RubyGems - devise_token_auth - Versions diffs - 1.0.0 → 1.1.0 - Mend

devise_token_auth 1.0.0 → 1.1.0

Potentially problematic release.

This version of devise_token_auth might be problematic. Click here for more details.

Files changed (74) hide show

data/app/controllers/devise_token_auth/unlocks_controller.rb CHANGED

@@ -34,7 +34,7 @@ module DeviseTokenAuth
     def show
       @resource = resource_class.unlock_access_by_token(params[:unlock_token])
-      if @resource && @resource.id
+      if @resource.persisted?
         client_id, token = @resource.create_token
         @resource.save!
         yield @resource if block_given?

data/app/models/devise_token_auth/concerns/active_record_support.rb ADDED

@@ -0,0 +1,34 @@
+module DeviseTokenAuth::Concerns::ActiveRecordSupport
+  extend ActiveSupport::Concern
+  included do
+    serialize :tokens, JSON unless tokens_has_json_column_type?
+    # can't set default on text fields in mysql, simulate here instead.
+    after_save :set_empty_token_hash
+    after_initialize :set_empty_token_hash
+  end
+  class_methods do
+    # It's abstract replacement .find_by
+    def dta_find_by(attrs = {})
+      find_by(attrs)
+    end
+    protected
+    def tokens_has_json_column_type?
+      database_exists? && table_exists? && columns_hash['tokens'] && columns_hash['tokens'].type.in?([:json, :jsonb])
+    end
+    def database_exists?
+      ActiveRecord::Base.connection_pool.with_connection { |con| con.active? } rescue false
+    end
+  end
+  protected
+  def set_empty_token_hash
+    self.tokens ||= {} if has_attribute?(:tokens)
+  end
+end

data/app/models/devise_token_auth/concerns/mongoid_support.rb ADDED

@@ -0,0 +1,19 @@
+module DeviseTokenAuth::Concerns::MongoidSupport
+  extend ActiveSupport::Concern
+  def as_json(options = {})
+    options[:except] = (options[:except] || []) + [:_id]
+    hash = super(options)
+    hash['id'] = to_param
+    hash
+  end
+  class_methods do
+    # It's abstract replacement .find_by
+    def dta_find_by(attrs = {})
+      find_by(attrs)
+    rescue Mongoid::Errors::DocumentNotFound
+      nil
+    end
+  end
+end

data/app/models/devise_token_auth/concerns/user.rb CHANGED

@@ -20,19 +20,21 @@ module DeviseTokenAuth::Concerns::User
       devise_modules.delete(:omniauthable)
     else
       devise :database_authenticatable, :registerable,
-             :recoverable, :trackable, :validatable, :confirmable
+             :recoverable, :validatable, :confirmable
     end
-    serialize :tokens, JSON unless tokens_has_json_column_type?
+    if const_defined?('ActiveRecord') && ancestors.include?(ActiveRecord::Base)
+      include DeviseTokenAuth::Concerns::ActiveRecordSupport
+    end
+    if const_defined?('Mongoid') && ancestors.include?(Mongoid::Document)
+      include DeviseTokenAuth::Concerns::MongoidSupport
+    end
     if DeviseTokenAuth.default_callbacks
       include DeviseTokenAuth::Concerns::UserOmniauthCallbacks
     end
-    # can't set default on text fields in mysql, simulate here instead.
-    after_save :set_empty_token_hash
-    after_initialize :set_empty_token_hash
     # get rid of dead tokens
     before_save :destroy_expired_tokens
@@ -101,18 +103,6 @@ module DeviseTokenAuth::Concerns::User
     [client_id, token, expiry]
   end
-  module ClassMethods
-    protected
-    def tokens_has_json_column_type?
-      database_exists? && table_exists? && columns_hash['tokens'] && columns_hash['tokens'].type.in?([:json, :jsonb])
-    end
-    def database_exists?
-      ActiveRecord::Base.connection_pool.with_connection { |con| con.active? } rescue false
-    end
-  end
   def valid_token?(token, client_id = 'default')
     return false unless tokens[client_id]
     return true if token_is_current?(token, client_id)
@@ -154,7 +144,7 @@ module DeviseTokenAuth::Concerns::User
       updated_at && last_token &&
       # ensure that previous token falls within the batch buffer throttle time of the last request
-      Time.parse(updated_at) > Time.zone.now - DeviseTokenAuth.batch_request_buffer_throttle &&
+      updated_at.to_time > Time.zone.now - DeviseTokenAuth.batch_request_buffer_throttle &&
       # ensure that the token is valid
       ::BCrypt::Password.new(last_token) == token
@@ -223,10 +213,6 @@ module DeviseTokenAuth::Concerns::User
   protected
-  def set_empty_token_hash
-    self.tokens ||= {} if has_attribute?(:tokens)
-  end
   def destroy_expired_tokens
     if tokens
       tokens.delete_if do |cid, v|

