devise_token_auth 0.2.0 → 1.0.0.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devise_token_auth might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +1 -2
- data/Rakefile +9 -4
- data/app/controllers/devise_token_auth/application_controller.rb +5 -7
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +2 -2
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +18 -10
- data/app/controllers/devise_token_auth/confirmations_controller.rb +2 -2
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +17 -23
- data/app/controllers/devise_token_auth/passwords_controller.rb +23 -27
- data/app/controllers/devise_token_auth/registrations_controller.rb +17 -15
- data/app/controllers/devise_token_auth/sessions_controller.rb +8 -12
- data/app/controllers/devise_token_auth/token_validations_controller.rb +3 -3
- data/app/controllers/devise_token_auth/unlocks_controller.rb +10 -12
- data/app/models/devise_token_auth/concerns/user.rb +27 -36
- data/config/initializers/devise.rb +1 -1
- data/lib/devise_token_auth.rb +6 -6
- data/lib/devise_token_auth/controllers/helpers.rb +14 -4
- data/lib/devise_token_auth/engine.rb +11 -13
- data/lib/devise_token_auth/errors.rb +1 -1
- data/lib/devise_token_auth/rails/routes.rb +29 -29
- data/lib/devise_token_auth/url.rb +6 -4
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +52 -39
- data/lib/generators/devise_token_auth/install_views_generator.rb +5 -5
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -1
- data/lib/generators/devise_token_auth/templates/{user.rb → user.rb.erb} +0 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +3 -1
- data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +2 -0
- data/test/controllers/custom/custom_passwords_controller_test.rb +4 -2
- data/test/controllers/custom/custom_registrations_controller_test.rb +6 -8
- data/test/controllers/custom/custom_sessions_controller_test.rb +5 -5
- data/test/controllers/custom/custom_token_validations_controller_test.rb +3 -3
- data/test/controllers/demo_group_controller_test.rb +2 -6
- data/test/controllers/demo_mang_controller_test.rb +2 -5
- data/test/controllers/demo_user_controller_test.rb +8 -17
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +2 -2
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +13 -9
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +8 -8
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +22 -33
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +2 -6
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +1 -1
- data/test/controllers/overrides/confirmations_controller_test.rb +3 -1
- data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +3 -1
- data/test/controllers/overrides/passwords_controller_test.rb +25 -29
- data/test/controllers/overrides/registrations_controller_test.rb +4 -2
- data/test/controllers/overrides/sessions_controller_test.rb +4 -4
- data/test/controllers/overrides/token_validations_controller_test.rb +3 -3
- data/test/dummy/app/controllers/custom/confirmations_controller.rb +0 -2
- data/test/dummy/app/controllers/custom/passwords_controller.rb +1 -4
- data/test/dummy/app/controllers/custom/registrations_controller.rb +1 -2
- data/test/dummy/app/controllers/custom/sessions_controller.rb +1 -3
- data/test/dummy/app/controllers/custom/token_validations_controller.rb +1 -3
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +5 -5
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +2 -2
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +8 -10
- data/test/dummy/app/controllers/overrides/token_validations_controller.rb +3 -5
- data/test/dummy/app/helpers/application_helper.rb +1027 -1036
- data/test/dummy/app/models/scoped_user.rb +2 -2
- data/test/dummy/app/models/unregisterable_user.rb +2 -2
- data/test/dummy/app/models/user.rb +1 -1
- data/test/dummy/config.ru +5 -3
- data/test/dummy/config/application.rb +2 -2
- data/test/dummy/config/boot.rb +2 -2
- data/test/dummy/config/environment.rb +1 -1
- data/test/dummy/config/environments/development.rb +3 -3
- data/test/dummy/config/environments/test.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +2 -2
- data/test/dummy/config/routes.rb +10 -29
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +8 -8
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +7 -7
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +4 -4
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +7 -7
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +7 -7
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +7 -7
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +6 -6
- data/test/dummy/db/schema.rb +2 -60
- data/test/factories/users.rb +40 -0
- data/test/lib/devise_token_auth/url_test.rb +6 -6
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +22 -14
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +30 -22
- data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +1 -1
- data/test/models/user_test.rb +15 -46
- data/test/support/controllers/routes.rb +43 -0
- data/test/test_helper.rb +12 -12
- metadata +8 -14
- data/test/dummy/app/models/evil_user.rb +0 -5
- data/test/dummy/app/models/nice_user.rb +0 -9
- data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +0 -66
- data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +0 -63
- data/test/integration/navigation_test.rb +0 -12
@@ -12,7 +12,8 @@ module DeviseTokenAuth
|
|
12
12
|
|
13
13
|
unless @resource.present?
