devise_token_auth 1.0.0 → 1.1.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (126) hide show
  1. checksums.yaml +5 -5
  2. data/README.md +4 -2
  3. data/app/controllers/devise_token_auth/application_controller.rb +2 -3
  4. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +11 -12
  5. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +41 -57
  6. data/app/controllers/devise_token_auth/confirmations_controller.rb +63 -20
  7. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +77 -29
  8. data/app/controllers/devise_token_auth/passwords_controller.rb +44 -30
  9. data/app/controllers/devise_token_auth/registrations_controller.rb +33 -40
  10. data/app/controllers/devise_token_auth/sessions_controller.rb +5 -5
  11. data/app/controllers/devise_token_auth/unlocks_controller.rb +4 -4
  12. data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
  13. data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
  14. data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
  15. data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
  16. data/app/models/devise_token_auth/concerns/user.rb +51 -70
  17. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +6 -3
  18. data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +2 -2
  19. data/config/locales/da-DK.yml +2 -0
  20. data/config/locales/de.yml +2 -0
  21. data/config/locales/en.yml +7 -0
  22. data/config/locales/es.yml +2 -0
  23. data/config/locales/fr.yml +2 -0
  24. data/config/locales/he.yml +52 -0
  25. data/config/locales/it.yml +2 -0
  26. data/config/locales/ja.yml +4 -2
  27. data/config/locales/ko.yml +51 -0
  28. data/config/locales/nl.yml +2 -0
  29. data/config/locales/pl.yml +6 -3
  30. data/config/locales/pt-BR.yml +2 -0
  31. data/config/locales/pt.yml +6 -3
  32. data/config/locales/ro.yml +2 -0
  33. data/config/locales/ru.yml +2 -0
  34. data/config/locales/sq.yml +2 -0
  35. data/config/locales/sv.yml +2 -0
  36. data/config/locales/uk.yml +2 -0
  37. data/config/locales/vi.yml +2 -0
  38. data/config/locales/zh-CN.yml +2 -0
  39. data/config/locales/zh-HK.yml +2 -0
  40. data/config/locales/zh-TW.yml +2 -0
  41. data/lib/devise_token_auth/blacklist.rb +2 -0
  42. data/lib/devise_token_auth/controllers/helpers.rb +5 -9
  43. data/lib/devise_token_auth/engine.rb +7 -1
  44. data/lib/devise_token_auth/rails/routes.rb +16 -11
  45. data/lib/devise_token_auth/token_factory.rb +126 -0
  46. data/lib/devise_token_auth/url.rb +3 -0
  47. data/lib/devise_token_auth/version.rb +1 -1
  48. data/lib/devise_token_auth.rb +6 -3
  49. data/lib/generators/devise_token_auth/USAGE +1 -1
  50. data/lib/generators/devise_token_auth/install_generator.rb +7 -91
  51. data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
  52. data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
  53. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +10 -0
  54. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -8
  55. data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
  56. data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
  57. data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
  58. data/test/controllers/demo_user_controller_test.rb +2 -2
  59. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +83 -19
  60. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +109 -42
  61. data/test/controllers/devise_token_auth/passwords_controller_test.rb +227 -102
  62. data/test/controllers/devise_token_auth/registrations_controller_test.rb +34 -7
  63. data/test/controllers/devise_token_auth/sessions_controller_test.rb +0 -38
  64. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +2 -1
  65. data/test/dummy/app/active_record/confirmable_user.rb +11 -0
  66. data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
  67. data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
  68. data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
  69. data/test/dummy/app/active_record/user.rb +6 -0
  70. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +3 -3
  71. data/test/dummy/app/controllers/overrides/passwords_controller.rb +3 -3
  72. data/test/dummy/app/controllers/overrides/registrations_controller.rb +1 -1
  73. data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
  74. data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
  75. data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
  76. data/test/dummy/app/mongoid/lockable_user.rb +38 -0
  77. data/test/dummy/app/mongoid/mang.rb +46 -0
  78. data/test/dummy/app/mongoid/only_email_user.rb +33 -0
  79. data/test/dummy/app/mongoid/scoped_user.rb +50 -0
  80. data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
  81. data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
  82. data/test/dummy/app/mongoid/user.rb +49 -0
  83. data/test/dummy/app/views/layouts/application.html.erb +0 -2
  84. data/test/dummy/config/application.rb +22 -1
  85. data/test/dummy/config/boot.rb +4 -0
  86. data/test/dummy/config/environments/development.rb +0 -10
  87. data/test/dummy/config/environments/production.rb +0 -16
  88. data/test/dummy/config/initializers/devise.rb +285 -0
  89. data/test/dummy/config/initializers/devise_token_auth.rb +35 -4
  90. data/test/dummy/config/initializers/figaro.rb +1 -1
  91. data/test/dummy/config/initializers/omniauth.rb +1 -0
  92. data/test/dummy/config/routes.rb +2 -0
  93. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
  94. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
  95. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
  96. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
  97. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
  98. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
  99. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
  100. data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
  101. data/test/dummy/db/schema.rb +26 -28
  102. data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +9 -0
  103. data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
  104. data/test/dummy/tmp/generators/db/migrate/20210126004321_devise_token_auth_create_azpire_v1_human_resource_users.rb +49 -0
  105. data/test/factories/users.rb +3 -2
  106. data/test/lib/devise_token_auth/blacklist_test.rb +11 -0
  107. data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
  108. data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
  109. data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
  110. data/test/lib/devise_token_auth/url_test.rb +2 -2
  111. data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
  112. data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
  113. data/test/models/concerns/mongoid_support_test.rb +31 -0
  114. data/test/models/concerns/tokens_serialization_test.rb +104 -0
  115. data/test/models/confirmable_user_test.rb +35 -0
  116. data/test/models/only_email_user_test.rb +0 -8
  117. data/test/models/user_test.rb +1 -33
  118. data/test/test_helper.rb +13 -3
  119. metadata +125 -32
  120. data/config/initializers/devise.rb +0 -198
  121. data/test/dummy/config/initializers/assets.rb +0 -10
  122. data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
  123. data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
  124. /data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
  125. /data/test/dummy/app/{models → active_record}/mang.rb +0 -0
  126. /data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
@@ -2,8 +2,6 @@
2
2
  <html>
3
3
  <head>
4
4
  <title>Dummy</title>
5
- <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %>
6
- <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
7
5
  <%= csrf_meta_tags %>
8
6
  </head>
9
7
  <body>
@@ -2,10 +2,24 @@
2
2
 
