devise_token_auth 1.0.0 → 1.2.1

data/test/dummy/config/initializers/figaro.rb

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-#Figaro.require("GITHUB_KEY", "GITHUB_SECRET", "FACEBOOK_KEY", "FACEBOOK_SECRET", "GOOGLE_KEY", "GOOGLE_SECRET")
+#Figaro.require("GITHUB_KEY", "GITHUB_SECRET", "FACEBOOK_KEY", "FACEBOOK_SECRET", "GOOGLE_KEY", "GOOGLE_SECRET", "APPLE_CLIENT_ID", "APPLE_TEAM_ID", "APPLE_KEY", "APPLE_PEM")

data/test/dummy/config/initializers/omniauth.rb

@@ -4,6 +4,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do |b|
   provider :github,        ENV['GITHUB_KEY'],   ENV['GITHUB_SECRET'],   scope: 'email,profile'
   provider :facebook,      ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET']
   provider :google_oauth2, ENV['GOOGLE_KEY'],   ENV['GOOGLE_SECRET']
+  provider :apple,         ENV['APPLE_CLIENT_ID'], '', { scope: 'email name', team_id: ENV['APPLE_TEAM_ID'], key_id: ENV['APPLE_KEY'], pem: ENV['APPLE_PEM'] }
   provider :developer,
            fields: [:first_name, :last_name],
            uid_field: :last_name

data/test/dummy/config/routes.rb

@@ -20,6 +20,8 @@ Rails.application.routes.draw do
 
   mount_devise_token_auth_for 'LockableUser', at: 'lockable_user_auth'
 
+  mount_devise_token_auth_for 'ConfirmableUser', at: 'confirmable_user_auth'
+
   # test namespacing
   namespace :api do
     scope :v1 do

data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb

@@ -18,13 +18,6 @@ class DeviseTokenAuthCreateUsers < ActiveRecord::Migration[4.2]
       ## Rememberable
       t.datetime :remember_created_at
 
-      ## Trackable
-      t.integer  :sign_in_count, default: 0, null: false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-
       ## Confirmable
       t.string   :confirmation_token
       t.datetime :confirmed_at

data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb

@@ -18,13 +18,6 @@ class DeviseTokenAuthCreateMangs < ActiveRecord::Migration[4.2]
       ## Rememberable
       t.datetime :remember_created_at
 
-      ## Trackable
-      t.integer  :sign_in_count, default: 0, null: false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-
       ## Confirmable
       t.string   :confirmation_token
       t.datetime :confirmed_at

data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb

@@ -19,13 +19,6 @@ class DeviseTokenAuthCreateOnlyEmailUsers < ActiveRecord::Migration[4.2]
       ## Rememberable
       #t.datetime :remember_created_at
 
-      ## Trackable
-      #t.integer  :sign_in_count, :default => 0, :null => false
-      #t.datetime :current_sign_in_at
-      #t.datetime :last_sign_in_at
-      #t.string   :current_sign_in_ip
-      #t.string   :last_sign_in_ip
-
       ## Confirmable
       #t.string   :confirmation_token
       #t.datetime :confirmed_at

data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb

@@ -20,13 +20,6 @@ class DeviseTokenAuthCreateUnregisterableUsers < ActiveRecord::Migration[4.2]
       ## Rememberable
       t.datetime :remember_created_at
 
-      ## Trackable
-      t.integer  :sign_in_count, default: 0, null: false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-
       ## Confirmable
       t.string   :confirmation_token
       t.datetime :confirmed_at

data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb

@@ -20,13 +20,6 @@ class DeviseTokenAuthCreateUnconfirmableUsers < ActiveRecord::Migration[4.2]
       ## Rememberable
       t.datetime :remember_created_at
 
-      ## Trackable
-      t.integer  :sign_in_count, default: 0, null: false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-
       ## Confirmable
       # t.string   :confirmation_token
       # t.datetime :confirmed_at

data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb

@@ -20,13 +20,6 @@ class DeviseTokenAuthCreateScopedUsers < ActiveRecord::Migration[4.2]
       ## Rememberable
       t.datetime :remember_created_at
 
