc
|
|
99
|
+
save(validate: false)
|
|
100
|
+
|
|
101
|
+
opts ||= {}
|
|
102
|
+
|
|
103
|
+
# fall back to "default" config name
|
|
104
|
+
opts[:client_config] ||= "default"
|
|
105
|
+
|
|
106
|
+
send_devise_notification(:unlock_instructions, raw, opts)
|
|
107
|
+
raw
|
|
108
|
+
end
|
|
91
109
|
end
|
|
92
110
|
|
|
93
111
|
module ClassMethods
|
|
@@ -99,11 +117,7 @@ module DeviseTokenAuth::Concerns::User
|
|
|
99
117
|
end
|
|
100
118
|
|
|
101
119
|
def database_exists?
|
|
102
|
-
ActiveRecord::Base.
|
|
103
|
-
rescue ActiveRecord::NoDatabaseError
|
|
104
|
-
false
|
|
105
|
-
else
|
|
106
|
-
true
|
|
120
|
+
ActiveRecord::Base.connection_pool.with_connection { |con| con.active? } rescue false
|
|
107
121
|
end
|
|
108
122
|
end
|
|
109
123
|
|
|
@@ -172,7 +186,7 @@ module DeviseTokenAuth::Concerns::User
|
|
|
172
186
|
last_token ||= nil
|
|
173
187
|
token = SecureRandom.urlsafe_base64(nil, false)
|
|
174
188
|
token_hash = ::BCrypt::Password.create(token)
|
|
175
|
-
expiry = (Time.now +
|
|
189
|
+
expiry = (Time.now + token_lifespan).to_i
|
|
176
190
|
|
|
177
191
|
if self.tokens[client_id] && self.tokens[client_id]['token']
|
|
178
192
|
last_token = self.tokens[client_id]['token']
|
|
@@ -238,6 +252,9 @@ module DeviseTokenAuth::Concerns::User
|
|
|
238
252
|
])
|
|
239
253
|
end
|
|
240
254
|
|
|
255
|
+
def token_lifespan
|
|
256
|
+
DeviseTokenAuth.token_lifespan
|
|
257
|
+
end
|
|
241
258
|
|
|
242
259
|
protected
|
|
243
260
|
|
|
@@ -2,11 +2,11 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
|
|
|
2
2
|
extend ActiveSupport::Concern
|
|
3
3
|
|
|
4
4
|
included do
|
|
5
|
-
validates :email, presence: true, email: true, if:
|
|
6
|
-
validates_presence_of :uid,
|
|
5
|
+
validates :email, presence: true, email: true, if: :email_provider?
|
|
6
|
+
validates_presence_of :uid, unless: :email_provider?
|
|
7
7
|
|
|
8
8
|
# only validate unique emails among email registration users
|
|
9
|
-
|
|
9
|
+
validates :email, uniqueness: { scope: :provider }, on: :create, if: :email_provider?
|
|
10
10
|
|
|
11
11
|
# keep uid in sync with email
|
|
12
12
|
before_save :sync_uid
|
|
@@ -15,11 +15,8 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
|
|
|
15
15
|
|
|
16
16
|
protected
|
|
17
17
|
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
if provider == 'email' && self.class.where(provider: 'email', email: email).count > 0
|
|
21
|
-
errors.add(:email, :taken)
|
|
22
|
-
end
|
|
18
|
+
def email_provider?
|
|
19
|
+
provider == 'email'
|
|
23
20
|
end
|
|
24
21
|
|
|
25
22
|
def sync_uid
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
Cordova / PhoneGap)
|
|
16
16
|
*/
|
|
17
17
|
|
|
18
|
-
var data = <%= @data.to_json
|
|
18
|
+
var data = JSON.parse(decodeURIComponent('<%= URI::escape( @data.to_json ) %>'));
|
|
19
19
|
|
|
20
20
|
window.addEventListener("message", function(ev) {
|
|
21
21
|
if (ev.data === "requestCredentials") {
|
|
@@ -142,7 +142,7 @@ Devise.setup do |config|
|
|
|
142
142
|
# Email regex used to validate email formats. It simply asserts that
|
|
143
143
|
# one (and only one) @ exists in the given string. This is mainly
|
|
144
144
|
# to give user feedback and not to assert the e-mail validity.
|
|
145
|
-
config.email_regexp = /\A[^@\s]+@
|
|
145
|
+
config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
|
|
146
146
|
|
|
147
147
|
# ==> Configuration for :timeoutable
|
|
148
148
|
# The time you want to timeout the user session without activity. After this
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
da-DK:
|
|
2
|
+
devise_token_auth:
|
|
3
|
+
sessions:
|
|
4
|
+
not_confirmed: "Der er sendt en bekræftelsesemail til din konto på '%{email}'. Følg venligst instruktionerne i emailen for at aktivere din konto."
