devise_token_auth 0.2.0 → 1.0.0.rc1

data/app/controllers/devise_token_auth/registrations_controller.rb

@@ -12,7 +12,8 @@ module DeviseTokenAuth
 
       unless @resource.present?
         raise DeviseTokenAuth::Errors::NoResourceDefinedError,
-          "#{self.class.name} #build_resource does not define @resource, execution stopped"
+              "#{self.class.name} #build_resource does not define @resource,"\
+              ' execution stopped.'
       end
 
       # give redirect value from params priority
@@ -31,8 +32,8 @@ module DeviseTokenAuth
 
       begin
         # override email confirmation, must be sent manually from ctrl
-        resource_class.set_callback("create", :after, :send_on_create_confirmation_instructions)
-        resource_class.skip_callback("create", :after, :send_on_create_confirmation_instructions)
+        resource_class.set_callback('create', :after, :send_on_create_confirmation_instructions)
+        resource_class.skip_callback('create', :after, :send_on_create_confirmation_instructions)
 
         if @resource.respond_to? :skip_confirmation_notification!
           # Fix duplicate e-mails by disabling Devise confirmation e-mail
@@ -42,18 +43,19 @@ module DeviseTokenAuth
         if @resource.save
           yield @resource if block_given?
 
-          unless @resource.confirmed?
-            # user will require email authentication
-            @resource.send_confirmation_instructions({
-              client_config: params[:config_name],
-              redirect_url: @redirect_url
-            })
-          else
+          if @resource.confirmed?
             # email auth has been bypassed, authenticate user
             @client_id, @token = @resource.create_token
             @resource.save!
             update_auth_header
+          else
+            # user will require email authentication
+            @resource.send_confirmation_instructions(
+              client_config: params[:config_name],
+              redirect_url: @redirect_url
+            )
           end
+
           render_create_success
         else
           clean_up_passwords @resource
@@ -167,7 +169,7 @@ module DeviseTokenAuth
     end
 
     def render_update_error_user_not_found
-      render_error(404, I18n.t('devise_token_auth.registrations.user_not_found'), { status: 'error' })
+      render_error(404, I18n.t('devise_token_auth.registrations.user_not_found'), status: 'error')
     end
 
     def render_destroy_success
@@ -178,7 +180,7 @@ module DeviseTokenAuth
     end
 
     def render_destroy_error
-      render_error(404, I18n.t('devise_token_auth.registrations.account_to_destroy_not_found'), { status: 'error' })
+      render_error(404, I18n.t('devise_token_auth.registrations.account_to_destroy_not_found'), status: 'error')
     end
 
     private
@@ -186,9 +188,9 @@ module DeviseTokenAuth
     def resource_update_method
       if DeviseTokenAuth.check_current_password_before_update == :attributes
         'update_with_password'
-      elsif DeviseTokenAuth.check_current_password_before_update == :password && account_update_params.has_key?(:password)
+      elsif DeviseTokenAuth.check_current_password_before_update == :password && account_update_params.key?(:password)
         'update_with_password'
-      elsif account_update_params.has_key?(:current_password)
+      elsif account_update_params.key?(:current_password)
         'update_with_password'
       else
         'update_attributes'
@@ -204,7 +206,7 @@ module DeviseTokenAuth
     end
 
     def validate_post_data which, message
-      render_error(:unprocessable_entity, message, { status: 'error' }) if which.empty?
+      render_error(:unprocessable_entity, message, status: 'error') if which.empty?
     end
   end
 end

data/app/controllers/devise_token_auth/sessions_controller.rb

@@ -3,8 +3,8 @@
 # see http://www.emilsoman.com/blog/2013/05/18/building-a-tested/
 module DeviseTokenAuth
   class SessionsController < DeviseTokenAuth::ApplicationController
-    before_action :set_user_by_token, :only => [:destroy]
-    after_action :reset_session, :only => [:destroy]
+    before_action :set_user_by_token, only: [:destroy]
+    after_action :reset_session, only: [:destroy]
 
     def new
       render_new_error
@@ -87,14 +87,11 @@ module DeviseTokenAuth
         auth_val.downcase!
       end
 
-      return {
-        key: auth_key,
-        val: auth_val
-      }
+      { key: auth_key, val: auth_val }
     end
 
     def render_new_error
-      render_error(405, I18n.t("devise_token_auth.sessions.not_supported"))
+      render_error(405, I18n.t('devise_token_auth.sessions.not_supported'))
     end
 
     def render_create_success
@@ -104,15 +101,15 @@ module DeviseTokenAuth
     end
 
     def render_create_error_not_confirmed
-      render_error(401, I18n.t("devise_token_auth.sessions.not_confirmed", email: @resource.email))
+      render_error(401, I18n.t('devise_token_auth.sessions.not_confirmed', email: @resource.email))
     end
 
     def render_create_error_account_locked
-      render_error(401, I18n.t("devise.mailer.unlock_instructions.account_lock_msg"))
+      render_error(401, I18n.t('devise.mailer.unlock_instructions.account_lock_msg'))
     end
 
     def render_create_error_bad_credentials
-      render_error(401, I18n.t("devise_token_auth.sessions.bad_credentials"))
+      render_error(401, I18n.t('devise_token_auth.sessions.bad_credentials'))
     end
 
     def render_destroy_success
@@ -122,7 +119,7 @@ module DeviseTokenAuth
     end
 
     def render_destroy_error
-      render_error(404, I18n.t("devise_token_auth.sessions.user_not_found"))
+      render_error(404, I18n.t('devise_token_auth.sessions.user_not_found'))
     end
 
     private
@@ -130,6 +127,5 @@ module DeviseTokenAuth
     def resource_params
       params.permit(*params_for_resource(:sign_in))
     end
-
   end
 end

data/app/controllers/devise_token_auth/token_validations_controller.rb

@@ -2,8 +2,8 @@
 
 module DeviseTokenAuth
   class TokenValidationsController < DeviseTokenAuth::ApplicationController
-    skip_before_action :assert_is_devise_resource!, :only => [:validate_token]
-    before_action :set_user_by_token, :only => [:validate_token]
+    skip_before_action :assert_is_devise_resource!, only: [:validate_token]
+    before_action :set_user_by_token, only: [:validate_token]
 
     def validate_token
       # @resource will have been set by set_user_by_token concern
@@ -25,7 +25,7 @@ module DeviseTokenAuth
     end
 
     def render_validate_token_error
-      render_error(401, I18n.t("devise_token_auth.token_validations.invalid"))
+      render_error(401, I18n.t('devise_token_auth.token_validations.invalid'))
     end
   end
 end

data/app/controllers/devise_token_auth/unlocks_controller.rb

@@ -2,14 +2,12 @@
 
 module DeviseTokenAuth
   class UnlocksController < DeviseTokenAuth::ApplicationController
-    skip_after_action :update_auth_header, :only => [:create, :show]
+    skip_after_action :update_auth_header, only: [:create, :show]
 
     # this action is responsible for generating unlock tokens and
     # sending emails
     def create
-      unless resource_params[:email]
-        return render_create_error_missing_email
-      end
+      return render_create_error_missing_email unless resource_params[:email]
 
       @email = get_case_insensitive_field_from_resource_params(:email)
       @resource = find_resource(:email, @email)
@@ -17,11 +15,11 @@ module DeviseTokenAuth
       if @resource
         yield @resource if block_given?
 
-        @resource.send_unlock_instructions({
+        @resource.send_unlock_instructions(
           email: @email,
           provider: 'email',
           client_config: params[:config_name]
-        })
+        )
 
         if @resource.errors.empty?
           return render_create_success
@@ -41,7 +39,7 @@ module DeviseTokenAuth
         @resource.save!
         yield @resource if block_given?
 
-        redirect_header_options = {unlock: true}
+        redirect_header_options = { unlock: true }
         redirect_headers = build_redirect_headers(token,
                                                   client_id,
                                                   redirect_header_options)
@@ -59,29 +57,29 @@ module DeviseTokenAuth
     end
 
     def render_create_error_missing_email
-      render_error(401, I18n.t("devise_token_auth.unlocks.missing_email"))
+      render_error(401, I18n.t('devise_token_auth.unlocks.missing_email'))
     end
 
     def render_create_success
       render json: {
         success: true,
-        message: I18n.t("devise_token_auth.unlocks.sended", email: @email)
+        message: I18n.t('devise_token_auth.unlocks.sended', email: @email)
       }
     end
 
     def render_create_error(errors)
       render json: {
         success: false,
-        errors: errors,
+        errors: errors
       }, status: 400
     end
 
     def render_show_error
-      raise ActionController::RoutingError.new('Not Found')
+      raise ActionController::RoutingError, 'Not Found'
     end
 