3
3
  require File.expand_path('boot', __dir__)
4
4
 
5
+ require 'action_controller/railtie'
6
+ require 'action_mailer/railtie'
7
+ require 'rails/generators'
5
8
  require 'rack/cors'
6
- require 'rails/all'
7
9
 
8
10
  Bundler.require(*Rails.groups)
11
+
12
+ begin
13
+ case DEVISE_TOKEN_AUTH_ORM
14
+ when :active_record
15
+ require 'active_record/railtie'
16
+ when :mongoid
17
+ require 'mongoid'
18
+ require 'mongoid-locker'
19
+ end
20
+ rescue LoadError
21
+ end
22
+
9
23
  require 'devise_token_auth'
10
24
 
11
25
  module Dummy
@@ -22,5 +36,12 @@ module Dummy
22
36
  # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
23
37
  # config.i18n.default_locale = :de
24
38
  config.autoload_paths << Rails.root.join('lib')
39
+ config.autoload_paths += ["#{config.root}/app/#{DEVISE_TOKEN_AUTH_ORM}"]
40
+
41
+ if DEVISE_TOKEN_AUTH_ORM == :mongoid
42
+ Mongoid.configure do |config|
43
+ config.load! Rails.root.join('./config/mongoid.yml')
44
+ end
45
+ end
25
46
  end
26
47
  end
@@ -1,5 +1,9 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ unless defined?(DEVISE_TOKEN_AUTH_ORM)
4
+ DEVISE_TOKEN_AUTH_ORM = (ENV["DEVISE_TOKEN_AUTH_ORM"] || :active_record).to_sym
5
+ end
6
+
3
7
  # Set up gems listed in the Gemfile.
4
8
  ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../Gemfile', __dir__)
5
9
 
@@ -29,16 +29,6 @@ Rails.application.configure do
29
29
  # Raise an error on page load if there are pending migrations.
30
30
  config.active_record.migration_error = :page_load
31
31
 