|
|
5
|
+
bad_credentials: "Ugyldigt kombination af brugernavn og kodeord. Prøv venligst igen."
|
|
6
|
+
not_supported: "Brug POST /sign_in for at logge ind. GET er ikke supporteret."
|
|
7
|
+
user_not_found: "Brugeren er ikke fundet eller er ikke logget ind."
|
|
8
|
+
token_validations:
|
|
9
|
+
invalid: "Ugyldig legitimationsoplysninger."
|
|
10
|
+
registrations:
|
|
11
|
+
missing_confirm_success_url: "Der mangler et 'confirm_success_url' parameter."
|
|
12
|
+
redirect_url_not_allowed: "Omdirigering til '%{redirect_url}' er ikke tilladt."
|
|
13
|
+
email_already_exists: "Der eksisterer allerede en konto med '%{email}'"
|
|
14
|
+
account_with_uid_destroyed: "Kontoen med UID '%{uid}' er slettet."
|
|
15
|
+
account_to_destroy_not_found: "Kan ikke finde kontoen som skal slettes."
|
|
16
|
+
user_not_found: "Brugeren ikke fundet."
|
|
17
|
+
passwords:
|
|
18
|
+
missing_email: "Du skal udfylde email feltet."
|
|
19
|
+
missing_redirect_url: "Der er ingen omdirigeringsadresse."
|
|
20
|
+
redirect_url_not_allowed: "Omdirigering til '%{redirect_url}' er ikke tilladt."
|
|
21
|
+
sended: "En email er blevet sendt til '%{email}' med instruktioner for at nulstille dit kodeord."
|
|
22
|
+
user_not_found: "Kan ikke finde en bruger med '%{email}'."
|
|
23
|
+
password_not_required: "Denne bruger kræver ikke et kodeord. Log ind med '%{provider}' konto i stedet."
|
|
24
|
+
missing_passwords: "Du skal fylde alle felter ud som indeholder 'Password' og 'Password confirmation'."
|
|
25
|
+
successfully_updated: "Dit kodeord er opdateret."
|
|
26
|
+
unlocks:
|
|
27
|
+
missing_email: "Du skal udfylde en email."
|
|
28
|
+
sended: "En email er blevet sendt til '%{email}', som indeholder instruktioner for at låse kontoen op."
|
|
29
|
+
user_not_found: "Kan ikke finde en burger med email '%{email}'."
|
|
30
|
+
errors:
|
|
31
|
+
messages:
|
|
32
|
+
validate_sign_up_params: "Angiv venligst passende registeringsdata i request body."
|
|
33
|
+
validate_account_update_params: "Angiv venligst en passende konto opdatering i request body."
|
|
34
|
+
not_email: "er ikke en email"
|
|
35
|
+
devise:
|
|
36
|
+
mailer:
|
|
37
|
+
confirmation_instructions:
|
|
38
|
+
confirm_link_msg: "Du kan bekræfte din konto email for linket herunder:"
|
|
39
|
+
confirm_account_link: "Bekræft min konto"
|
|
40
|
+
reset_password_instructions:
|
|
41
|
+
request_reset_link_msg: "Der er nogle der har anmodet om et link til at ændre dit kodeord. Det kan du gøre gennem linket nedenfor."
|
|
42
|
+
password_change_link: "Ændre mit kodeord."
|
|
43
|
+
ignore_mail_msg: "Hvis du ikke anmodede om dette, ignorer venligst denne email."
|
|
44
|
+
no_changes_msg: "Din kodeord vil ikke ændres indtil du går ind på linket ovenfor og laver et nyt et."
|
|
45
|
+
unlock_instructions:
|
|
46
|
+
account_lock_msg: "Din konto er blevet låst fordi der er for mange forkerte log ind-forsøg."
|
|
47
|
+
unlock_link_msg: "Klik linket nedenfor, for at låse din konto op:"
|
|
48
|
+
unlock_link: "Lås min konto op"
|
|
49
|
+
hello: "hej"
|
|
50
|
+
welcome: "velkommen"
|
data/config/locales/en.yml
CHANGED
|
@@ -23,6 +23,10 @@ en:
|
|
|
23
23
|
password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."
|
|
24
24
|
missing_passwords: "You must fill out the fields labeled 'Password' and 'Password confirmation'."
|
|
25
25
|
successfully_updated: "Your password has been successfully updated."
|
|
26
|
+
unlocks:
|
|
27
|
+
missing_email: "You must provide an email address."
|
|
28
|
+
sended: "An email has been sent to '%{email}' containing instructions for unlocking your account."
|
|
29
|
+
user_not_found: "Unable to find user with email '%{email}'."
|
|
26
30
|
errors:
|
|
27
31
|
messages:
|
|
28
32
|
validate_sign_up_params: "Please submit proper sign up data in request body."
