devise_token_auth 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of devise_token_auth might be problematic. Click here for more details.

Files changed (74) hide show
  1. checksums.yaml +5 -5
  2. data/README.md +2 -2
  3. data/app/controllers/devise_token_auth/application_controller.rb +0 -1
  4. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +11 -12
  5. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +15 -28
  6. data/app/controllers/devise_token_auth/confirmations_controller.rb +14 -19
  7. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +46 -21
  8. data/app/controllers/devise_token_auth/passwords_controller.rb +15 -19
  9. data/app/controllers/devise_token_auth/registrations_controller.rb +31 -39
  10. data/app/controllers/devise_token_auth/unlocks_controller.rb +1 -1
  11. data/app/models/devise_token_auth/concerns/active_record_support.rb +34 -0
  12. data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
  13. data/app/models/devise_token_auth/concerns/user.rb +9 -23
  14. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +2 -2
  15. data/app/validators/{email_validator.rb → devise_token_auth/email_validator.rb} +1 -1
  16. data/config/locales/he.yml +50 -0
  17. data/config/locales/ja.yml +1 -1
  18. data/lib/devise_token_auth.rb +5 -3
  19. data/lib/devise_token_auth/blacklist.rb +2 -0
  20. data/lib/devise_token_auth/version.rb +1 -1
  21. data/lib/generators/devise_token_auth/install_generator.rb +3 -87
  22. data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
  23. data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
  24. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +0 -7
  25. data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
  26. data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
  27. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +41 -20
  28. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +2 -0
  29. data/test/controllers/devise_token_auth/passwords_controller_test.rb +115 -94
  30. data/test/controllers/devise_token_auth/registrations_controller_test.rb +31 -4
  31. data/test/controllers/devise_token_auth/sessions_controller_test.rb +0 -38
  32. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +2 -1
  33. data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
  34. data/test/dummy/app/{models → active_record}/mang.rb +0 -0
  35. data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
  36. data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
  37. data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
  38. data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
  39. data/test/dummy/app/active_record/user.rb +6 -0
  40. data/test/dummy/app/controllers/overrides/sessions_controller.rb +1 -1
  41. data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
  42. data/test/dummy/app/mongoid/lockable_user.rb +38 -0
  43. data/test/dummy/app/mongoid/mang.rb +46 -0
  44. data/test/dummy/app/mongoid/only_email_user.rb +33 -0
  45. data/test/dummy/app/mongoid/scoped_user.rb +50 -0
  46. data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
  47. data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
  48. data/test/dummy/app/mongoid/user.rb +49 -0
  49. data/test/dummy/config/application.rb +23 -1
  50. data/test/dummy/config/boot.rb +4 -0
  51. data/test/dummy/config/initializers/devise.rb +12 -0
  52. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
  53. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
  54. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
  55. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
  56. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
  57. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
  58. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
  59. data/test/dummy/db/schema.rb +1 -28
  60. data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +9 -0
  61. data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +50 -0
  62. data/test/dummy/tmp/generators/config/routes.rb +4 -0
  63. data/test/dummy/tmp/generators/db/migrate/20190112150327_devise_token_auth_create_azpire_v1_human_resource_users.rb +56 -0
  64. data/test/lib/devise_token_auth/blacklist_test.rb +11 -0
  65. data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
  66. data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
  67. data/test/models/concerns/mongoid_support_test.rb +31 -0
  68. data/test/models/only_email_user_test.rb +0 -8
  69. data/test/models/user_test.rb +1 -1
  70. data/test/test_helper.rb +12 -2
  71. metadata +91 -27
  72. data/config/initializers/devise.rb +0 -198
  73. data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
  74. data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
@@ -83,6 +83,33 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
83
83
  end
84
84
  end
85
85
 