-      ## Trackable
-      t.integer  :sign_in_count, default: 0, null: false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-
       ## Confirmable
       t.string   :confirmation_token
       t.datetime :confirmed_at

data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb

@@ -20,13 +20,6 @@ class DeviseTokenAuthCreateLockableUsers < ActiveRecord::Migration[4.2]
       ## Rememberable
       # t.datetime :remember_created_at
 
-      ## Trackable
-      # t.integer  :sign_in_count, :default => 0, :null => false
-      # t.datetime :current_sign_in_at
-      # t.datetime :last_sign_in_at
-      # t.string   :current_sign_in_ip
-      # t.string   :last_sign_in_ip
-
       ## Confirmable
       # t.string   :confirmation_token
       # t.datetime :confirmed_at

data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb

@@ -0,0 +1,49 @@
+class DeviseTokenAuthCreateConfirmableUsers < ActiveRecord::Migration[5.2]
+  def change
+    
+    create_table(:confirmable_users) do |t|
+      ## Required
+      t.string :provider, :null => false, :default => "email"
+      t.string :uid, :null => false, :default => ""
+
+      ## Database authenticatable
+      t.string :encrypted_password, :null => false, :default => ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+      t.boolean  :allow_password_change, :default => false
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+      ## User Info
+      t.string :name
+      t.string :nickname
+      t.string :image
+      t.string :email
+
+      ## Tokens
+      t.text :tokens
+
+      t.timestamps
+    end
+
+    add_index :confirmable_users, :email,                unique: true
+    add_index :confirmable_users, [:uid, :provider],     unique: true
+    add_index :confirmable_users, :reset_password_token, unique: true
+    add_index :confirmable_users, :confirmation_token,   unique: true
+    # add_index :confirmable_users, :unlock_token,       unique: true
+  end
+end

data/test/dummy/db/schema.rb

@@ -1,18 +1,41 @@
-# frozen_string_literal: true
-
 # This file is auto-generated from the current state of the database. Instead
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
 #
-# Note that this schema.rb definition is the authoritative source for your
-# database schema. If you need to create the application database on another
-# system, you should be using db:schema:load, not running all the migrations
-# from scratch. The latter is a flawed and unsustainable approach (the more migrations
-# you'll amass, the slower it'll run and the greater likelihood for issues).
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20160629184441) do
+ActiveRecord::Schema.define(version: 2019_09_24_101113) do
+
+  create_table "confirmable_users", force: :cascade do |t|
+    t.string "provider", default: "email", null: false
+    t.string "uid", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.string "reset_password_token"
+    t.datetime "reset_password_sent_at"
+    t.boolean "allow_password_change", default: false
+    t.datetime "remember_created_at"
+    t.string "confirmation_token"
+    t.datetime "confirmed_at"
+    t.datetime "confirmation_sent_at"
+    t.string "unconfirmed_email"
+    t.string "name"
+    t.string "nickname"
+    t.string "image"
+    t.string "email"
+    t.text "tokens"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["confirmation_token"], name: "index_confirmable_users_on_confirmation_token", unique: true
+    t.index ["email"], name: "index_confirmable_users_on_email", unique: true
+    t.index ["reset_password_token"], name: "index_confirmable_users_on_reset_password_token", unique: true
+    t.index ["uid", "provider"], name: "index_confirmable_users_on_uid_and_provider", unique: true
+  end
 