     def render_not_found_error
-      render_error(404, I18n.t("devise_token_auth.unlocks.user_not_found", email: @email))
+      render_error(404, I18n.t('devise_token_auth.unlocks.user_not_found', email: @email))
     end
 
     def resource_params

data/app/models/devise_token_auth/concerns/user.rb

@@ -10,24 +10,20 @@ module DeviseTokenAuth::Concerns::User
 
     key = "#{token_hash}/#{token}"
     result = @token_equality_cache[key] ||= (::BCrypt::Password.new(token_hash) == token)
-    if @token_equality_cache.size > 10000
-      @token_equality_cache = {}
-    end
+    @token_equality_cache = {} if @token_equality_cache.size > 10000
     result
   end
 
   included do
     # Hack to check if devise is already enabled
-    unless self.method_defined?(:devise_modules)
-      devise :database_authenticatable, :registerable,
-          :recoverable, :trackable, :validatable, :confirmable
+    if method_defined?(:devise_modules)
+      devise_modules.delete(:omniauthable)
     else
-      self.devise_modules.delete(:omniauthable)
+      devise :database_authenticatable, :registerable,
+             :recoverable, :trackable, :validatable, :confirmable
     end
 
-    unless tokens_has_json_column_type?
-      serialize :tokens, JSON
-    end
+    serialize :tokens, JSON unless tokens_has_json_column_type?
 
     if DeviseTokenAuth.default_callbacks
       include DeviseTokenAuth::Concerns::UserOmniauthCallbacks
@@ -54,11 +50,11 @@ module DeviseTokenAuth::Concerns::User
     end
 
     # override devise method to include additional info as opts hash
-    def send_confirmation_instructions(opts={})
+    def send_confirmation_instructions(opts = {})
       generate_confirmation_token! unless @raw_confirmation_token
 
       # fall back to "default" config name
-      opts[:client_config] ||= "default"
+      opts[:client_config] ||= 'default'
       opts[:to] = unconfirmed_email if pending_reconfirmation?
       opts[:redirect_url] ||= DeviseTokenAuth.default_confirm_success_url
 
@@ -66,24 +62,24 @@ module DeviseTokenAuth::Concerns::User
     end
 
     # override devise method to include additional info as opts hash
-    def send_reset_password_instructions(opts={})
+    def send_reset_password_instructions(opts = {})
       token = set_reset_password_token
 
       # fall back to "default" config name
-      opts[:client_config] ||= "default"
+      opts[:client_config] ||= 'default'
 
       send_devise_notification(:reset_password_instructions, token, opts)
       token
     end
 
     # override devise method to include additional info as opts hash
-    def send_unlock_instructions(opts={})
+    def send_unlock_instructions(opts = {})
       raw, enc = Devise.token_generator.generate(self.class, :unlock_token)
       self.unlock_token = enc
       save(validate: false)
 
       # fall back to "default" config name
-      opts[:client_config] ||= "default"
+      opts[:client_config] ||= 'default'
 
       send_devise_notification(:unlock_instructions, raw, opts)
       raw
@@ -95,7 +91,7 @@ module DeviseTokenAuth::Concerns::User
     token     ||= SecureRandom.urlsafe_base64(nil, false)
     expiry    ||= (Time.zone.now + token_lifespan).to_i
 
-    self.tokens[client_id] = {
+    tokens[client_id] = {
       token: BCrypt::Password.create(token),
       expiry: expiry
     }.merge!(token_extras)
@@ -109,7 +105,7 @@ module DeviseTokenAuth::Concerns::User
     protected
 
     def tokens_has_json_column_type?
-      database_exists? && table_exists? && self.columns_hash['tokens'] && self.columns_hash['tokens'].type.in?([:json, :jsonb])
+      database_exists? && table_exists? && columns_hash['tokens'] && columns_hash['tokens'].type.in?([:json, :jsonb])
     end
 
     def database_exists?
@@ -117,22 +113,19 @@ module DeviseTokenAuth::Concerns::User
     end
   end
 
-
-  def valid_token?(token, client_id='default')
+  def valid_token?(token, client_id = 'default')
     return false unless tokens[client_id]
     return true if token_is_current?(token, client_id)
     return true if token_can_be_reused?(token, client_id)
 
     # return false if none of the above conditions are met
-    return false
+    false
   end
 
-
   # this must be done from the controller so that additional params
   # can be passed on from the client
   def send_confirmation_notification?; false; end
 
