RubyGems - devise_token_auth - Versions diffs - 1.1.2 → 1.2.0 - Mend

devise_token_auth 1.1.2 → 1.2.0

Files changed (87) hide show

data/app/models/devise_token_auth/concerns/tokens_serialization.rb CHANGED Viewed

@@ -1,12 +1,14 @@
 module DeviseTokenAuth::Concerns::TokensSerialization
+  extend self
   # Serialization hash to json
-  def self.dump(object)
-    object.each_value(&:compact!) unless object.nil?
-    JSON.generate(object)
+  def dump(object)
+    JSON.generate(object && object.transform_values do |token|
+      serialize_updated_at(token).compact
+    end.compact)
   end
   # Deserialization json to hash
-  def self.load(json)
+  def load(json)
     case json
     when String
       JSON.parse(json)
@@ -16,4 +18,14 @@ module DeviseTokenAuth::Concerns::TokensSerialization
       json
     end
   end
+  private
+  def serialize_updated_at(token)
+    updated_at_key = ['updated_at', :updated_at].find(&token.method(:[]))
+    return token unless token[updated_at_key].respond_to?(:iso8601)
+    token.merge updated_at_key => token[updated_at_key].iso8601
+  end
 end

data/app/models/devise_token_auth/concerns/user.rb CHANGED Viewed

@@ -44,6 +44,10 @@ module DeviseTokenAuth::Concerns::User
     def email_changed?; false; end
     def will_save_change_to_email?; false; end
+    if DeviseTokenAuth.send_confirmation_email && devise_modules.include?(:confirmable)
+      include DeviseTokenAuth::Concerns::ConfirmableSupport
+    end
     def password_required?
       return false unless provider == 'email'
       super
@@ -133,17 +137,17 @@ module DeviseTokenAuth::Concerns::User
   def token_can_be_reused?(token, client)
     # ghetto HashWithIndifferentAccess
     updated_at = tokens[client]['updated_at'] || tokens[client][:updated_at]
-    last_token = tokens[client]['last_token'] || tokens[client][:last_token]
+    last_token_hash = tokens[client]['last_token'] || tokens[client][:last_token]
     return true if (
       # ensure that the last token and its creation time exist
-      updated_at && last_token &&
+      updated_at && last_token_hash &&
       # ensure that previous token falls within the batch buffer throttle time of the last request
       updated_at.to_time > Time.zone.now - DeviseTokenAuth.batch_request_buffer_throttle &&
       # ensure that the token is valid
-      DeviseTokenAuth::TokenFactory.valid_token_hash?(last_token)
+      DeviseTokenAuth::TokenFactory.token_hash_is_token?(last_token_hash, token)
     )
   end
@@ -214,13 +218,8 @@ module DeviseTokenAuth::Concerns::User
   end
   def should_remove_tokens_after_password_reset?
-    if Rails::VERSION::MAJOR <= 5
-      encrypted_password_changed? &&
-        DeviseTokenAuth.remove_tokens_after_password_reset
-    else
-      saved_change_to_attribute?(:encrypted_password) &&
-        DeviseTokenAuth.remove_tokens_after_password_reset
-    end
+    DeviseTokenAuth.remove_tokens_after_password_reset &&
+      (respond_to?(:encrypted_password_changed?) && encrypted_password_changed?)
   end
   def remove_tokens_after_password_reset

data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
     validates_presence_of :uid, unless: :email_provider?
     # only validate unique emails among email registration users
-    validates :email, uniqueness: { scope: :provider }, on: :create, if: :email_provider?
+    validates :email, uniqueness: { case_sensitive: false, scope: :provider }, on: :create, if: :email_provider?
     # keep uid in sync with email
     before_save :sync_uid
@@ -23,6 +23,9 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
   end
   def sync_uid
+    unless self.new_record?
+      return if devise_modules.include?(:confirmable) && !@bypass_confirmation_postpone && postpone_email_change?
+    end
     self.uid = email if email_provider?
   end
 end

data/app/validators/devise_token_auth_email_validator.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 class DeviseTokenAuthEmailValidator < ActiveModel::EachValidator
   def validate_each(record, attribute, value)
     unless value =~ /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
-      record.errors[attribute] << email_invalid_message
+      record.errors.add(attribute, email_invalid_message)
     end
   end

data/app/views/devise_token_auth/omniauth_external_window.html.erb CHANGED Viewed

