devise_token_auth 1.1.0 → 1.1.1

data/test/dummy/config/initializers/devise_token_auth.rb

@@ -5,20 +5,51 @@ DeviseTokenAuth.setup do |config|
   # client is responsible for keeping track of the changing tokens. Change
   # this to false to prevent the Authorization header from changing after
   # each request.
-  #config.change_headers_on_each_request = true
+  # config.change_headers_on_each_request = true
 
   # By default, users will need to re-authenticate after 2 weeks. This setting
   # determines how long tokens will remain valid after they are issued.
-  #config.token_lifespan = 2.weeks
+  # config.token_lifespan = 2.weeks
+
+  # Limiting the token_cost to just 4 in testing will increase the performance of
+  # your test suite dramatically. The possible cost value is within range from 4
+  # to 31. It is recommended to not use a value more than 10 in other environments.
+  config.token_cost = Rails.env.test? ? 4 : 10
+
+  # Sets the max number of concurrent devices per user, which is 10 by default.
+  # After this limit is reached, the oldest tokens will be removed.
+  # config.max_number_of_devices = 10
 
   # Sometimes it's necessary to make several requests to the API at the same
   # time. In this case, each request in the batch will need to share the same
   # auth token. This setting determines how far apart the requests can be while
   # still using the same auth token.
-  #config.batch_request_buffer_throttle = 5.seconds
+  # config.batch_request_buffer_throttle = 5.seconds
 
   # This route will be the prefix for all oauth2 redirect callbacks. For
   # example, using the default '/omniauth', the github oauth2 provider will
   # redirect successful authentications to '/omniauth/github/callback'
-  #config.omniauth_prefix = "/omniauth"
+  # config.omniauth_prefix = "/omniauth"
+
+  # By default sending current password is not needed for the password update.
+  # Uncomment to enforce current_password param to be checked before all
+  # attribute updates. Set it to :password if you want it to be checked only if
+  # password is updated.
+  # config.check_current_password_before_update = :attributes
+
+  # By default we will use callbacks for single omniauth.
+  # It depends on fields like email, provider and uid.
+  # config.default_callbacks = true
+
+  # Makes it possible to change the headers names
+  # config.headers_names = {:'access-token' => 'access-token',
+  #                        :'client' => 'client',
+  #                        :'expiry' => 'expiry',
+  #                        :'uid' => 'uid',
+  #                        :'token-type' => 'token-type' }
+
+  # By default, only Bearer Token authentication is implemented out of the box.
+  # If, however, you wish to integrate with legacy Devise authentication, you can
+  # do so by enabling this flag. NOTE: This feature is highly experimental!
+  # config.enable_standard_devise_support = false
 end

data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+<p><%= t(:welcome).capitalize + ' ' + @email %>!</p>
+
+<p><%= t '.confirm_link_msg' %> </p>
+
+<p><%= link_to t('.confirm_account_link'), confirmation_url(@resource, {confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']}).html_safe %></p>

data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+<p><%= t(:hello).capitalize %> <%= @resource.email %>!</p>
+
+<p><%= t '.request_reset_link_msg' %></p>
+
+<p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s).html_safe %></p>
+
+<p><%= t '.ignore_mail_msg' %></p>
+<p><%= t '.no_changes_msg' %></p>

data/test/factories/users.rb

@@ -24,7 +24,7 @@ FactoryBot.define do
     end
 
     trait :facebook do
-      uid { Faker::Number.number(10) }
+      uid { Faker::Number.number }
       provider { 'facebook' }
     end
 

