devise_token_auth 1.0.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (134) hide show
  1. checksums.yaml +5 -5
  2. data/README.md +6 -3
  3. data/app/controllers/devise_token_auth/application_controller.rb +23 -3
  4. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +24 -11
  5. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +78 -57
  6. data/app/controllers/devise_token_auth/confirmations_controller.rb +69 -19
  7. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +89 -44
  8. data/app/controllers/devise_token_auth/passwords_controller.rb +55 -31
  9. data/app/controllers/devise_token_auth/registrations_controller.rb +33 -40
  10. data/app/controllers/devise_token_auth/sessions_controller.rb +36 -14
  11. data/app/controllers/devise_token_auth/unlocks_controller.rb +12 -7
  12. data/app/models/devise_token_auth/concerns/active_record_support.rb +14 -0
  13. data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
  14. data/app/models/devise_token_auth/concerns/mongoid_support.rb +19 -0
  15. data/app/models/devise_token_auth/concerns/tokens_serialization.rb +31 -0
  16. data/app/models/devise_token_auth/concerns/user.rb +79 -80
  17. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +12 -5
  18. data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb} +11 -3
  19. data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
  20. data/config/locales/da-DK.yml +2 -0
  21. data/config/locales/de.yml +2 -0
  22. data/config/locales/en.yml +10 -0
  23. data/config/locales/es.yml +2 -0
  24. data/config/locales/fr.yml +2 -0
  25. data/config/locales/he.yml +52 -0
  26. data/config/locales/it.yml +2 -0
  27. data/config/locales/ja.yml +16 -2
  28. data/config/locales/ko.yml +51 -0
  29. data/config/locales/nl.yml +2 -0
  30. data/config/locales/pl.yml +6 -3
  31. data/config/locales/pt-BR.yml +2 -0
  32. data/config/locales/pt.yml +6 -3
  33. data/config/locales/ro.yml +2 -0
  34. data/config/locales/ru.yml +2 -0
  35. data/config/locales/sq.yml +2 -0
  36. data/config/locales/sv.yml +2 -0
  37. data/config/locales/uk.yml +2 -0
  38. data/config/locales/vi.yml +2 -0
  39. data/config/locales/zh-CN.yml +2 -0
  40. data/config/locales/zh-HK.yml +2 -0
  41. data/config/locales/zh-TW.yml +2 -0
  42. data/lib/devise_token_auth/blacklist.rb +6 -0
  43. data/lib/devise_token_auth/controllers/helpers.rb +5 -9
  44. data/lib/devise_token_auth/engine.rb +17 -2
  45. data/lib/devise_token_auth/rails/routes.rb +22 -16
  46. data/lib/devise_token_auth/token_factory.rb +126 -0
  47. data/lib/devise_token_auth/url.rb +3 -0
  48. data/lib/devise_token_auth/version.rb +1 -1
  49. data/lib/devise_token_auth.rb +6 -3
  50. data/lib/generators/devise_token_auth/USAGE +1 -1
  51. data/lib/generators/devise_token_auth/install_generator.rb +7 -91
  52. data/lib/generators/devise_token_auth/install_generator_helpers.rb +98 -0
  53. data/lib/generators/devise_token_auth/install_mongoid_generator.rb +46 -0
  54. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +21 -5
  55. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -8
  56. data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
  57. data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +56 -0
  58. data/test/controllers/custom/custom_confirmations_controller_test.rb +2 -2
  59. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +1 -1
  60. data/test/controllers/demo_mang_controller_test.rb +37 -8
  61. data/test/controllers/demo_user_controller_test.rb +39 -10
  62. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +170 -22
  63. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +117 -53
  64. data/test/controllers/devise_token_auth/passwords_controller_test.rb +299 -122
  65. data/test/controllers/devise_token_auth/registrations_controller_test.rb +56 -16
  66. data/test/controllers/devise_token_auth/sessions_controller_test.rb +139 -75
  67. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +43 -2
  68. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +44 -5
  69. data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
  70. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +1 -1
  71. data/test/dummy/app/active_record/confirmable_user.rb +11 -0
  72. data/test/dummy/app/{models → active_record}/scoped_user.rb +2 -2
