devise_token_auth 0.1.43 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +42 -895
- data/Rakefile +11 -4
- data/app/controllers/devise_token_auth/application_controller.rb +19 -8
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +26 -12
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +106 -85
- data/app/controllers/devise_token_auth/confirmations_controller.rb +73 -17
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +95 -51
- data/app/controllers/devise_token_auth/passwords_controller.rb +65 -57
- data/app/controllers/devise_token_auth/registrations_controller.rb +61 -61
- data/app/controllers/devise_token_auth/sessions_controller.rb +22 -18
- data/app/controllers/devise_token_auth/token_validations_controller.rb +5 -3
- data/app/controllers/devise_token_auth/unlocks_controller.rb +20 -16
- data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +92 -100
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +8 -3
- data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +5 -3
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/da-DK.yml +11 -9
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +10 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +4 -2
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +52 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth/blacklist.rb +6 -0
- data/lib/devise_token_auth/controllers/helpers.rb +21 -13
- data/lib/devise_token_auth/controllers/url_helpers.rb +2 -0
- data/lib/devise_token_auth/engine.rb +26 -14
- data/lib/devise_token_auth/errors.rb +8 -0
- data/lib/devise_token_auth/rails/routes.rb +37 -30
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +11 -4
- data/lib/devise_token_auth/version.rb +3 -1
- data/lib/devise_token_auth.rb +11 -5
- data/lib/generators/devise_token_auth/USAGE +2 -2
- data/lib/generators/devise_token_auth/install_generator.rb +36 -105
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/install_views_generator.rb +7 -5
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +12 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +8 -14
- data/lib/generators/devise_token_auth/templates/user.rb.erb +9 -0
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/lib/tasks/devise_token_auth_tasks.rake +2 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +5 -1
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +4 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +6 -2
- data/test/controllers/custom/custom_registrations_controller_test.rb +17 -8
- data/test/controllers/custom/custom_sessions_controller_test.rb +7 -5
- data/test/controllers/custom/custom_token_validations_controller_test.rb +5 -3
- data/test/controllers/demo_group_controller_test.rb +4 -6
- data/test/controllers/demo_mang_controller_test.rb +3 -3
- data/test/controllers/demo_user_controller_test.rb +53 -25
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +159 -25
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +117 -47
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +309 -126
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +65 -23
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +93 -61
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +18 -6
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +24 -5
- data/test/controllers/overrides/confirmations_controller_test.rb +6 -2
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +5 -1
- data/test/controllers/overrides/passwords_controller_test.rb +27 -29
- data/test/controllers/overrides/registrations_controller_test.rb +33 -27
- data/test/controllers/overrides/sessions_controller_test.rb +6 -4
- data/test/controllers/overrides/token_validations_controller_test.rb +5 -3
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/{models → active_record}/lockable_user.rb +2 -0
- data/test/dummy/app/{models → active_record}/mang.rb +2 -0
- data/test/dummy/app/{models → active_record}/only_email_user.rb +2 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +4 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +3 -2
- data/test/dummy/app/active_record/unregisterable_user.rb +9 -0
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/application_controller.rb +2 -0
- data/test/dummy/app/controllers/auth_origin_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +2 -2
- data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +2 -0
- data/test/dummy/app/controllers/custom/passwords_controller.rb +3 -4
- data/test/dummy/app/controllers/custom/registrations_controller.rb +3 -3
- data/test/dummy/app/controllers/custom/sessions_controller.rb +3 -3
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +3 -3
- data/test/dummy/app/controllers/demo_group_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_mang_controller.rb +2 -0
- data/test/dummy/app/controllers/demo_user_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +8 -6
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +5 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +10 -8
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +5 -3
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +12 -12
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +5 -5