data/test/lib/devise_token_auth/token_factory_test.rb

@@ -0,0 +1,191 @@
+require 'test_helper'
+
+class DeviseTokenAuth::TokenFactoryTest < ActiveSupport::TestCase
+  describe 'TokenFactory module' do
+    let(:tf) { DeviseTokenAuth::TokenFactory }
+    let(:token_regexp) { /^[-_A-Za-z0-9]{22}$/ }
+
+    it 'should be defined' do
+      assert_equal(tf.present?, true)
+      assert_kind_of(Module, tf)
+    end
+
+    describe 'interface' do
+      let(:token_hash_cost_regexp) { /\$[\w]+\$([\d]+)\$/ }
+      let(:lifespan) { 10 }
+      let(:cost) { DeviseTokenAuth.token_cost }
+
+      it '::secure_string' do
+        assert_respond_to(tf, :secure_string)
+
+        secure_string = tf.secure_string
+        assert_equal(secure_string.size, 22)
+        assert_match(token_regexp, secure_string)
+
+        SecureRandom.stub(:urlsafe_base64, secure_string) do
+          assert_equal(tf.secure_string, secure_string)
+        end
+      end
+
+      it '::client' do
+        assert_respond_to(tf, :client)
+
+        client = tf.client
+        assert_equal(client.size, 22)
+        assert_match(token_regexp, client)
+
+        secure_string = tf.secure_string
+        tf.stub(:secure_string, secure_string) do
+          assert_equal(tf.client, secure_string)
+        end
+      end
+
+      it '::token' do
+        assert_respond_to(tf, :token)
+
+        token = tf.token
+        assert_kind_of(String, token)
+        assert_equal(token.size, 22)
+        assert_match(token_regexp, token)
+
+        secure_string = tf.secure_string
+        tf.stub(:secure_string, secure_string) do
+          assert_equal(tf.token, secure_string)
+        end
+      end
+
+      it '::token_hash(args)' do
+        assert_respond_to(tf, :token_hash)
+
+        token_hash = tf.token_hash(tf.token)
+        assert_equal(token_hash.size, 60)
+        assert_kind_of(String, token_hash)
+
+        token_cost = token_hash_cost_regexp.match(token_hash)[1].to_i
+        assert_equal(token_cost, cost)
+
+        cost = DeviseTokenAuth.token_cost == 4 ? 10 : 4
+        token_hash = tf.token_hash(tf.token, cost)
+        token_cost = token_hash_cost_regexp.match(token_hash)[1].to_i
+        assert_equal(token_cost, cost)
+
+        cost = nil
+        token_hash = tf.token_hash(tf.token, cost)
+        token_cost = token_hash_cost_regexp.match(token_hash)[1].to_i
+        assert_equal(token_cost, DeviseTokenAuth.token_cost)
+      end
+
+      it '::expiry' do
+        assert_respond_to(tf, :expiry)
+
+        assert_kind_of(Integer, tf.expiry)
+        assert tf.expiry > Time.now.to_i
+      end
+
+      it '::expiry(args)' do
+        time = Time.now
+        Time.stub(:now, time) do
+          assert_equal(tf.expiry(lifespan), (time + lifespan).to_i)
+
+          lifespan = nil
+          assert_equal(tf.expiry(lifespan), (time + DeviseTokenAuth.token_lifespan).to_i)
+        end
+      end
+
+      it '::create' do
+        assert_respond_to(tf, :create)
+
+        token = tf.create
+        assert token
+        token.members.each { |m| refute_nil token[m] }
+      end
+
+      it '::create(args)' do
+        client = tf.client
+        token = tf.create(client: client)
+        assert_equal(token.client, client)
+
+        time = Time.now
+        Time.stub(:now, time) do
+          token = tf.create(lifespan: lifespan)
+          assert_equal(token.expiry, (time + lifespan).to_i)
+        end
+
+        token = tf.create(cost: cost)
+        token_cost = token_hash_cost_regexp.match(token.token_hash)[1].to_i
+        assert_equal(token_cost, cost)
+      end
+
+      it '::new' do
+        assert_respond_to(tf, :new)
+
+        token = tf.new
+        token.each { |v| assert_nil v }
+      end
+
+      it '::valid_token_hash?' do
+        assert_respond_to(tf, :valid_token_hash?)
+
+        refute tf.valid_token_hash?('koskoskos')
+        assert tf.valid_token_hash?(tf.create.token_hash)
+      end
+
+      it '::token_hash_is_token?' do
+        assert_respond_to(tf, :token_hash_is_token?)
+
+        token = tf.create
+        refute tf.token_hash_is_token?(token.token_hash, 'koskoskos')
+        refute tf.token_hash_is_token?('koskoskos', token.token)
+        assert tf.token_hash_is_token?(token.token_hash, token.token)
+      end
+    end
+
+    describe 'token object implements' do
+      let(:object) { tf.create }
+
+      it '#client' do
+        assert_respond_to(object, :client)
+
+        assert_kind_of(String, object.client)
+        assert_equal(object.client.size, 22)
+        assert_match(token_regexp, object.client)
+      end
+
+      it '#token' do
+        assert_respond_to(object, :token)
+
+        assert_kind_of(String, object.token)
+        assert_equal(object.token.size, 22)
+        assert_match(token_regexp, object.token)
+      end
+
+      it '#token_hash' do
+        assert_respond_to(object, :token_hash)
+
+        assert_kind_of(String, object.token_hash)
+        assert_equal(object.token_hash.size, 60)
+      end
+
+      it '#expiry' do
+        assert_respond_to(object, :expiry)
+        assert_kind_of(Integer, object.expiry)
+      end
+
+      it '#clear!' do
+        assert_respond_to(object, :clear!)
+
+        assert object.clear!
+        object.each { |v| assert_nil v }
+      end
+
+      it '#present?' do
+        assert_respond_to(object, :present?)
+
+        assert object.present?
+
+        object.token = nil
+        refute object.present?
+      end
+    end
+  end
+end