   create_table "lockable_users", force: :cascade do |t|
     t.string "provider", null: false
@@ -41,11 +64,6 @@ ActiveRecord::Schema.define(version: 20160629184441) do
     t.string "reset_password_redirect_url"
     t.boolean "allow_password_change", default: false
     t.datetime "remember_created_at"
-    t.integer "sign_in_count", default: 0, null: false
-    t.datetime "current_sign_in_at"
-    t.datetime "last_sign_in_at"
-    t.string "current_sign_in_ip"
-    t.string "last_sign_in_ip"
     t.string "confirmation_token"
     t.datetime "confirmed_at"
     t.datetime "confirmation_sent_at"
@@ -88,11 +106,6 @@ ActiveRecord::Schema.define(version: 20160629184441) do
     t.datetime "reset_password_sent_at"
     t.boolean "allow_password_change", default: false
     t.datetime "remember_created_at"
-    t.integer "sign_in_count", default: 0, null: false
-    t.datetime "current_sign_in_at"
-    t.datetime "last_sign_in_at"
-    t.string "current_sign_in_ip"
-    t.string "last_sign_in_ip"
     t.string "confirmation_token"
     t.datetime "confirmed_at"
     t.datetime "confirmation_sent_at"
@@ -117,11 +130,6 @@ ActiveRecord::Schema.define(version: 20160629184441) do
     t.datetime "reset_password_sent_at"
     t.boolean "allow_password_change", default: false
     t.datetime "remember_created_at"
-    t.integer "sign_in_count", default: 0, null: false
-    t.datetime "current_sign_in_at"
-    t.datetime "last_sign_in_at"
-    t.string "current_sign_in_ip"
-    t.string "last_sign_in_ip"
     t.string "name"
     t.string "nickname"
     t.string "image"
@@ -142,11 +150,6 @@ ActiveRecord::Schema.define(version: 20160629184441) do
     t.datetime "reset_password_sent_at"
     t.boolean "allow_password_change", default: false
     t.datetime "remember_created_at"
-    t.integer "sign_in_count", default: 0, null: false
-    t.datetime "current_sign_in_at"
-    t.datetime "last_sign_in_at"
-    t.string "current_sign_in_ip"
-    t.string "last_sign_in_ip"
     t.string "confirmation_token"
     t.datetime "confirmed_at"
     t.datetime "confirmation_sent_at"
@@ -171,11 +174,6 @@ ActiveRecord::Schema.define(version: 20160629184441) do
     t.string "reset_password_redirect_url"
     t.boolean "allow_password_change", default: false
     t.datetime "remember_created_at"
-    t.integer "sign_in_count", default: 0, null: false
-    t.datetime "current_sign_in_at"
-    t.datetime "last_sign_in_at"
-    t.string "current_sign_in_ip"
-    t.string "last_sign_in_ip"
     t.string "confirmation_token"
     t.datetime "confirmed_at"
     t.datetime "confirmation_sent_at"

data/test/dummy/tmp/generators/app/models/user.rb

@@ -0,0 +1,11 @@
+              class User < ApplicationRecord
+            # Include default devise modules.
+            devise :database_authenticatable, :registerable,
+                    :recoverable, :rememberable, :trackable, :validatable,
+                    :confirmable, :omniauthable
+            include DeviseTokenAuth::Concerns::User
+
+                def whatever
+                  puts 'whatever'
+                end
+              end

data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+DeviseTokenAuth.setup do |config|
+  # By default the authorization headers will change after each request. The
+  # client is responsible for keeping track of the changing tokens. Change
+  # this to false to prevent the Authorization header from changing after
+  # each request.
+  # config.change_headers_on_each_request = true
+
+  # By default, users will need to re-authenticate after 2 weeks. This setting
+  # determines how long tokens will remain valid after they are issued.
+  # config.token_lifespan = 2.weeks
+
+  # Limiting the token_cost to just 4 in testing will increase the performance of
+  # your test suite dramatically. The possible cost value is within range from 4
+  # to 31. It is recommended to not use a value more than 10 in other environments.
+  config.token_cost = Rails.env.test? ? 4 : 10
+
+  # Sets the max number of concurrent devices per user, which is 10 by default.
+  # After this limit is reached, the oldest tokens will be removed.
+  # config.max_number_of_devices = 10
+
+  # Sometimes it's necessary to make several requests to the API at the same
+  # time. In this case, each request in the batch will need to share the same
+  # auth token. This setting determines how far apart the requests can be while
+  # still using the same auth token.
+  # config.batch_request_buffer_throttle = 5.seconds
+
+  # This route will be the prefix for all oauth2 redirect callbacks. For
+  # example, using the default '/omniauth', the github oauth2 provider will
+  # redirect successful authentications to '/omniauth/github/callback'
+  # config.omniauth_prefix = "/omniauth"
+
+  # By default sending current password is not needed for the password update.
+  # Uncomment to enforce current_password param to be checked before all
+  # attribute updates. Set it to :password if you want it to be checked only if
+  # password is updated.
+  # config.check_current_password_before_update = :attributes
+
+  # By default we will use callbacks for single omniauth.
+  # It depends on fields like email, provider and uid.
+  # config.default_callbacks = true
+
+  # Makes it possible to change the headers names
+  # config.headers_names = {:'access-token' => 'access-token',
+  #                        :'client' => 'client',
+  #                        :'expiry' => 'expiry',
+  #                        :'uid' => 'uid',
+  #                        :'token-type' => 'token-type' }
+
+  # By default, only Bearer Token authentication is implemented out of the box.
+  # If, however, you wish to integrate with legacy Devise authentication, you can
+  # do so by enabling this flag. NOTE: This feature is highly experimental!
+  # config.enable_standard_devise_support = false
+
+  # By default DeviseTokenAuth will not send confirmation email, even when including
+  # devise confirmable module. If you want to use devise confirmable module and
+  # send email, set it to true. (This is a setting for compatibility)
+  # config.send_confirmation_email = true
+end