- data/test/dummy/app/helpers/application_helper.rb +1029 -1036
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +8 -7
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +26 -3
- data/test/dummy/config/boot.rb +8 -2
- data/test/dummy/config/environment.rb +3 -1
- data/test/dummy/config/environments/development.rb +5 -13
- data/test/dummy/config/environments/production.rb +2 -16
- data/test/dummy/config/environments/test.rb +3 -1
- data/test/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +3 -1
- data/test/dummy/config/initializers/devise.rb +287 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +37 -4
- data/test/dummy/config/initializers/figaro.rb +3 -1
- data/test/dummy/config/initializers/filter_parameter_logging.rb +2 -0
- data/test/dummy/config/initializers/inflections.rb +2 -0
- data/test/dummy/config/initializers/mime_types.rb +2 -0
- data/test/dummy/config/initializers/omniauth.rb +5 -2
- data/test/dummy/config/initializers/session_store.rb +2 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/test/dummy/config/routes.rb +14 -29
- data/test/dummy/config/spring.rb +2 -0
- data/test/dummy/config.ru +5 -3
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +9 -14
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +8 -13
- data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +2 -0
- data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +2 -0
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +6 -11
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +8 -13
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +8 -13
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +8 -13
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +8 -13
- data/test/dummy/{tmp/generators/db/migrate/20171014052631_devise_token_auth_create_users.rb → db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb} +8 -14
- data/test/dummy/db/schema.rb +11 -71
- data/test/dummy/lib/migration_database_helper.rb +15 -1
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +6 -0
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +56 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +12 -0
- data/test/factories/users.rb +41 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +9 -7
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +67 -37
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +222 -0
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +3 -1
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +2 -8
- data/test/models/user_test.rb +18 -79
- data/test/support/controllers/routes.rb +43 -0
- data/test/test_helper.rb +83 -26
- metadata +153 -44
- data/config/initializers/devise.rb +0 -196
- data/lib/generators/devise_token_auth/templates/user.rb +0 -7
- data/test/dummy/app/models/evil_user.rb +0 -3
- data/test/dummy/app/models/nice_user.rb +0 -7
- data/test/dummy/app/models/unregisterable_user.rb +0 -7
- data/test/dummy/config/initializers/assets.rb +0 -8
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +0 -64
- data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +0 -61
- data/test/dummy/tmp/generators/app/models/user.rb +0 -11
- data/test/integration/navigation_test.rb +0 -10
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module DeviseTokenAuth
|
|
2
4
|
class RegistrationsController < DeviseTokenAuth::ApplicationController
|
|
3
5
|
before_action :set_user_by_token, only: [:destroy, :update]
|
|
@@ -6,21 +8,19 @@ module DeviseTokenAuth
|
|
|
6
8
|
skip_after_action :update_auth_header, only: [:create, :destroy]
|
|
7
9
|
|
|
8
10
|
def create
|
|
9
|
-
|
|
10
|
-
@resource.provider = provider
|
|
11
|
+
build_resource
|
|
11
12
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
@resource.email = sign_up_params[:email]
|
|
13
|
+
unless @resource.present?
|
|
14
|
+
raise DeviseTokenAuth::Errors::NoResourceDefinedError,
|
|
15
|
+
"#{self.class.name} #build_resource does not define @resource,"\
|
|
16
|
+
' execution stopped.'
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
# give redirect value from params priority
|
|
20
|
-
@redirect_url =
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
20
|
+
@redirect_url = params.fetch(
|
|
21
|
+
:confirm_success_url,
|
|
22
|
+
DeviseTokenAuth.default_confirm_success_url
|
|
23
|
+
)
|
|
24
24
|
|
|
25
25
|
# success redirect url is required
|
|
26
26
|
if confirmable_enabled? && !@redirect_url
|
|
@@ -28,46 +28,40 @@ module DeviseTokenAuth
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
# if whitelist is set, validate redirect_url against whitelist
|
|
31
|
-
if
|
|
32
|
-
unless DeviseTokenAuth::Url.whitelisted?(@redirect_url)
|
|
33
|
-
return render_create_error_redirect_url_not_allowed
|
|
34
|
-
end
|
|
35
|
-
end
|
|
31
|
+
return render_create_error_redirect_url_not_allowed if blacklisted_redirect_url?(@redirect_url)
|
|
36
32
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
if @resource.respond_to? :skip_confirmation_notification!
|
|
42
|
-
# Fix duplicate e-mails by disabling Devise confirmation e-mail
|
|
43
|
-
@resource.skip_confirmation_notification!
|
|
44
|
-
end
|
|
45
|
-
if @resource.save
|
|
46
|
-
yield @resource if block_given?