|
|
@@ -15,10 +15,11 @@ module DeviseTokenAuth
|
|
|
15
15
|
# devise_group :blogger, contains: [:user, :admin]
|
|
16
16
|
#
|
|
17
17
|
# Generated methods:
|
|
18
|
-
# authenticate_blogger!
|
|
19
|
-
# blogger_signed_in?
|
|
20
|
-
# current_blogger
|
|
21
|
-
# current_bloggers
|
|
18
|
+
# authenticate_blogger! # Redirects unless user or admin are signed in
|
|
19
|
+
# blogger_signed_in? # Checks whether there is either a user or an admin signed in
|
|
20
|
+
# current_blogger # Currently signed in user or admin
|
|
21
|
+
# current_bloggers # Currently signed in user and admin
|
|
22
|
+
# render_authenticate_error # Render error unless user or admin are signed in
|
|
22
23
|
#
|
|
23
24
|
# Use:
|
|
24
25
|
# before_action :authenticate_blogger! # Redirects unless either a user or an admin are authenticated
|
|
@@ -38,9 +39,7 @@ module DeviseTokenAuth
|
|
|
38
39
|
end
|
|
39
40
|
|
|
40
41
|
unless current_#{group_name}
|
|
41
|
-
|
|
42
|
-
errors: [I18n.t('devise.failure.unauthenticated')]
|
|
43
|
-
}, status: 401
|
|
42
|
+
render_authenticate_error
|
|
44
43
|
end
|
|
45
44
|
end
|
|
46
45
|
end
|
|
@@ -67,8 +66,14 @@ module DeviseTokenAuth
|
|
|
67
66
|
end.compact
|
|
68
67
|
end
|
|
69
68
|
|
|
69
|
+
def render_authenticate_error
|
|
70
|
+
return render json: {
|
|
71
|
+
errors: [I18n.t('devise.failure.unauthenticated')]
|
|
72
|
+
}, status: 401
|
|
73
|
+
end
|
|
74
|
+
|
|
70
75
|
if respond_to?(:helper_method)
|
|
71
|
-
helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?"
|
|
76
|
+
helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?", "render_authenticate_error"
|
|
72
77
|
end
|
|
73
78
|
METHODS
|
|
74
79
|
end
|
|
@@ -90,14 +95,15 @@ module DeviseTokenAuth
|
|
|
90
95
|
# Admin
|
|
91
96
|
#
|
|
92
97
|
# Generated methods:
|
|
93
|
-
# authenticate_user!
|
|
94
|
-
# authenticate_admin!
|
|
95
|
-
# user_signed_in?
|
|
96
|
-
# admin_signed_in?
|
|
97
|
-
# current_user
|
|
98
|
-
# current_admin
|
|
99
|
-
# user_session
|
|
100
|
-
# admin_session
|
|
98
|
+
# authenticate_user! # Signs user in or 401
|
|
99
|
+
# authenticate_admin! # Signs admin in or 401
|
|
100
|
+
# user_signed_in? # Checks whether there is a user signed in or not
|
|
101
|
+
# admin_signed_in? # Checks whether there is an admin signed in or not
|
|
102
|
+
# current_user # Current signed in user
|
|
103
|
+
# current_admin # Current signed in admin
|
|
104
|
+
# user_session # Session data available only to the user scope
|
|
105
|
+
# admin_session # Session data available only to the admin scope
|
|
106
|
+
# render_authenticate_error # Render error unless user or admin is signed in
|
|
101
107
|
#
|
|
102
108
|
# Use:
|
|
103
109
|
# before_action :authenticate_user! # Tell devise to use :user map
|
|
@@ -109,9 +115,7 @@ module DeviseTokenAuth
|
|
|
109
115
|
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
|
110
116
|
def authenticate_#{mapping}!
|
|
111
117
|
unless current_#{mapping}
|
|
112
|
-
|
|
113
|
-
errors: [I18n.t('devise.failure.unauthenticated')]
|
|
114
|
-
}, status: 401
|
|
118
|
+
render_authenticate_error
|
|
115
119
|
end
|
|
116
120
|
end
|
|
117
121
|
|
|
@@ -126,11 +130,17 @@ module DeviseTokenAuth
|
|
|
126
130
|
def #{mapping}_session
|
|
127
131
|
current_#{mapping} && warden.session(:#{mapping})
|
|
128
132
|
end
|
|
133
|
+
|
|
134
|
+
def render_authenticate_error
|
|
135
|
+
return render json: {
|
|
136
|
+
errors: [I18n.t('devise.failure.unauthenticated')]
|
|
137
|
+
}, status: 401
|
|
138
|
+
end
|
|
129
139
|
METHODS
|
|
130
140
|
|
|
131
141
|
ActiveSupport.on_load(:action_controller) do
|
|
132
142
|
if respond_to?(:helper_method)
|
|
133
|
-
helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session"
|
|
143
|
+
helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session", "render_authenticate_error"
|
|
134
144
|
end
|
|
135
145
|
end
|
|
136
146
|
end
|