32
- # Debug mode disables concatenation and preprocessing of assets.
33
- # This option may cause significant delays in view rendering with a large
34
- # number of complex assets.
35
- config.assets.debug = true
36
-
37
- # Adds additional error checking when serving assets at runtime.
38
- # Checks for improperly declared sprockets dependencies.
39
- # Raises helpful error messages.
40
- config.assets.raise_runtime_errors = true
41
-
42
32
  # Raises error for missing translations
43
33
  # config.action_view.raise_on_missing_translations = true
44
34
 
@@ -24,18 +24,6 @@ Rails.application.configure do
24
24
  # Disable Rails's static asset server (Apache or nginx will already do this).
25
25
  config.serve_static_files = false
26
26
 
27
- # Compress JavaScripts and CSS.
28
- config.assets.js_compressor = :uglifier
29
- # config.assets.css_compressor = :sass
30
-
31
- # Do not fallback to assets pipeline if a precompiled asset is missed.
32
- config.assets.compile = false
33
-
34
- # Generate digests for assets URLs.
35
- config.assets.digest = true
36
-
37
- # `config.assets.precompile` has moved to config/initializers/assets.rb
38
-
39
27
  # Specifies the header that your server uses for sending files.
40
28
  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
41
29
  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
@@ -58,10 +46,6 @@ Rails.application.configure do
58
46
  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
59
47
  # config.action_controller.asset_host = "http://assets.example.com"
60
48
 