|
|
33
|
+
# override email confirmation, must be sent manually from ctrl
|
|
34
|
+
callback_name = defined?(ActiveRecord) && resource_class < ActiveRecord::Base ? :commit : :create
|
|
35
|
+
resource_class.set_callback(callback_name, :after, :send_on_create_confirmation_instructions)
|
|
36
|
+
resource_class.skip_callback(callback_name, :after, :send_on_create_confirmation_instructions)
|
|
47
37
|
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
redirect_url: @redirect_url
|
|
53
|
-
})
|
|
38
|
+
if @resource.respond_to? :skip_confirmation_notification!
|
|
39
|
+
# Fix duplicate e-mails by disabling Devise confirmation e-mail
|
|
40
|
+
@resource.skip_confirmation_notification!
|
|
41
|
+
end
|
|
54
42
|
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
@client_id, @token = @resource.create_token
|
|
43
|
+
if @resource.save
|
|
44
|
+
yield @resource if block_given?
|
|
58
45
|
|
|
59
|
-
|
|
46
|
+
unless @resource.confirmed?
|
|
47
|
+
# user will require email authentication
|
|
48
|
+
@resource.send_confirmation_instructions({
|
|
49
|
+
client_config: params[:config_name],
|
|
50
|
+
redirect_url: @redirect_url
|
|
51
|
+
})
|
|
52
|
+
end
|
|
60
53
|
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
render_create_error
|
|
54
|
+
if active_for_authentication?
|
|
55
|
+
# email auth has been bypassed, authenticate user
|
|
56
|
+
@token = @resource.create_token
|
|
57
|
+
@resource.save!
|
|
58
|
+
update_auth_header
|
|
67
59
|
end
|
|
68
|
-
|
|
60
|
+
|
|
61
|
+
render_create_success
|
|
62
|
+
else
|
|
69
63
|
clean_up_passwords @resource
|
|
70
|
-
|
|
64
|
+
render_create_error
|
|
71
65
|
end
|
|
72
66
|
end
|
|
73
67
|
|
|
@@ -88,7 +82,6 @@ module DeviseTokenAuth
|
|
|
88
82
|
if @resource
|
|
89
83
|
@resource.destroy
|
|
90
84
|
yield @resource if block_given?
|
|
91
|
-
|
|
92
85
|
render_destroy_success
|
|
93
86
|
else
|
|
94
87
|
render_destroy_error
|
|
@@ -96,7 +89,7 @@ module DeviseTokenAuth
|
|
|
96
89
|
end
|
|
97
90
|
|
|
98
91
|
def sign_up_params
|
|
99
|
-
params.permit(
|
|
92
|
+
params.permit(*params_for_resource(:sign_up))
|
|
100
93
|
end
|
|
101
94
|
|
|
102
95
|
def account_update_params
|
|
@@ -105,6 +98,18 @@ module DeviseTokenAuth
|
|
|
105
98
|
|
|
106
99
|
protected
|
|
107
100
|
|
|
101
|
+
def build_resource
|
|
102
|
+
@resource = resource_class.new(sign_up_params)
|
|
103
|
+
@resource.provider = provider
|
|
104
|
+
|
|
105
|
+
# honor devise configuration for case_insensitive_keys
|
|
106
|
+
if resource_class.case_insensitive_keys.include?(:email)
|
|
107
|
+
@resource.email = sign_up_params[:email].try(:downcase)
|
|
108
|
+
else
|
|
109
|
+
@resource.email = sign_up_params[:email]
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
|
|
108
113
|
def render_create_error_missing_confirm_success_url
|
|
109
114
|
response = {
|
|
110
115
|
status: 'error',
|
|
@@ -138,15 +143,6 @@ module DeviseTokenAuth
|
|
|
138
143
|
}, status: 422
|
|
139
144
|
end
|
|
140
145
|
|
|
141
|
-
def render_create_error_email_already_exists
|
|
142
|
-
response = {
|
|
143
|
-
status: 'error',
|
|
144
|
-
data: resource_data
|
|
145
|
-
}
|
|
146
|
-
message = I18n.t('devise_token_auth.registrations.email_already_exists', email: @resource.email)
|
|
147
|
-
render_error(422, message, response)
|
|
148
|
-
end
|
|
149
|
-
|
|
150
146
|
def render_update_success
|
|
151
147
|
render json: {
|
|
152
148
|
status: 'success',
|
|
