devise_token_auth 1.0.0 → 1.1.4

data/test/test_helper.rb

@@ -7,11 +7,15 @@ SimpleCov.start 'rails' do
 end
 
 ENV['RAILS_ENV'] = 'test'
+DEVISE_TOKEN_AUTH_ORM = (ENV['DEVISE_TOKEN_AUTH_ORM'] || :active_record).to_sym
+
+puts "\n==> DeviseTokenAuth.orm = #{DEVISE_TOKEN_AUTH_ORM.inspect}"
 
 require File.expand_path('dummy/config/environment', __dir__)
-require 'rails/test_help'
+require 'active_support/testing/autorun'
 require 'minitest/rails'
 require 'mocha/minitest'
+require 'database_cleaner'
 
 FactoryBot.definition_file_paths = [File.expand_path('factories', __dir__)]
 FactoryBot.find_definitions
@@ -30,13 +34,19 @@ end
 class ActiveSupport::TestCase
   include FactoryBot::Syntax::Methods
 
-  ActiveRecord::Migration.check_pending!
+  ActiveRecord::Migration.check_pending! if DEVISE_TOKEN_AUTH_ORM == :active_record
+
+  strategies = { active_record: :transaction,
+                 mongoid: :truncation }
+  DatabaseCleaner.strategy = strategies[DEVISE_TOKEN_AUTH_ORM]
+  setup { DatabaseCleaner.start }
+  teardown { DatabaseCleaner.clean }
 