@@ -15,7 +15,7 @@
             Cordova / PhoneGap)
       */
-      var data = JSON.parse(decodeURIComponent('<%= URI::escape( @data.to_json ) %>'));
+      var data = JSON.parse(decodeURIComponent('<%= ERB::Util.url_encode( @data.to_json ) %>'));
       window.addEventListener("message", function(ev) {
         if (ev.data === "requestCredentials") {

data/config/locales/da-DK.yml CHANGED Viewed

@@ -14,6 +14,8 @@ da-DK:
       account_with_uid_destroyed: "Kontoen med UID '%{uid}' er slettet."
       account_to_destroy_not_found: "Kan ikke finde kontoen som skal slettes."
       user_not_found: "Brugeren ikke fundet."
+    omniauth:
+      not_allowed_redirect_url: "Omdirigering til '%{redirect_url}' er ikke tilladt."
     passwords:
       missing_email: "Du skal udfylde email feltet."
       missing_redirect_url: "Der er ingen omdirigeringsadresse."

data/config/locales/de.yml CHANGED Viewed

@@ -14,6 +14,8 @@ de:
       account_with_uid_destroyed: "Account mit der uid '%{uid}' wurde gelöscht."
       account_to_destroy_not_found: "Der zu löschende Account kann nicht gefunden werden."
       user_not_found: "Benutzer kann nicht gefunden werden."
+    omniauth:
+      not_allowed_redirect_url: "Weiterleitung zu '%{redirect_url}' ist nicht gestattet."
     passwords:
       missing_email: "Sie müssen eine E-Mail-Adresse angeben."
       missing_redirect_url: "Es fehlt die URL zu Weiterleitung."

data/config/locales/en.yml CHANGED Viewed

@@ -14,11 +14,14 @@ en:
       account_with_uid_destroyed: "Account with UID '%{uid}' has been destroyed."
       account_to_destroy_not_found: "Unable to locate account for destruction."
       user_not_found: "User not found."
+    omniauth:
+      not_allowed_redirect_url: "Redirect to '%{redirect_url}' not allowed."
     passwords:
       missing_email: "You must provide an email address."
       missing_redirect_url: "Missing redirect URL."
       not_allowed_redirect_url: "Redirect to '%{redirect_url}' not allowed."
       sended: "An email has been sent to '%{email}' containing instructions for resetting your password."
+      sended_paranoid: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
       user_not_found: "Unable to find user with email '%{email}'."
       password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."
       missing_passwords: "You must fill out the fields labeled 'Password' and 'Password confirmation'."
@@ -26,9 +29,11 @@ en:
     unlocks:
       missing_email: "You must provide an email address."
       sended: "An email has been sent to '%{email}' containing instructions for unlocking your account."
+      sended_paranoid: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
       user_not_found: "Unable to find user with email '%{email}'."
     confirmations:
       sended: "An email has been sent to '%{email}' containing instructions for confirming your account."
+      sended_paranoid: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
       user_not_found: "Unable to find user with email '%{email}'."
       missing_email: "You must provide an email address."

data/config/locales/es.yml CHANGED Viewed

@@ -14,6 +14,8 @@ es:
       account_with_uid_destroyed: "La cuenta con el identificador '%{uid}' se ha eliminado."
       account_to_destroy_not_found: "No se puede encontrar la cuenta a borrar."
       user_not_found: "Usuario no encontrado."
+    omniauth:
+      not_allowed_redirect_url: "Redirección hacia '%{redirect_url}' no esta permitida."
     passwords:
       missing_email: "Debe incluir un correo electrónico."
       missing_redirect_url: "Falta el Url de redirección."