86
+ describe 'using allow_unconfirmed_access_for' do
87
+ before do
88
+ @original_duration = Devise.allow_unconfirmed_access_for
89
+ Devise.allow_unconfirmed_access_for = nil
90
+ post '/auth',
91
+ params: {
92
+ email: Faker::Internet.email,
93
+ password: 'secret123',
94
+ password_confirmation: 'secret123',
95
+ confirm_success_url: Faker::Internet.url,
96
+ unpermitted_param: '(x_x)'
97
+ }
98
+ end
99
+
100
+ test 'auth headers were returned in response' do
101
+ assert response.headers['access-token']
102
+ assert response.headers['token-type']
103
+ assert response.headers['client']
104
+ assert response.headers['expiry']
105
+ assert response.headers['uid']
106
+ end
107
+
108
+ after do
109
+ Devise.allow_unconfirmed_access_for = @original_duration
110
+ end
111
+ end
112
+
86
113
  describe 'using "+" in email' do
87
114
  test 'can use + sign in email addresses' do
88
115
  @plus_email = 'ak+testing@gmail.com'
@@ -305,7 +332,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
305
332
  end
306
333
 
307
334
  test 'user should not have been created' do
308
- assert_nil @resource.id
335
+ refute @resource.persisted?
309
336
  end
310
337
 
311
338
  test 'error should be returned in the response' do
@@ -333,7 +360,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
333
360
  end
334
361
 
335
362
  test 'user should not have been created' do
336
- assert_nil @resource.id
363
+ refute @resource.persisted?
337
364
  end
338
365
 
339
366
  test 'error should be returned in the response' do
@@ -362,7 +389,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
362
389
  end
363
390
 
364
391
  test 'user should have been created' do
365
- assert_nil @resource.id
392
+ refute @resource.persisted?
366
393
  end
367
394
 
368
395
  test 'error should be returned in the response' do
@@ -393,7 +420,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
393
420
  end
394
421
 
395
422
  test 'user should have been created' do
396
- assert_nil @resource.id
423
+ refute @resource.persisted?
397
424
  end
398
425
 
399
426
  test 'error should be returned in the response' do
@@ -17,12 +17,6 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
17
17
 
18
18
  describe 'success' do
19
19
  before do
20
- @old_sign_in_count = @existing_user.sign_in_count
21
- @old_current_sign_in_at = @existing_user.current_sign_in_at
22
- @old_last_sign_in_at = @existing_user.last_sign_in_at
23
- @old_sign_in_ip = @existing_user.current_sign_in_ip
24
- @old_last_sign_in_ip = @existing_user.last_sign_in_ip
25
-
26
20
  post :create,
27
21
  params: {
28
22
  email: @existing_user.email,
@@ -31,12 +25,6 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
31
25
 
32
26
  @resource = assigns(:resource)
33
27
  @data = JSON.parse(response.body)
34
-
35
- @new_sign_in_count = @resource.sign_in_count
36
- @new_current_sign_in_at = @resource.current_sign_in_at
37
- @new_last_sign_in_at = @resource.last_sign_in_at
38
- @new_sign_in_ip = @resource.current_sign_in_ip
39
- @new_last_sign_in_ip = @resource.last_sign_in_ip
40
28
  end
41
29
 
42
30
  test 'request should succeed' do
@@ -47,32 +35,6 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
47
35
  assert_equal @existing_user.email, @data['data']['email']
48
36
  end
49
37
 
50
- describe 'trackable' do
51
- test 'sign_in_count incrementns' do
52
- assert_equal @old_sign_in_count + 1, @new_sign_in_count
53
- end
54
-
55
- test 'current_sign_in_at is updated' do
56
- refute @old_current_sign_in_at
57
- assert @new_current_sign_in_at
58
- end
59
-
60
- test 'last_sign_in_at is updated' do
61
- refute @old_last_sign_in_at
62
- assert @new_last_sign_in_at
63
- end
64
-
65
- test 'sign_in_ip is updated' do
66
- refute @old_sign_in_ip
67
- assert_equal '0.0.0.0', @new_sign_in_ip
68
- end
69
-
70
- test 'last_sign_in_ip is updated' do
71
- refute @old_last_sign_in_ip
72
- assert_equal '0.0.0.0', @new_last_sign_in_ip
73
- end
74
- end
75
-
76
38
  describe "with multiple clients and headers don't change in each request" do
77
39
  before do
78
40
  # Set the max_number_of_devices to a lower number
@@ -47,7 +47,8 @@ class DeviseTokenAuth::TokenValidationsControllerTest < ActionDispatch::Integrat
47
47
 