@@ -162,7 +158,7 @@ module DeviseTokenAuth
|
|
|
162
158
|
end
|
|
163
159
|
|
|
164
160
|
def render_update_error_user_not_found
|
|
165
|
-
render_error(404, I18n.t('devise_token_auth.registrations.user_not_found'),
|
|
161
|
+
render_error(404, I18n.t('devise_token_auth.registrations.user_not_found'), status: 'error')
|
|
166
162
|
end
|
|
167
163
|
|
|
168
164
|
def render_destroy_success
|
|
@@ -173,7 +169,7 @@ module DeviseTokenAuth
|
|
|
173
169
|
end
|
|
174
170
|
|
|
175
171
|
def render_destroy_error
|
|
176
|
-
render_error(404, I18n.t('devise_token_auth.registrations.account_to_destroy_not_found'),
|
|
172
|
+
render_error(404, I18n.t('devise_token_auth.registrations.account_to_destroy_not_found'), status: 'error')
|
|
177
173
|
end
|
|
178
174
|
|
|
179
175
|
private
|
|
@@ -181,12 +177,12 @@ module DeviseTokenAuth
|
|
|
181
177
|
def resource_update_method
|
|
182
178
|
if DeviseTokenAuth.check_current_password_before_update == :attributes
|
|
183
179
|
'update_with_password'
|
|
184
|
-
elsif DeviseTokenAuth.check_current_password_before_update == :password && account_update_params.
|
|
180
|
+
elsif DeviseTokenAuth.check_current_password_before_update == :password && account_update_params.key?(:password)
|
|
185
181
|
'update_with_password'
|
|
186
|
-
elsif account_update_params.
|
|
182
|
+
elsif account_update_params.key?(:current_password)
|
|
187
183
|
'update_with_password'
|
|
188
184
|
else
|
|
189
|
-
'
|
|
185
|
+
'update'
|
|
190
186
|
end
|
|
191
187
|
end
|
|
192
188
|
|
|
@@ -199,7 +195,11 @@ module DeviseTokenAuth
|
|
|
199
195
|
end
|
|
200
196
|
|
|
201
197
|
def validate_post_data which, message
|
|
202
|
-
render_error(:unprocessable_entity, message,
|
|
198
|
+
render_error(:unprocessable_entity, message, status: 'error') if which.empty?
|
|
199
|
+
end
|
|
200
|
+
|
|
201
|
+
def active_for_authentication?
|
|
202
|
+
!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?
|
|
203
203
|
end
|
|
204
204
|
end
|
|
205
205
|
end
|
|
@@ -1,8 +1,10 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
# see http://www.emilsoman.com/blog/2013/05/18/building-a-tested/
|
|
2
4
|
module DeviseTokenAuth
|
|
3
5
|
class SessionsController < DeviseTokenAuth::ApplicationController
|
|
4
|
-
before_action :set_user_by_token, :
|
|
5
|
-
after_action :reset_session, :
|
|
6
|
+
before_action :set_user_by_token, only: [:destroy]
|
|
7
|
+
after_action :reset_session, only: [:destroy]
|
|
6
8
|
|
|
7
9
|
def new
|
|
8
10
|
render_new_error
|
|
@@ -22,9 +24,9 @@ module DeviseTokenAuth
|
|
|
22
24
|
if @resource && valid_params?(field, q_value) && (!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
|
|
23
25
|
valid_password = @resource.valid_password?(resource_params[:password])
|
|
24
26
|
if (@resource.respond_to?(:valid_for_authentication?) && !@resource.valid_for_authentication? { valid_password }) || !valid_password
|
|
25
|
-
|
|
27
|
+
return render_create_error_bad_credentials
|
|
26
28
|
end
|
|
27
|
-
@
|
|
29
|
+
@token = @resource.create_token
|
|
28
30
|
@resource.save
|
|
29
31
|
|
|
30
32
|
sign_in(:user, @resource, store: false, bypass: false)
|
|
@@ -46,13 +48,19 @@ module DeviseTokenAuth
|
|
|
46
48
|
def destroy
|
|
47
49
|
# remove auth instance variables so that after_action does not run
|
|
48
50
|
user = remove_instance_variable(:@resource) if @resource
|
|
49
|
-
|
|
50
|
-
|
|
51
|
+
client = @token.client
|
|
52
|
+
@token.clear!