61
- # Precompile additional assets.
62
- # application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
63
- # config.assets.precompile += %w( search.js )
64
-
65
49
  # Ignore bad email addresses and do not raise email delivery errors.
66
50
  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
67
51
  # config.action_mailer.raise_delivery_errors = false
@@ -1,5 +1,290 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ # Use this hook to configure devise mailer, warden hooks and so forth.
4
+ # Many of these configuration options can be set straight in your model.
3
5
  Devise.setup do |config|
6
+ # The secret key used by Devise. Devise uses this key to generate
7
+ # random tokens. Changing this key will render invalid all existing
8
+ # confirmation, reset password and unlock tokens in the database.
9
+ # Devise will use the `secret_key_base` as its `secret_key`
10
+ # by default. You can change it below and use your own secret key.
11
+ # config.secret_key = '981f041712ce247008f46fec55e5d3e7fea904bd1601412a5810c74af3f1d9c33399bc34405b85a78dac04c9fb017270e691305b3ddb073f93578df124538e89'
12
+
13
+ # ==> Controller configuration
14
+ # Configure the parent class to the devise controllers.
15
+ # config.parent_controller = 'DeviseController'
16
+
17
+ # ==> Mailer Configuration
18
+ # Configure the e-mail address which will be shown in Devise::Mailer,
19
+ # note that it will be overwritten if you use your own mailer class
20
+ # with default "from" parameter.
21
+ config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
22
+
23
+ # Configure the class responsible to send e-mails.
24
+ # config.mailer = 'Devise::Mailer'
25
+
26
+ # Configure the parent class responsible to send e-mails.
27
+ # config.parent_mailer = 'ActionMailer::Base'
28
+
29
+ # ==> ORM configuration
30
+ # Load and configure the ORM. Supports :active_record (default) and
31
+ # :mongoid (bson_ext recommended) by default. Other ORMs may be
32
+ # available as additional gems.
33
+ require "devise/orm/#{DEVISE_TOKEN_AUTH_ORM}"
34
+
35
+ # ==> Configuration for any authentication mechanism
36
+ # Configure which keys are used when authenticating a user. The default is
37
+ # just :email. You can configure it to use [:username, :subdomain], so for
38
+ # authenticating a user, both parameters are required. Remember that those
39
+ # parameters are used only when authenticating and not when retrieving from
40
+ # session. If you need permissions, you should implement that in a before filter.
41
+ # You can also supply a hash where the value is a boolean determining whether
42
+ # or not authentication should be aborted when the value is not present.
4
43
  config.authentication_keys = [:email, :nickname]
44
+
45
+ # Configure parameters from the request object used for authentication. Each entry
46
+ # given should be a request method and it will automatically be passed to the
47
+ # find_for_authentication method and considered in your model lookup. For instance,
48
+ # if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
49
+ # The same considerations mentioned for authentication_keys also apply to request_keys.
50
+ # config.request_keys = []
51
+
52
+ # Configure which authentication keys should be case-insensitive.
53
+ # These keys will be downcased upon creating or modifying a user and when used
54
+ # to authenticate or find a user. Default is :email.
55
+ config.case_insensitive_keys = [:email]
56
+
57
+ # Configure which authentication keys should have whitespace stripped.
58
+ # These keys will have whitespace before and after removed upon creating or
59
+ # modifying a user and when used to authenticate or find a user. Default is :email.
60
+ config.strip_whitespace_keys = [:email]
61
+
62
+ # Tell if authentication through request.params is enabled. True by default.
63
+ # It can be set to an array that will enable params authentication only for the
64
+ # given strategies, for example, `config.params_authenticatable = [:database]` will
65
+ # enable it only for database (email + password) authentication.
66
+ # config.params_authenticatable = true
67
+
68
+ # Tell if authentication through HTTP Auth is enabled. False by default.
69
+ # It can be set to an array that will enable http authentication only for the
70
+ # given strategies, for example, `config.http_authenticatable = [:database]` will
71
+ # enable it only for database authentication. The supported strategies are:
72
+ # :database = Support basic authentication with authentication key + password
73
+ # config.http_authenticatable = false
74
+
75
+ # If 401 status code should be returned for AJAX requests. True by default.
76
+ # config.http_authenticatable_on_xhr = true
77
+
78
+ # The realm used in Http Basic Authentication. 'Application' by default.
79
+ # config.http_authentication_realm = 'Application'
80
+
81
+ # It will change confirmation, password recovery and other workflows
82
+ # to behave the same regardless if the e-mail provided was right or wrong.
83
+ # Does not affect registerable.
84
+ # config.paranoid = true
85
+
86
+ # By default Devise will store the user in session. You can skip storage for
87
+ # particular strategies by setting this option.
88
+ # Notice that if you are skipping storage for all authentication paths, you
89
+ # may want to disable generating routes to Devise's sessions controller by
90
+ # passing skip: :sessions to `devise_for` in your config/routes.rb
91
+ config.skip_session_storage = [:http_auth]
92
+
93
+ # By default, Devise cleans up the CSRF token on authentication to
94
+ # avoid CSRF token fixation attacks. This means that, when using AJAX
95
+ # requests for sign in and sign up, you need to get a new CSRF token
96
+ # from the server. You can disable this option at your own risk.
97
+ # config.clean_up_csrf_token_on_authentication = true
98
+
99
+ # When false, Devise will not attempt to reload routes on eager load.
100
+ # This can reduce the time taken to boot the app but if your application
101
+ # requires the Devise mappings to be loaded during boot time the application
102
+ # won't boot properly.
103
+ # config.reload_routes = true
104
+
105
+ # ==> Configuration for :database_authenticatable
106
+ # For bcrypt, this is the cost for hashing the password and defaults to 11. If
107
+ # using other algorithms, it sets how many times you want the password to be hashed.
108
+ #
109
+ # Limiting the stretches to just one in testing will increase the performance of
110
+ # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
111
+ # a value less than 10 in other environments. Note that, for bcrypt (the default
112
+ # algorithm), the cost increases exponentially with the number of stretches (e.g.
113
+ # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
114
+ config.stretches = Rails.env.test? ? 1 : 11
115
+
116
+ # Set up a pepper to generate the hashed password.
117
+ # config.pepper = 'ced2d580bc6502ee4c7c70eb54499e72c04430932a791b1ec4694f7ebecafec05f487517c2f7337a4757e67bcc74fa957d23d89b1ea61cfb48a8ebe31c8dade1'
118
+
119
+ # Send a notification to the original email when the user's email is changed.
120
+ # config.send_email_changed_notification = false
121
+
122
+ # Send a notification email when the user's password is changed.
123
+ # config.send_password_change_notification = false
124
+
125
+ # ==> Configuration for :confirmable
126
+ # A period that the user is allowed to access the website even without
127
+ # confirming their account. For instance, if set to 2.days, the user will be
128
+ # able to access the website for two days without confirming their account,
129
+ # access will be blocked just in the third day. Default is 0.days, meaning
130
+ # the user cannot access the website without confirming their account.
131
+ # config.allow_unconfirmed_access_for = 2.days
132
+
133
+ # A period that the user is allowed to confirm their account before their
134
+ # token becomes invalid. For example, if set to 3.days, the user can confirm
135
+ # their account within 3 days after the mail was sent, but on the fourth day
136
+ # their account can't be confirmed with the token any more.
137
+ # Default is nil, meaning there is no restriction on how long a user can take
138
+ # before confirming their account.
139
+ # config.confirm_within = 3.days
140
+
141
+ # If true, requires any email changes to be confirmed (exactly the same way as
142
+ # initial account confirmation) to be applied. Requires additional unconfirmed_email
143
+ # db field (see migrations). Until confirmed, new email is stored in
144
+ # unconfirmed_email column, and copied to email column on successful confirmation.
145
+ config.reconfirmable = true
146
+
147
+ # Defines which key will be used when confirming an account
148
+ # config.confirmation_keys = [:email]
149
+
150
+ # ==> Configuration for :rememberable
151
+ # The time the user will be remembered without asking for credentials again.
152
+ # config.remember_for = 2.weeks
153
+
154
+ # Invalidates all the remember me tokens when the user signs out.
155
+ config.expire_all_remember_me_on_sign_out = true
156
+
157
+ # If true, extends the user's remember period when remembered via cookie.
158
+ # config.extend_remember_period = false
159
+
160
+ # Options to be passed to the created cookie. For instance, you can set
161
+ # secure: true in order to force SSL only cookies.
162
+ # config.rememberable_options = {}
163
+
164
+ # ==> Configuration for :validatable
165
+ # Range for password length.
166
+ config.password_length = 6..128
167
+
168
+ # Email regex used to validate email formats. It simply asserts that
169
+ # one (and only one) @ exists in the given string. This is mainly
170
+ # to give user feedback and not to assert the e-mail validity.
171
+ config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
172
+
173
+ # ==> Configuration for :timeoutable
174
+ # The time you want to timeout the user session without activity. After this
175
+ # time the user will be asked for credentials again. Default is 30 minutes.
176
+ # config.timeout_in = 30.minutes
177
+
178
+ # ==> Configuration for :lockable
179
+ # Defines which strategy will be used to lock an account.
180
+ # :failed_attempts = Locks an account after a number of failed attempts to sign in.
181
+ # :none = No lock strategy. You should handle locking by yourself.
182
+ # config.lock_strategy = :failed_attempts
183
+
184
+ # Defines which key will be used when locking and unlocking an account
185
+ # config.unlock_keys = [:email]
186
+
187
+ # Defines which strategy will be used to unlock an account.
188
+ # :email = Sends an unlock link to the user email
189
+ # :time = Re-enables login after a certain amount of time (see :unlock_in below)
190
+ # :both = Enables both strategies
191
+ # :none = No unlock strategy. You should handle unlocking by yourself.
192
+ # config.unlock_strategy = :both
193
+
194
+ # Number of authentication tries before locking an account if lock_strategy
195
+ # is failed attempts.
196
+ # config.maximum_attempts = 20
197
+
198
+ # Time interval to unlock the account if :time is enabled as unlock_strategy.
199
+ # config.unlock_in = 1.hour
200
+
201
+ # Warn on the last attempt before the account is locked.
202
+ # config.last_attempt_warning = true
203
+
204
+ # ==> Configuration for :recoverable
205
+ #
206
+ # Defines which key will be used when recovering the password for an account
207
+ # config.reset_password_keys = [:email]
208
+
209
+ # Time interval you can reset your password with a reset password key.
210
+ # Don't put a too small interval or your users won't have the time to
211
+ # change their passwords.
212
+ config.reset_password_within = 6.hours
213
+
214
+ # When set to false, does not sign a user in automatically after their password is
215
+ # reset. Defaults to true, so a user is signed in automatically after a reset.
216
+ # config.sign_in_after_reset_password = true
217
+
218
+ # ==> Configuration for :encryptable
219
+ # Allow you to use another hashing or encryption algorithm besides bcrypt (default).
220
+ # You can use :sha1, :sha512 or algorithms from others authentication tools as
221
+ # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20
222
+ # for default behavior) and :restful_authentication_sha1 (then you should set
223
+ # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
224
+ #
225
+ # Require the `devise-encryptable` gem when using anything other than bcrypt
226
+ # config.encryptor = :sha512
227
+
228
+ # ==> Scopes configuration
229
+ # Turn scoped views on. Before rendering "sessions/new", it will first check for
230
+ # "users/sessions/new". It's turned off by default because it's slower if you
231
+ # are using only default views.
232
+ # config.scoped_views = false
233
+
234
+ # Configure the default scope given to Warden. By default it's the first
235
+ # devise role declared in your routes (usually :user).
236
+ # config.default_scope = :user
237
+
238
+ # Set this configuration to false if you want /users/sign_out to sign out
239
+ # only the current scope. By default, Devise signs out all scopes.
240
+ # config.sign_out_all_scopes = true
241
+
242
+ # ==> Navigation configuration
243
+ # Lists the formats that should be treated as navigational. Formats like
244
+ # :html, should redirect to the sign in page when the user does not have
245
+ # access, but formats like :xml or :json, should return 401.
246
+ #
247
+ # If you have any extra navigational formats, like :iphone or :mobile, you
248
+ # should add them to the navigational formats lists.
249
+ #
250
+ # The "*/*" below is required to match Internet Explorer requests.
251
+ # config.navigational_formats = ['*/*', :html]
252
+
253
+ # The default HTTP method used to sign out a resource. Default is :delete.
254
+ config.sign_out_via = :delete
255
+
256
+ # ==> OmniAuth
257
+ # Add a new OmniAuth provider. Check the wiki for more information on setting
258
+ # up on your models and hooks.
259
+ # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
260
+
261
+ # ==> Warden configuration
262
+ # If you want to use other strategies, that are not supported by Devise, or
263
+ # change the failure app, you can configure them inside the config.warden block.
264
+ #
265
+ # config.warden do |manager|
266
+ # manager.intercept_401 = false
267
+ # manager.default_strategies(scope: :user).unshift :some_external_strategy
268
+ # end
269
+
270
+ # ==> Mountable engine configurations
271
+ # When using Devise inside an engine, let's call it `MyEngine`, and this engine
272
+ # is mountable, there are some extra configurations to be taken into account.
273
+ # The following options are available, assuming the engine is mounted as:
274
+ #
275
+ # mount MyEngine, at: '/my_engine'
276
+ #
277
+ # The router that invoked `devise_for`, in the example above, would be:
278
+ # config.router_name = :my_engine
279
+ #
280
+ # When using OmniAuth, Devise cannot automatically set OmniAuth path,
281
+ # so you need to do it manually. For the users scope, it would be:
282
+ # config.omniauth_path_prefix = '/my_engine/users/auth'
283
+
284
+ # ==> Turbolinks configuration
285
+ # If your app is using Turbolinks, Turbolinks::Controller needs to be included to make redirection work correctly:
286
+ #
287
+ # ActiveSupport.on_load(:devise_failure_app) do
288
+ # include Turbolinks::Controller
289
+ # end
5
290
  end
@@ -5,20 +5,51 @@ DeviseTokenAuth.setup do |config|
5
5
  # client is responsible for keeping track of the changing tokens. Change
6
6
  # this to false to prevent the Authorization header from changing after
7
7
  # each request.
8
- #config.change_headers_on_each_request = true
8
+ # config.change_headers_on_each_request = true
9
9
 
10
10
  # By default, users will need to re-authenticate after 2 weeks. This setting
11
11
  # determines how long tokens will remain valid after they are issued.
12
- #config.token_lifespan = 2.weeks
12
+ # config.token_lifespan = 2.weeks
13
+
14
+ # Limiting the token_cost to just 4 in testing will increase the performance of
15
+ # your test suite dramatically. The possible cost value is within range from 4
16
+ # to 31. It is recommended to not use a value more than 10 in other environments.
17
+ config.token_cost = Rails.env.test? ? 4 : 10
18
+
19
+ # Sets the max number of concurrent devices per user, which is 10 by default.
20
+ # After this limit is reached, the oldest tokens will be removed.
21
+ # config.max_number_of_devices = 10
13
22
 
14
23
  # Sometimes it's necessary to make several requests to the API at the same
15
24
  # time. In this case, each request in the batch will need to share the same
16
25
  # auth token. This setting determines how far apart the requests can be while
17
26
  # still using the same auth token.
18
- #config.batch_request_buffer_throttle = 5.seconds
27
+ # config.batch_request_buffer_throttle = 5.seconds
19
28
 
20
29
  # This route will be the prefix for all oauth2 redirect callbacks. For
21
30
  # example, using the default '/omniauth', the github oauth2 provider will
22
31
  # redirect successful authentications to '/omniauth/github/callback'
23
- #config.omniauth_prefix = "/omniauth"
32
+ # config.omniauth_prefix = "/omniauth"
33
+
34
+ # By default sending current password is not needed for the password update.
35
+ # Uncomment to enforce current_password param to be checked before all
36
+ # attribute updates. Set it to :password if you want it to be checked only if
37
+ # password is updated.
38
+ # config.check_current_password_before_update = :attributes
39
+
40
+ # By default we will use callbacks for single omniauth.
41
+ # It depends on fields like email, provider and uid.
42
+ # config.default_callbacks = true
43
+
44
+ # Makes it possible to change the headers names
45
+ # config.headers_names = {:'access-token' => 'access-token',
46
+ # :'client' => 'client',
47
+ # :'expiry' => 'expiry',
48
+ # :'uid' => 'uid',
49
+ # :'token-type' => 'token-type' }
50
+
51
+ # By default, only Bearer Token authentication is implemented out of the box.
52
+ # If, however, you wish to integrate with legacy Devise authentication, you can
53
+ # do so by enabling this flag. NOTE: This feature is highly experimental!
54
+ # config.enable_standard_devise_support = false
24
55
  end
@@ -1,3 +1,3 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- #Figaro.require("GITHUB_KEY", "GITHUB_SECRET", "FACEBOOK_KEY", "FACEBOOK_SECRET", "GOOGLE_KEY", "GOOGLE_SECRET")
3
+ #Figaro.require("GITHUB_KEY", "GITHUB_SECRET", "FACEBOOK_KEY", "FACEBOOK_SECRET", "GOOGLE_KEY", "GOOGLE_SECRET", "APPLE_CLIENT_ID", "APPLE_TEAM_ID", "APPLE_KEY", "APPLE_PEM")
@@ -4,6 +4,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do |b|
4
4
  provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET'], scope: 'email,profile'
5
5
  provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET']
6
6
  provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET']
7
+ provider :apple, ENV['APPLE_CLIENT_ID'], '', { scope: 'email name', team_id: ENV['APPLE_TEAM_ID'], key_id: ENV['APPLE_KEY'], pem: ENV['APPLE_PEM'] }
7
8
  provider :developer,
8
9
  fields: [:first_name, :last_name],
9
10
  uid_field: :last_name
@@ -20,6 +20,8 @@ Rails.application.routes.draw do
20
20
 
21
21
  mount_devise_token_auth_for 'LockableUser', at: 'lockable_user_auth'
22
22
 
23
+ mount_devise_token_auth_for 'ConfirmableUser', at: 'confirmable_user_auth'
24
+
23
25
  # test namespacing
24
26
  namespace :api do
25
27
  scope :v1 do
@@ -18,13 +18,6 @@ class DeviseTokenAuthCreateUsers < ActiveRecord::Migration[4.2]
18
18
  ## Rememberable
19
19
  t.datetime :remember_created_at
20
20
 
21
- ## Trackable
22
- t.integer :sign_in_count, default: 0, null: false
23
- t.datetime :current_sign_in_at
24
- t.datetime :last_sign_in_at
25
- t.string :current_sign_in_ip
26
- t.string :last_sign_in_ip
27
-
28
21
  ## Confirmable
29
22
  t.string :confirmation_token
30
23
  t.datetime :confirmed_at
@@ -18,13 +18,6 @@ class DeviseTokenAuthCreateMangs < ActiveRecord::Migration[4.2]
18
18
  ## Rememberable
19
19
  t.datetime :remember_created_at
20
20
 
21
- ## Trackable
22
- t.integer :sign_in_count, default: 0, null: false
23
- t.datetime :current_sign_in_at
24
- t.datetime :last_sign_in_at
25
- t.string :current_sign_in_ip
26
- t.string :last_sign_in_ip
27
-
28
21
  ## Confirmable
29
22
  t.string :confirmation_token
30
23
  t.datetime :confirmed_at
@@ -19,13 +19,6 @@ class DeviseTokenAuthCreateOnlyEmailUsers < ActiveRecord::Migration[4.2]
19
19
  ## Rememberable
20
20
  #t.datetime :remember_created_at
21
21
 
22
- ## Trackable
23
- #t.integer :sign_in_count, :default => 0, :null => false
24
- #t.datetime :current_sign_in_at
25
- #t.datetime :last_sign_in_at
26
- #t.string :current_sign_in_ip
27
- #t.string :last_sign_in_ip
28
-
29
22
  ## Confirmable
30
23
  #t.string :confirmation_token
31
24
  #t.datetime :confirmed_at
@@ -20,13 +20,6 @@ class DeviseTokenAuthCreateUnregisterableUsers < ActiveRecord::Migration[4.2]
20
20
  ## Rememberable
21
21
  t.datetime :remember_created_at
22
22
 
23
- ## Trackable
24
- t.integer :sign_in_count, default: 0, null: false
25
- t.datetime :current_sign_in_at
26
- t.datetime :last_sign_in_at
27
- t.string :current_sign_in_ip
28
- t.string :last_sign_in_ip
29
-
30
23
  ## Confirmable
31
24
  t.string :confirmation_token
32
25
  t.datetime :confirmed_at
@@ -20,13 +20,6 @@ class DeviseTokenAuthCreateUnconfirmableUsers < ActiveRecord::Migration[4.2]
20
20
  ## Rememberable
21
21
  t.datetime :remember_created_at
22
22
 
23
- ## Trackable
24
- t.integer :sign_in_count, default: 0, null: false
25
- t.datetime :current_sign_in_at
26
- t.datetime :last_sign_in_at
27
- t.string :current_sign_in_ip
28
- t.string :last_sign_in_ip
29
-
30
23
  ## Confirmable
31
24
  # t.string :confirmation_token
32
25
  # t.datetime :confirmed_at
@@ -20,13 +20,6 @@ class DeviseTokenAuthCreateScopedUsers < ActiveRecord::Migration[4.2]
20
20
  ## Rememberable
21
21
  t.datetime :remember_created_at
22
22
 
23
- ## Trackable
24
- t.integer :sign_in_count, default: 0, null: false
25
- t.datetime :current_sign_in_at
26
- t.datetime :last_sign_in_at
27
- t.string :current_sign_in_ip
28
- t.string :last_sign_in_ip
29
-
30
23
  ## Confirmable
31
24
  t.string :confirmation_token
32
25
  t.datetime :confirmed_at
@@ -20,13 +20,6 @@ class DeviseTokenAuthCreateLockableUsers < ActiveRecord::Migration[4.2]
20
20
  ## Rememberable
21
21
  # t.datetime :remember_created_at
22
22
 
23
- ## Trackable
24
- # t.integer :sign_in_count, :default => 0, :null => false
25
- # t.datetime :current_sign_in_at
26
- # t.datetime :last_sign_in_at
27
- # t.string :current_sign_in_ip
28
- # t.string :last_sign_in_ip
29
-
30
23
  ## Confirmable
31
24
  # t.string :confirmation_token
32
25
  # t.datetime :confirmed_at
@@ -0,0 +1,49 @@
1
+ class DeviseTokenAuthCreateConfirmableUsers < ActiveRecord::Migration[5.2]
2
+ def change
3
+
4
+ create_table(:confirmable_users) do |t|
5
+ ## Required
6
+ t.string :provider, :null => false, :default => "email"
7
+ t.string :uid, :null => false, :default => ""
8
+
9
+ ## Database authenticatable
10
+ t.string :encrypted_password, :null => false, :default => ""
11
+
12
+ ## Recoverable
13
+ t.string :reset_password_token
14
+ t.datetime :reset_password_sent_at
15
+ t.boolean :allow_password_change, :default => false
16
+
17
+ ## Rememberable
18
+ t.datetime :remember_created_at
19
+
20
+ ## Confirmable
21
+ t.string :confirmation_token
22
+ t.datetime :confirmed_at
23
+ t.datetime :confirmation_sent_at
24
+ t.string :unconfirmed_email # Only if using reconfirmable
25
+
26
+ ## Lockable
27
+ # t.integer :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
28
+ # t.string :unlock_token # Only if unlock strategy is :email or :both
29
+ # t.datetime :locked_at
30
+
31
+ ## User Info
32
+ t.string :name
33
+ t.string :nickname
34
+ t.string :image
35
+ t.string :email
36
+
37
+ ## Tokens
38
+ t.text :tokens
39
+
40
+ t.timestamps
41
+ end
42
+
43
+ add_index :confirmable_users, :email, unique: true
44
+ add_index :confirmable_users, [:uid, :provider], unique: true
45
+ add_index :confirmable_users, :reset_password_token, unique: true
46
+ add_index :confirmable_users, :confirmation_token, unique: true
47
+ # add_index :confirmable_users, :unlock_token, unique: true
48
+ end
49
+ end