devise_token_auth 0.1.43 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +42 -895
- data/Rakefile +11 -4
- data/app/controllers/devise_token_auth/application_controller.rb +19 -8
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +26 -12
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +106 -85
- data/app/controllers/devise_token_auth/confirmations_controller.rb +73 -17
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +95 -51
- data/app/controllers/devise_token_auth/passwords_controller.rb +65 -57
- data/app/controllers/devise_token_auth/registrations_controller.rb +61 -61
- data/app/controllers/devise_token_auth/sessions_controller.rb +22 -18
- data/app/controllers/devise_token_auth/token_validations_controller.rb +5 -3
- data/app/controllers/devise_token_auth/unlocks_controller.rb +20 -16
- data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +92 -100
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +8 -3
- data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +5 -3
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/da-DK.yml +11 -9
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +10 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +4 -2
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +52 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth/blacklist.rb +6 -0
- data/lib/devise_token_auth/controllers/helpers.rb +21 -13
- data/lib/devise_token_auth/controllers/url_helpers.rb +2 -0
- data/lib/devise_token_auth/engine.rb +26 -14
- data/lib/devise_token_auth/errors.rb +8 -0
- data/lib/devise_token_auth/rails/routes.rb +37 -30
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +11 -4
- data/lib/devise_token_auth/version.rb +3 -1
- data/lib/devise_token_auth.rb +11 -5
- data/lib/generators/devise_token_auth/USAGE +2 -2
- data/lib/generators/devise_token_auth/install_generator.rb +36 -105
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/install_views_generator.rb +7 -5
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +12 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +8 -14
- data/lib/generators/devise_token_auth/templates/user.rb.erb +9 -0
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/lib/tasks/devise_token_auth_tasks.rake +2 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +5 -1
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +4 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +6 -2
- data/test/controllers/custom/custom_registrations_controller_test.rb +17 -8
- data/test/controllers/custom/custom_sessions_controller_test.rb +7 -5
- data/test/controllers/custom/custom_token_validations_controller_test.rb +5 -3
- data/test/controllers/demo_group_controller_test.rb +4 -6
- data/test/controllers/demo_mang_controller_test.rb +3 -3
- data/test/controllers/demo_user_controller_test.rb +53 -25
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +159 -25
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +117 -47
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +309 -126
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +65 -23
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +93 -61
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +18 -6
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +24 -5
- data/test/controllers/overrides/confirmations_controller_test.rb +6 -2
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +5 -1
- data/test/controllers/overrides/passwords_controller_test.rb +27 -29
- data/test/controllers/overrides/registrations_controller_test.rb +33 -27
- data/test/controllers/overrides/sessions_controller_test.rb +6 -4
- data/test/controllers/overrides/token_validations_controller_test.rb +5 -3
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/{models → active_record}/lockable_user.rb +2 -0
- data/test/dummy/app/{models → active_record}/mang.rb +2 -0
- data/test/dummy/app/{models → active_record}/only_email_user.rb +2 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +4 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +3 -2
- data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/application_controller.rb +2 -0
- data/test/dummy/app/controllers/auth_origin_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +2 -2
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/passwords_controller.rb +3 -4
- data/test/dummy/app/controllers/custom/registrations_controller.rb +3 -3
- data/test/dummy/app/controllers/custom/sessions_controller.rb +3 -3
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +3 -3
- data/test/dummy/app/controllers/demo_group_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +8 -6
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +5 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +10 -8
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +5 -3