data/test/models/concerns/tokens_serialization_test.rb

@@ -0,0 +1,70 @@
+require 'test_helper'
+
+if DEVISE_TOKEN_AUTH_ORM == :active_record
+  describe 'DeviseTokenAuth::TokensSerialization' do
+    let(:ts) { DeviseTokenAuth::TokensSerialization }
+    let(:user) { FactoryBot.create(:user) }
+    let(:tokens) do
+      # Сreate all possible token's attributes combinations
+      user.create_token
+      2.times { user.create_new_auth_token(user.tokens.first[0]) }
+      user.create_new_auth_token
+      user.create_token
+
+      user.tokens
+    end
+    let(:json) { JSON.generate(tokens) }
+
+    it 'is defined' do
+      assert_equal(ts.present?, true)
+      assert_kind_of(Module, ts)
+    end
+
+    describe '.load(json)' do
+      let(:default) { {} }
+
+      it 'is defined' do
+        assert_respond_to(ts, :load)
+      end
+
+      it 'handles nil' do
+        assert_equal(ts.load(nil), default)
+      end
+
+      it 'handles string' do
+        assert_equal(ts.load(json), JSON.parse(json))
+      end
+
+      it 'returns object of undesirable class' do
+        assert_equal(ts.load([]), [])
+      end
+    end
+
+    describe '.dump(object)' do
+      let(:default) { 'null' }
+
+      it 'is defined' do
+        assert_respond_to(ts, :dump)
+      end
+
+      it 'handles nil' do
+        assert_equal(ts.dump(nil), default)
+      end
+
+      it 'handles empty hash' do
+        assert_equal(ts.dump({}), '{}')
+      end
+
+      it 'deserialize tokens' do
+        assert_equal(ts.dump(tokens), json)
+      end
+
+      it 'removes nil values' do
+        new_tokens = tokens.dup
+        new_tokens[new_tokens.first[0]][:kos] = nil
+
+        assert_equal(ts.dump(tokens), ts.dump(new_tokens))
+      end
+    end
+  end
+end