48
48
  describe 'with invalid user' do
49
49
  before do
50
- @resource.update_column :email, 'invalid'
50
+ @resource.update_column(:email, 'invalid') if DEVISE_TOKEN_AUTH_ORM == :active_record
51
+ @resource.set(email: 'invalid') if DEVISE_TOKEN_AUTH_ORM == :mongoid
51
52
  end
52
53
 
53
54
  test 'request should raise invalid model error' do
@@ -3,7 +3,7 @@
3
3
  class ScopedUser < ActiveRecord::Base
4
4
  # Include default devise modules.
5
5
  devise :database_authenticatable, :registerable,
6
- :recoverable, :rememberable, :trackable, :validatable,
7
- :confirmable, :omniauthable
6
+ :recoverable, :rememberable,
7
+ :validatable, :confirmable, :omniauthable
8
8
  include DeviseTokenAuth::Concerns::User
9
9
  end
@@ -4,7 +4,6 @@ class UnconfirmableUser < ActiveRecord::Base
4
4
  # Include default devise modules.
5
5
  devise :database_authenticatable, :registerable,
6
6
  :recoverable, :rememberable,
7
- :trackable, :validatable,
8
- :omniauthable
7
+ :validatable, :omniauthable
9
8
  include DeviseTokenAuth::Concerns::User
10
9
  end
@@ -2,8 +2,8 @@
2
2
 
3
3
  class UnregisterableUser < ActiveRecord::Base
4
4
  # Include default devise modules.
5
- devise :database_authenticatable,
6
- :recoverable, :trackable, :validatable,
7
- :confirmable, :omniauthable
5
+ devise :database_authenticatable, :recoverable,
6
+ :validatable, :confirmable,
7
+ :omniauthable
8
8
  include DeviseTokenAuth::Concerns::User
9
9
  end
@@ -0,0 +1,6 @@
1
+ # frozen_string_literal: true
2
+
3
+ class User < ActiveRecord::Base
4
+ include DeviseTokenAuth::Concerns::User
5
+ include FavoriteColor
6
+ end
@@ -5,7 +5,7 @@ module Overrides
5
5
  OVERRIDE_PROOF = '(^^,)'.freeze
6
6
 
7
7
  def create
8
- @resource = resource_class.find_by(email: resource_params[:email])
8
+ @resource = resource_class.dta_find_by(email: resource_params[:email])
9
9
 
10
10
  if @resource && valid_params?(:email, resource_params[:email]) && @resource.valid_password?(resource_params[:password]) && @resource.confirmed?
11
11
  @client_id, @token = @resource.create_token
@@ -1,13 +1,12 @@
1
- # frozen_string_literal: true
2
-
3
- class User < ActiveRecord::Base
4
- include DeviseTokenAuth::Concerns::User
5
-
6
- validates :operating_thetan, numericality: true, allow_nil: true
7
- validate :ensure_correct_favorite_color
1
+ module FavoriteColor
2
+ extend ActiveSupport::Concern
8
3
 