-
   def token_is_current?(token, client_id)
     # ghetto HashWithIndifferentAccess
     expiry     = tokens[client_id]['expiry'] || tokens[client_id][:expiry]
@@ -150,7 +143,6 @@ module DeviseTokenAuth::Concerns::User
     )
   end
 
-
   # allow batch requests to use the previous token
   def token_can_be_reused?(token, client_id)
     # ghetto HashWithIndifferentAccess
@@ -169,9 +161,8 @@ module DeviseTokenAuth::Concerns::User
     )
   end
 
-
   # update user's auth token (should happen on each request)
-  def create_new_auth_token(client_id=nil)
+  def create_new_auth_token(client_id = nil)
     now = Time.zone.now
 
     client_id, token = create_token(
@@ -184,21 +175,21 @@ module DeviseTokenAuth::Concerns::User
     update_auth_header(token, client_id)
   end
 
-  def build_auth_header(token, client_id='default')
+  def build_auth_header(token, client_id = 'default')
     # client may use expiry to prevent validation request if expired
     # must be cast as string or headers will break
     expiry = tokens[client_id]['expiry'] || tokens[client_id][:expiry]
 
     {
       DeviseTokenAuth.headers_names[:"access-token"] => token,
-      DeviseTokenAuth.headers_names[:"token-type"]   => "Bearer",
+      DeviseTokenAuth.headers_names[:"token-type"]   => 'Bearer',
       DeviseTokenAuth.headers_names[:"client"]       => client_id,
       DeviseTokenAuth.headers_names[:"expiry"]       => expiry.to_s,
       DeviseTokenAuth.headers_names[:"uid"]          => uid
     }
   end
 
-  def update_auth_header(token, client_id='default')
+  def update_auth_header(token, client_id = 'default')
     headers = build_auth_header(token, client_id)
     clean_old_tokens
     save!
@@ -214,7 +205,7 @@ module DeviseTokenAuth::Concerns::User
   end
 
   def extend_batch_buffer(token, client_id)
-    self.tokens[client_id]['updated_at'] = Time.zone.now
+    tokens[client_id]['updated_at'] = Time.zone.now
     update_auth_header(token, client_id)
   end
 
@@ -223,7 +214,7 @@ module DeviseTokenAuth::Concerns::User
   end
 
   def token_validation_response
-    as_json(except: [:tokens, :created_at, :updated_at])
+    as_json(except: %i[tokens created_at updated_at])
   end
 
   def token_lifespan
@@ -239,7 +230,7 @@ module DeviseTokenAuth::Concerns::User
   def destroy_expired_tokens
     if tokens
       tokens.delete_if do |cid, v|
-        expiry = v[:expiry] || v["expiry"]
+        expiry = v[:expiry] || v['expiry']
         DateTime.strptime(expiry.to_s, '%s') < Time.zone.now
       end
     end
@@ -248,10 +239,10 @@ module DeviseTokenAuth::Concerns::User
   def should_remove_tokens_after_password_reset?
     if Rails::VERSION::MAJOR <= 5
       encrypted_password_changed? &&
-      DeviseTokenAuth.remove_tokens_after_password_reset
+        DeviseTokenAuth.remove_tokens_after_password_reset
     else
       saved_change_to_encrypted_password? &&
-      DeviseTokenAuth.remove_tokens_after_password_reset
+        DeviseTokenAuth.remove_tokens_after_password_reset
     end
   end
 
@@ -259,8 +250,8 @@ module DeviseTokenAuth::Concerns::User
     return unless should_remove_tokens_after_password_reset?
 
     if tokens.present? && tokens.many?
-      client_id, token_data = tokens.max_by { |cid, v| v[:expiry] || v["expiry"] }
-      self.tokens = {client_id => token_data}
+      client_id, token_data = tokens.max_by { |cid, v| v[:expiry] || v['expiry'] }
+      self.tokens = { client_id => token_data }
     end
   end
 

data/config/initializers/devise.rb

@@ -12,7 +12,7 @@ Devise.setup do |config|
   # Configure the e-mail address which will be shown in Devise::Mailer,
   # note that it will be overwritten if you use your own mailer class
   # with default "from" parameter.
-  config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
+  config.mailer_sender = 'no-reply@example.com'
 
   # Configure the class responsible to send e-mails.
   # config.mailer = 'Devise::Mailer'