|
|
51
53
|
|
|
52
|
-
if user &&
|
|
53
|
-
user.tokens.delete(
|
|
54
|
+
if user && client && user.tokens[client]
|
|
55
|
+
user.tokens.delete(client)
|
|
54
56
|
user.save!
|
|
55
57
|
|
|
58
|
+
if DeviseTokenAuth.cookie_enabled
|
|
59
|
+
# If a cookie is set with a domain specified then it must be deleted with that domain specified
|
|
60
|
+
# See https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html
|
|
61
|
+
cookies.delete(DeviseTokenAuth.cookie_name, domain: DeviseTokenAuth.cookie_attributes[:domain])
|
|
62
|
+
end
|
|
63
|
+
|
|
56
64
|
yield user if block_given?
|
|
57
65
|
|
|
58
66
|
render_destroy_success
|
|
@@ -85,14 +93,11 @@ module DeviseTokenAuth
|
|
|
85
93
|
auth_val.downcase!
|
|
86
94
|
end
|
|
87
95
|
|
|
88
|
-
|
|
89
|
-
key: auth_key,
|
|
90
|
-
val: auth_val
|
|
91
|
-
}
|
|
96
|
+
{ key: auth_key, val: auth_val }
|
|
92
97
|
end
|
|
93
98
|
|
|
94
99
|
def render_new_error
|
|
95
|
-
render_error(405, I18n.t(
|
|
100
|
+
render_error(405, I18n.t('devise_token_auth.sessions.not_supported'))
|
|
96
101
|
end
|
|
97
102
|
|
|
98
103
|
def render_create_success
|
|
@@ -102,15 +107,15 @@ module DeviseTokenAuth
|
|
|
102
107
|
end
|
|
103
108
|
|
|
104
109
|
def render_create_error_not_confirmed
|
|
105
|
-
render_error(401, I18n.t(
|
|
110
|
+
render_error(401, I18n.t('devise_token_auth.sessions.not_confirmed', email: @resource.email))
|
|
106
111
|
end
|
|
107
112
|
|
|
108
113
|
def render_create_error_account_locked
|
|
109
|
-
render_error(401, I18n.t(
|
|
114
|
+
render_error(401, I18n.t('devise.mailer.unlock_instructions.account_lock_msg'))
|
|
110
115
|
end
|
|
111
116
|
|
|
112
117
|
def render_create_error_bad_credentials
|
|
113
|
-
render_error(401, I18n.t(
|
|
118
|
+
render_error(401, I18n.t('devise_token_auth.sessions.bad_credentials'))
|
|
114
119
|
end
|
|
115
120
|
|
|
116
121
|
def render_destroy_success
|
|
@@ -120,7 +125,7 @@ module DeviseTokenAuth
|
|
|
120
125
|
end
|
|
121
126
|
|
|
122
127
|
def render_destroy_error
|
|
123
|
-
render_error(404, I18n.t(
|
|
128
|
+
render_error(404, I18n.t('devise_token_auth.sessions.user_not_found'))
|
|
124
129
|
end
|
|
125
130
|
|
|
126
131
|
private
|
|
@@ -128,6 +133,5 @@ module DeviseTokenAuth
|
|
|
128
133
|
def resource_params
|
|
129
134
|
params.permit(*params_for_resource(:sign_in))
|
|
130
135
|
end
|
|
131
|
-
|
|
132
136
|
end
|
|
133
137
|
end
|
|
@@ -1,7 +1,9 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module DeviseTokenAuth
|
|
2
4
|
class TokenValidationsController < DeviseTokenAuth::ApplicationController
|
|
3
|
-
skip_before_action :assert_is_devise_resource!, :
|
|
4
|
-
before_action :set_user_by_token, :
|
|
5
|
+
skip_before_action :assert_is_devise_resource!, only: [:validate_token]
|
|
6
|
+
before_action :set_user_by_token, only: [:validate_token]
|
|
5
7
|
|
|
6
8
|
def validate_token
|
|
7
9
|
# @resource will have been set by set_user_by_token concern
|
|
@@ -23,7 +25,7 @@ module DeviseTokenAuth
|
|
|
23
25
|
end
|
|
24
26
|
|
|
25
27
|
def render_validate_token_error
|
|
26
|
-
render_error(401, I18n.t(
|
|
28
|
+
render_error(401, I18n.t('devise_token_auth.token_validations.invalid'))