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +12 -12
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +5 -5
- data/test/dummy/app/helpers/application_helper.rb +1029 -1036
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +8 -7
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +26 -3
- data/test/dummy/config/boot.rb +8 -2
- data/test/dummy/config/environment.rb +3 -1
- data/test/dummy/config/environments/development.rb +5 -13
- data/test/dummy/config/environments/production.rb +2 -16
- data/test/dummy/config/environments/test.rb +3 -1
- data/test/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +3 -1
- data/test/dummy/config/initializers/devise.rb +287 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +37 -4
- data/test/dummy/config/initializers/figaro.rb +3 -1
- data/test/dummy/config/initializers/filter_parameter_logging.rb +2 -0
- data/test/dummy/config/initializers/inflections.rb +2 -0
- data/test/dummy/config/initializers/mime_types.rb +2 -0
- data/test/dummy/config/initializers/omniauth.rb +5 -2
- data/test/dummy/config/initializers/session_store.rb +2 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/test/dummy/config/routes.rb +14 -29
- data/test/dummy/config/spring.rb +2 -0
- data/test/dummy/config.ru +5 -3
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +9 -14
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +8 -13
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +2 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +2 -0
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +6 -11
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +8 -13
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +8 -13
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +8 -13
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +8 -13
- data/test/dummy/{tmp/generators/db/migrate/20171014052631_devise_token_auth_create_users.rb → db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb} +8 -14
- data/test/dummy/db/schema.rb +11 -71
- data/test/dummy/lib/migration_database_helper.rb +15 -1
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +6 -0
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +56 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +12 -0
- data/test/factories/users.rb +41 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +9 -7
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +67 -37
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +3 -1
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +2 -8
- data/test/models/user_test.rb +18 -79
- data/test/support/controllers/routes.rb +43 -0
- data/test/test_helper.rb +83 -26
- metadata +153 -44
- data/config/initializers/devise.rb +0 -196
- data/lib/generators/devise_token_auth/templates/user.rb +0 -7
- data/test/dummy/app/models/evil_user.rb +0 -3
- data/test/dummy/app/models/nice_user.rb +0 -7
- data/test/dummy/app/models/unregisterable_user.rb +0 -7
- data/test/dummy/config/initializers/assets.rb +0 -8
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +0 -64
- data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +0 -61
- data/test/dummy/tmp/generators/app/models/user.rb +0 -11
- data/test/integration/navigation_test.rb +0 -10
data/Rakefile
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
begin
|
|
2
4
|
require 'bundler/setup'
|
|
3
5
|
rescue LoadError
|
|
@@ -14,11 +16,9 @@ RDoc::Task.new(:rdoc) do |rdoc|
|
|
|
14
16
|
rdoc.rdoc_files.include('lib/**/*.rb')
|
|
15
17
|
end
|
|
16
18
|
|
|
17
|
-
APP_RAKEFILE = File.expand_path(
|
|
19
|
+
APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
|
|
18
20
|
load 'rails/tasks/engine.rake'
|
|
19
21
|
|
|
20
|
-
|
|
21
|
-
|
|
22
22
|
Bundler::GemHelper.install_tasks
|
|
23
23
|
|
|
24
24
|
require 'rake/testtask'
|
|
@@ -31,5 +31,12 @@ Rake::TestTask.new(:test) do |t|
|
|
|
31
31
|
t.warning = false
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
-
|
|
35
34
|
task default: :test
|
|
35
|
+
|
|
36
|
+
require 'rubocop/rake_task'
|
|
37
|
+
|
|
38
|
+
desc 'Run RuboCop'
|
|
39
|
+
RuboCop::RakeTask.new(:rubocop) do |task|
|
|
40
|
+
task.formatters = %w[fuubar offenses worst]
|
|
41
|
+
task.fail_on_error = false # don't abort rake on failure
|
|
42
|
+
end
|
|
@@ -1,22 +1,25 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module DeviseTokenAuth
|
|
2
4
|
class ApplicationController < DeviseController
|
|
3
5
|
include DeviseTokenAuth::Concerns::SetUserByToken
|
|
4
|
-
include DeviseTokenAuth::Concerns::ResourceFinder
|
|
5
6
|
|
|
6
|
-
def resource_data(opts={})
|
|
7
|
+
def resource_data(opts = {})
|
|
7
8
|
response_data = opts[:resource_json] || @resource.as_json
|
|
8
|
-
if json_api?
|
|
9
|
-
response_data['type'] = @resource.class.name.parameterize
|
|
10
|
-
end
|
|
9
|
+
response_data['type'] = @resource.class.name.parameterize if json_api?