   # Add more helper methods to be used by all tests here...
 
   def age_token(user, client_id)
     if user.tokens[client_id]
-      user.tokens[client_id]['updated_at'] = Time.zone.now - (DeviseTokenAuth.batch_request_buffer_throttle + 10.seconds)
+      user.tokens[client_id]['updated_at'] = (Time.zone.now - (DeviseTokenAuth.batch_request_buffer_throttle + 10.seconds)).to_s(:rfc822)
       user.save!
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_token_auth
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.4
 platform: ruby
 authors:
 - Lynn Hurley
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-10-23 00:00:00.000000000 Z
+date: 2020-06-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -19,7 +19,7 @@ dependencies:
         version: 4.2.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '6.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,21 @@ dependencies:
         version: 4.2.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: sprockets
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.7.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.7.2
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
@@ -39,7 +53,7 @@ dependencies:
         version: 3.5.2
     - - "<"
       - !ruby/object:Gem::Version
-        version: '4.6'
+        version: '5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -49,7 +63,21 @@ dependencies:
         version: 3.5.2
     - - "<"
       - !ruby/object:Gem::Version
-        version: '4.6'
+        version: '5'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -70,14 +98,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -106,6 +134,40 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: mongoid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8'
+- !ruby/object:Gem::Dependency
+  name: mongoid-locker
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: For use with client side single page apps such as the venerable https://github.com/lynndylanhurley/ng-token-auth.
 email:
 - lynn.dylan.hurley@gmail.com
@@ -126,21 +188,26 @@ files:
 - app/controllers/devise_token_auth/sessions_controller.rb
 - app/controllers/devise_token_auth/token_validations_controller.rb
 - app/controllers/devise_token_auth/unlocks_controller.rb
+- app/models/devise_token_auth/concerns/active_record_support.rb
+- app/models/devise_token_auth/concerns/confirmable_support.rb
+- app/models/devise_token_auth/concerns/mongoid_support.rb
+- app/models/devise_token_auth/concerns/tokens_serialization.rb
 - app/models/devise_token_auth/concerns/user.rb
 - app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb
-- app/validators/email_validator.rb
+- app/validators/devise_token_auth_email_validator.rb
 - app/views/devise/mailer/confirmation_instructions.html.erb
 - app/views/devise/mailer/reset_password_instructions.html.erb
 - app/views/devise/mailer/unlock_instructions.html.erb
 - app/views/devise_token_auth/omniauth_external_window.html.erb
-- config/initializers/devise.rb
 - config/locales/da-DK.yml
 - config/locales/de.yml
 - config/locales/en.yml
 - config/locales/es.yml
 - config/locales/fr.yml
+- config/locales/he.yml
 - config/locales/it.yml
 - config/locales/ja.yml
+- config/locales/ko.yml
 - config/locales/nl.yml
 - config/locales/pl.yml
 - config/locales/pt-BR.yml
@@ -155,19 +222,24 @@ files:
 - config/locales/zh-HK.yml
 - config/locales/zh-TW.yml
 - lib/devise_token_auth.rb
+- lib/devise_token_auth/blacklist.rb
 - lib/devise_token_auth/controllers/helpers.rb
 - lib/devise_token_auth/controllers/url_helpers.rb
 - lib/devise_token_auth/engine.rb
 - lib/devise_token_auth/errors.rb
 - lib/devise_token_auth/rails/routes.rb
+- lib/devise_token_auth/token_factory.rb
 - lib/devise_token_auth/url.rb
 - lib/devise_token_auth/version.rb
 - lib/generators/devise_token_auth/USAGE
 - lib/generators/devise_token_auth/install_generator.rb
+- lib/generators/devise_token_auth/install_generator_helpers.rb
+- lib/generators/devise_token_auth/install_mongoid_generator.rb
 - lib/generators/devise_token_auth/install_views_generator.rb
 - lib/generators/devise_token_auth/templates/devise_token_auth.rb
 - lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb
 - lib/generators/devise_token_auth/templates/user.rb.erb
+- lib/generators/devise_token_auth/templates/user_mongoid.rb.erb
 - lib/tasks/devise_token_auth_tasks.rake
 - test/controllers/custom/custom_confirmations_controller_test.rb
 - test/controllers/custom/custom_omniauth_callbacks_controller_test.rb
@@ -192,6 +264,14 @@ files:
 - test/controllers/overrides/sessions_controller_test.rb
 - test/controllers/overrides/token_validations_controller_test.rb
 - test/dummy/README.rdoc
+- test/dummy/app/active_record/confirmable_user.rb
+- test/dummy/app/active_record/lockable_user.rb
+- test/dummy/app/active_record/mang.rb
+- test/dummy/app/active_record/only_email_user.rb
+- test/dummy/app/active_record/scoped_user.rb