|
14
14
|
raise DeviseTokenAuth::Errors::NoResourceDefinedError,
|
15
|
-
|
15
|
+
"#{self.class.name} #build_resource does not define @resource,"\
|
16
|
+
' execution stopped.'
|
16
17
|
end
|
17
18
|
|
18
19
|
# give redirect value from params priority
|
@@ -31,8 +32,8 @@ module DeviseTokenAuth
|
|
31
32
|
|
32
33
|
begin
|
33
34
|
# override email confirmation, must be sent manually from ctrl
|
34
|
-
resource_class.set_callback(
|
35
|
-
resource_class.skip_callback(
|
35
|
+
resource_class.set_callback('create', :after, :send_on_create_confirmation_instructions)
|
36
|
+
resource_class.skip_callback('create', :after, :send_on_create_confirmation_instructions)
|
36
37
|
|
37
38
|
if @resource.respond_to? :skip_confirmation_notification!
|
38
39
|
# Fix duplicate e-mails by disabling Devise confirmation e-mail
|
@@ -42,18 +43,19 @@ module DeviseTokenAuth
|
|
42
43
|
if @resource.save
|
43
44
|
yield @resource if block_given?
|
44
45
|
|
45
|
-
|
46
|
-
# user will require email authentication
|
47
|
-
@resource.send_confirmation_instructions({
|
48
|
-
client_config: params[:config_name],
|
49
|
-
redirect_url: @redirect_url
|
50
|
-
})
|
51
|
-
else
|
46
|
+
if @resource.confirmed?
|
52
47
|
# email auth has been bypassed, authenticate user
|
53
48
|
@client_id, @token = @resource.create_token
|
54
49
|
@resource.save!
|
55
50
|
update_auth_header
|
51
|
+
else
|
52
|
+
# user will require email authentication
|
53
|
+
@resource.send_confirmation_instructions(
|
54
|
+
client_config: params[:config_name],
|
55
|
+
redirect_url: @redirect_url
|
56
|
+
)
|
56
57
|
end
|
58
|
+
|
57
59
|
render_create_success
|
58
60
|
else
|
59
61
|
clean_up_passwords @resource
|
@@ -167,7 +169,7 @@ module DeviseTokenAuth
|
|
167
169
|
end
|
168
170
|
|
169
171
|
def render_update_error_user_not_found
|
170
|
-
render_error(404, I18n.t('devise_token_auth.registrations.user_not_found'),
|
172
|
+
render_error(404, I18n.t('devise_token_auth.registrations.user_not_found'), status: 'error')
|
171
173
|
end
|
172
174
|
|
173
175
|
def render_destroy_success
|
@@ -178,7 +180,7 @@ module DeviseTokenAuth
|
|
178
180
|
end
|
179
181
|
|
180
182
|
def render_destroy_error
|
181
|
-
render_error(404, I18n.t('devise_token_auth.registrations.account_to_destroy_not_found'),
|
183
|
+
render_error(404, I18n.t('devise_token_auth.registrations.account_to_destroy_not_found'), status: 'error')
|
182
184
|
end
|
183
185
|
|
184
186
|
private
|
@@ -186,9 +188,9 @@ module DeviseTokenAuth
|
|
186
188
|
def resource_update_method
|
187
189
|
if DeviseTokenAuth.check_current_password_before_update == :attributes
|
188
190
|
'update_with_password'
|
189
|
-
elsif DeviseTokenAuth.check_current_password_before_update == :password && account_update_params.
|
191
|
+
elsif DeviseTokenAuth.check_current_password_before_update == :password && account_update_params.key?(:password)
|
190
192
|
'update_with_password'
|
191
|
-
elsif account_update_params.
|
193
|
+
elsif account_update_params.key?(:current_password)
|
192
194
|
'update_with_password'
|
193
195
|
else
|
194
196
|
'update_attributes'
|
@@ -204,7 +206,7 @@ module DeviseTokenAuth
|
|
204
206
|
end
|
205
207
|
|
206
208
|
def validate_post_data which, message
|
207
|
-
render_error(:unprocessable_entity, message,
|
209
|
+
render_error(:unprocessable_entity, message, status: 'error') if which.empty?
|
208
210
|
end
|
209
211
|
end
|
210
212
|
end
|
@@ -3,8 +3,8 @@
|
|
3
3
|
# see http://www.emilsoman.com/blog/2013/05/18/building-a-tested/
|
4
4
|
module DeviseTokenAuth
|
5
5
|
class SessionsController < DeviseTokenAuth::ApplicationController
|
6
|
-
before_action :set_user_by_token, :
|
7
|
-
after_action :reset_session, :
|
6
|
+
before_action :set_user_by_token, only: [:destroy]
|
7
|
+
after_action :reset_session, only: [:destroy]
|
8
8
|
|
9
9
|
def new
|
10
10
|
render_new_error
|
@@ -87,14 +87,11 @@ module DeviseTokenAuth
|
|
87
87
|
auth_val.downcase!
|
88
88
|
end
|
89
89
|
|
90
|
-
|
91
|
-
key: auth_key,
|
92
|
-
val: auth_val
|
93
|
-
}
|
90
|
+
{ key: auth_key, val: auth_val }
|
94
91
|
end
|
95
92
|
|
96
93
|
def render_new_error
|
97
|
-
render_error(405, I18n.t(
|
94
|
+
render_error(405, I18n.t('devise_token_auth.sessions.not_supported'))
|
98
95
|
end
|
99
96
|
|
100
97
|
def render_create_success
|
@@ -104,15 +101,15 @@ module DeviseTokenAuth
|
|
104
101
|
end
|
105
102
|
|
106
103
|
def render_create_error_not_confirmed
|
107
|
-
render_error(401, I18n.t(
|
104
|
+
render_error(401, I18n.t('devise_token_auth.sessions.not_confirmed', email: @resource.email))
|
108
105
|
end
|
109
106
|
|
110
107
|
def render_create_error_account_locked
|
111
|
-
render_error(401, I18n.t(
|
108
|
+
render_error(401, I18n.t('devise.mailer.unlock_instructions.account_lock_msg'))
|
112
109
|
end
|
113
110
|
|
114
111
|
def render_create_error_bad_credentials
|
115
|
-
render_error(401, I18n.t(
|
112
|
+
render_error(401, I18n.t('devise_token_auth.sessions.bad_credentials'))
|
116
113
|
end
|
117
114
|
|
118
115
|
def render_destroy_success
|
@@ -122,7 +119,7 @@ module DeviseTokenAuth
|
|
122
119
|
end
|
123
120
|
|
124
121
|
def render_destroy_error
|
125
|
-
render_error(404, I18n.t(
|
122
|
+
render_error(404, I18n.t('devise_token_auth.sessions.user_not_found'))
|
126
123
|
end
|
127
124
|
|
128
125
|
private
|
@@ -130,6 +127,5 @@ module DeviseTokenAuth
|
|
130
127
|
def resource_params
|
131
128
|
params.permit(*params_for_resource(:sign_in))
|
132
129
|
end
|
133
|
-
|
134
130
|
end
|
135
131
|
end
|
@@ -2,8 +2,8 @@
|
|
2
2
|
|
3
3
|
module DeviseTokenAuth
|
4
4
|
class TokenValidationsController < DeviseTokenAuth::ApplicationController
|
5
|
-
skip_before_action :assert_is_devise_resource!, :
|
6
|
-
before_action :set_user_by_token, :
|
5
|
+
skip_before_action :assert_is_devise_resource!, only: [:validate_token]
|
6
|
+
before_action :set_user_by_token, only: [:validate_token]
|
7
7
|
|
8
8
|
def validate_token
|
9
9
|
# @resource will have been set by set_user_by_token concern
|
@@ -25,7 +25,7 @@ module DeviseTokenAuth
|
|
25
25
|
end
|
26
26
|
|
27
27
|
def render_validate_token_error
|
28
|
-
render_error(401, I18n.t(
|
28
|
+
render_error(401, I18n.t('devise_token_auth.token_validations.invalid'))
|
29
29
|
end
|
30
30
|
end
|
31
31
|
end
|
@@ -2,14 +2,12 @@
|
|
2
2
|
|
3
3
|
module DeviseTokenAuth
|
4
4
|
class UnlocksController < DeviseTokenAuth::ApplicationController
|
5
|
-
skip_after_action :update_auth_header, :
|
5
|
+
skip_after_action :update_auth_header, only: [:create, :show]
|
6
6
|
|
7
7
|
# this action is responsible for generating unlock tokens and
|
8
8
|
# sending emails
|
9
9
|
def create
|
10
|
-
unless resource_params[:email]
|
11
|
-
return render_create_error_missing_email
|
12
|
-
end
|
10
|
+
return render_create_error_missing_email unless resource_params[:email]
|
13
11
|
|
14
12
|
@email = get_case_insensitive_field_from_resource_params(:email)
|
15
13
|
@resource = find_resource(:email, @email)
|
@@ -17,11 +15,11 @@ module DeviseTokenAuth
|
|
17
15
|
if @resource
|
18
16
|
yield @resource if block_given?
|
19
17
|
|
20
|
-
@resource.send_unlock_instructions(
|
18
|
+
@resource.send_unlock_instructions(
|
21
19
|
email: @email,
|
22
20
|
provider: 'email',
|
23
21
|
client_config: params[:config_name]
|
24
|
-
|
22
|
+
)
|
25
23
|
|
26
24
|
if @resource.errors.empty?
|
27
25
|
return render_create_success
|
@@ -41,7 +39,7 @@ module DeviseTokenAuth
|
|
41
39
|
@resource.save!
|
42
40
|
yield @resource if block_given?
|
43
41
|
|
44
|
-
redirect_header_options = {unlock: true}
|
42
|
+
redirect_header_options = { unlock: true }
|
45
43
|
redirect_headers = build_redirect_headers(token,
|
46
44
|
client_id,
|
47
45
|
redirect_header_options)
|
@@ -59,29 +57,29 @@ module DeviseTokenAuth
|
|
59
57
|
end
|
60
58
|
|
61
59
|
def render_create_error_missing_email
|
62
|
-
render_error(401, I18n.t(
|
60
|
+
render_error(401, I18n.t('devise_token_auth.unlocks.missing_email'))
|
63
61
|
end
|
64
62
|
|
65
63
|
def render_create_success
|
66
64
|
render json: {
|
67
65
|
success: true,
|
68
|
-
message: I18n.t(
|
66
|
+
message: I18n.t('devise_token_auth.unlocks.sended', email: @email)
|
69
67
|
}
|
70
68
|
end
|
71
69
|
|
72
70
|
def render_create_error(errors)
|
73
71
|
render json: {
|
74
72
|
success: false,
|
75
|
-
errors: errors
|
73
|
+
errors: errors
|
76
74
|
}, status: 400
|
77
75
|
end
|
78
76
|
|
79
77
|
def render_show_error
|
80
|
-
raise ActionController::RoutingError
|
78
|
+
raise ActionController::RoutingError, 'Not Found'
|
81
79
|
end
|
82
80
|
|
83
81
|
def render_not_found_error
|
84
|
-
render_error(404, I18n.t(
|
82
|
+
render_error(404, I18n.t('devise_token_auth.unlocks.user_not_found', email: @email))
|
85
83
|
end
|
86
84
|
|
87
85
|
def resource_params
|
@@ -10,24 +10,20 @@ module DeviseTokenAuth::Concerns::User
|
|
10
10
|
|
11
11
|
key = "#{token_hash}/#{token}"
|
12
12
|
result = @token_equality_cache[key] ||= (::BCrypt::Password.new(token_hash) == token)
|
13
|
-
if @token_equality_cache.size > 10000
|
14
|
-
@token_equality_cache = {}
|
15
|
-
end
|
13
|
+
@token_equality_cache = {} if @token_equality_cache.size > 10000
|
16
14
|
result
|
17
15
|
end
|
18
16
|
|
19
17
|
included do
|
20
18
|
# Hack to check if devise is already enabled
|
21
|
-
|
22
|
-
|
23
|
-
:recoverable, :trackable, :validatable, :confirmable
|
19
|
+
if method_defined?(:devise_modules)
|
20
|
+
devise_modules.delete(:omniauthable)
|
24
21
|
else
|
25
|
-
|
22
|
+
devise :database_authenticatable, :registerable,
|
23
|
+
:recoverable, :trackable, :validatable, :confirmable
|
26
24
|
end
|
27
25
|
|
28
|
-
unless tokens_has_json_column_type?
|
29
|
-
serialize :tokens, JSON
|
30
|
-
end
|
26
|
+
serialize :tokens, JSON unless tokens_has_json_column_type?
|
31
27
|
|
32
28
|
if DeviseTokenAuth.default_callbacks
|
33
29
|
include DeviseTokenAuth::Concerns::UserOmniauthCallbacks
|
@@ -54,11 +50,11 @@ module DeviseTokenAuth::Concerns::User
|
|
54
50
|
end
|
55
51
|
|
56
52
|
# override devise method to include additional info as opts hash
|
57
|
-
def send_confirmation_instructions(opts={})
|
53
|
+
def send_confirmation_instructions(opts = {})
|
58
54
|
generate_confirmation_token! unless @raw_confirmation_token
|
59
55
|
|
60
56
|
# fall back to "default" config name
|
61
|
-
opts[:client_config] ||=
|
57
|
+
opts[:client_config] ||= 'default'
|
62
58
|
opts[:to] = unconfirmed_email if pending_reconfirmation?
|
63
59
|
opts[:redirect_url] ||= DeviseTokenAuth.default_confirm_success_url
|
64
60
|
|
@@ -66,24 +62,24 @@ module DeviseTokenAuth::Concerns::User
|
|
66
62
|
end
|
67
63
|
|
68
64
|
# override devise method to include additional info as opts hash
|
69
|
-
def send_reset_password_instructions(opts={})
|
65
|
+
def send_reset_password_instructions(opts = {})
|
70
66
|
token = set_reset_password_token
|
71
67
|
|
72
68
|
# fall back to "default" config name
|
73
|
-
opts[:client_config] ||=
|
69
|
+
opts[:client_config] ||= 'default'
|
74
70
|
|
75
71
|
send_devise_notification(:reset_password_instructions, token, opts)
|
76
72
|
token
|
77
73
|
end
|
78
74
|
|
79
75
|
# override devise method to include additional info as opts hash
|
80
|
-
def send_unlock_instructions(opts={})
|
76
|
+
def send_unlock_instructions(opts = {})
|
81
77
|
raw, enc = Devise.token_generator.generate(self.class, :unlock_token)
|
82
78
|
self.unlock_token = enc
|
83
79
|
save(validate: false)
|
84
80
|
|
85
81
|
# fall back to "default" config name
|
86
|
-
opts[:client_config] ||=
|
82
|
+
opts[:client_config] ||= 'default'
|
87
83
|
|
88
84
|
send_devise_notification(:unlock_instructions, raw, opts)
|
89
85
|
raw
|
@@ -95,7 +91,7 @@ module DeviseTokenAuth::Concerns::User
|
|
95
91
|
token ||= SecureRandom.urlsafe_base64(nil, false)
|
96
92
|
expiry ||= (Time.zone.now + token_lifespan).to_i
|
97
93
|
|
98
|
-
|
94
|
+
tokens[client_id] = {
|
99
95
|
token: BCrypt::Password.create(token),
|
100
96
|
expiry: expiry
|
101
97
|
}.merge!(token_extras)
|
@@ -109,7 +105,7 @@ module DeviseTokenAuth::Concerns::User
|
|
109
105
|
protected
|
110
106
|
|
111
107
|
def tokens_has_json_column_type?
|
112
|
-
database_exists? && table_exists? &&
|
108
|
+
database_exists? && table_exists? && columns_hash['tokens'] && columns_hash['tokens'].type.in?([:json, :jsonb])
|
113
109
|
end
|
114
110
|
|
115
111
|
def database_exists?
|
@@ -117,22 +113,19 @@ module DeviseTokenAuth::Concerns::User
|
|
117
113
|
end
|
118
114
|
end
|
119
115
|
|
120
|
-
|
121
|
-
def valid_token?(token, client_id='default')
|
116
|
+
def valid_token?(token, client_id = 'default')
|
122
117
|
return false unless tokens[client_id]
|
123
118
|
return true if token_is_current?(token, client_id)
|
124
119
|
return true if token_can_be_reused?(token, client_id)
|
125
120
|
|
126
121
|
# return false if none of the above conditions are met
|
127
|
-
|
122
|
+
false
|
128
123
|
end
|
129
124
|
|
130
|
-
|
131
125
|
# this must be done from the controller so that additional params
|
132
126
|
# can be passed on from the client
|
133
127
|
def send_confirmation_notification?; false; end
|
134
128
|
|
135
|
-
|
136
129
|
def token_is_current?(token, client_id)
|
137
130
|
# ghetto HashWithIndifferentAccess
|
138
131
|
expiry = tokens[client_id]['expiry'] || tokens[client_id][:expiry]
|
@@ -150,7 +143,6 @@ module DeviseTokenAuth::Concerns::User
|
|
150
143
|
)
|
151
144
|
end
|
152
145
|
|
153
|
-
|
154
146
|
# allow batch requests to use the previous token
|
155
147
|
def token_can_be_reused?(token, client_id)
|
156
148
|
# ghetto HashWithIndifferentAccess
|
@@ -169,9 +161,8 @@ module DeviseTokenAuth::Concerns::User
|
|
169
161
|
)
|
170
162
|
end
|
171
163
|
|
172
|
-
|
173
164
|
# update user's auth token (should happen on each request)
|
174
|
-
def create_new_auth_token(client_id=nil)
|
165
|
+
def create_new_auth_token(client_id = nil)
|
175
166
|
now = Time.zone.now
|
176
167
|
|
177
168
|
client_id, token = create_token(
|
@@ -184,21 +175,21 @@ module DeviseTokenAuth::Concerns::User
|
|
184
175
|
update_auth_header(token, client_id)
|
185
176
|
end
|
186
177
|
|
187
|
-
def build_auth_header(token, client_id='default')
|
178
|
+
def build_auth_header(token, client_id = 'default')
|
188
179
|
# client may use expiry to prevent validation request if expired
|
189
180
|
# must be cast as string or headers will break
|
190
181
|
expiry = tokens[client_id]['expiry'] || tokens[client_id][:expiry]
|
191
182
|
|
192
183
|
{
|
193
184
|
DeviseTokenAuth.headers_names[:"access-token"] => token,
|
194
|
-
DeviseTokenAuth.headers_names[:"token-type"] =>
|
185
|
+
DeviseTokenAuth.headers_names[:"token-type"] => 'Bearer',
|
195
186
|
DeviseTokenAuth.headers_names[:"client"] => client_id,
|
196
187
|
DeviseTokenAuth.headers_names[:"expiry"] => expiry.to_s,
|
197
188
|
DeviseTokenAuth.headers_names[:"uid"] => uid
|
198
189
|
}
|
199
190
|
end
|
200
191
|
|
201
|
-
def update_auth_header(token, client_id='default')
|
192
|
+
def update_auth_header(token, client_id = 'default')
|
202
193
|
headers = build_auth_header(token, client_id)
|
203
194
|
clean_old_tokens
|
204
195
|
save!
|
@@ -214,7 +205,7 @@ module DeviseTokenAuth::Concerns::User
|
|
214
205
|
end
|
215
206
|
|
216
207
|
def extend_batch_buffer(token, client_id)
|
217
|
-
|
208
|
+
tokens[client_id]['updated_at'] = Time.zone.now
|
218
209
|
update_auth_header(token, client_id)
|
219
210
|
end
|
220
211
|
|
@@ -223,7 +214,7 @@ module DeviseTokenAuth::Concerns::User
|
|
223
214
|
end
|
224
215
|
|
225
216
|
def token_validation_response
|
226
|
-
as_json(except: [
|
217
|
+
as_json(except: %i[tokens created_at updated_at])
|
227
218
|
end
|
228
219
|
|
229
220
|
def token_lifespan
|
@@ -239,7 +230,7 @@ module DeviseTokenAuth::Concerns::User
|
|
239
230
|
def destroy_expired_tokens
|
240
231
|
if tokens
|
241
232
|
tokens.delete_if do |cid, v|
|
242
|
-
expiry = v[:expiry] || v[
|
233
|
+
expiry = v[:expiry] || v['expiry']
|
243
234
|
DateTime.strptime(expiry.to_s, '%s') < Time.zone.now
|
244
235
|
end
|
245
236
|
end
|
@@ -248,10 +239,10 @@ module DeviseTokenAuth::Concerns::User
|
|
248
239
|
def should_remove_tokens_after_password_reset?
|
249
240
|
if Rails::VERSION::MAJOR <= 5
|
250
241
|
encrypted_password_changed? &&
|
251
|
-
|
242
|
+
DeviseTokenAuth.remove_tokens_after_password_reset
|
252
243
|
else
|
253
244
|
saved_change_to_encrypted_password? &&
|
254
|
-
|
245
|
+
DeviseTokenAuth.remove_tokens_after_password_reset
|
255
246
|
end
|
256
247
|
end
|
257
248
|
|
@@ -259,8 +250,8 @@ module DeviseTokenAuth::Concerns::User
|
|
259
250
|
return unless should_remove_tokens_after_password_reset?
|
260
251
|
|
261
252
|
if tokens.present? && tokens.many?
|
262
|
-
client_id, token_data = tokens.max_by { |cid, v| v[:expiry] || v[
|
263
|
-
self.tokens = {client_id => token_data}
|
253
|
+
client_id, token_data = tokens.max_by { |cid, v| v[:expiry] || v['expiry'] }
|
254
|
+
self.tokens = { client_id => token_data }
|
264
255
|
end
|
265
256
|
end
|
266
257
|
|
@@ -12,7 +12,7 @@ Devise.setup do |config|
|
|
12
12
|
# Configure the e-mail address which will be shown in Devise::Mailer,
|
13
13
|
# note that it will be overwritten if you use your own mailer class
|
14
14
|
# with default "from" parameter.
|
15
|
-
config.mailer_sender = '
|
15
|
+
config.mailer_sender = 'no-reply@example.com'
|
16
16
|
|
17
17
|
# Configure the class responsible to send e-mails.
|
18
18
|
# config.mailer = 'Devise::Mailer'
|