|
|
11
10
|
response_data
|
|
12
11
|
end
|
|
13
12
|
|
|
14
13
|
def resource_errors
|
|
15
|
-
|
|
14
|
+
@resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
|
|
16
15
|
end
|
|
17
16
|
|
|
18
17
|
protected
|
|
19
18
|
|
|
19
|
+
def blacklisted_redirect_url?(redirect_url)
|
|
20
|
+
DeviseTokenAuth.redirect_whitelist && !DeviseTokenAuth::Url.whitelisted?(redirect_url)
|
|
21
|
+
end
|
|
22
|
+
|
|
20
23
|
def build_redirect_headers(access_token, client, redirect_header_options = {})
|
|
21
24
|
{
|
|
22
25
|
DeviseTokenAuth.headers_names[:"access-token"] => access_token,
|
|
@@ -38,7 +41,7 @@ module DeviseTokenAuth
|
|
|
38
41
|
devise_parameter_sanitizer.instance_values['permitted'][resource]
|
|
39
42
|
end
|
|
40
43
|
|
|
41
|
-
def resource_class(m=nil)
|
|
44
|
+
def resource_class(m = nil)
|
|
42
45
|
if m
|
|
43
46
|
mapping = Devise.mappings[m]
|
|
44
47
|
else
|
|
@@ -53,7 +56,7 @@ module DeviseTokenAuth
|
|
|
53
56
|
return ActiveModel::Serializer.setup do |config|
|
|
54
57
|
config.adapter == :json_api
|
|
55
58
|
end if ActiveModel::Serializer.respond_to?(:setup)
|
|
56
|
-
|
|
59
|
+
ActiveModelSerializers.config.adapter == :json_api
|
|
57
60
|
end
|
|
58
61
|
|
|
59
62
|
def recoverable_enabled?
|
|
@@ -72,5 +75,13 @@ module DeviseTokenAuth
|
|
|
72
75
|
response = response.merge(data) if data
|
|
73
76
|
render json: response, status: status
|
|
74
77
|
end
|
|
78
|
+
|
|
79
|
+
def success_message(name, email)
|
|
80
|
+
if Devise.paranoid
|
|
81
|
+
I18n.t("devise_token_auth.#{name}.sended_paranoid")
|
|
82
|
+
else
|
|
83
|
+
I18n.t("devise_token_auth.#{name}.sended", email: email)
|
|
84
|
+
end
|
|
85
|
+
end
|
|
75
86
|
end
|
|
76
87
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module DeviseTokenAuth::Concerns::ResourceFinder
|
|
2
4
|
extend ActiveSupport::Concern
|
|
3
5
|
include DeviseTokenAuth::Controllers::Helpers
|
|
@@ -18,21 +20,33 @@ module DeviseTokenAuth::Concerns::ResourceFinder
|
|
|
18
20
|
end
|
|
19
21
|
|
|
20
22
|
def find_resource(field, value)
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
@resource = resource_class.where(q, value).first
|
|
23
|
+
@resource = if database_adapter&.include?('mysql')
|
|
24
|
+
# fix for mysql default case insensitivity
|
|
25
|
+
resource_class.where("BINARY #{field} = ? AND provider= ?", value, provider).first
|
|
26
|
+
else
|
|
27
|
+
resource_class.dta_find_by(field => value, 'provider' => provider)
|
|
28
|
+
end
|
|
28
29
|
end
|
|
29
30
|
|
|
30
|
-
def
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
31
|
+
def database_adapter
|
|
32
|
+
@database_adapter ||= begin
|
|
33
|
+
rails_version = [Rails::VERSION::MAJOR, Rails::VERSION::MINOR].join(".")
|
|
34
|
+
|
|
35
|
+
adapter =
|
|
36
|
+
if rails_version >= "6.1"
|
|
37
|
+
resource_class.try(:connection_db_config)&.try(:adapter)
|
|
38
|
+
else
|
|
39
|
+
resource_class.try(:connection_config)&.try(:[], :adapter)
|
|
40
|
+
end
|
|
35
41
|
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def resource_class(m = nil)
|
|
45
|
+
mapping = if m
|
|
46
|
+
Devise.mappings[m]
|
|
47
|
+
else
|
|
48
|
+
Devise.mappings[resource_name] || Devise.mappings.values.first
|
|
49
|
+
end
|
|
36
50
|
|
|
37
51
|
mapping.to
|
|
38
52
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module DeviseTokenAuth::Concerns::SetUserByToken
|
|
2
4
|
extend ActiveSupport::Concern
|
|
3
5
|
include DeviseTokenAuth::Concerns::ResourceFinder
|
|
@@ -11,30 +13,17 @@ module DeviseTokenAuth::Concerns::SetUserByToken
|
|
|
11
13
|
|
|
12
14
|
# keep track of request duration
|
|
13
15
|
def set_request_start
|
|
14
|
-
@request_started_at = Time.now
|
|
16
|
+
@request_started_at = Time.zone.now
|
|
15
17
|
@used_auth_by_token = true
|
|
16
18
|
|
|
17
19
|
# initialize instance variables
|
|
18
|
-
@
|
|
19
|
-
@resource
|
|
20
|
-
@
|
|
21
|
-
@is_batch_request = nil
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
def ensure_pristine_resource
|
|
25
|
-
if @resource.changed?