+- test/dummy/app/active_record/unconfirmable_user.rb
+- test/dummy/app/active_record/unregisterable_user.rb
+- test/dummy/app/active_record/user.rb
 - test/dummy/app/controllers/application_controller.rb
 - test/dummy/app/controllers/auth_origin_controller.rb
 - test/dummy/app/controllers/custom/confirmations_controller.rb
@@ -210,13 +290,15 @@ files:
 - test/dummy/app/controllers/overrides/sessions_controller.rb
 - test/dummy/app/controllers/overrides/token_validations_controller.rb
 - test/dummy/app/helpers/application_helper.rb
-- test/dummy/app/models/lockable_user.rb
-- test/dummy/app/models/mang.rb
-- test/dummy/app/models/only_email_user.rb
-- test/dummy/app/models/scoped_user.rb
-- test/dummy/app/models/unconfirmable_user.rb
-- test/dummy/app/models/unregisterable_user.rb
-- test/dummy/app/models/user.rb
+- test/dummy/app/models/concerns/favorite_color.rb
+- test/dummy/app/mongoid/confirmable_user.rb
+- test/dummy/app/mongoid/lockable_user.rb
+- test/dummy/app/mongoid/mang.rb
+- test/dummy/app/mongoid/only_email_user.rb
+- test/dummy/app/mongoid/scoped_user.rb
+- test/dummy/app/mongoid/unconfirmable_user.rb
+- test/dummy/app/mongoid/unregisterable_user.rb
+- test/dummy/app/mongoid/user.rb
 - test/dummy/app/views/layouts/application.html.erb
 - test/dummy/config.ru
 - test/dummy/config/application.rb
@@ -249,15 +331,21 @@ files:
 - test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb
 - test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb
 - test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb
+- test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb
 - test/dummy/db/schema.rb
 - test/dummy/lib/migration_database_helper.rb
 - test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
 - test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
 - test/factories/users.rb
+- test/lib/devise_token_auth/blacklist_test.rb
+- test/lib/devise_token_auth/token_factory_test.rb
 - test/lib/devise_token_auth/url_test.rb
 - test/lib/generators/devise_token_auth/install_generator_test.rb
 - test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb
 - test/lib/generators/devise_token_auth/install_views_generator_test.rb
+- test/models/concerns/mongoid_support_test.rb
+- test/models/concerns/tokens_serialization_test.rb
+- test/models/confirmable_user_test.rb
 - test/models/only_email_user_test.rb
 - test/models/user_test.rb
 - test/support/controllers/routes.rb
@@ -281,19 +369,28 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.14.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Token based authentication for rails. Uses Devise + OmniAuth.
 test_files:
-- test/dummy/app/models/only_email_user.rb
-- test/dummy/app/models/scoped_user.rb
-- test/dummy/app/models/mang.rb
-- test/dummy/app/models/unregisterable_user.rb
-- test/dummy/app/models/lockable_user.rb
-- test/dummy/app/models/unconfirmable_user.rb
-- test/dummy/app/models/user.rb
+- test/dummy/app/mongoid/only_email_user.rb
+- test/dummy/app/mongoid/scoped_user.rb
+- test/dummy/app/mongoid/confirmable_user.rb
+- test/dummy/app/mongoid/mang.rb
+- test/dummy/app/mongoid/unregisterable_user.rb
+- test/dummy/app/mongoid/lockable_user.rb
+- test/dummy/app/mongoid/unconfirmable_user.rb
+- test/dummy/app/mongoid/user.rb
+- test/dummy/app/models/concerns/favorite_color.rb
+- test/dummy/app/active_record/only_email_user.rb
+- test/dummy/app/active_record/scoped_user.rb
+- test/dummy/app/active_record/confirmable_user.rb
+- test/dummy/app/active_record/mang.rb
+- test/dummy/app/active_record/unregisterable_user.rb
+- test/dummy/app/active_record/lockable_user.rb
+- test/dummy/app/active_record/unconfirmable_user.rb
+- test/dummy/app/active_record/user.rb
 - test/dummy/app/controllers/overrides/token_validations_controller.rb
 - test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb
 - test/dummy/app/controllers/overrides/passwords_controller.rb
@@ -346,14 +443,20 @@ test_files:
 - test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb
 - test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb
 - test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb
+- test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb
 - test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
 - test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
 - test/dummy/README.rdoc
 - test/models/only_email_user_test.rb
+- test/models/confirmable_user_test.rb
+- test/models/concerns/mongoid_support_test.rb
+- test/models/concerns/tokens_serialization_test.rb
 - test/models/user_test.rb
 - test/support/controllers/routes.rb
 - test/factories/users.rb
 - test/lib/devise_token_auth/url_test.rb
+- test/lib/devise_token_auth/blacklist_test.rb
+- test/lib/devise_token_auth/token_factory_test.rb
 - test/lib/generators/devise_token_auth/install_generator_test.rb
 - test/lib/generators/devise_token_auth/install_views_generator_test.rb
 - test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb

data/config/initializers/devise.rb

@@ -1,198 +0,0 @@
-# frozen_string_literal: true
-
-# Use this hook to configure devise mailer, warden hooks and so forth.
-# Many of these configuration options can be set straight in your model.
-Devise.setup do |config|
-  # The secret key used by Devise. Devise uses this key to generate
-  # random tokens. Changing this key will render invalid all existing
-  # confirmation, reset password and unlock tokens in the database.
-  # config.secret_key = 'd029dbc7262359b4f9906ec029bae825981dee112d9a1425643719765c8fd4884f12a37add35607fa3fa2d6fa6945a0077d7fe0f10a67f8ee66d69e9cc6ac19b'
-
-  # ==> Mailer Configuration
-  # Configure the e-mail address which will be shown in Devise::Mailer,
-  # note that it will be overwritten if you use your own mailer class
-  # with default "from" parameter.
-  config.mailer_sender = 'no-reply@example.com'
-
-  # Configure the class responsible to send e-mails.
-  # config.mailer = 'Devise::Mailer'
-
-  # ==> ORM configuration
-  # Load and configure the ORM. Supports :active_record (default) and
-  # :mongoid (bson_ext recommended) by default. Other ORMs may be
-  # available as additional gems.
-  require 'devise/orm/active_record'
-
-  # ==> Configuration for any authentication mechanism
-  # Configure which keys are used when authenticating a user. The default is
-  # just :email. You can configure it to use [:username, :subdomain], so for
-  # authenticating a user, both parameters are required. Remember that those
-  # parameters are used only when authenticating and not when retrieving from
-  # session. If you need permissions, you should implement that in a before filter.
-  # You can also supply a hash where the value is a boolean determining whether
-  # or not authentication should be aborted when the value is not present.
-  # config.authentication_keys = [ :email ]
-
-  # Configure parameters from the request object used for authentication. Each entry
-  # given should be a request method and it will automatically be passed to the
-  # find_for_authentication method and considered in your model lookup. For instance,
-  # if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
-  # The same considerations mentioned for authentication_keys also apply to request_keys.
-  # config.request_keys = []
-
-  # Configure which authentication keys should be case-insensitive.
-  # These keys will be downcased upon creating or modifying a user and when used
-  # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [ :email ]
-
-  # Configure which authentication keys should have whitespace stripped.
-  # These keys will have whitespace before and after removed upon creating or
-  # modifying a user and when used to authenticate or find a user. Default is :email.
-  config.strip_whitespace_keys = [ :email ]
-
-  # Tell if authentication through request.params is enabled. True by default.
-  # It can be set to an array that will enable params authentication only for the
-  # given strategies, for example, `config.params_authenticatable = [:database]` will
-  # enable it only for database (email + password) authentication.
-  # config.params_authenticatable = true
-
-  # Tell if authentication through HTTP Auth is enabled. False by default.
-  # It can be set to an array that will enable http authentication only for the
-  # given strategies, for example, `config.http_authenticatable = [:database]` will
-  # enable it only for database authentication. The supported strategies are:
-  # :database      = Support basic authentication with authentication key + password
-  # config.http_authenticatable = false
-
-  # If http headers should be returned for AJAX requests. True by default.
-  # config.http_authenticatable_on_xhr = true
-
-  # The realm used in Http Basic Authentication. 'Application' by default.
-  # config.http_authentication_realm = 'Application'
-
-  # It will change confirmation, password recovery and other workflows
-  # to behave the same regardless if the e-mail provided was right or wrong.
-  # Does not affect registerable.
-  # config.paranoid = true
-
-  # By default Devise will store the user in session. You can skip storage for
-  # particular strategies by setting this option.
-  # Notice that if you are skipping storage for all authentication paths, you
-  # may want to disable generating routes to Devise's sessions controller by
-  # passing skip: :sessions to `devise_for` in your config/routes.rb
-  config.skip_session_storage = [:http_auth]
-
-  # By default, Devise cleans up the CSRF token on authentication to
-  # avoid CSRF token fixation attacks. This means that, when using AJAX
-  # requests for sign in and sign up, you need to get a new CSRF token
-  # from the server. You can disable this option at your own risk.
-  # config.clean_up_csrf_token_on_authentication = true
-
-  # ==> Configuration for :database_authenticatable
-  # For bcrypt, this is the cost for hashing the password and defaults to 11. If