data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb CHANGED

@@ -5,7 +5,7 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
   included do
     validates :email, presence: true,if: :email_provider?
-    validates :email, email: true, allow_nil: true, allow_blank: true, if: :email_provider?
+    validates :email, 'devise_token_auth/email' => true, allow_nil: true, allow_blank: true, if: :email_provider?
     validates_presence_of :uid, unless: :email_provider?
     # only validate unique emails among email registration users
@@ -23,6 +23,6 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
   end
   def sync_uid
-    self.uid = email if provider == 'email'
+    self.uid = email if email_provider?
   end
 end

data/app/validators/{email_validator.rb → devise_token_auth/email_validator.rb} RENAMED

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-class EmailValidator < ActiveModel::EachValidator
+class DeviseTokenAuth::EmailValidator < ActiveModel::EachValidator
   def validate_each(record, attribute, value)
     unless value =~ /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
       record.errors[attribute] << email_invalid_message

data/config/locales/he.yml ADDED

@@ -0,0 +1,50 @@
+he:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "הודעת אישור נשלחה לחשבון שלך בכתובת '%{email}'. עליך לפעול לפי ההנחיות שבדוא\"ל לפני הפעלת החשבון שלך"
+      bad_credentials: "נתוני כניסה שגויים. בבקשה נסה שוב."
+      not_supported: "השתמש ב- POST / sign_in כדי להיכנס. GET אינו נתמך."
+      user_not_found: "המשתמש לא נמצא או לא היה מחובר."
+    token_validations:
+      invalid: "נתוני כניסה שגויים"
+    registrations:
+      missing_confirm_success_url: "חסר פרמטר 'confirm_success_url'."
+      redirect_url_not_allowed: "הפניה אל '%{redirect_url}' אינה מותרת."
+      email_already_exists: "כבר קיים חשבון עבור '%{email}'"
+      account_with_uid_destroyed: "חשבון עם UID '%{uid}' הושמד."
+      account_to_destroy_not_found: "לא ניתן לאתר חשבון להשמדה."
+      user_not_found: "המשתמש לא נמצא."
+    passwords:
+      missing_email: "עליך לספק כתובת דוא\"ל."
+      missing_redirect_url: "כתובת אתר להפניה מחדש חסרה."
+      not_allowed_redirect_url: "הפניה אל '%{redirect_url}' אינה מותרת."
+      sended: "אימייל נשלח ל '%{email}' המכיל הוראות לאיפוס הסיסמה שלך."
+      user_not_found: "לא ניתן למצוא משתמש עם הדוא\"ל '%{email}'."
+      password_not_required: "חשבון זה אינו דורש סיסמה. במקום זאת, השתמש בחשבון '%{provider}' שלך."
+      missing_passwords: "עליך למלא את השדות 'סיסמה' ו'אישור סיסמה'."
+      successfully_updated: "הסיסמה שלך עודכנה בהצלחה."
+    unlocks:
+      missing_email: "עליך לספק כתובת דוא\"ל."
+      sended: "הודעת אימייל נשלחה אל '%{email}' המכילה הוראות לביטול הנעילה של חשבונך."
+      user_not_found: "ניתן למצוא את המשתמש עם הדוא\"ל '%{email}'"
+  errors:
+    messages:
+      validate_sign_up_params: "שלח נתוני רישום תקינים בגוף הבקשה."
+      validate_account_update_params: "שלחו בבקשה נתוני עדכון חשבון תקינים בגוף הבקשה."
+      not_email: "אינו דוא\"ל"
+  devise:
+    mailer:
+      confirmation_instructions:
+        confirm_link_msg: "תוכל לאשר את כתובת הדוא\"ל של החשבון שלך באמצעות הקישור הבא:"
+        confirm_account_link: "אשר את החשבון שלי"
+      reset_password_instructions:
+        request_reset_link_msg: "מישהו ביקש קישור לשינוי הסיסמה שלך. תוכל לעשות זאת באמצעות הקישור הבא."
+        password_change_link: "שנה את הסיסמה שלי"
+        ignore_mail_msg: "אם לא ביקשת זאת, התעלם מדוא\"ל זה."
+        no_changes_msg: "הסיסמה שלך לא תשתנה עד שתגיע לקישור שלמעלה ותיצור סיסמה חדשה."
+      unlock_instructions:
+        account_lock_msg: "החשבון שלך ננעל עקב מספר מופרז של ניסיונות כניסה לא מוצלחים."
+        unlock_link_msg: "לחץ על הקישור למטה כדי לבטל את נעילת החשבון שלך:"
+        unlock_link: "בטל את הנעילה של החשבון שלי"
+  hello: "שלום"
+  welcome: "ברוך הבא"