|
|
26
|
-
# Stash pending changes in the resource before reloading.
|
|
27
|
-
changes = @resource.changes
|
|
28
|
-
@resource.reload
|
|
29
|
-
end
|
|
30
|
-
yield
|
|
31
|
-
ensure
|
|
32
|
-
# Reapply pending changes
|
|
33
|
-
@resource.assign_attributes(changes) if changes
|
|
20
|
+
@token ||= DeviseTokenAuth::TokenFactory.new
|
|
21
|
+
@resource ||= nil
|
|
22
|
+
@is_batch_request ||= nil
|
|
34
23
|
end
|
|
35
24
|
|
|
36
25
|
# user auth
|
|
37
|
-
def set_user_by_token(mapping=nil)
|
|
26
|
+
def set_user_by_token(mapping = nil)
|
|
38
27
|
# determine target authentication class
|
|
39
28
|
rc = resource_class(mapping)
|
|
40
29
|
|
|
@@ -46,120 +35,152 @@ module DeviseTokenAuth::Concerns::SetUserByToken
|
|
|
46
35
|
access_token_name = DeviseTokenAuth.headers_names[:'access-token']
|
|
47
36
|
client_name = DeviseTokenAuth.headers_names[:'client']
|
|
48
37
|
|
|
38
|
+
# gets values from cookie if configured and present
|
|
39
|
+
parsed_auth_cookie = {}
|
|
40
|
+
if DeviseTokenAuth.cookie_enabled
|
|
41
|
+
auth_cookie = request.cookies[DeviseTokenAuth.cookie_name]
|
|
42
|
+
if auth_cookie.present?
|
|
43
|
+
parsed_auth_cookie = JSON.parse(auth_cookie)
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
49
47
|
# parse header for values necessary for authentication
|
|
50
|
-
uid
|
|
51
|
-
@token
|
|
52
|
-
@
|
|
48
|
+
uid = request.headers[uid_name] || params[uid_name] || parsed_auth_cookie[uid_name]
|
|
49
|
+
@token = DeviseTokenAuth::TokenFactory.new unless @token
|
|
50
|
+
@token.token ||= request.headers[access_token_name] || params[access_token_name] || parsed_auth_cookie[access_token_name]
|
|
51
|
+
@token.client ||= request.headers[client_name] || params[client_name] || parsed_auth_cookie[client_name]
|
|
53
52
|
|
|
54
|
-
#
|
|
55
|
-
@
|
|
53
|
+
# client isn't required, set to 'default' if absent
|
|
54
|
+
@token.client ||= 'default'
|
|
56
55
|
|
|
57
56
|
# check for an existing user, authenticated via warden/devise, if enabled
|
|
58
57
|
if DeviseTokenAuth.enable_standard_devise_support
|
|
59
|
-
devise_warden_user = warden.user(
|
|
60
|
-
if devise_warden_user && devise_warden_user.tokens[@
|
|
58
|
+
devise_warden_user = warden.user(mapping)
|
|
59
|
+
if devise_warden_user && devise_warden_user.tokens[@token.client].nil?
|
|
61
60
|
@used_auth_by_token = false
|
|
62
61
|
@resource = devise_warden_user
|
|
63
|
-
|
|
62
|
+
# REVIEW: The following line _should_ be safe to remove;
|
|
63
|
+
# the generated token does not get used anywhere.
|
|
64
|
+
# @resource.create_new_auth_token
|
|
64
65
|
end
|
|
65
66
|
end
|
|
66
67
|
|
|
67
68
|
# user has already been found and authenticated
|
|
68
69
|
return @resource if @resource && @resource.is_a?(rc)
|
|
69
70
|
|
|
70
|
-
# ensure we clear the
|
|
71
|
-
|
|
72
|
-
@
|
|
71
|
+
# ensure we clear the client
|
|
72
|
+
unless @token.present?