  73. data/test/dummy/app/{models → active_record}/unconfirmable_user.rb +1 -2
  74. data/test/dummy/app/{models → active_record}/unregisterable_user.rb +3 -3
  75. data/test/dummy/app/active_record/user.rb +6 -0
  76. data/test/dummy/app/controllers/application_controller.rb +2 -6
  77. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +5 -4
  78. data/test/dummy/app/controllers/overrides/passwords_controller.rb +5 -4
  79. data/test/dummy/app/controllers/overrides/registrations_controller.rb +1 -1
  80. data/test/dummy/app/controllers/overrides/sessions_controller.rb +2 -2
  81. data/test/dummy/app/models/{user.rb → concerns/favorite_color.rb} +7 -8
  82. data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
  83. data/test/dummy/app/mongoid/lockable_user.rb +38 -0
  84. data/test/dummy/app/mongoid/mang.rb +46 -0
  85. data/test/dummy/app/mongoid/only_email_user.rb +33 -0
  86. data/test/dummy/app/mongoid/scoped_user.rb +50 -0
  87. data/test/dummy/app/mongoid/unconfirmable_user.rb +44 -0
  88. data/test/dummy/app/mongoid/unregisterable_user.rb +47 -0
  89. data/test/dummy/app/mongoid/user.rb +49 -0
  90. data/test/dummy/app/views/layouts/application.html.erb +0 -2
  91. data/test/dummy/config/application.rb +22 -1
  92. data/test/dummy/config/boot.rb +4 -0
  93. data/test/dummy/config/environments/development.rb +0 -10
  94. data/test/dummy/config/environments/production.rb +0 -16
  95. data/test/dummy/config/environments/test.rb +6 -2
  96. data/test/dummy/config/initializers/devise.rb +285 -0
  97. data/test/dummy/config/initializers/devise_token_auth.rb +35 -4
  98. data/test/dummy/config/initializers/figaro.rb +1 -1
  99. data/test/dummy/config/initializers/omniauth.rb +1 -0
  100. data/test/dummy/config/routes.rb +2 -0
  101. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +0 -7
  102. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +0 -7
  103. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +0 -7
  104. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +0 -7
  105. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +0 -7
  106. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +0 -7
  107. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +0 -7
  108. data/test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb +49 -0
  109. data/test/dummy/db/schema.rb +31 -33
  110. data/test/dummy/tmp/generators/app/models/user.rb +9 -0
  111. data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +66 -0
  112. data/test/dummy/tmp/generators/db/migrate/20230415183419_devise_token_auth_create_users.rb +49 -0
  113. data/test/factories/users.rb +3 -2
  114. data/test/lib/devise_token_auth/blacklist_test.rb +19 -0
  115. data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
  116. data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
  117. data/test/lib/devise_token_auth/token_factory_test.rb +191 -0
  118. data/test/lib/devise_token_auth/url_test.rb +2 -2
  119. data/test/lib/generators/devise_token_auth/install_generator_test.rb +51 -31
  120. data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +51 -31
  121. data/test/models/concerns/mongoid_support_test.rb +31 -0
  122. data/test/models/concerns/tokens_serialization_test.rb +104 -0
  123. data/test/models/confirmable_user_test.rb +35 -0
  124. data/test/models/only_email_user_test.rb +0 -8
  125. data/test/models/user_test.rb +13 -23
  126. data/test/test_helper.rb +45 -4
  127. metadata +190 -97
  128. data/config/initializers/devise.rb +0 -198
  129. data/test/dummy/config/initializers/assets.rb +0 -10
  130. data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +0 -5
  131. data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +0 -8
  132. /data/test/dummy/app/{models → active_record}/lockable_user.rb +0 -0
  133. /data/test/dummy/app/{models → active_record}/mang.rb +0 -0
  134. /data/test/dummy/app/{models → active_record}/only_email_user.rb +0 -0
@@ -1,20 +1,14 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require_relative 'install_generator_helpers'
4
+
3
5
  module DeviseTokenAuth
4
6
  class InstallGenerator < Rails::Generators::Base
5
7
  include Rails::Generators::Migration
8
+ include DeviseTokenAuth::InstallGeneratorHelpers
6
9
 