data/config/locales/fr.yml CHANGED Viewed

@@ -14,6 +14,8 @@ fr:
       account_with_uid_destroyed: "Le compte avec l'identifiant '%{uid}' a été supprimé."
       account_to_destroy_not_found: "Le compte à supprimer est introuvable."
       user_not_found: "Utilisateur introuvable."
+    omniauth:
+      not_allowed_redirect_url: "Redirection vers '%{redirect_url}' n'est pas autorisée."
     passwords:
       missing_email: "Vous devez soumettre un e-mail."
       missing_redirect_url: "URL de redirection manquante."

data/config/locales/he.yml CHANGED Viewed

@@ -14,6 +14,8 @@ he:
       account_with_uid_destroyed: "חשבון עם UID '%{uid}' הושמד."
       account_to_destroy_not_found: "לא ניתן לאתר חשבון להשמדה."
       user_not_found: "המשתמש לא נמצא."
+    omniauth:
+      not_allowed_redirect_url: "הפניה אל '%{redirect_url}' אינה מותרת."
     passwords:
       missing_email: "עליך לספק כתובת דוא\"ל."
       missing_redirect_url: "כתובת אתר להפניה מחדש חסרה."

data/config/locales/it.yml CHANGED Viewed

@@ -14,6 +14,8 @@ it:
       account_with_uid_destroyed: "L'account con UID '%{uid}' è stato eliminato."
       account_to_destroy_not_found: "Impossibile trovare l'account da eliminare."
       user_not_found: "Utente non trovato."
+    omniauth:
+      not_allowed_redirect_url: "Redirezione a '%{redirect_url}' non consentita."
     passwords:
       missing_email: "Devi fornire un indirizzo email."
       missing_redirect_url: "Redirect URL mancante."

data/config/locales/ja.yml CHANGED Viewed

@@ -14,6 +14,8 @@ ja:
       account_with_uid_destroyed: "'%{uid}' のアカウントは削除されました。"
       account_to_destroy_not_found: "削除するアカウントが見つかりません。"
       user_not_found: "ユーザーが見つかりません。"
+    omniauth:
+      not_allowed_redirect_url:  "'%{redirect_url}' へのリダイレクトは許可されていません。"
     passwords:
       missing_email: "メールアドレスが与えられていません。"
       missing_redirect_url: "リダイレクト URL が与えられていません。"
@@ -27,7 +29,7 @@ ja:
     messages:
       validate_sign_up_params: "リクエストボディに適切なアカウント新規登録データを送信してください。"
       validate_account_update_params: "リクエストボディに適切なアカウント更新のデータを送信してください。"
-      not_email: "はメールアドレスではありません"
+      not_email: "は有効ではありません"
   devise:
     mailer:
       confirmation_instructions:

