devise_token_auth 1.0.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +4 -2
- data/app/controllers/devise_token_auth/application_controller.rb +19 -3
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +23 -11
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +78 -57
- data/app/controllers/devise_token_auth/confirmations_controller.rb +67 -20
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +82 -30
- data/app/controllers/devise_token_auth/passwords_controller.rb +53 -31
- data/app/controllers/devise_token_auth/registrations_controller.rb +33 -40
- data/app/controllers/devise_token_auth/sessions_controller.rb +24 -6
- data/app/controllers/devise_token_auth/unlocks_controller.rb +10 -6
- data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
- data/app/models/devise_token_auth/concerns/user.rb +77 -80
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +12 -5
- data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +11 -3
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/da-DK.yml +2 -0
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +10 -0
- data/config/locales/es.yml +2 -0
- data/config/locales/fr.yml +2 -0
- data/config/locales/he.yml +52 -0
- data/config/locales/it.yml +2 -0
- data/config/locales/ja.yml +16 -2
- data/config/locales/ko.yml +51 -0
- data/config/locales/nl.yml +2 -0
- data/config/locales/pl.yml +6 -3
- data/config/locales/pt-BR.yml +2 -0
- data/config/locales/pt.yml +6 -3
- data/config/locales/ro.yml +2 -0
- data/config/locales/ru.yml +2 -0
- data/config/locales/sq.yml +2 -0
- data/config/locales/sv.yml +2 -0
- data/config/locales/uk.yml +2 -0
- data/config/locales/vi.yml +2 -0
- data/config/locales/zh-CN.yml +2 -0
- data/config/locales/zh-HK.yml +2 -0
- data/config/locales/zh-TW.yml +2 -0
- data/lib/devise_token_auth/blacklist.rb +6 -0
- data/lib/devise_token_auth/controllers/helpers.rb +5 -9
- data/lib/devise_token_auth/engine.rb +17 -2
- data/lib/devise_token_auth/rails/routes.rb +18 -13
- data/lib/devise_token_auth/token_factory.rb +126 -0
- data/lib/devise_token_auth/url.rb +3 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/devise_token_auth.rb +6 -3
- data/lib/generators/devise_token_auth/USAGE +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +7 -91
- data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +13 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -8
- data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
- data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
- data/test/controllers/demo_mang_controller_test.rb +37 -8
- data/test/controllers/demo_user_controller_test.rb +39 -10
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +163 -18
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +110 -43
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +299 -122
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +54 -14
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +31 -40
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +43 -2
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +44 -5
- data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
- data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
- data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
- data/test/dummy/app/active_record/user.rb +6 -0
- data/test/dummy/app/controllers/overrides/confirmations_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/passwords_controller.rb +3 -3
- data/test/dummy/app/controllers/overrides/registrations_controller.rb +1 -1
- data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
- data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/mongoid/lockable_user.rb +38 -0
- data/test/dummy/app/mongoid/mang.rb +46 -0
- data/test/dummy/app/mongoid/only_email_user.rb +33 -0
- data/test/dummy/app/mongoid/scoped_user.rb +50 -0
- data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
- data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
- data/test/dummy/app/mongoid/user.rb +49 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +22 -1
- data/test/dummy/config/boot.rb +4 -0
- data/test/dummy/config/environments/development.rb +0 -10
- data/test/dummy/config/environments/production.rb +0 -16
- data/test/dummy/config/initializers/devise.rb +285 -0
- data/test/dummy/config/initializers/devise_token_auth.rb +35 -4
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +1 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
- data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
- data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
- data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
- data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
- data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
- data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
- data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
- data/test/dummy/db/schema.rb +31 -33
- data/test/dummy/tmp/generators/app/models/user.rb +11 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +60 -0
- data/test/dummy/tmp/generators/db/migrate/20220822003050_devise_token_auth_create_users.rb +49 -0
- data/test/factories/users.rb +3 -2
- data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
- data/test/lib/devise_token_auth/url_test.rb +2 -2
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
- data/test/models/concerns/mongoid_support_test.rb +31 -0
- data/test/models/concerns/tokens_serialization_test.rb +104 -0
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/models/only_email_user_test.rb +0 -8
- data/test/models/user_test.rb +13 -23
- data/test/test_helper.rb +45 -4
- metadata +126 -33
- data/config/initializers/devise.rb +0 -198
- data/test/dummy/config/initializers/assets.rb +0 -10
- data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
- data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
- /data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
- /data/test/dummy/app/{models → active_record}/mang.rb +0 -0
- /data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
|
@@ -2,23 +2,13 @@
|
|
|
2
2
|
|
|
3
3
|
module DeviseTokenAuth
|
|
4
4
|
class PasswordsController < DeviseTokenAuth::ApplicationController
|
|
5
|
-
before_action :
|
|
5
|
+
before_action :validate_redirect_url_param, only: [:create, :edit]
|
|
6
6
|
skip_after_action :update_auth_header, only: [:create, :edit]
|
|
7
7
|
|
|
8
|
-
# this action is responsible for generating password reset tokens and
|
|
9
|
-
# sending emails
|
|
8
|
+
# this action is responsible for generating password reset tokens and sending emails
|
|
10
9
|
def create
|
|
11
10
|
return render_create_error_missing_email unless resource_params[:email]
|
|
12
11
|
|
|
13
|
-
# give redirect value from params priority
|
|
14
|
-
@redirect_url = params.fetch(
|
|
15
|
-
:redirect_url,
|
|
16
|
-
DeviseTokenAuth.default_password_reset_url
|
|
17
|
-
)
|
|
18
|
-
|
|
19
|
-
return render_create_error_missing_redirect_url unless @redirect_url
|
|
20
|
-
return render_create_error_not_allowed_redirect_url if blacklisted_redirect_url?
|
|
21
|
-
|
|
22
12
|
@email = get_case_insensitive_field_from_resource_params(:email)
|
|
23
13
|
@resource = find_resource(:uid, @email)
|
|
24
14
|
|
|
@@ -44,14 +34,13 @@ module DeviseTokenAuth
|
|
|
44
34
|
# this is where users arrive after visiting the password reset confirmation link
|
|
45
35
|
def edit
|
|
46
36
|
# if a user is not found, return nil
|
|
47
|
-
@resource = with_reset_password_token(resource_params[:reset_password_token])
|
|
37
|
+
@resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])
|
|
48
38
|
|
|
49
39
|
if @resource && @resource.reset_password_period_valid?
|
|
50
|
-
|
|
40
|
+
token = @resource.create_token unless require_client_password_reset_token?
|
|
51
41
|
|
|
52
42
|
# ensure that user is confirmed
|
|
53
43
|
@resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at
|
|
54
|
-
|
|
55
44
|
# allow user to change password once without current_password
|
|
56
45
|
@resource.allow_password_change = true if recoverable_enabled?
|
|
57
46
|
|
|
@@ -59,12 +48,20 @@ module DeviseTokenAuth
|
|
|
59
48
|
|
|
60
49
|
yield @resource if block_given?
|
|
61
50
|
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
51
|
+
if require_client_password_reset_token?
|
|
52
|
+
redirect_to DeviseTokenAuth::Url.generate(@redirect_url, reset_password_token: resource_params[:reset_password_token])
|
|
53
|
+
else
|
|
54
|
+
if DeviseTokenAuth.cookie_enabled
|
|
55
|
+
set_token_in_cookie(@resource, token)
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
redirect_header_options = { reset_password: true }
|
|
59
|
+
redirect_headers = build_redirect_headers(token.token,
|
|
60
|
+
token.client,
|
|
61
|
+
redirect_header_options)
|
|
62
|
+
redirect_to(@resource.build_auth_url(@redirect_url,
|
|
63
|
+
redirect_headers))
|
|
64
|
+
end
|
|
68
65
|
else
|
|
69
66
|
render_edit_error
|
|
70
67
|
end
|
|
@@ -72,6 +69,15 @@ module DeviseTokenAuth
|
|
|
72
69
|
|
|
73
70
|
def update
|
|
74
71
|
# make sure user is authorized
|
|
72
|
+
if require_client_password_reset_token? && resource_params[:reset_password_token]
|
|
73
|
+
@resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])
|
|
74
|
+
return render_update_error_unauthorized unless @resource
|
|
75
|
+
|
|
76
|
+
@token = @resource.create_token
|
|
77
|
+
else
|
|
78
|
+
@resource = set_user_by_token
|
|
79
|
+
end
|
|
80
|
+
|
|
75
81
|
return render_update_error_unauthorized unless @resource
|
|
76
82
|
|
|
77
83
|
# make sure account doesn't use oauth2 provider
|
|
@@ -98,9 +104,9 @@ module DeviseTokenAuth
|
|
|
98
104
|
protected
|
|
99
105
|
|
|
100
106
|
def resource_update_method
|
|
101
|
-
allow_password_change = recoverable_enabled? && @resource.allow_password_change == true
|
|
107
|
+
allow_password_change = recoverable_enabled? && @resource.allow_password_change == true || require_client_password_reset_token?
|
|
102
108
|
if DeviseTokenAuth.check_current_password_before_update == false || allow_password_change
|
|
103
|
-
'
|
|
109
|
+
'update'
|
|
104
110
|
else
|
|
105
111
|
'update_with_password'
|
|
106
112
|
end
|
|
@@ -114,7 +120,7 @@ module DeviseTokenAuth
|
|
|
114
120
|
render_error(401, I18n.t('devise_token_auth.passwords.missing_redirect_url'))
|
|
115
121
|
end
|
|
116
122
|
|
|
117
|
-
def
|
|
123
|
+
def render_error_not_allowed_redirect_url
|
|
118
124
|
response = {
|
|
119
125
|
status: 'error',
|
|
120
126
|
data: resource_data
|
|
@@ -126,7 +132,7 @@ module DeviseTokenAuth
|
|
|
126
132
|
def render_create_success
|
|
127
133
|
render json: {
|
|
128
134
|
success: true,
|
|
129
|
-
message:
|
|
135
|
+
message: success_message('passwords', @email)
|
|
130
136
|
}
|
|
131
137
|
end
|
|
132
138
|
|
|
@@ -178,15 +184,31 @@ module DeviseTokenAuth
|
|
|
178
184
|
params.permit(*params_for_resource(:account_update))
|
|
179
185
|
end
|
|
180
186
|
|
|
181
|
-
def
|
|
182
|
-
|
|
187
|
+
def render_not_found_error
|
|
188
|
+
if Devise.paranoid
|
|
189
|
+
render_create_success
|
|
190
|
+
else
|
|
191
|
+
render_error(404, I18n.t('devise_token_auth.passwords.user_not_found', email: @email))
|
|
192
|
+
end
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
def validate_redirect_url_param
|
|
196
|
+
# give redirect value from params priority
|
|
197
|
+
@redirect_url = params.fetch(
|
|
198
|
+
:redirect_url,
|
|
199
|
+
DeviseTokenAuth.default_password_reset_url
|
|
200
|
+
)
|
|
183
201
|
|
|
184
|
-
|
|
185
|
-
|
|
202
|
+
return render_create_error_missing_redirect_url unless @redirect_url
|
|
203
|
+
return render_error_not_allowed_redirect_url if blacklisted_redirect_url?(@redirect_url)
|
|
186
204
|
end
|
|
187
205
|
|
|
188
|
-
def
|
|
189
|
-
|
|
206
|
+
def reset_password_token_as_raw?(recoverable)
|
|
207
|
+
recoverable && recoverable.reset_password_token.present? && !require_client_password_reset_token?
|
|
208
|
+
end
|
|
209
|
+
|
|
210
|
+
def require_client_password_reset_token?
|
|
211
|
+
DeviseTokenAuth.require_client_password_reset_token
|
|
190
212
|
end
|
|
191
213
|
end
|
|
192
214
|
end
|
|
@@ -28,42 +28,40 @@ module DeviseTokenAuth
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
# if whitelist is set, validate redirect_url against whitelist
|
|
31
|
-
return render_create_error_redirect_url_not_allowed if blacklisted_redirect_url?
|
|
31
|
+
return render_create_error_redirect_url_not_allowed if blacklisted_redirect_url?(@redirect_url)
|
|
32
32
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
33
|
+
# override email confirmation, must be sent manually from ctrl
|
|
34
|
+
callback_name = defined?(ActiveRecord) && resource_class < ActiveRecord::Base ? :commit : :create
|
|
35
|
+
resource_class.set_callback(callback_name, :after, :send_on_create_confirmation_instructions)
|
|
36
|
+
resource_class.skip_callback(callback_name, :after, :send_on_create_confirmation_instructions)
|
|
37
37
|
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
38
|
+
if @resource.respond_to? :skip_confirmation_notification!
|
|
39
|
+
# Fix duplicate e-mails by disabling Devise confirmation e-mail
|
|
40
|
+
@resource.skip_confirmation_notification!
|
|
41
|
+
end
|
|
42
42
|
|
|
43
|
-
|
|
44
|
-
|
|
43
|
+
if @resource.save
|
|
44
|
+
yield @resource if block_given?
|
|
45
45
|
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
# user will require email authentication
|
|
53
|
-
@resource.send_confirmation_instructions(
|
|
54
|
-
client_config: params[:config_name],
|
|
55
|
-
redirect_url: @redirect_url
|
|
56
|
-
)
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
render_create_success
|
|
60
|
-
else
|
|
61
|
-
clean_up_passwords @resource
|
|
62
|
-
render_create_error
|
|
46
|
+
unless @resource.confirmed?
|
|
47
|
+
# user will require email authentication
|
|
48
|
+
@resource.send_confirmation_instructions({
|
|
49
|
+
client_config: params[:config_name],
|
|
50
|
+
redirect_url: @redirect_url
|
|
51
|
+
})
|
|
63
52
|
end
|
|
64
|
-
|
|
53
|
+
|
|
54
|
+
if active_for_authentication?
|
|
55
|
+
# email auth has been bypassed, authenticate user
|
|
56
|
+
@token = @resource.create_token
|
|
57
|
+
@resource.save!
|
|
58
|
+
update_auth_header
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
render_create_success
|
|
62
|
+
else
|
|
65
63
|
clean_up_passwords @resource
|
|
66
|
-
|
|
64
|
+
render_create_error
|
|
67
65
|
end
|
|
68
66
|
end
|
|
69
67
|
|
|
@@ -145,15 +143,6 @@ module DeviseTokenAuth
|
|
|
145
143
|
}, status: 422
|
|
146
144
|
end
|
|
147
145
|
|
|
148
|
-
def render_create_error_email_already_exists
|
|
149
|
-
response = {
|
|
150
|
-
status: 'error',
|
|
151
|
-
data: resource_data
|
|
152
|
-
}
|
|
153
|
-
message = I18n.t('devise_token_auth.registrations.email_already_exists', email: @resource.email)
|
|
154
|
-
render_error(422, message, response)
|
|
155
|
-
end
|
|
156
|
-
|
|
157
146
|
def render_update_success
|
|
158
147
|
render json: {
|
|
159
148
|
status: 'success',
|
|
@@ -193,7 +182,7 @@ module DeviseTokenAuth
|
|
|
193
182
|
elsif account_update_params.key?(:current_password)
|
|
194
183
|
'update_with_password'
|
|
195
184
|
else
|
|
196
|
-
'
|
|
185
|
+
'update'
|
|
197
186
|
end
|
|
198
187
|
end
|
|
199
188
|
|
|
@@ -208,5 +197,9 @@ module DeviseTokenAuth
|
|
|
208
197
|
def validate_post_data which, message
|
|
209
198
|
render_error(:unprocessable_entity, message, status: 'error') if which.empty?
|
|
210
199
|
end
|
|
200
|
+
|
|
201
|
+
def active_for_authentication?
|
|
202
|
+
!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?
|
|
203
|
+
end
|
|
211
204
|
end
|
|
212
205
|
end
|
|
@@ -26,8 +26,8 @@ module DeviseTokenAuth
|
|
|
26
26
|
if (@resource.respond_to?(:valid_for_authentication?) && !@resource.valid_for_authentication? { valid_password }) || !valid_password
|
|
27
27
|
return render_create_error_bad_credentials
|
|
28
28
|
end
|
|
29
|
-
|
|
30
|
-
|
|
29
|
+
|
|
30
|
+
create_and_assign_token
|
|
31
31
|
|
|
32
32
|
sign_in(:user, @resource, store: false, bypass: false)
|
|
33
33
|
|
|
@@ -48,13 +48,19 @@ module DeviseTokenAuth
|
|
|
48
48
|
def destroy
|
|
49
49
|
# remove auth instance variables so that after_action does not run
|
|
50
50
|
user = remove_instance_variable(:@resource) if @resource
|
|
51
|
-
|
|
52
|
-
|
|
51
|
+
client = @token.client
|
|
52
|
+
@token.clear!
|
|
53
53
|
|
|
54
|
-
if user &&
|
|
55
|
-
user.tokens.delete(
|
|
54
|
+
if user && client && user.tokens[client]
|
|
55
|
+
user.tokens.delete(client)
|
|
56
56
|
user.save!
|
|
57
57
|
|
|
58
|
+
if DeviseTokenAuth.cookie_enabled
|
|
59
|
+
# If a cookie is set with a domain specified then it must be deleted with that domain specified
|
|
60
|
+
# See https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html
|
|
61
|
+
cookies.delete(DeviseTokenAuth.cookie_name, domain: DeviseTokenAuth.cookie_attributes[:domain])
|
|
62
|
+
end
|
|
63
|
+
|
|
58
64
|
yield user if block_given?
|
|
59
65
|
|
|
60
66
|
render_destroy_success
|
|
@@ -127,5 +133,17 @@ module DeviseTokenAuth
|
|
|
127
133
|
def resource_params
|
|
128
134
|
params.permit(*params_for_resource(:sign_in))
|
|
129
135
|
end
|
|
136
|
+
|
|
137
|
+
def create_and_assign_token
|
|
138
|
+
if @resource.respond_to?(:with_lock)
|
|
139
|
+
@resource.with_lock do
|
|
140
|
+
@token = @resource.create_token
|
|
141
|
+
@resource.save!
|
|
142
|
+
end
|
|
143
|
+
else
|
|
144
|
+
@token = @resource.create_token
|
|
145
|
+
@resource.save!
|
|
146
|
+
end
|
|
147
|
+
end
|
|
130
148
|
end
|
|
131
149
|
end
|
|
@@ -34,14 +34,14 @@ module DeviseTokenAuth
|
|
|
34
34
|
def show
|
|
35
35
|
@resource = resource_class.unlock_access_by_token(params[:unlock_token])
|
|
36
36
|
|
|
37
|
-
if @resource
|
|
38
|
-
|
|
37
|
+
if @resource.persisted?
|
|
38
|
+
token = @resource.create_token
|
|
39
39
|
@resource.save!
|
|
40
40
|
yield @resource if block_given?
|
|
41
41
|
|
|
42
42
|
redirect_header_options = { unlock: true }
|
|
43
|
-
redirect_headers = build_redirect_headers(token,
|
|
44
|
-
|
|
43
|
+
redirect_headers = build_redirect_headers(token.token,
|
|
44
|
+
token.client,
|
|
45
45
|
redirect_header_options)
|
|
46
46
|
redirect_to(@resource.build_auth_url(after_unlock_path_for(@resource),
|
|
47
47
|
redirect_headers))
|
|
@@ -63,7 +63,7 @@ module DeviseTokenAuth
|
|
|
63
63
|
def render_create_success
|
|
64
64
|
render json: {
|
|
65
65
|
success: true,
|
|
66
|
-
message:
|
|
66
|
+
message: success_message('unlocks', @email)
|
|
67
67
|
}
|
|
68
68
|
end
|
|
69
69
|
|
|
@@ -79,7 +79,11 @@ module DeviseTokenAuth
|
|
|
79
79
|
end
|
|
80
80
|
|
|
81
81
|
def render_not_found_error
|
|
82
|
-
|
|
82
|
+
if Devise.paranoid
|
|
83
|
+
render_create_success
|
|
84
|
+
else
|
|
85
|
+
render_error(404, I18n.t('devise_token_auth.unlocks.user_not_found', email: @email))
|
|
86
|
+
end
|
|
83
87
|
end
|
|
84
88
|
|
|
85
89
|
def resource_params
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
module DeviseTokenAuth::Concerns::ActiveRecordSupport
|
|
2
|
+
extend ActiveSupport::Concern
|
|
3
|
+
|
|
4
|
+
included do
|
|
5
|
+
serialize :tokens, DeviseTokenAuth::Concerns::TokensSerialization
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
class_methods do
|
|
9
|
+
# It's abstract replacement .find_by
|
|
10
|
+
def dta_find_by(attrs = {})
|
|
11
|
+
find_by(attrs)
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
module DeviseTokenAuth::Concerns::ConfirmableSupport
|
|
2
|
+
extend ActiveSupport::Concern
|
|
3
|
+
|
|
4
|
+
included do
|
|
5
|
+
# Override standard devise `postpone_email_change?` method
|
|
6
|
+
# for not to use `will_save_change_to_email?` & `email_changed?` methods.
|
|
7
|
+
def postpone_email_change?
|
|
8
|
+
postpone = self.class.reconfirmable &&
|
|
9
|
+
email_value_in_database != email &&
|
|
10
|
+
!@bypass_confirmation_postpone &&
|
|
11
|
+
self.email.present? &&
|
|
12
|
+
(!@skip_reconfirmation_in_callback || !email_value_in_database.nil?)
|
|
13
|
+
@bypass_confirmation_postpone = false
|
|
14
|
+
postpone
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
protected
|
|
19
|
+
|
|
20
|
+
def email_value_in_database
|
|
21
|
+
rails51 = Rails.gem_version >= Gem::Version.new("5.1.x")
|
|
22
|
+
if rails51 && respond_to?(:email_in_database)
|
|
23
|
+
email_in_database
|
|
24
|
+
else
|
|
25
|
+
email_was
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module DeviseTokenAuth::Concerns::MongoidSupport
|
|
2
|
+
extend ActiveSupport::Concern
|
|
3
|
+
|
|
4
|
+
def as_json(options = {})
|
|
5
|
+
options[:except] = (options[:except] || []) + [:_id]
|
|
6
|
+
hash = super(options)
|
|
7
|
+
hash['id'] = to_param
|
|
8
|
+
hash
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
class_methods do
|
|
12
|
+
# It's abstract replacement .find_by
|
|
13
|
+
def dta_find_by(attrs = {})
|
|
14
|
+
find_by(attrs)
|
|
15
|
+
rescue Mongoid::Errors::DocumentNotFound
|
|
16
|
+
nil
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
module DeviseTokenAuth::Concerns::TokensSerialization
|
|
2
|
+
extend self
|
|
3
|
+
# Serialization hash to json
|
|
4
|
+
def dump(object)
|
|
5
|
+
JSON.generate(object && object.transform_values do |token|
|
|
6
|
+
serialize_updated_at(token).compact
|
|
7
|
+
end.compact)
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
# Deserialization json to hash
|
|
11
|
+
def load(json)
|
|
12
|
+
case json
|
|
13
|
+
when String
|
|
14
|
+
JSON.parse(json)
|
|
15
|
+
when NilClass
|
|
16
|
+
{}
|
|
17
|
+
else
|
|
18
|
+
json
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
private
|
|
23
|
+
|
|
24
|
+
def serialize_updated_at(token)
|
|
25
|
+
updated_at_key = ['updated_at', :updated_at].find(&token.method(:[]))
|
|
26
|
+
|
|
27
|
+
return token unless token[updated_at_key].respond_to?(:iso8601)
|
|
28
|
+
|
|
29
|
+
token.merge updated_at_key => token[updated_at_key].iso8601
|
|
30
|
+
end
|
|
31
|
+
end
|