data/test/dummy/tmp/generators/db/migrate/20220822003050_devise_token_auth_create_users.rb

@@ -0,0 +1,49 @@
+class DeviseTokenAuthCreateUsers < ActiveRecord::Migration[5.2]
+  def change
+    
+    create_table(:users) do |t|
+      ## Required
+      t.string :provider, :null => false, :default => "email"
+      t.string :uid, :null => false, :default => ""
+
+      ## Database authenticatable
+      t.string :encrypted_password, :null => false, :default => ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+      t.boolean  :allow_password_change, :default => false
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+      ## User Info
+      t.string :name
+      t.string :nickname
+      t.string :image
+      t.string :email
+
+      ## Tokens
+      t.text :tokens
+
+      t.timestamps
+    end
+
+    add_index :users, :email,                unique: true
+    add_index :users, [:uid, :provider],     unique: true
+    add_index :users, :reset_password_token, unique: true
+    add_index :users, :confirmation_token,   unique: true
+    # add_index :users, :unlock_token,         unique: true
+  end
+end

data/test/factories/users.rb

@@ -1,6 +1,6 @@
 FactoryBot.define do
   factory :user do
-    email { Faker::Internet.safe_email }
+    email { Faker::Internet.unique.safe_email }
     password { Faker::Internet.password }
     provider { 'email' }
 
@@ -24,7 +24,7 @@ FactoryBot.define do
     end
 
     trait :facebook do
-      uid { Faker::Number.number(10) }
+      uid { Faker::Number.number }
       provider { 'facebook' }
     end
 
@@ -36,5 +36,6 @@ FactoryBot.define do
     factory :mang_user, class: 'Mang'
     factory :only_email_user, class: 'OnlyEmailUser'
     factory :scoped_user, class: 'ScopedUser'
+    factory :confirmable_user, class: 'ConfirmableUser'
   end
 end

data/test/lib/devise_token_auth/blacklist_test.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class DeviseTokenAuth::BlacklistTest < ActiveSupport::TestCase
+  if defined? Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION
+    describe Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION do
+      test 'should include :tokens' do
+        assert Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION.include?(:tokens)
+      end
+    end
+  else
+    describe Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION do
+      test 'should include :tokens' do
+        assert Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION.include?(:tokens)
+      end
+    end
+  end
+end

data/test/lib/devise_token_auth/rails/custom_routes_test.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class DeviseTokenAuth::CustomRoutesTest < ActiveSupport::TestCase
+  after do
+    Rails.application.reload_routes!
+  end
+  test 'custom controllers' do
+    class ActionDispatch::Routing::Mapper
+        include Mocha::ParameterMatchers
+    end
+    Rails.application.routes.draw do
+      self.expects(:devise_for).with(
+        :users,
+        has_entries(
+          controllers: has_entries(
+            invitations: "custom/invitations", foo: "custom/foo"
+          )
+        )
+      )
+
+      mount_devise_token_auth_for 'User', at: 'my_custom_users', controllers: {
+        invitations: 'custom/invitations',
+        foo: 'custom/foo'
+      }
+    end
+  end
+end