data/config/locales/ko.yml ADDED Viewed

@@ -0,0 +1,51 @@
+ko:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "'%{email}'로 주소 인증 메일을 발송했습니다. 계정을 활성화하기 위해서는 반드시 메일의 안내를 따라야 합니다."
+      bad_credentials: "계정 정보가 맞지 않습니다. 다시 시도해 주세요."
+      not_supported: "POST /sign_in to sign in을 사용해주세요. GET은 지원하지 않습니다."
+      user_not_found: "유저를 찾을 수 없습니다."
+      invalid: "계정 정보가 맞지 않습니다."
+    registrations:
+      missing_confirm_success_url: "'confirm_success_url' 파라미터가 없습니다."
+      redirect_url_not_allowed: "'%{redirect_url}' 주소로 리다이렉트는 허용하지 않습니다."
+      email_already_exists: "'%{email}'을 사용하는 계정이 이미 있습니다."
+      account_with_uid_destroyed: " UID가 '%{uid}'인 계정을 삭제했습니다."
+      account_to_destroy_not_found: "삭제할 계정을 찾을 수 없습니다."
+      user_not_found: "유저를 찾을 수 없습니다."
+    omniauth:
+      not_allowed_redirect_url: "'%{redirect_url}' 주소로 리다이렉트는 허용하지 않습니다."
+    passwords:
+      missing_email: "이메일 주소를 입력해야 합니다."
+      missing_redirect_url: "redirect URL이 없습니다."
+      not_allowed_redirect_url: "'%{redirect_url}' 주소로 리다이렉트는 허용하지 않습니다."
+      sended: "'%{email}'로 비밀번호를 재설정하기 위한 안내 메일을 발송했습니다."
+      user_not_found: "'%{email}'을 사용하는 유저를 찾을 수 없습니다."
+      password_not_required: "이 계정은 비밀번호가 필요하지 않습니다. '%{provider}'으로 로그인을 진행해 주세요."
+      missing_passwords: "비밀번호와 비밀번호 확인 필드를 반드시 입력해야 합니다."
+      successfully_updated: "비밀번호를 성공적으로 업데이트 했습니다."
+    unlocks:
+      missing_email: "이메일 주소를 반드시 입력해야 합니다."
+      sended: "'%{email}'로 계정 잠금 해제를 위한 안내 메일을 발송했습니다."
+      user_not_found: "'%{email}'을 사용하는 유저를 찾을 수 없습니다."
+  errors:
+    messages:
+      validate_sign_up_params: "요청 값에 알맞은 로그인 데이터를 입력하세요."
+      validate_account_update_params: "요청 값에 알맞은 업데이트 데이터를 입력하세요."
+      not_email: "이메일이 아닙니다."
+  devise:
+    mailer:
+      confirmation_instructions:
+        confirm_link_msg: "아래의 링크를 이용해 계정 인증을 할 수 있습니다."
+        confirm_account_link: "본인 계정 인증"
+      reset_password_instructions:
+        request_reset_link_msg: "누군가 당신의 비밀번호를 변경하는 링크를 요청했으며, 다음의 링크에서 비밀번호 변경이 가능합니다."
+        password_change_link: "비밀번호 변경"
+        ignore_mail_msg: "비밀번호 변경을 요청하지 않으셨다면 이 메일을 무시하십시오."
+        no_changes_msg: "위 링크에 접속하여 새로운 비밀번호를 생성하기 전까지 귀하의 비밀번호는 변경되지 않습니다."
+      unlock_instructions:
+        account_lock_msg: "로그인 실패 횟수 초과로 귀하의 계정이 잠금 처리되었습니다."
+        unlock_link_msg: "계정 잠금을 해제하려면 아래 링크를 클릭하세요."
+        unlock_link: "계정 잠금 해제"
+  hello: "안녕하세요"
+  welcome: "환영합니다"

data/config/locales/nl.yml CHANGED Viewed

@@ -14,6 +14,8 @@ nl:
       account_with_uid_destroyed: "Account met id '%{uid}' is verwijderd."
       account_to_destroy_not_found: "Te verwijderen account niet gevonden."
       user_not_found: "Gebruiker niet gevonden."
+    omniauth:
+      not_allowed_redirect_url: "Redirect naar '%{redirect_url}' niet toegestaan."
     passwords:
       missing_email: "Je moet een e-mailadres opgeven."
       missing_redirect_url: "Redirect URL ontbreekt."

data/config/locales/pl.yml CHANGED Viewed

@@ -14,6 +14,8 @@ pl:
       account_with_uid_destroyed: "Konto z uid '%{uid}' zostało usunięte."
       account_to_destroy_not_found: "Nie odnaleziono konta do usunięcia."
       user_not_found: "Użytkownik nie został odnaleziony."
+    omniauth:
+      not_allowed_redirect_url: "Przekierowanie na adres '%{redirect_url}' nie jest dozwolone."
     passwords:
       missing_email: "Musisz wprowadzić adres e-mail."
       missing_redirect_url: "Brak adresu zwrotnego."
@@ -24,9 +26,10 @@ pl:
       missing_passwords: "Musisz wypełnić wszystkie pola z etykietą 'Hasło' oraz 'Potwierdzenie hasła'."
       successfully_updated: "Twoje hasło zostało zaktualizowane."
   errors:
-    validate_sign_up_params: "Proszę dostarczyć odpowiednie dane logowania w ciele zapytania."
-    validate_account_update_params: "Proszę dostarczyć odpowiednie dane aktualizacji konta w ciele zapytania."
-    not_email: "nie jest prawidłowym adresem e-mail"
+    messages:
+      validate_sign_up_params: "Proszę dostarczyć odpowiednie dane logowania w ciele zapytania."
+      validate_account_update_params: "Proszę dostarczyć odpowiednie dane aktualizacji konta w ciele zapytania."
+      not_email: "nie jest prawidłowym adresem e-mail"
   devise:
     mailer:
       confirmation_instructions:

data/config/locales/pt-BR.yml CHANGED Viewed

@@ -14,6 +14,8 @@ pt-BR:
       account_with_uid_destroyed: "A conta com uid '%{uid}' foi excluída."
       account_to_destroy_not_found: "Não foi possível encontrar a conta para exclusão."
       user_not_found: "Usuário não encontrado."
+    omniauth:
+      not_allowed_redirect_url: "Redirecionamento para '%{redirect_url}' não permitido."
     passwords:
       missing_email: "Informe o endereço de e-mail."
       missing_redirect_url: "URL para redirecionamento não informada."

data/config/locales/pt.yml CHANGED Viewed

@@ -14,6 +14,8 @@ pt:
       account_with_uid_destroyed: "A conta com uid '%{uid}' foi excluída."
       account_to_destroy_not_found: "Não foi possível encontrar a conta para exclusão."
       user_not_found: "Utilizador não encontrado."
+    omniauth:
+      not_allowed_redirect_url: "Redirecionamento para '%{redirect_url}' não permitido."
     passwords:
       missing_email: "Informe o endereço de e-mail."
       missing_redirect_url: "URL para redirecionamento não informada."
@@ -24,9 +26,10 @@ pt:
       missing_passwords: "Preencha a senha e a confirmação de senha."
       successfully_updated: "Senha atualizada com sucesso."
   errors:
-    validate_sign_up_params: "Os dados submetidos na requisição de registo são inválidos."
-    validate_account_update_params: "Os dados submetidos para atualização de conta são inválidos."
-    not_email: "não é um e-mail"
+    messages:
+      validate_sign_up_params: "Os dados submetidos na requisição de registo são inválidos."
+      validate_account_update_params: "Os dados submetidos para atualização de conta são inválidos."
+      not_email: "não é um e-mail"
   devise:
     mailer:
       confirmation_instructions:

data/config/locales/ro.yml CHANGED Viewed

@@ -14,6 +14,8 @@ ro:
       account_with_uid_destroyed: "Contul cu UID '%{uid}' a fost șters."
       account_to_destroy_not_found: "Nu se poate localiza contul pentru ștergere."
       user_not_found: "Utilizatorul nu a fost găsit."
+    omniauth:
+      not_allowed_redirect_url: "Redirecționarea către '%{redirect_url}' nu este permisă."
     passwords:
       missing_email: "Trebuie să introduci o adresă de e-mail."
       missing_redirect_url: "URL-ul pentru redirecționare lipsește."

data/config/locales/ru.yml CHANGED Viewed

@@ -14,6 +14,8 @@ ru:
       account_with_uid_destroyed: "Учетная запись с uid '%{uid}' удалена."
       account_to_destroy_not_found: "Не удается найти учетную запись для удаления."
       user_not_found: "Пользователь не найден."
+    omniauth:
+      not_allowed_redirect_url: "Переадресация на '%{redirect_url}' не разрешена."
     passwords:
       missing_email: "Вы должны указать адрес электронной почты."
       missing_redirect_url: "Отсутствует адрес переадресации."