|
|
27
29
|
end
|
|
28
30
|
end
|
|
29
31
|
end
|
|
@@ -1,13 +1,13 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module DeviseTokenAuth
|
|
2
4
|
class UnlocksController < DeviseTokenAuth::ApplicationController
|
|
3
|
-
skip_after_action :update_auth_header, :
|
|
5
|
+
skip_after_action :update_auth_header, only: [:create, :show]
|
|
4
6
|
|
|
5
7
|
# this action is responsible for generating unlock tokens and
|
|
6
8
|
# sending emails
|
|
7
9
|
def create
|
|
8
|
-
unless resource_params[:email]
|
|
9
|
-
return render_create_error_missing_email
|
|
10
|
-
end
|
|
10
|
+
return render_create_error_missing_email unless resource_params[:email]
|
|
11
11
|
|
|
12
12
|
@email = get_case_insensitive_field_from_resource_params(:email)
|
|
13
13
|
@resource = find_resource(:email, @email)
|
|
@@ -15,11 +15,11 @@ module DeviseTokenAuth
|
|
|
15
15
|
if @resource
|
|
16
16
|
yield @resource if block_given?
|
|
17
17
|
|
|
18
|
-
@resource.send_unlock_instructions(
|
|
18
|
+
@resource.send_unlock_instructions(
|
|
19
19
|
email: @email,
|
|
20
20
|
provider: 'email',
|
|
21
21
|
client_config: params[:config_name]
|
|
22
|
-
|
|
22
|
+
)
|
|
23
23
|
|
|
24
24
|
if @resource.errors.empty?
|
|
25
25
|
return render_create_success
|
|
@@ -34,14 +34,14 @@ module DeviseTokenAuth
|
|
|
34
34
|
def show
|
|
35
35
|
@resource = resource_class.unlock_access_by_token(params[:unlock_token])
|
|
36
36
|
|
|
37
|
-
if @resource
|
|
38
|
-
|
|
37
|
+
if @resource.persisted?
|
|
38
|
+
token = @resource.create_token
|
|
39
39
|
@resource.save!
|
|
40
40
|
yield @resource if block_given?
|
|
41
41
|
|
|
42
|
-
redirect_header_options = {unlock: true}
|
|
43
|
-
redirect_headers = build_redirect_headers(token,
|
|
44
|
-
|
|
42
|
+
redirect_header_options = { unlock: true }
|
|
43
|
+
redirect_headers = build_redirect_headers(token.token,
|
|
44
|
+
token.client,
|
|
45
45
|
redirect_header_options)
|
|
46
46
|
redirect_to(@resource.build_auth_url(after_unlock_path_for(@resource),
|
|
47
47
|
redirect_headers))
|
|
@@ -57,29 +57,33 @@ module DeviseTokenAuth
|
|
|
57
57
|
end
|
|
58
58
|
|
|
59
59
|
def render_create_error_missing_email
|
|
60
|
-
render_error(401, I18n.t(
|
|
60
|
+
render_error(401, I18n.t('devise_token_auth.unlocks.missing_email'))
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
def render_create_success
|
|
64
64
|
render json: {
|
|
65
65
|
success: true,
|
|
66
|
-
message:
|
|
66
|
+
message: success_message('unlocks', @email)
|
|
67
67
|
}
|
|
68
68
|
end
|
|
69
69
|
|
|
70
70
|
def render_create_error(errors)
|
|
71
71
|
render json: {
|
|
72
72
|
success: false,
|
|
73
|
-
errors: errors
|
|
73
|
+
errors: errors
|
|
74
74
|
}, status: 400
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
def render_show_error
|
|
78
|
-
raise ActionController::RoutingError
|
|
78
|
+
raise ActionController::RoutingError, 'Not Found'
|
|
79
79
|
end
|
|
80
80
|
|
|
81
81
|
def render_not_found_error
|
|
82
|
-
|
|
82
|
+
if Devise.paranoid
|
|
83
|
+
render_error(404, I18n.t('devise_token_auth.unlocks.sended_paranoid'))
|
|
84
|
+
else
|
|
85
|
+