-  # using other algorithms, it sets how many times you want the password to be hashed.
-  #
-  # Limiting the stretches to just one in testing will increase the performance of
-  # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
-  # a value less than 10 in other environments. Note that, for bcrypt (the default
-  # algorithm), the cost increases exponentially with the number of stretches (e.g.
-  # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
-  config.stretches = Rails.env.test? ? 1 : 11
-
-  # Setup a pepper to generate the encrypted password.
-  # config.pepper = '8ff086600aff82d68ff1e00d23c99c821e66652ec8c2a5b48f58de4a56b325cb532f6db660cf58fc5ecb473b9d851be8cd1badff0a1053bc9dc045f78b6e6772'
-
-  # ==> Configuration for :confirmable
-  # A period that the user is allowed to access the website even without
-  # confirming their account. For instance, if set to 2.days, the user will be
-  # able to access the website for two days without confirming their account,
-  # access will be blocked just in the third day. Default is 0.days, meaning
-  # the user cannot access the website without confirming their account.
-  # config.allow_unconfirmed_access_for = 2.days
-
-  # A period that the user is allowed to confirm their account before their
-  # token becomes invalid. For example, if set to 3.days, the user can confirm
-  # their account within 3 days after the mail was sent, but on the fourth day
-  # their account can't be confirmed with the token any more.
-  # Default is nil, meaning there is no restriction on how long a user can take
-  # before confirming their account.
-  # config.confirm_within = 3.days
-
-  # If true, requires any email changes to be confirmed (exactly the same way as
-  # initial account confirmation) to be applied. Requires additional unconfirmed_email
-  # db field (see migrations). Until confirmed, new email is stored in
-  # unconfirmed_email column, and copied to email column on successful confirmation.
-  config.reconfirmable = true
-
-  # Defines which key will be used when confirming an account
-  # config.confirmation_keys = [ :email ]
-
-  # ==> Configuration for :rememberable
-  # The time the user will be remembered without asking for credentials again.
-  # config.remember_for = 2.weeks
-
-  # If true, extends the user's remember period when remembered via cookie.
-  # config.extend_remember_period = false
-
-  # Options to be passed to the created cookie. For instance, you can set
-  # secure: true in order to force SSL only cookies.
-  # config.rememberable_options = {}
-
-  # ==> Configuration for :validatable
-  # Range for password length.
-  config.password_length = 8..128
-
-  # Email regex used to validate email formats. It simply asserts that
-  # one (and only one) @ exists in the given string. This is mainly
-  # to give user feedback and not to assert the e-mail validity.
-  config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
-
-  # ==> Configuration for :timeoutable
-  # The time you want to timeout the user session without activity. After this
-  # time the user will be asked for credentials again. Default is 30 minutes.
-  # config.timeout_in = 30.minutes
-
-  # If true, expires auth token on session timeout.
-  # config.expire_auth_token_on_timeout = false
-
-  # ==> Configuration for :lockable
-  # Defines which strategy will be used to lock an account.
-  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
-  # :none            = No lock strategy. You should handle locking by yourself.
-  # config.lock_strategy = :failed_attempts
-
-  # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [ :email ]
-
-  # Defines which strategy will be used to unlock an account.
-  # :email = Sends an unlock link to the user email
-  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
-  # :both  = Enables both strategies
-  # :none  = No unlock strategy. You should handle unlocking by yourself.
-  # config.unlock_strategy = :both
-
-  # Number of authentication tries before locking an account if lock_strategy
-  # is failed attempts.
-  # config.maximum_attempts = 20
-
-  # Time interval to unlock the account if :time is enabled as unlock_strategy.
-  # config.unlock_in = 1.hour
-
-  # Warn on the last attempt before the account is locked.
-  # config.last_attempt_warning = false
-
-  # ==> Configuration for :recoverable
-  #
-  # Defines which key will be used when recovering the password for an account
-  # config.reset_password_keys = [ :email ]
-
-  # Time interval you can reset your password with a reset password key.
-  # Don't put a too small interval or your users won't have the time to
-  # change their passwords.
-  config.reset_password_within = 6.hours
-
-  # The default HTTP method used to sign out a resource. Default is :delete.
-  config.sign_out_via = :delete
-
-  # don't serialize tokens
-  Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION << :tokens
-end