data/test/models/user_test.rb

@@ -76,38 +76,6 @@ class UserTest < ActiveSupport::TestCase
       end
     end
 
-    describe 'user specific token lifespan' do
-      before do
-        @resource = create(:user, :confirmed)
-
-        auth_headers = @resource.create_new_auth_token
-        @token_global     = auth_headers['access-token']
-        @client_id_global = auth_headers['client']
-
-        def @resource.token_lifespan
-          1.minute
-        end
-
-        auth_headers = @resource.create_new_auth_token
-        @token_specific     = auth_headers['access-token']
-        @client_id_specific = auth_headers['client']
-      end
-
-      test 'works per user' do
-        assert @resource.token_is_current?(@token_global, @client_id_global)
-
-        time = Time.zone.now.to_i
-        expiry_global = @resource.tokens[@client_id_global]['expiry'] || @resource.tokens[@client_id_global][:expiry]
-
-        assert expiry_global > time + DeviseTokenAuth.token_lifespan - 5.seconds
-        assert expiry_global < time + DeviseTokenAuth.token_lifespan + 5.seconds
-
-        expiry_specific = @resource.tokens[@client_id_specific]['expiry'] || @resource.tokens[@client_id_specific][:expiry]
-        assert expiry_specific > time + 55.seconds
-        assert expiry_specific < time + 65.seconds
-      end
-    end
-
     describe 'expired tokens are destroyed on save' do
       before do
         @resource = create(:user, :confirmed)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_token_auth
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.1.1
 platform: ruby
 authors:
 - Lynn Hurley
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-18 00:00:00.000000000 Z
+date: 2019-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -19,7 +19,7 @@ dependencies:
         version: 4.2.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '6.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: 4.2.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
@@ -50,6 +50,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '4.7'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -162,9 +176,10 @@ files:
 - app/controllers/devise_token_auth/unlocks_controller.rb
 - app/models/devise_token_auth/concerns/active_record_support.rb
 - app/models/devise_token_auth/concerns/mongoid_support.rb
+- app/models/devise_token_auth/concerns/tokens_serialization.rb
 - app/models/devise_token_auth/concerns/user.rb
 - app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb
-- app/validators/devise_token_auth/email_validator.rb
+- app/validators/devise_token_auth_email_validator.rb
 - app/views/devise/mailer/confirmation_instructions.html.erb
 - app/views/devise/mailer/reset_password_instructions.html.erb
 - app/views/devise/mailer/unlock_instructions.html.erb
@@ -197,6 +212,7 @@ files:
 - lib/devise_token_auth/engine.rb
 - lib/devise_token_auth/errors.rb
 - lib/devise_token_auth/rails/routes.rb
+- lib/devise_token_auth/token_factory.rb
 - lib/devise_token_auth/url.rb
 - lib/devise_token_auth/version.rb
 - lib/generators/devise_token_auth/USAGE
@@ -299,17 +315,17 @@ files:
 - test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb
 - test/dummy/db/schema.rb
 - test/dummy/lib/migration_database_helper.rb
-- test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb
-- test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
-- test/dummy/tmp/generators/config/routes.rb
-- test/dummy/tmp/generators/db/migrate/20190112150327_devise_token_auth_create_azpire_v1_human_resource_users.rb
+- test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
+- test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
 - test/factories/users.rb
 - test/lib/devise_token_auth/blacklist_test.rb
+- test/lib/devise_token_auth/token_factory_test.rb
 - test/lib/devise_token_auth/url_test.rb
 - test/lib/generators/devise_token_auth/install_generator_test.rb
 - test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb
 - test/lib/generators/devise_token_auth/install_views_generator_test.rb
 - test/models/concerns/mongoid_support_test.rb
+- test/models/concerns/tokens_serialization_test.rb
 - test/models/only_email_user_test.rb
 - test/models/user_test.rb
 - test/support/controllers/routes.rb
@@ -406,18 +422,18 @@ test_files:
 - test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb
 - test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb
 - test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb
-- test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb
-- test/dummy/tmp/generators/config/routes.rb
-- test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
-- test/dummy/tmp/generators/db/migrate/20190112150327_devise_token_auth_create_azpire_v1_human_resource_users.rb
+- test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
+- test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
 - test/dummy/README.rdoc
 - test/models/only_email_user_test.rb
 - test/models/concerns/mongoid_support_test.rb
+- test/models/concerns/tokens_serialization_test.rb
 - test/models/user_test.rb
 - test/support/controllers/routes.rb
 - test/factories/users.rb
 - test/lib/devise_token_auth/url_test.rb
 - test/lib/devise_token_auth/blacklist_test.rb
+- test/lib/devise_token_auth/token_factory_test.rb
 - test/lib/generators/devise_token_auth/install_generator_test.rb
 - test/lib/generators/devise_token_auth/install_views_generator_test.rb
 - test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb