devise_token_auth 1.0.0.rc1 → 1.0.0.rc2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise_token_auth might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b4979d300ecd6cc6549803714b7737e897bca1ad
4
- data.tar.gz: 1b73b2890e2f654812585cfeded1f7b682267b36
3
+ metadata.gz: 477ab5522b51d1e2f435ec19c213a1a1e628dfec
4
+ data.tar.gz: 2237143fb8b5f0103dfc37226f59cf12965e5ef0
5
5
  SHA512:
6
- metadata.gz: 38f0c132610a90f5e5a23d31c596e43eddbdc640deaf7a5c003901895c4045afabdc9c238e044519be04616ecc62765bf23b149c8e888d7a258e9620259c2ad0
7
- data.tar.gz: e6cb430221c6a9218bbdf85d5bba1026d5eff253503bc3c517c1ff1bff4b36d7cde279ecc8e50810455576cfad81ac9d12594e02224fe9666ae15172a1473d8c
6
+ metadata.gz: f764c8cdef2e374f8160c77b27e89f0acc992db32a187bd61ebe8cedb5ddfb3ffd0978f76a104399a4709a5644862b258973584a68a07cfc7865bc7209bdb8c4
7
+ data.tar.gz: 91f359fb389845f3df447f192f226d5d88e8acdf39d0ec8ede773b7e6ef006e6f59abe268fd0a2dff352c2253e41ae7100d4b54e8ee05e35876fde812b54514d
@@ -17,10 +17,10 @@ module DeviseTokenAuth::Concerns::SetUserByToken
17
17
  @used_auth_by_token = true
18
18
 
19
19
  # initialize instance variables
20
- @client_id = nil
21
- @resource = nil
22
- @token = nil
23
- @is_batch_request = nil
20
+ @client_id ||= nil
21
+ @resource ||= nil
22
+ @token ||= nil
23
+ @is_batch_request ||= nil
24
24
  end
25
25
 
26
26
  def ensure_pristine_resource
@@ -99,7 +99,8 @@ module DeviseTokenAuth::Concerns::SetUserByToken
99
99
 
100
100
  def update_auth_header
101
101
  # cannot save object if model has invalid params
102
- return unless defined?(@resource) && @resource && @resource.valid? && @client_id
102
+
103
+ return unless @resource && @client_id
103
104
 
104
105
  # Generate new client_id with existing authentication
105
106
  @client_id = nil unless @used_auth_by_token
@@ -115,54 +116,63 @@ module DeviseTokenAuth::Concerns::SetUserByToken
115
116
  response.headers.merge!(auth_header)
116
117
 
117
118
  else
118
-
119
- ensure_pristine_resource do
120
- # Lock the user record during any auth_header updates to ensure
121
- # we don't have write contention from multiple threads
122
- @resource.with_lock do
123
- # should not append auth header if @resource related token was
124
- # cleared by sign out in the meantime
125
- return if @used_auth_by_token && @resource.tokens[@client_id].nil?
126
-
127
- # determine batch request status after request processing, in case
128
- # another processes has updated it during that processing
129
- @is_batch_request = is_batch_request?(@resource, @client_id)
130
-
131
- auth_header = {}
132
-
133
- # extend expiration of batch buffer to account for the duration of
134
- # this request
135
- if @is_batch_request
136
- auth_header = @resource.extend_batch_buffer(@token, @client_id)
137
-
138
- # Do not return token for batch requests to avoid invalidated
139
- # tokens returned to the client in case of race conditions.
140
- # Use a blank string for the header to still be present and
141
- # being passed in a XHR response in case of
142
- # 304 Not Modified responses.
143
- auth_header[DeviseTokenAuth.headers_names[:"access-token"]] = ' '
144
- auth_header[DeviseTokenAuth.headers_names[:"expiry"]] = ' '
145
-
146
- # update Authorization response header with new token
147
- else
148
- auth_header = @resource.create_new_auth_token(@client_id)
149
- end
150
-
151
- # update the response header
152
- response.headers.merge!(auth_header)
153
-
154
- end # end lock
155
- end # end ensure_pristine_resource
119
+ unless @resource.reload.valid?
120
+ @resource = resource_class.find(@resource.to_param) # errors remain after reload
121
+ # if we left the model in a bad state, something is wrong in our app
122
+ unless @resource.valid?
123
+ raise DeviseTokenAuth::Errors::InvalidModel, "Cannot set auth token in invalid model. Errors: #{@resource.errors.full_messages}"
124
+ end
125
+ end
126
+ refresh_headers
156
127
  end
157
-
158
128
  end
159
129
 
160
130
  private
161
131
 
132
+ def refresh_headers
133
+ ensure_pristine_resource do
134
+ # Lock the user record during any auth_header updates to ensure
135
+ # we don't have write contention from multiple threads
136
+ @resource.with_lock do
137
+ # should not append auth header if @resource related token was
138
+ # cleared by sign out in the meantime
139
+ return if @used_auth_by_token && @resource.tokens[@client_id].nil?
140
+
141
+ # update the response header
142
+ response.headers.merge!(auth_header_from_batch_request)
143
+ end # end lock
144
+ end # end ensure_pristine_resource
145
+ end
146
+
162
147
  def is_batch_request?(user, client_id)
163
148
  !params[:unbatch] &&
164
149
  user.tokens[client_id] &&
165
150
  user.tokens[client_id]['updated_at'] &&
166
151
  Time.parse(user.tokens[client_id]['updated_at']) > @request_started_at - DeviseTokenAuth.batch_request_buffer_throttle
167
152
  end
153
+
154
+ def auth_header_from_batch_request
155
+ # determine batch request status after request processing, in case
156
+ # another processes has updated it during that processing
157
+ @is_batch_request = is_batch_request?(@resource, @client_id)
158
+
159
+ auth_header = {}
160
+ # extend expiration of batch buffer to account for the duration of
161
+ # this request
162
+ if @is_batch_request
163
+ auth_header = @resource.extend_batch_buffer(@token, @client_id)
164
+
165
+ # Do not return token for batch requests to avoid invalidated
166
+ # tokens returned to the client in case of race conditions.
167
+ # Use a blank string for the header to still be present and
168
+ # being passed in a XHR response in case of
169
+ # 304 Not Modified responses.
170
+ auth_header[DeviseTokenAuth.headers_names[:"access-token"]] = ' '
171
+ auth_header[DeviseTokenAuth.headers_names[:"expiry"]] = ' '
172
+ else
173
+ # update Authorization response header with new token
174
+ auth_header = @resource.create_new_auth_token(@client_id)
175
+ end
176
+ auth_header
177
+ end
168
178
  end
@@ -22,8 +22,15 @@ module DeviseTokenAuth
22
22
  redirect_headers = build_redirect_headers(token,
23
23
  client_id,
24
24
  redirect_header_options)
25
- redirect_to(@resource.build_auth_url(params[:redirect_url],
26
- redirect_headers))
25
+
26
+ # give redirect value from params priority
27
+ @redirect_url = params[:redirect_url]
28
+
29
+ # fall back to default value if provided
30
+ @redirect_url ||= DeviseTokenAuth.default_confirm_success_url
31
+
32
+
33
+ redirect_to(@resource.build_auth_url(@redirect_url, redirect_headers))
27
34
  else
28
35
  raise ActionController::RoutingError, 'Not Found'
29
36
  end
@@ -24,7 +24,7 @@ module DeviseTokenAuth
24
24
  if @resource && valid_params?(field, q_value) && (!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
25
25
  valid_password = @resource.valid_password?(resource_params[:password])
26
26
  if (@resource.respond_to?(:valid_for_authentication?) && !@resource.valid_for_authentication? { valid_password }) || !valid_password
27
- return render_create_error_bad_credentials
27
+ return render_create_error_bad_credentials
28
28
  end
29
29
  @client_id, @token = @resource.create_token
30
30
  @resource.save
@@ -2,11 +2,11 @@ da-DK:
2
2
  devise_token_auth:
3
3
  sessions:
4
4
  not_confirmed: "Der er sendt en bekræftelsesemail til din konto på '%{email}'. Følg venligst instruktionerne i emailen for at aktivere din konto."
5
- bad_credentials: "Ugyldigt kombination af brugernavn og kodeord. Prøv venligst igen."
5
+ bad_credentials: "Ugyldig kombination af brugernavn og kodeord. Prøv venligst igen."
6
6
  not_supported: "Brug POST /sign_in for at logge ind. GET er ikke supporteret."
7
7
  user_not_found: "Brugeren er ikke fundet eller er ikke logget ind."
8
8
  token_validations:
9
- invalid: "Ugyldig legitimationsoplysninger."
9
+ invalid: "Ugyldige legitimationsoplysninger."
10
10
  registrations:
11
11
  missing_confirm_success_url: "Der mangler et 'confirm_success_url' parameter."
12
12
  redirect_url_not_allowed: "Omdirigering til '%{redirect_url}' er ikke tilladt."
@@ -21,7 +21,7 @@ da-DK:
21
21
  sended: "En email er blevet sendt til '%{email}' med instruktioner for at nulstille dit kodeord."
22
22
  user_not_found: "Kan ikke finde en bruger med '%{email}'."
23
23
  password_not_required: "Denne bruger kræver ikke et kodeord. Log ind med '%{provider}' konto i stedet."
24
- missing_passwords: "Du skal fylde alle felter ud som indeholder 'Password' og 'Password confirmation'."
24
+ missing_passwords: "Du skal udfylde både kodeord og bekræftelse af kodeord."
25
25
  successfully_updated: "Dit kodeord er opdateret."
26
26
  unlocks:
27
27
  missing_email: "Du skal udfylde en email."
@@ -35,15 +35,15 @@ da-DK:
35
35
  devise:
36
36
  mailer:
37
37
  confirmation_instructions:
38
- confirm_link_msg: "Du kan bekræfte din konto email for linket herunder:"
38
+ confirm_link_msg: "Du kan bekræfte din kontos email gennem linket herunder:"
39
39
  confirm_account_link: "Bekræft min konto"
40
40
  reset_password_instructions:
41
- request_reset_link_msg: "Der er nogle der har anmodet om et link til at ændre dit kodeord. Det kan du gøre gennem linket nedenfor."
42
- password_change_link: "Ændre mit kodeord."
41
+ request_reset_link_msg: "Nogen har anmodet om et link til at ændre dit kodeord. Det kan du gøre via linket nedenfor."
42
+ password_change_link: "Skift mit kodeord."
43
43
  ignore_mail_msg: "Hvis du ikke anmodede om dette, ignorer venligst denne email."
44
- no_changes_msg: "Din kodeord vil ikke ændres indtil du går ind på linket ovenfor og laver et nyt et."
44
+ no_changes_msg: "Dit kodeord ændres først når du følger linket ovenfor og skaber et nyt."
45
45
  unlock_instructions:
46
- account_lock_msg: "Din konto er blevet låst fordi der er for mange forkerte log ind-forsøg."
46
+ account_lock_msg: "Din konto er blevet låst fordi der har været for mange ugyldige log ind-forsøg."
47
47
  unlock_link_msg: "Klik linket nedenfor, for at låse din konto op:"
48
48
  unlock_link: "Lås min konto op"
49
49
  hello: "hej"
@@ -3,5 +3,6 @@
3
3
  module DeviseTokenAuth
4
4
  module Errors
5
5
  class NoResourceDefinedError < StandardError; end
6
+ class InvalidModel < StandardError; end
6
7
  end
7
8
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module DeviseTokenAuth
4
- VERSION = '1.0.0.rc1'.freeze
4
+ VERSION = '1.0.0.rc2'.freeze
5
5
  end
@@ -45,6 +45,19 @@ class DeviseTokenAuth::TokenValidationsControllerTest < ActionDispatch::Integrat
45
45
  end
46
46
  end
47
47
 
48
+ describe 'with invalid user' do
49
+ before do
50
+ @resource.update_column :email, 'invalid'
51
+ end
52
+
53
+ test 'request should raise invalid model error' do
54
+ error = assert_raises DeviseTokenAuth::Errors::InvalidModel do
55
+ get '/auth/validate_token', params: {}, headers: @auth_headers
56
+ end
57
+ assert_equal(error.message, "Cannot set auth token in invalid model. Errors: [\"Email is not an email\"]")
58
+ end
59
+ end
60
+
48
61
  describe 'failure' do
49
62
  before do
50
63
  get '/api/v1/auth/validate_token',
@@ -1,11 +1,9 @@
1
- class User < ApplicationRecord
2
- # Include default devise modules.
3
- devise :database_authenticatable, :registerable,
4
- :recoverable, :rememberable, :trackable, :validatable,
5
- :confirmable, :omniauthable
6
- include DeviseTokenAuth::Concerns::User
1
+ # frozen_string_literal: true
7
2
 
8
- def whatever
9
- puts 'whatever'
10
- end
11
- end
3
+ class User < ActiveRecord::Base
4
+ # Include default devise modules. Others available are:
5
+ # :confirmable, :lockable, :timeoutable and :omniauthable
6
+ devise :database_authenticatable, :registerable,
7
+ :recoverable, :rememberable, :trackable, :validatable
8
+ include DeviseTokenAuth::Concerns::User
9
+ end
@@ -0,0 +1,4 @@
1
+ Rails.application.routes.draw do
2
+ mount_devise_token_auth_for 'User', at: 'auth'
3
+ patch '/chong', to: 'bong#index'
4
+ end
metadata CHANGED
@@ -1,19 +1,22 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_token_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0.rc1
4
+ version: 1.0.0.rc2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Lynn Hurley
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-08-10 00:00:00.000000000 Z
11
+ date: 2018-09-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 4.2.0
17
20
  - - "<"
18
21
  - !ruby/object:Gem::Version
19
22
  version: '6'
@@ -21,6 +24,9 @@ dependencies:
21
24
  prerelease: false
22
25
  version_requirements: !ruby/object:Gem::Requirement
23
26
  requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ version: 4.2.0
24
30
  - - "<"
25
31
  - !ruby/object:Gem::Version
26
32
  version: '6'
@@ -33,7 +39,7 @@ dependencies:
33
39
  version: 3.5.2
34
40
  - - "<"
35
41
  - !ruby/object:Gem::Version
36
- version: '4.5'
42
+ version: '4.6'
37
43
  type: :runtime
38
44
  prerelease: false
39
45
  version_requirements: !ruby/object:Gem::Requirement
@@ -43,7 +49,7 @@ dependencies:
43
49
  version: 3.5.2
44
50
  - - "<"
45
51
  - !ruby/object:Gem::Version
46
- version: '4.5'
52
+ version: '4.6'
47
53
  - !ruby/object:Gem::Dependency
48
54
  name: appraisal
49
55
  requirement: !ruby/object:Gem::Requirement
@@ -247,7 +253,8 @@ files:
247
253
  - test/dummy/lib/migration_database_helper.rb
248
254
  - test/dummy/tmp/generators/app/models/user.rb
249
255
  - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
250
- - test/dummy/tmp/generators/db/migrate/20180805205504_devise_token_auth_create_users.rb
256
+ - test/dummy/tmp/generators/config/routes.rb
257
+ - test/dummy/tmp/generators/db/migrate/20180920132503_devise_token_auth_create_users.rb
251
258
  - test/factories/users.rb
252
259
  - test/lib/devise_token_auth/url_test.rb
253
260
  - test/lib/generators/devise_token_auth/install_generator_test.rb
@@ -269,7 +276,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
269
276
  requirements:
270
277
  - - ">="
271
278
  - !ruby/object:Gem::Version
272
- version: '0'
279
+ version: 2.2.0
273
280
  required_rubygems_version: !ruby/object:Gem::Requirement
274
281
  requirements:
275
282
  - - ">"
@@ -342,8 +349,9 @@ test_files:
342
349
  - test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb
343
350
  - test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb
344
351
  - test/dummy/tmp/generators/app/models/user.rb
352
+ - test/dummy/tmp/generators/config/routes.rb
345
353
  - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
346
- - test/dummy/tmp/generators/db/migrate/20180805205504_devise_token_auth_create_users.rb
354
+ - test/dummy/tmp/generators/db/migrate/20180920132503_devise_token_auth_create_users.rb
347
355
  - test/dummy/README.rdoc
348
356
  - test/models/only_email_user_test.rb
349
357
  - test/models/user_test.rb