render_error(404, I18n.t('devise_token_auth.unlocks.user_not_found', email: @email))
|
|
86
|
+
end
|
|
83
87
|
end
|
|
84
88
|
|
|
85
89
|
def resource_params
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
module DeviseTokenAuth::Concerns::ActiveRecordSupport
|
|
2
|
+
extend ActiveSupport::Concern
|
|
3
|
+
|
|
4
|
+
included do
|
|
5
|
+
serialize :tokens, DeviseTokenAuth::Concerns::TokensSerialization
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
class_methods do
|
|
9
|
+
# It's abstract replacement .find_by
|
|
10
|
+
def dta_find_by(attrs = {})
|
|
11
|
+
find_by(attrs)
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
module DeviseTokenAuth::Concerns::ConfirmableSupport
|
|
2
|
+
extend ActiveSupport::Concern
|
|
3
|
+
|
|
4
|
+
included do
|
|
5
|
+
# Override standard devise `postpone_email_change?` method
|
|
6
|
+
# for not to use `will_save_change_to_email?` & `email_changed?` methods.
|
|
7
|
+
def postpone_email_change?
|
|
8
|
+
postpone = self.class.reconfirmable &&
|
|
9
|
+
email_value_in_database != email &&
|
|
10
|
+
!@bypass_confirmation_postpone &&
|
|
11
|
+
self.email.present? &&
|
|
12
|
+
(!@skip_reconfirmation_in_callback || !email_value_in_database.nil?)
|
|
13
|
+
@bypass_confirmation_postpone = false
|
|
14
|
+
postpone
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
protected
|
|
19
|
+
|
|
20
|
+
def email_value_in_database
|
|
21
|
+
rails51 = Rails.gem_version >= Gem::Version.new("5.1.x")
|
|
22
|
+
if rails51 && respond_to?(:email_in_database)
|
|
23
|
+
email_in_database
|
|
24
|
+
else
|
|
25
|
+
email_was
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module DeviseTokenAuth::Concerns::MongoidSupport
|
|
2
|
+
extend ActiveSupport::Concern
|
|
3
|
+
|
|
4
|
+
def as_json(options = {})
|
|
5
|
+
options[:except] = (options[:except] || []) + [:_id]
|
|
6
|
+
hash = super(options)
|
|
7
|
+
hash['id'] = to_param
|
|
8
|
+
hash
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
class_methods do
|
|
12
|
+
# It's abstract replacement .find_by
|
|
13
|
+
def dta_find_by(attrs = {})
|
|
14
|
+
find_by(attrs)
|
|
15
|
+
rescue Mongoid::Errors::DocumentNotFound
|
|
16
|
+
nil
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
module DeviseTokenAuth::Concerns::TokensSerialization
|
|
2
|
+
extend self
|
|
3
|
+
# Serialization hash to json
|
|
4
|
+
def dump(object)
|
|
5
|
+
JSON.generate(object && object.transform_values do |token|
|
|
6
|
+
serialize_updated_at(token).compact
|
|
7
|
+
end.compact)
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
# Deserialization json to hash
|
|
11
|
+
def load(json)
|
|
12
|
+
case json
|
|
13
|
+
when String
|
|
14
|
+
JSON.parse(json)
|
|
15
|
+
when NilClass
|
|
16
|
+
{}
|
|
17
|
+
else
|
|
18
|
+
json
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
private
|
|
23
|
+
|
|
24
|
+
def serialize_updated_at(token)
|
|
25
|
+
updated_at_key = ['updated_at', :updated_at].find(&token.method(:[]))
|
|
26
|
+
|
|
27
|
+
return token unless token[updated_at_key].respond_to?(:iso8601)
|
|
28
|
+
|
|
29
|
+
token.merge updated_at_key => token[updated_at_key].iso8601
|
|
30
|
+
end
|
|
31
|
+
end
|