|
|
73
|
+
@token.client = nil
|
|
73
74
|
return
|
|
74
75
|
end
|
|
75
76
|
|
|
76
|
-
return false unless @token
|
|
77
|
-
|
|
78
77
|
# mitigate timing attacks by finding by uid instead of auth token
|
|
79
|
-
user = uid && rc.
|
|
78
|
+
user = uid && rc.dta_find_by(uid: uid)
|
|
79
|
+
scope = rc.to_s.underscore.to_sym
|
|
80
80
|
|
|
81
|
-
if user && user.valid_token?(@token, @
|
|
81
|
+
if user && user.valid_token?(@token.token, @token.client)
|
|
82
82
|
# sign_in with bypass: true will be deprecated in the next version of Devise
|
|
83
|
-
if
|
|
84
|
-
bypass_sign_in(user, scope:
|
|
83
|
+
if respond_to?(:bypass_sign_in) && DeviseTokenAuth.bypass_sign_in
|
|
84
|
+
bypass_sign_in(user, scope: scope)
|
|
85
85
|
else
|
|
86
|
-
sign_in(
|
|
86
|
+
sign_in(scope, user, store: false, event: :fetch, bypass: DeviseTokenAuth.bypass_sign_in)
|
|
87
87
|
end
|
|
88
88
|
return @resource = user
|
|
89
89
|
else
|
|
90
90
|
# zero all values previously set values
|
|
91
|
-
@
|
|
91
|
+
@token.client = nil
|
|
92
92
|
return @resource = nil
|
|
93
93
|
end
|
|
94
94
|
end
|
|
95
95
|
|
|
96
96
|
def update_auth_header
|
|
97
97
|
# cannot save object if model has invalid params
|
|
98
|
-
return unless
|
|
98
|
+
return unless @resource && @token.client
|
|
99
99
|
|
|
100
|
-
# Generate new
|
|
101
|
-
@
|
|
100
|
+
# Generate new client with existing authentication
|
|
101
|
+
@token.client = nil unless @used_auth_by_token
|
|
102
102
|
|
|
103
103
|
if @used_auth_by_token && !DeviseTokenAuth.change_headers_on_each_request
|
|
104
104
|
# should not append auth header if @resource related token was
|
|
105
105
|
# cleared by sign out in the meantime
|
|
106
|
-
return if @resource.reload.tokens[@
|
|
106
|
+
return if @resource.reload.tokens[@token.client].nil?
|
|
107
107
|
|
|
108
|
-
auth_header = @resource.build_auth_header(@token, @
|
|
108
|
+
auth_header = @resource.build_auth_header(@token.token, @token.client)
|
|
109
109
|
|
|
110
110
|
# update the response header
|
|
111
111
|
response.headers.merge!(auth_header)
|
|
112
112
|
|
|
113
|
+
# set a server cookie if configured
|
|
114
|
+
if DeviseTokenAuth.cookie_enabled
|
|
115
|
+
set_cookie(auth_header)
|
|
116
|
+
end
|
|
113
117
|
else
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
#
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
# determine batch request status after request processing, in case
|
|
124
|
-
# another processes has updated it during that processing
|
|
125
|
-
@is_batch_request = is_batch_request?(@resource, @client_id)
|
|
126
|
-
|
|
127
|
-
auth_header = {}
|
|
128
|
-
|
|
129
|
-
# extend expiration of batch buffer to account for the duration of
|
|
130
|
-
# this request
|
|
131
|
-
if @is_batch_request
|
|
132
|
-
auth_header = @resource.extend_batch_buffer(@token, @client_id)