data/test/lib/devise_token_auth/rails/routes_test.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+# Needed for MiniTest to start a controller test so we can use assert_recognizes
+class DeviseTokenAuth::RoutesTestController < DeviseTokenAuth::ApplicationController
+end
+
+class DeviseTokenAuth::RoutesTest < ActionController::TestCase
+  self.controller_class = DeviseTokenAuth::RoutesTestController
+  before do
+    Rails.application.routes.draw do
+      mount_devise_token_auth_for 'User', at: 'my_custom_users', controllers: {
+        invitations: 'custom/invitations',
+        foo: 'custom/foo'
+      }
+    end
+  end
+
+  after do
+    Rails.application.reload_routes!
+  end
+
+  test 'map new user session' do
+    assert_recognizes({controller: 'devise_token_auth/sessions', action: 'new'}, {path: 'my_custom_users/sign_in', method: :get})
+  end
+
+  test 'map create user session' do
+    assert_recognizes({controller: 'devise_token_auth/sessions', action: 'create'}, {path: 'my_custom_users/sign_in', method: :post})
+  end
+
+  test 'map destroy user session' do
+    assert_recognizes({controller: 'devise_token_auth/sessions', action: 'destroy'}, {path: 'my_custom_users/sign_out', method: :delete})
+  end
+
+  test 'map new user confirmation' do
+    assert_recognizes({controller: 'devise_token_auth/confirmations', action: 'new'}, 'my_custom_users/confirmation/new')
+  end
+
+  test 'map create user confirmation' do
+    assert_recognizes({controller: 'devise_token_auth/confirmations', action: 'create'}, {path: 'my_custom_users/confirmation', method: :post})
+  end
+
+  test 'map show user confirmation' do
+    assert_recognizes({controller: 'devise_token_auth/confirmations', action: 'show'}, {path: 'my_custom_users/confirmation', method: :get})
+  end
+
+  test 'map new user password' do
+    assert_recognizes({controller: 'devise_token_auth/passwords', action: 'new'}, 'my_custom_users/password/new')
+  end
+
+  test 'map create user password' do
+    assert_recognizes({controller: 'devise_token_auth/passwords', action: 'create'}, {path: 'my_custom_users/password', method: :post})
+  end
+
+  test 'map edit user password' do
+    assert_recognizes({controller: 'devise_token_auth/passwords', action: 'edit'}, 'my_custom_users/password/edit')
+  end
+
+  test 'map update user password' do
+    assert_recognizes({controller: 'devise_token_auth/passwords', action: 'update'}, {path: 'my_custom_users/password', method: :put})
+  end
+
+  test 'map new user registration' do
+    assert_recognizes({controller: 'devise_token_auth/registrations', action: 'new'}, 'my_custom_users/sign_up')
+  end
+
+  test 'map create user registration' do
+    assert_recognizes({controller: 'devise_token_auth/registrations', action: 'create'}, {path: 'my_custom_users', method: :post})
+  end
+
+  test 'map edit user registration' do
+    assert_recognizes({controller: 'devise_token_auth/registrations', action: 'edit'}, {path: 'my_custom_users/edit', method: :get})
+  end
+
+  test 'map update user registration' do
+    assert_recognizes({controller: 'devise_token_auth/registrations', action: 'update'}, {path: 'my_custom_users', method: :put})
+  end
+
+  test 'map destroy user registration' do
+    assert_recognizes({controller: 'devise_token_auth/registrations', action: 'destroy'}, {path: 'my_custom_users', method: :delete})
+  end
+
+  test 'map cancel user registration' do
+    assert_recognizes({controller: 'devise_token_auth/registrations', action: 'cancel'}, {path: 'my_custom_users/cancel', method: :get})
+  end
+end