data/config/locales/sq.yml CHANGED Viewed

@@ -14,6 +14,8 @@ sq:
       account_with_uid_destroyed: "Llogaria me UID-në '%{uid}' është fshirë."
       account_to_destroy_not_found: "Nuk u gjet llogaria për fshirje."
       user_not_found: "Përdoruesi nuk u gjet."
+    omniauth:
+      not_allowed_redirect_url: "Nuk lejohet shkuarja tek URL-ja '%{redirect_url}'."
     passwords:
       missing_email: "Ju duhet të jepni një email adresë."
       missing_redirect_url: "Mungon URL-ja për ridërgim."

data/config/locales/sv.yml CHANGED Viewed

@@ -14,6 +14,8 @@ sv:
       account_with_uid_destroyed: "Kontot med UID '%{uid}' har tagits bort."
       account_to_destroy_not_found: "Kunde inte hitta kontot för borttagning."
       user_not_found: "Användaren hittades ej."
+    omniauth:
+      not_allowed_redirect_url: "Omdirigering till '%{redirect_url}' ej tillåten."
     passwords:
       missing_email: "Du måste ange en emailadress."
       missing_redirect_url: "Saknar en omdirigerings-URL."

data/config/locales/uk.yml CHANGED Viewed

@@ -14,6 +14,8 @@ uk:
       account_with_uid_destroyed: "Акаунт з UID '%{uid}' було видалено."
       account_to_destroy_not_found: "Неможливо знайти акаунт для видалення."
       user_not_found: "Користувача не знайдено"
+    omniauth:
+      not_allowed_redirect_url: "Перенаправлення до '%{redirect_url}' не дозволено."
     passwords:
       missing_email: "Ви маєте ввести email адресу."
       missing_redirect_url: "Немає URL для перенаправлення."

data/config/locales/vi.yml CHANGED Viewed

@@ -14,6 +14,8 @@ vi:
       account_with_uid_destroyed: "Tài khoản với UID '%{uid}' vừa bị phá hủy."
       account_to_destroy_not_found: "Không thể xác định tài khoản cho việc phá hủy."
       user_not_found: "Người dùng không tìm thấy."
+    omniauth:
+      not_allowed_redirect_url: "Chuyển hướng tới '%{redirect_url}' không được phép."
     passwords:
       missing_email: "Bạn cần cung cấp địa chỉ email."
       missing_redirect_url: "Thiếu đường đẫn URL."

data/config/locales/zh-CN.yml CHANGED Viewed

@@ -14,6 +14,8 @@ zh-CN:
       account_with_uid_destroyed: "账号 '%{uid}' 已被移除。"
       account_to_destroy_not_found: "无法找到目标帐号。"
       user_not_found: "找不到帐号。"
+    omniauth:
+      not_allowed_redirect_url: "不支持转向到 '%{redirect_url}'"
     passwords:
       missing_email: "必需提供邮箱。"
       missing_redirect_url: "欠缺 redirect URL."

data/config/locales/zh-HK.yml CHANGED Viewed

@@ -16,6 +16,8 @@ zh-TW:
       account_with_uid_destroyed: "帳號 '%{uid}' 已被移除。"
       account_to_destroy_not_found: "無法找到目標帳號。"
       user_not_found: "找不到帳號。"
+    omniauth:
+      not_allowed_redirect_url: "不支援轉向到 '%{redirect_url}'"
     passwords:
       missing_email: "必需提供電郵。"
       missing_redirect_url: "欠缺 redirect URL."

data/config/locales/zh-TW.yml CHANGED Viewed

@@ -16,6 +16,8 @@ zh-TW:
       account_with_uid_destroyed: "帳號 '%{uid}' 已被移除。"
       account_to_destroy_not_found: "無法找到目標帳號。"
       user_not_found: "找不到帳號。"
+    omniauth:
+      not_allowed_redirect_url: "不支援轉向到 '%{redirect_url}'"
     passwords:
       missing_email: "必需提供電郵。"
       missing_redirect_url: "欠缺 redirect URL."

data/lib/devise_token_auth/blacklist.rb CHANGED Viewed

@@ -1,2 +1,6 @@
 # don't serialize tokens
-Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION << :tokens
+if defined? Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION
+  Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION << :tokens
+else
+  Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION << :tokens
+end