7
10
  class_option :primary_key_type, type: :string, desc: 'The type for primary key'
8
11
 
9
- source_root File.expand_path('templates', __dir__)
10
-
11
- argument :user_class, type: :string, default: 'User'
12
- argument :mount_path, type: :string, default: 'auth'
13
-
14
- def create_initializer_file
15
- copy_file('devise_token_auth.rb', 'config/initializers/devise_token_auth.rb')
16
- end
17
-
18
12
  def copy_migrations
19
13
  if self.class.migration_exists?('db/migrate', "devise_token_auth_create_#{user_class.pluralize.gsub('::','').underscore}")
20
14
  say_status('skipped', "Migration 'devise_token_auth_create_#{user_class.pluralize.gsub('::','').underscore}' already exists")
@@ -32,7 +26,7 @@ module DeviseTokenAuth
32
26
  inclusion = 'include DeviseTokenAuth::Concerns::User'
33
27
  unless parse_file_for_line(fname, inclusion)
34
28
 
35
- active_record_needle = (Rails::VERSION::MAJOR == 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
29
+ active_record_needle = (Rails::VERSION::MAJOR >= 5) ? 'ApplicationRecord' : 'ActiveRecord::Base'
36
30
  inject_into_file fname, after: "class #{user_class} < #{active_record_needle}\n" do <<-'RUBY'
37
31
  # Include default devise modules.
38
32
  devise :database_authenticatable, :registerable,
@@ -47,90 +41,12 @@ module DeviseTokenAuth
47
41
  end
48
42
  end
49
43
 
50
- def include_controller_concerns
51
- fname = 'app/controllers/application_controller.rb'
52
- line = 'include DeviseTokenAuth::Concerns::SetUserByToken'
53
-
54
- if File.exist?(File.join(destination_root, fname))
55
- if parse_file_for_line(fname, line)
56
- say_status('skipped', 'Concern is already included in the application controller.')
57
- elsif is_rails_api?
58
- inject_into_file fname, after: "class ApplicationController < ActionController::API\n" do <<-'RUBY'
59
- include DeviseTokenAuth::Concerns::SetUserByToken
60
- RUBY
61
- end
62
- else
63
- inject_into_file fname, after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
64
- include DeviseTokenAuth::Concerns::SetUserByToken
65
- RUBY
66
- end
67
- end
68
- else
69
- say_status('skipped', "app/controllers/application_controller.rb not found. Add 'include DeviseTokenAuth::Concerns::SetUserByToken' to any controllers that require authentication.")
70
- end
71
- end
72
-
73
- def add_route_mount
74
- f = 'config/routes.rb'
75
- str = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
76
-
77
- if File.exist?(File.join(destination_root, f))
78
- line = parse_file_for_line(f, 'mount_devise_token_auth_for')
79
-
80
- if line
81
- existing_user_class = true
82
- else
83
- line = 'Rails.application.routes.draw do'
84
- existing_user_class = false
85
- end
86
-
87
- if parse_file_for_line(f, str)
88
- say_status('skipped', "Routes already exist for #{user_class} at #{mount_path}")
89
- else
90
- insert_after_line(f, line, str)
91
-
92
- if existing_user_class
93
- scoped_routes = ''\
94
- "as :#{user_class.underscore} do\n"\
95
- " # Define routes for #{user_class} within this block.\n"\
96
- " end\n"
97
- insert_after_line(f, str, scoped_routes)
98
- end
99
- end
100
- else
101
- say_status('skipped', "config/routes.rb not found. Add \"mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'\" to your routes file.")
102
- end
103
- end
104
-
105
44
  private
106
45
 
107
46
  def self.next_migration_number(path)
108
47
  Time.zone.now.utc.strftime('%Y%m%d%H%M%S')
109
48
  end
110
49
 
111
- def insert_after_line(filename, line, str)
112
- gsub_file filename, /(#{Regexp.escape(line)})/mi do |match|
113
- "#{match}\n #{str}"
114
- end
115
- end
116
-
117
- def parse_file_for_line(filename, str)
118
- match = false
119
-
120
- File.open(File.join(destination_root, filename)) do |f|
121
- f.each_line do |line|
122
- match = line if line =~ /(#{Regexp.escape(str)})/mi
123
- end
124
- end
125
- match
126
- end
127
-
128
- def is_rails_api?
129
- fname = 'app/controllers/application_controller.rb'
130
- line = 'class ApplicationController < ActionController::API'
131
- parse_file_for_line(fname, line)
132
- end
133
-
134
50
  def json_supported_database?
135
51
  (postgres? && postgres_correct_version?) || (mysql? && mysql_correct_version?)
136
52
  end
@@ -159,12 +75,12 @@ module DeviseTokenAuth
159
75
  ActiveRecord::Base.connection.select_value('SELECT VERSION()')
160
76
  end
161
77
 
162
- def rails5?
163
- Rails.version.start_with? '5'
78
+ def rails_5_or_newer?
79
+ Rails::VERSION::MAJOR >= 5
164
80
  end
165
81
 
166
82
  def primary_key_type
167
- primary_key_string if rails5?
83
+ primary_key_string if rails_5_or_newer?
168
84
  end
169
85
 
170
86
  def primary_key_string
@@ -0,0 +1,98 @@
1
+ module DeviseTokenAuth
2
+ module InstallGeneratorHelpers
3
+ class << self
4
+ def included(mod)
5
+ mod.class_eval do
6
+ source_root File.expand_path('templates', __dir__)
7
+
8
+ argument :user_class, type: :string, default: 'User'
9
+ argument :mount_path, type: :string, default: 'auth'
10
+
11
+ def create_initializer_file
12
+ copy_file('devise_token_auth.rb', 'config/initializers/devise_token_auth.rb')
13
+ end
14
+
15
+ def include_controller_concerns
16
+ fname = 'app/controllers/application_controller.rb'
17
+ line = 'include DeviseTokenAuth::Concerns::SetUserByToken'
18
+
19
+ if File.exist?(File.join(destination_root, fname))
20
+ if parse_file_for_line(fname, line)
21
+ say_status('skipped', 'Concern is already included in the application controller.')
22
+ elsif is_rails_api?
23
+ inject_into_file fname, after: "class ApplicationController < ActionController::API\n" do <<-'RUBY'
24
+ include DeviseTokenAuth::Concerns::SetUserByToken
25
+ RUBY
26
+ end
27
+ else
28
+ inject_into_file fname, after: "class ApplicationController < ActionController::Base\n" do <<-'RUBY'
29
+ include DeviseTokenAuth::Concerns::SetUserByToken
30
+ RUBY
31
+ end
32
+ end
33
+ else
34
+ say_status('skipped', "app/controllers/application_controller.rb not found. Add 'include DeviseTokenAuth::Concerns::SetUserByToken' to any controllers that require authentication.")
35
+ end
36
+ end
37
+
38
+ def add_route_mount
39
+ f = 'config/routes.rb'
40
+ str = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
41
+
42
+ if File.exist?(File.join(destination_root, f))
43
+ line = parse_file_for_line(f, 'mount_devise_token_auth_for')
44
+
45
+ if line
46
+ existing_user_class = true
47
+ else
48
+ line = 'Rails.application.routes.draw do'
49
+ existing_user_class = false
50
+ end
51
+
52
+ if parse_file_for_line(f, str)
53
+ say_status('skipped', "Routes already exist for #{user_class} at #{mount_path}")
54
+ else
55
+ insert_after_line(f, line, str)
56
+
57
+ if existing_user_class
58
+ scoped_routes = ''\
59
+ "as :#{user_class.underscore} do\n"\
60
+ " # Define routes for #{user_class} within this block.\n"\
61
+ " end\n"
62
+ insert_after_line(f, str, scoped_routes)
63
+ end
64
+ end
65
+ else
66
+ say_status('skipped', "config/routes.rb not found. Add \"mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'\" to your routes file.")
67
+ end
68
+ end
69
+
70
+ private
71
+
72
+ def insert_after_line(filename, line, str)
73
+ gsub_file filename, /(#{Regexp.escape(line)})/mi do |match|
74
+ "#{match}\n #{str}"
75
+ end
76
+ end
77
+
78
+ def parse_file_for_line(filename, str)
79
+ match = false
80
+
81
+ File.open(File.join(destination_root, filename)) do |f|
82
+ f.each_line do |line|
83
+ match = line if line =~ /(#{Regexp.escape(str)})/mi
84
+ end
85
+ end
86
+ match
87
+ end
88
+
89
+ def is_rails_api?
90
+ fname = 'app/controllers/application_controller.rb'
91
+ line = 'class ApplicationController < ActionController::API'
92
+ parse_file_for_line(fname, line)
93
+ end
94
+ end
95
+ end
96
+ end
97
+ end
98
+ end
@@ -0,0 +1,46 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'install_generator_helpers'
4
+
5
+ module DeviseTokenAuth
6
+ class InstallMongoidGenerator < Rails::Generators::Base
7
+ include DeviseTokenAuth::InstallGeneratorHelpers
8
+
9
+ def create_user_model
10
+ fname = "app/models/#{user_class.underscore}.rb"
11
+ if File.exist?(File.join(destination_root, fname))
12
+ inclusion = 'include DeviseTokenAuth::Concerns::User'
13
+ unless parse_file_for_line(fname, inclusion)
14
+ inject_into_file fname, before: /end\s\z/ do <<-'RUBY'
15
+
16
+ include Mongoid::Locker
17
+
18
+ field :locker_locked_at, type: Time
19
+ field :locker_locked_until, type: Time
20
+
21
+ locker locked_at_field: :locker_locked_at,
22
+ locked_until_field: :locker_locked_until
23
+
24
+ ## Required
25
+ field :provider, type: String
26
+ field :uid, type: String, default: ''
27
+
28
+ ## Tokens
29
+ field :tokens, type: Hash, default: {}
30
+
31
+ # Include default devise modules. Others available are:
32
+ # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
33
+ devise :database_authenticatable, :registerable,
34
+ :recoverable, :rememberable, :validatable
35
+ include DeviseTokenAuth::Concerns::User
36
+
37
+ index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
38
+ RUBY
39
+ end
40
+ end
41
+ else
42
+ template('user_mongoid.rb.erb', fname)
43
+ end
44
+ end
45
+ end
46
+ end
@@ -11,6 +11,11 @@ DeviseTokenAuth.setup do |config|
11
11
  # determines how long tokens will remain valid after they are issued.
12
12
  # config.token_lifespan = 2.weeks
13
13
 
14
+ # Limiting the token_cost to just 4 in testing will increase the performance of
15
+ # your test suite dramatically. The possible cost value is within range from 4
16
+ # to 31. It is recommended to not use a value more than 10 in other environments.
17
+ config.token_cost = Rails.env.test? ? 4 : 10
18
+
14
19
  # Sets the max number of concurrent devices per user, which is 10 by default.
15
20
  # After this limit is reached, the oldest tokens will be removed.
16
21
  # config.max_number_of_devices = 10
@@ -37,14 +42,25 @@ DeviseTokenAuth.setup do |config|
37
42
  # config.default_callbacks = true
38
43
 
39
44
  # Makes it possible to change the headers names
40
- # config.headers_names = {:'access-token' => 'access-token',
41
- # :'client' => 'client',
42
- # :'expiry' => 'expiry',
43
- # :'uid' => 'uid',
44
- # :'token-type' => 'token-type' }
45
+ # config.headers_names = {
46
+ # :'authorization' => 'Authorization',
47
+ # :'access-token' => 'access-token',
48
+ # :'client' => 'client',
49
+ # :'expiry' => 'expiry',
50
+ # :'uid' => 'uid',
51
+ # :'token-type' => 'token-type'
52
+ # }
53
+
54
+ # Makes it possible to use custom uid column
55
+ # config.other_uid = "foo"
45
56
 
46
57
  # By default, only Bearer Token authentication is implemented out of the box.
47
58
  # If, however, you wish to integrate with legacy Devise authentication, you can
48
59
  # do so by enabling this flag. NOTE: This feature is highly experimental!
49
60
  # config.enable_standard_devise_support = false
61
+
62
+ # By default DeviseTokenAuth will not send confirmation email, even when including
63
+ # devise confirmable module. If you want to use devise confirmable module and
64
+ # send email, set it to true. (This is a setting for compatibility)
65
+ # config.send_confirmation_email = true
50
66
  end
@@ -17,13 +17,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRec
17
17
  ## Rememberable
18
18
  t.datetime :remember_created_at
19
19
 
20
- ## Trackable
21
- t.integer :sign_in_count, :default => 0, :null => false
22
- t.datetime :current_sign_in_at
23
- t.datetime :last_sign_in_at
24
- t.string :current_sign_in_ip
25
- t.string :last_sign_in_ip
26
-
27
20
  ## Confirmable
28
21
  t.string :confirmation_token
29
22
  t.datetime :confirmed_at
@@ -51,6 +44,6 @@ class DeviseTokenAuthCreate<%= user_class.pluralize.gsub("::","") %> < ActiveRec
51
44
  add_index :<%= table_name %>, [:uid, :provider], unique: true
52
45
  add_index :<%= table_name %>, :reset_password_token, unique: true
53
46
  add_index :<%= table_name %>, :confirmation_token, unique: true
54
- # add_index :<%= table_name %>, :unlock_token, unique: true
47
+ # add_index :<%= table_name %>, :unlock_token, unique: true
55
48
  end
56
49
  end
@@ -2,8 +2,8 @@
2
2
 
3
3
  class <%= user_class %> < ActiveRecord::Base
4
4
  # Include default devise modules. Others available are:
5
- # :confirmable, :lockable, :timeoutable and :omniauthable
5
+ # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
6
6
  devise :database_authenticatable, :registerable,
7
- :recoverable, :rememberable, :trackable, :validatable
7
+ :recoverable, :rememberable, :validatable
8
8
  include DeviseTokenAuth::Concerns::User
9
9
  end
@@ -0,0 +1,56 @@
1
+ # frozen_string_literal: true
2
+
3
+ class <%= user_class %>
4
+ include Mongoid::Document
5
+ include Mongoid::Timestamps
6
+ include Mongoid::Locker
7
+
8
+ field :locker_locked_at, type: Time
9
+ field :locker_locked_until, type: Time
10
+
11
+ locker locked_at_field: :locker_locked_at,
12
+ locked_until_field: :locker_locked_until
13
+
14
+ ## Database authenticatable
15
+ field :email, type: String, default: ''
16
+ field :encrypted_password, type: String, default: ''
17
+
18
+ ## Recoverable
19
+ field :reset_password_token, type: String
20
+ field :reset_password_sent_at, type: Time
21
+ field :reset_password_redirect_url, type: String
22
+ field :allow_password_change, type: Boolean, default: false
23
+
24
+ ## Rememberable
25
+ field :remember_created_at, type: Time
26
+
27
+ ## Confirmable
28
+ field :confirmation_token, type: String
29
+ field :confirmed_at, type: Time
30
+ field :confirmation_sent_at, type: Time
31
+ field :unconfirmed_email, type: String # Only if using reconfirmable
32
+
33
+ ## Lockable
34
+ # field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
35
+ # field :unlock_token, type: String # Only if unlock strategy is :email or :both
36
+ # field :locked_at, type: Time
37
+
38
+ ## Required
39
+ field :provider, type: String
40
+ field :uid, type: String, default: ''
41
+
42
+ ## Tokens
43
+ field :tokens, type: Hash, default: {}
44
+
45
+ # Include default devise modules. Others available are:
46
+ # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
47
+ devise :database_authenticatable, :registerable,
48
+ :recoverable, :rememberable, :validatable
49
+ include DeviseTokenAuth::Concerns::User
50
+
51
+ index({ email: 1 }, { name: 'email_index', unique: true, background: true })
52
+ index({ reset_password_token: 1 }, { name: 'reset_password_token_index', unique: true, sparse: true, background: true })
53
+ index({ confirmation_token: 1 }, { name: 'confirmation_token_index', unique: true, sparse: true, background: true })
54
+ index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
55
+ # index({ unlock_token: 1 }, { name: 'unlock_token_index', unique: true, sparse: true, background: true })
56
+ end
@@ -5,13 +5,13 @@ require 'test_helper'
5
5
  class Custom::ConfirmationsControllerTest < ActionController::TestCase
6
6
  describe Custom::ConfirmationsController do
7
7
  include CustomControllersRoutes
8
-
8
+
9
9
  before do
10
10
  @redirect_url = Faker::Internet.url
11
11
  @new_user = create(:user)
12
12
  @new_user.send_confirmation_instructions(redirect_url: @redirect_url)
13
13
  @mail = ActionMailer::Base.deliveries.last
14
- @token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
14
+ @token = @mail.body.match(/confirmation_token=([^&]*)[&"]/)[1]
15
15
  @client_config = @mail.body.match(/config=([^&]*)&/)[1]
16
16
 
17
17
  get :show,
@@ -20,7 +20,7 @@ class Custom::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
20
20
 
21
21
  test 'yield resource to block on omniauth_success success' do
22
22
  @redirect_url = 'http://ng-token-auth.dev/'
23
- get '/nice_user_auth/facebook',
23
+ post '/nice_user_auth/facebook',
24
24
  params: { auth_origin_url: @redirect_url,
25
25
  omniauth_window_type: 'newWindow' }
26
26
 
@@ -235,7 +235,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
235
235
  @resource.reload
236
236
  age_token(@resource, @client_id)
237
237
 
238
- # use expired auth header
238
+ # use previous auth header
239
239
  get '/demo/members_only_mang',
240
240
  params: {},
241
241
  headers: @auth_headers
@@ -244,38 +244,67 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest
244
244
  @second_user = assigns(:resource)
245
245
  @second_access_token = response.headers['access-token']
246
246
  @second_response_status = response.status
247
+
248
+ @resource.reload
249
+ age_token(@resource, @client_id)
250
+
251
+ # use expired auth headers
252
+ get '/demo/members_only_mang',
253
+ params: {},
254
+ headers: @auth_headers
255
+
256
+ @third_is_batch_request = assigns(:is_batch_request)
257
+ @third_user = assigns(:resource)
258
+ @third_access_token = response.headers['access-token']
259
+ @third_response_status = response.status
247
260
  end
248
261
 
249
262
  it 'should allow the first request through' do
250
263
  assert_equal 200, @first_response_status
251
264
  end
252
265
 
266
+ it 'should allow the second request through' do
267
+ assert_equal 200, @second_response_status
268
+ end
269
+
253
270
  it 'should not allow the second request through' do
254
- assert_equal 401, @second_response_status
271
+ assert_equal 401, @third_response_status
255
272
  end
256
273
 
257
274
  it 'should not treat first request as batch request' do
275
+ refute @first_is_batch_request
276
+ end
277
+
278
+ it 'should not treat second request as batch request' do
258
279
  refute @second_is_batch_request
259
280
  end
260
281
 
282
+ it 'should not treat third request as batch request' do
283
+ refute @third_is_batch_request
284
+ end
285
+
261
286
  it 'should return auth headers from the first request' do
262
287
  assert @first_access_token
263
288
  end
264
289
 
265
- it 'should not treat second request as batch request' do
266
- refute @second_is_batch_request
290
+ it 'should return auth headers from the second request' do
291
+ assert @second_access_token
267
292
  end
268
293
 
269
- it 'should not return auth headers from the second request' do
270
- refute @second_access_token
294
+ it 'should not return auth headers from the third request' do
295
+ refute @third_access_token
271
296
  end
272
297
 
273
298
  it 'should define user during first request' do
274
299
  assert @first_user
275
300
  end
276
301
 
277
- it 'should not define user during second request' do
278
- refute @second_user
302
+ it 'should define user during second request' do
303
+ assert @second_user
304
+ end
305
+
306
+ it 'should not define user during third request' do
307
+ refute @third_user
279
308
  end
280
309
  end
281
310
  end
@@ -265,7 +265,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
265
265
  @resource.reload
266
266
  age_token(@resource, @client_id)
267
267
 
268
- # use expired auth header
268
+ # use previous auth header
269
269
  get '/demo/members_only',
270
270
  params: {},
271
271
  headers: @auth_headers
@@ -274,38 +274,67 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
274
274
  @second_user = assigns(:resource)
275
275
  @second_access_token = response.headers['access-token']
276
276
  @second_response_status = response.status
277
+
278
+ @resource.reload
279
+ age_token(@resource, @client_id)
280
+
281
+ # use expired auth headers
282
+ get '/demo/members_only_mang',
283
+ params: {},
284
+ headers: @auth_headers
285
+
286
+ @third_is_batch_request = assigns(:is_batch_request)
287
+ @third_user = assigns(:resource)
288
+ @third_access_token = response.headers['access-token']
289
+ @third_response_status = response.status
277
290
  end
278
291
 
279
292
  it 'should allow the first request through' do
280
293
  assert_equal 200, @first_response_status
281
294
  end
282
295
 
296
+ it 'should allow the second request through' do
297
+ assert_equal 200, @second_response_status
298
+ end
299
+
283
300
  it 'should not allow the second request through' do
284
- assert_equal 401, @second_response_status
301
+ assert_equal 401, @third_response_status
285
302
  end
286
303
 
287
304
  it 'should not treat first request as batch request' do
305
+ refute @first_is_batch_request
306
+ end
307
+
308
+ it 'should not treat second request as batch request' do
288
309
  refute @second_is_batch_request
289
310
  end
290
311
 
312
+ it 'should not treat third request as batch request' do
313
+ refute @third_is_batch_request
314
+ end
315
+
291
316
  it 'should return auth headers from the first request' do
292
317
  assert @first_access_token
293
318
  end
294
319
 
295
- it 'should not treat second request as batch request' do
296
- refute @second_is_batch_request
320
+ it 'should return auth headers from the second request' do
321
+ assert @second_access_token
297
322
  end
298
323
 
299
- it 'should not return auth headers from the second request' do
300
- refute @second_access_token
324
+ it 'should not return auth headers from the third request' do
325
+ refute @third_access_token
301
326
  end
302
327
 
303
328
  it 'should define user during first request' do
304
329
  assert @first_user
305
330
  end
306
331
 
307
- it 'should not define user during second request' do
308
- refute @second_user
332
+ it 'should define user during second request' do
333
+ assert @second_user
334
+ end
335
+
336
+ it 'should not define user during third request' do
337
+ refute @third_user
309
338
  end
310
339
  end
311
340
  end
@@ -321,8 +350,8 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
321
350
  assert @resource.tokens.count > 1
322
351
 
323
352
  # password changed from new device
324
- @resource.update_attributes(password: 'newsecret123',
325
- password_confirmation: 'newsecret123')
353
+ @resource.update(password: 'newsecret123',
354
+ password_confirmation: 'newsecret123')
326
355
 
327
356
  get '/demo/members_only',
328
357
  params: {},