4
+ included do
5
+ validates :operating_thetan, numericality: true, allow_nil: true
6
+ validate :ensure_correct_favorite_color
7
+ end
8
+
9
9
  def ensure_correct_favorite_color
10
-
11
10
  if favorite_color && (favorite_color != '')
12
11
  unless ApplicationHelper::COLOR_NAMES.any?{ |s| s.casecmp(favorite_color)==0 }
13
12
  matches = ApplicationHelper::COLOR_SEARCH.search(favorite_color)
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ class LockableUser
4
+ include Mongoid::Document
5
+ include Mongoid::Timestamps
6
+ include Mongoid::Locker
7
+
8
+ field :locker_locked_at, type: Time
9
+ field :locker_locked_until, type: Time
10
+
11
+ locker locked_at_field: :locker_locked_at,
12
+ locked_until_field: :locker_locked_until
13
+
14
+ ## User Info
15
+ field :name, type: String
16
+ field :nickname, type: String
17
+ field :image, type: String
18
+
19
+ ## Database authenticatable
20
+ field :email, type: String, default: ''
21
+ field :encrypted_password, type: String, default: ''
22
+
23
+ ## Lockable
24
+ field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
25
+ field :unlock_token, type: String # Only if unlock strategy is :email or :both
26
+ field :locked_at, type: Time
27
+
28
+ ## Required
29
+ field :provider, type: String
30
+ field :uid, type: String, default: ''
31
+
32
+ ## Tokens
33
+ field :tokens, type: Hash, default: {}
34
+
35
+ # Include default devise modules.
36
+ devise :database_authenticatable, :registerable, :lockable
37
+ include DeviseTokenAuth::Concerns::User
38
+ end
@@ -0,0 +1,46 @@
1
+ # frozen_string_literal: true
2
+
3
+ class Mang
4
+ include Mongoid::Document
5
+ include Mongoid::Timestamps
6
+ include Mongoid::Locker
7
+
8
+ field :locker_locked_at, type: Time
9
+ field :locker_locked_until, type: Time
10
+
11
+ locker locked_at_field: :locker_locked_at,
12
+ locked_until_field: :locker_locked_until
13
+
14
+ ## User Info
15
+ field :name, type: String
16
+ field :nickname, type: String
17
+ field :image, type: String
18
+
19
+ ## Database authenticatable
20
+ field :email, type: String, default: ''
21
+ field :encrypted_password, type: String, default: ''
22
+
23
+ ## Recoverable
24
+ field :reset_password_token, type: String
25
+ field :reset_password_sent_at, type: Time
26
+ field :reset_password_redirect_url, type: String
27
+ field :allow_password_change, type: Boolean, default: false
28
+
29
+ ## Rememberable
30
+ field :remember_created_at, type: Time
31
+
32
+ ## Confirmable
33
+ field :confirmation_token, type: String
34
+ field :confirmed_at, type: Time
35
+ field :confirmation_sent_at, type: Time
36
+ field :unconfirmed_email, type: String # Only if using reconfirmable
37
+
38
+ ## Required
39
+ field :provider, type: String
40
+ field :uid, type: String, default: ''
41
+
42
+ ## Tokens
43
+ field :tokens, type: Hash, default: {}
44
+
45
+ include DeviseTokenAuth::Concerns::User
46
+ end
@@ -0,0 +1,33 @@
1
+ # frozen_string_literal: true
2
+
3
+ class OnlyEmailUser
4
+ include Mongoid::Document
5
+ include Mongoid::Timestamps
6
+ include Mongoid::Locker
7
+
8
+ field :locker_locked_at, type: Time
9
+ field :locker_locked_until, type: Time
10
+
11
+ locker locked_at_field: :locker_locked_at,
12
+ locked_until_field: :locker_locked_until
13
+
14
+ ## User Info
15
+ field :name, type: String
16
+ field :nickname, type: String
17
+ field :image, type: String
18
+
19
+ ## Database authenticatable
20
+ field :email, type: String, default: ''
21
+ field :encrypted_password, type: String, default: ''
22
+
23
+ ## Required
24
+ field :provider, type: String
25
+ field :uid, type: String, default: ''
26
+
27
+ ## Tokens
28
+ field :tokens, type: Hash, default: {}
29
+
30
+ # Include default devise modules.
31
+ devise :database_authenticatable, :registerable
32
+ include DeviseTokenAuth::Concerns::User
33
+ end
@@ -0,0 +1,50 @@
1
+ # frozen_string_literal: true
2
+
3
+ class ScopedUser
4
+ include Mongoid::Document
5
+ include Mongoid::Timestamps
6
+ include Mongoid::Locker
7
+
8
+ field :locker_locked_at, type: Time
9
+ field :locker_locked_until, type: Time
10
+
11
+ locker locked_at_field: :locker_locked_at,
12
+ locked_until_field: :locker_locked_until
13
+
14
+ ## User Info
15
+ field :name, type: String
16
+ field :nickname, type: String
17
+ field :image, type: String
18
+
19
+ ## Database authenticatable
20
+ field :email, type: String, default: ''
21
+ field :encrypted_password, type: String, default: ''
22
+
23
+ ## Recoverable
24
+ field :reset_password_token, type: String
25
+ field :reset_password_sent_at, type: Time
26
+ field :reset_password_redirect_url, type: String
27
+ field :allow_password_change, type: Boolean, default: false
28
+
29
+ ## Rememberable
30
+ field :remember_created_at, type: Time
31
+
32
+ ## Confirmable
33
+ field :confirmation_token, type: String
34
+ field :confirmed_at, type: Time
35
+ field :confirmation_sent_at, type: Time
36
+ field :unconfirmed_email, type: String # Only if using reconfirmable
37
+
38
+ ## Required
39
+ field :provider, type: String
40
+ field :uid, type: String, default: ''
41
+
42
+ ## Tokens
43
+ field :tokens, type: Hash, default: {}
44
+
45
+ # Include default devise modules.
46
+ devise :database_authenticatable, :registerable,
47
+ :recoverable, :rememberable, :trackable,
48
+ :validatable, :confirmable, :omniauthable
49
+ include DeviseTokenAuth::Concerns::User
50
+ end
@@ -0,0 +1,44 @@
1
+ # frozen_string_literal: true
2
+
3
+ class UnconfirmableUser
4
+ include Mongoid::Document
5
+ include Mongoid::Timestamps
6
+ include Mongoid::Locker
7
+
8
+ field :locker_locked_at, type: Time
9
+ field :locker_locked_until, type: Time
10
+
11
+ locker locked_at_field: :locker_locked_at,
12
+ locked_until_field: :locker_locked_until
13
+
14
+ ## User Info
15
+ field :name, type: String
16
+ field :nickname, type: String
17
+ field :image, type: String
18
+
19
+ ## Database authenticatable
20
+ field :email, type: String, default: ''
21
+ field :encrypted_password, type: String, default: ''
22
+
23
+ ## Recoverable
24
+ field :reset_password_token, type: String
25
+ field :reset_password_sent_at, type: Time
26
+ field :reset_password_redirect_url, type: String
27
+ field :allow_password_change, type: Boolean, default: false
28
+
29
+ ## Rememberable
30
+ field :remember_created_at, type: Time
31
+
32
+ ## Required
33
+ field :provider, type: String
34
+ field :uid, type: String, default: ''
35
+
36
+ ## Tokens
37
+ field :tokens, type: Hash, default: {}
38
+
39
+ # Include default devise modules.
40
+ devise :database_authenticatable, :registerable,
41
+ :recoverable, :rememberable, :trackable,
42
+ :validatable, :omniauthable
43
+ include DeviseTokenAuth::Concerns::User
44
+ end
@@ -0,0 +1,47 @@
1
+ # frozen_string_literal: true
2
+
3
+ class UnregisterableUser
4
+ include Mongoid::Document
5
+ include Mongoid::Timestamps
6
+ include Mongoid::Locker
7
+
8
+ field :locker_locked_at, type: Time
9
+ field :locker_locked_until, type: Time
10
+
11
+ locker locked_at_field: :locker_locked_at,
12
+ locked_until_field: :locker_locked_until
13
+
14
+ ## User Info
15
+ field :name, type: String
16
+ field :nickname, type: String
17
+ field :image, type: String
18
+
19
+ ## Database authenticatable
20
+ field :email, type: String, default: ''
21
+ field :encrypted_password, type: String, default: ''
22
+
23
+ ## Recoverable
24
+ field :reset_password_token, type: String
25
+ field :reset_password_sent_at, type: Time
26
+ field :reset_password_redirect_url, type: String
27
+ field :allow_password_change, type: Boolean, default: false
28
+
29
+ ## Confirmable
30
+ field :confirmation_token, type: String
31
+ field :confirmed_at, type: Time
32
+ field :confirmation_sent_at, type: Time
33
+ field :unconfirmed_email, type: String # Only if using reconfirmable
34
+
35
+ ## Required
36
+ field :provider, type: String
37
+ field :uid, type: String, default: ''
38
+
39
+ ## Tokens
40
+ field :tokens, type: Hash, default: {}
41
+
42
+ # Include default devise modules.
43
+ devise :database_authenticatable, :recoverable,
44
+ :trackable, :validatable, :confirmable,
45
+ :omniauthable
46
+ include DeviseTokenAuth::Concerns::User
47
+ end