|
|
133
|
-
|
|
134
|
-
# Do not return token for batch requests to avoid invalidated
|
|
135
|
-
# tokens returned to the client in case of race conditions.
|
|
136
|
-
# Use a blank string for the header to still be present and
|
|
137
|
-
# being passed in a XHR response in case of
|
|
138
|
-
# 304 Not Modified responses.
|
|
139
|
-
auth_header[DeviseTokenAuth.headers_names[:"access-token"]] = ' '
|
|
140
|
-
auth_header[DeviseTokenAuth.headers_names[:"expiry"]] = ' '
|
|
141
|
-
|
|
142
|
-
# update Authorization response header with new token
|
|
143
|
-
else
|
|
144
|
-
auth_header = @resource.create_new_auth_token(@client_id)
|
|
145
|
-
end
|
|
146
|
-
|
|
147
|
-
# update the response header
|
|
148
|
-
response.headers.merge!(auth_header)
|
|
149
|
-
|
|
150
|
-
end # end lock
|
|
151
|
-
end # end ensure_pristine_resource
|
|
118
|
+
unless @resource.reload.valid?
|
|
119
|
+
@resource = @resource.class.find(@resource.to_param) # errors remain after reload
|
|
120
|
+
# if we left the model in a bad state, something is wrong in our app
|
|
121
|
+
unless @resource.valid?
|
|
122
|
+
raise DeviseTokenAuth::Errors::InvalidModel, "Cannot set auth token in invalid model. Errors: #{@resource.errors.full_messages}"
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
refresh_headers
|
|
152
126
|
end
|
|
153
|
-
|
|
154
127
|
end
|
|
155
128
|
|
|
156
129
|
private
|
|
157
130
|
|
|
131
|
+
def refresh_headers
|
|
132
|
+
# Lock the user record during any auth_header updates to ensure
|
|
133
|
+
# we don't have write contention from multiple threads
|
|
134
|
+
@resource.with_lock do
|
|
135
|
+
# should not append auth header if @resource related token was
|
|
136
|
+
# cleared by sign out in the meantime
|
|
137
|
+
return if @used_auth_by_token && @resource.tokens[@token.client].nil?
|
|
138
|
+
|
|
139
|
+
_auth_header_from_batch_request = auth_header_from_batch_request
|
|
140
|
+
|
|
141
|
+
# update the response header
|
|
142
|
+
response.headers.merge!(_auth_header_from_batch_request)
|
|
143
|
+
|
|
144
|
+
# set a server cookie if configured
|
|
145
|
+
if DeviseTokenAuth.cookie_enabled
|
|
146
|
+
set_cookie(_auth_header_from_batch_request)
|
|
147
|
+
end
|
|
148
|
+
end # end lock
|
|
149
|
+
end
|
|
158
150
|
|
|
159
|
-
def
|
|
151
|
+
def set_cookie(auth_header)
|
|
152
|
+
cookies[DeviseTokenAuth.cookie_name] = DeviseTokenAuth.cookie_attributes.merge(value: auth_header.to_json)
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
def is_batch_request?(user, client)
|
|
160
156
|
!params[:unbatch] &&
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
157
|
+
user.tokens[client] &&
|
|
158
|
+
user.tokens[client]['updated_at'] &&
|
|
159
|
+
user.tokens[client]['updated_at'].to_time > @request_started_at - DeviseTokenAuth.batch_request_buffer_throttle
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
def auth_header_from_batch_request
|
|
163
|
+
# determine batch request status after request processing, in case
|
|
164
|
+
# another processes has updated it during that processing
|
|
165
|
+
@is_batch_request = is_batch_request?(@resource, @token.client)
|
|
166
|
+
|
|
167
|
+
auth_header = {}
|
|
168
|
+
# extend expiration of batch buffer to account for the duration of
|
|
169
|
+
# this request
|
|
170
|
+
if @is_batch_request
|
|
171
|
+
auth_header = @resource.extend_batch_buffer(@token.token, @token.client)