data/config/locales/ja.yml CHANGED

@@ -34,7 +34,7 @@ ja:
         confirm_link_msg: "下記のリンクからアカウントを有効化できます:"
         confirm_account_link: "アカウントを有効化する"
       reset_password_instructions:
-        request_reset_link_msg: "パスワード変更のリクエストが送信されました。下記のリンクからパスワードの変更をできます。"
+        request_reset_link_msg: "パスワード変更のリクエストが送信されました。下記のリンクからパスワードの変更ができます。"
         password_change_link: "パスワードを変更する"
         ignore_mail_msg: "もしこの内容に覚えがない場合は、このメールを無視してください。"
         no_changes_msg: "上記のリンクにアクセスして新しいパスワードを作成するまで、現在のパスワードは変更されません。"

data/lib/devise_token_auth.rb CHANGED

@@ -1,11 +1,13 @@
 # frozen_string_literal: true
 require 'devise'
+module DeviseTokenAuth
+end
 require 'devise_token_auth/engine'
 require 'devise_token_auth/controllers/helpers'
 require 'devise_token_auth/controllers/url_helpers'
 require 'devise_token_auth/url'
 require 'devise_token_auth/errors'
-module DeviseTokenAuth
-end
+require 'devise_token_auth/blacklist'

data/lib/devise_token_auth/blacklist.rb ADDED

	@@ -0,0 +1,2 @@
1	+ # don't serialize tokens
2	+ Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION << :tokens

data/lib/devise_token_auth/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module DeviseTokenAuth
-  VERSION = '1.0.0'.freeze
+  VERSION = '1.1.0'.freeze
 end

data/lib/generators/devise_token_auth/install_generator.rb CHANGED

@@ -1,20 +1,14 @@
 # frozen_string_literal: true
+require_relative 'install_generator_helpers'
 module DeviseTokenAuth
   class InstallGenerator < Rails::Generators::Base
     include Rails::Generators::Migration
+    include DeviseTokenAuth::InstallGeneratorHelpers
     class_option :primary_key_type, type: :string, desc: 'The type for primary key'
-    source_root File.expand_path('templates', __dir__)
-    argument :user_class, type: :string, default: 'User'
-    argument :mount_path, type: :string, default: 'auth'
-    def create_initializer_file
-      copy_file('devise_token_auth.rb', 'config/initializers/devise_token_auth.rb')
-    end
     def copy_migrations
       if self.class.migration_exists?('db/migrate', "devise_token_auth_create_#{user_class.pluralize.gsub('::','').underscore}")
         say_status('skipped', "Migration 'devise_token_auth_create_#{user_class.pluralize.gsub('::','').underscore}' already exists")
@@ -47,90 +41,12 @@ module DeviseTokenAuth
       end
     end
-    def include_controller_concerns
-      fname = 'app/controllers/application_controller.rb'
-      line  = 'include DeviseTokenAuth::Concerns::SetUserByToken'
-      if File.exist?(File.join(destination_root, fname))
-        if parse_file_for_line(fname, line)
-          say_status('skipped', 'Concern is already included in the application controller.')
-        elsif is_rails_api?
-          inject_into_file fname, after: "class ApplicationController < ActionController::API\n" do <<-'RUBY'
-  include DeviseTokenAuth::Concerns::SetUserByToken
-          RUBY
-          end
-        else
-          inject_into_file fname, after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
-  include DeviseTokenAuth::Concerns::SetUserByToken
-          RUBY
-          end
-        end
-      else
-        say_status('skipped', "app/controllers/application_controller.rb not found. Add 'include DeviseTokenAuth::Concerns::SetUserByToken' to any controllers that require authentication.")
-      end
-    end
-    def add_route_mount
-      f    = 'config/routes.rb'
-      str  = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
-      if File.exist?(File.join(destination_root, f))
-        line = parse_file_for_line(f, 'mount_devise_token_auth_for')
-        if line
-          existing_user_class = true
-        else
-          line = 'Rails.application.routes.draw do'
-          existing_user_class = false
-        end
-        if parse_file_for_line(f, str)
-          say_status('skipped', "Routes already exist for #{user_class} at #{mount_path}")
-        else
-          insert_after_line(f, line, str)
-          if existing_user_class
-            scoped_routes = ''\
-              "as :#{user_class.underscore} do\n"\
-              "    # Define routes for #{user_class} within this block.\n"\
-              "  end\n"
-            insert_after_line(f, str, scoped_routes)
-          end
-        end
-      else
-        say_status('skipped', "config/routes.rb not found. Add \"mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'\" to your routes file.")
-      end
-    end
     private
     def self.next_migration_number(path)
       Time.zone.now.utc.strftime('%Y%m%d%H%M%S')
     end
-    def insert_after_line(filename, line, str)
-      gsub_file filename, /(#{Regexp.escape(line)})/mi do |match|
-        "#{match}\n  #{str}"
-      end
-    end
-    def parse_file_for_line(filename, str)
-      match = false
-      File.open(File.join(destination_root, filename)) do |f|
-        f.each_line do |line|
-          match = line if line =~ /(#{Regexp.escape(str)})/mi
-        end
-      end
-      match
-    end
-    def is_rails_api?
-      fname = 'app/controllers/application_controller.rb'
-      line = 'class ApplicationController < ActionController::API'
-      parse_file_for_line(fname, line)
-    end
     def json_supported_database?
       (postgres? && postgres_correct_version?) || (mysql? && mysql_correct_version?)
     end

data/lib/generators/devise_token_auth/install_generator_helpers.rb ADDED

@@ -0,0 +1,98 @@
+module DeviseTokenAuth
+  module InstallGeneratorHelpers
+    class << self
+      def included(mod)
+        mod.class_eval do
+          source_root File.expand_path('templates', __dir__)
+          argument :user_class, type: :string, default: 'User'
+          argument :mount_path, type: :string, default: 'auth'
+          def create_initializer_file
+            copy_file('devise_token_auth.rb', 'config/initializers/devise_token_auth.rb')
+          end
+          def include_controller_concerns
+            fname = 'app/controllers/application_controller.rb'
+            line  = 'include DeviseTokenAuth::Concerns::SetUserByToken'
+            if File.exist?(File.join(destination_root, fname))
+              if parse_file_for_line(fname, line)
+                say_status('skipped', 'Concern is already included in the application controller.')
+              elsif is_rails_api?
+                inject_into_file fname, after: "class ApplicationController < ActionController::API\n" do <<-'RUBY'
+        include DeviseTokenAuth::Concerns::SetUserByToken
+                RUBY
+                end
+              else
+                inject_into_file fname, after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
+        include DeviseTokenAuth::Concerns::SetUserByToken
+                RUBY
+                end
+              end
+            else
+              say_status('skipped', "app/controllers/application_controller.rb not found. Add 'include DeviseTokenAuth::Concerns::SetUserByToken' to any controllers that require authentication.")
+            end
+          end
+          def add_route_mount
+            f    = 'config/routes.rb'
+            str  = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
+            if File.exist?(File.join(destination_root, f))
+              line = parse_file_for_line(f, 'mount_devise_token_auth_for')
+              if line
+                existing_user_class = true
+              else
+                line = 'Rails.application.routes.draw do'
+                existing_user_class = false
+              end
+              if parse_file_for_line(f, str)
+                say_status('skipped', "Routes already exist for #{user_class} at #{mount_path}")
+              else
+                insert_after_line(f, line, str)
+                if existing_user_class
+                  scoped_routes = ''\
+                    "as :#{user_class.underscore} do\n"\
+                    "    # Define routes for #{user_class} within this block.\n"\
+                    "  end\n"
+                  insert_after_line(f, str, scoped_routes)
+                end
+              end
+            else
+              say_status('skipped', "config/routes.rb not found. Add \"mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'\" to your routes file.")
+            end
+          end
+          private
+          def insert_after_line(filename, line, str)
+            gsub_file filename, /(#{Regexp.escape(line)})/mi do |match|
+              "#{match}\n  #{str}"
+            end
+          end
+          def parse_file_for_line(filename, str)
+            match = false
+            File.open(File.join(destination_root, filename)) do |f|
+              f.each_line do |line|
+                match = line if line =~ /(#{Regexp.escape(str)})/mi
+              end
+            end
+            match
+          end
+          def is_rails_api?
+            fname = 'app/controllers/application_controller.rb'
+            line = 'class ApplicationController < ActionController::API'
+            parse_file_for_line(fname, line)
+          end
+        end
+      end
+    end
+  end
+end