|
|
172
|
+
|
|
173
|
+
# Do not return token for batch requests to avoid invalidated
|
|
174
|
+
# tokens returned to the client in case of race conditions.
|
|
175
|
+
# Use a blank string for the header to still be present and
|
|
176
|
+
# being passed in a XHR response in case of
|
|
177
|
+
# 304 Not Modified responses.
|
|
178
|
+
auth_header[DeviseTokenAuth.headers_names[:"access-token"]] = ' '
|
|
179
|
+
auth_header[DeviseTokenAuth.headers_names[:"expiry"]] = ' '
|
|
180
|
+
else
|
|
181
|
+
# update Authorization response header with new token
|
|
182
|
+
auth_header = @resource.create_new_auth_token(@token.client)
|
|
183
|
+
end
|
|
184
|
+
auth_header
|
|
164
185
|
end
|
|
165
186
|
end
|
|
@@ -1,30 +1,86 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module DeviseTokenAuth
|
|
2
4
|
class ConfirmationsController < DeviseTokenAuth::ApplicationController
|
|
5
|
+
|
|
3
6
|
def show
|
|
4
|
-
@resource = resource_class.confirm_by_token(
|
|
7
|
+
@resource = resource_class.confirm_by_token(resource_params[:confirmation_token])
|
|
5
8
|
|
|
6
|
-
if @resource
|
|
7
|
-
|
|
8
|
-
if defined?(@resource.sign_in_count) && @resource.sign_in_count > 0
|
|
9
|
-
expiry = (Time.now + 1.second).to_i
|
|
10
|
-
end
|
|
9
|
+
if @resource.errors.empty?
|
|
10
|
+
yield @resource if block_given?
|
|
11
11
|
|
|
12
|
-
|
|
12
|
+
redirect_header_options = { account_confirmation_success: true }
|
|
13
13
|
|
|
14
|
-
|
|
15
|
-
|
|
14
|
+
if signed_in?(resource_name)
|
|
15
|
+
token = signed_in_resource.create_token
|
|
16
|
+
signed_in_resource.save!
|
|
16
17
|
|
|
17
|
-
|
|
18
|
+
redirect_headers = build_redirect_headers(token.token,
|
|
19
|
+
token.client,
|
|
20
|
+
redirect_header_options)
|
|
18
21
|
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
22
|
+
redirect_to_link = signed_in_resource.build_auth_url(redirect_url, redirect_headers)
|
|
23
|
+
else
|
|
24
|
+
redirect_to_link = DeviseTokenAuth::Url.generate(redirect_url, redirect_header_options)
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
redirect_to(redirect_to_link)
|
|
25
28
|
else
|
|
26
|
-
raise ActionController::RoutingError
|
|
29
|
+
raise ActionController::RoutingError, 'Not Found'
|
|
27
30
|
end
|
|
28
31
|
end
|
|
32
|
+
|
|
33
|
+
def create
|
|
34
|
+
return render_create_error_missing_email if resource_params[:email].blank?
|
|
35
|
+
|
|
36
|
+
@email = get_case_insensitive_field_from_resource_params(:email)
|
|
37
|
+
|
|
38
|
+
@resource = resource_class.dta_find_by(uid: @email, provider: provider)
|
|
39
|
+
|
|
40
|
+
return render_not_found_error unless @resource
|
|
41
|
+
|
|
42
|
+
@resource.send_confirmation_instructions({
|
|
43
|
+
redirect_url: redirect_url,
|
|
44
|
+
client_config: resource_params[:config_name]
|
|
45
|
+
})
|
|
46
|
+
|
|
47
|
+
return render_create_success
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
protected
|
|
51
|
+
|
|
52
|
+
def render_create_error_missing_email
|
|
53
|
+
render_error(401, I18n.t('devise_token_auth.confirmations.missing_email'))
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
def render_create_success
|
|
57
|
+
render json: {
|
|
58
|
+
success: true,
|
|
59
|
+
message: success_message('confirmations', @email)
|
|
60
|
+
}
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def render_not_found_error
|
|
64
|
+
if Devise.paranoid
|
|
65
|
+
render_error(404, I18n.t('devise_token_auth.confirmations.sended_paranoid'))
|
|
66
|
+
else
|
|
67
|
+
render_error(404, I18n.t('devise_token_auth.confirmations.user_not_found', email: @email))
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
private
|
|
72
|
+
|
|
73
|
+
def resource_params
|
|
74
|
+
params.permit(:email, :confirmation_token, :config_name)
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
# give redirect value from params priority or fall back to default value if provided
|
|
78
|
+
def redirect_url
|
|
79
|
+
params.fetch(
|
|
80
|
+
:redirect_url,
|
|
81
|
+
DeviseTokenAuth.default_confirm_success_url
|
|
82
|
+
)
|
|
83
|
+
end
|
|
84
|
+
|
|
29
85
|
end
|
|
30
86
|
end
|