devise_token_auth 1.1.3 → 1.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9481d98d2610adb862b38d97afadba1d1a58594eab37606522fc0a0700e403b1
-  data.tar.gz: c9f1900cbabbffebc8fb84091ec35dda733c18f16537b562962f4274c464d680
+  metadata.gz: 395c104491ef2762e5c41f0b35af5f2421f8d24c99cc10145231d1cb2cab2d70
+  data.tar.gz: c637be9bc9c731f1b6218002925c0e558dbc62f2d6fb999fdd187d31d60e20c4
 SHA512:
-  metadata.gz: ea77bdbf1b588b53dfdea504ed37967f3c8dacb7c492a5a741444057de29e2e0443e535a98be60862e2139e6c768389627e438a27838afe2904c77f80c6c31dc
-  data.tar.gz: 533ee038f53fb8f63f521522468bbf966577d3ab941c3b689c948d45cb1f11524f8738f1bdcc0e48179a11008f123eea5831f1429d4426e847abddf9b5bbcec7
+  metadata.gz: a1a184d38110e9157c941f1b5e2b8a0cdd7901702f12c7316a4ffba2b5af239455bddc9c288d8fbbd2c909aadfdfe388283c16abcce1814abf595cfe853e3c51
+  data.tar.gz: 7ac1939d622a50f46e9ce3943826b85e67e9457178bba79326c5656f4c8fbacc5205b44828aa4935be4c2c4dc713f68ab1d44b8d7485ced86fa90416769e1431

data/app/controllers/devise_token_auth/confirmations_controller.rb

@@ -13,6 +13,7 @@ module DeviseTokenAuth
 
         if signed_in?(resource_name)
           token = signed_in_resource.create_token
+          signed_in_resource.save!
 
           redirect_headers = build_redirect_headers(token.token,
                                                     token.client,

data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb

@@ -112,7 +112,8 @@ module DeviseTokenAuth
 
     # break out provider attribute assignment for easy method extension
     def assign_provider_attrs(user, auth_hash)
-      attrs = auth_hash['info'].slice(*user.attribute_names)
+      attrs = auth_hash['info'].to_hash
+      attrs = attrs.slice(*user.attribute_names)
       user.assign_attributes(attrs)
     end
 

data/app/models/devise_token_auth/concerns/confirmable_support.rb

@@ -0,0 +1,27 @@
+module DeviseTokenAuth::Concerns::ConfirmableSupport
+  extend ActiveSupport::Concern
+
+  included do
+    # Override standard devise `postpone_email_change?` method
+    # for not to use `will_save_change_to_email?` & `email_changed?` methods.
+    def postpone_email_change?
+      postpone = self.class.reconfirmable &&
+        email_value_in_database != email &&
+        !@bypass_confirmation_postpone &&
+        self.email.present? &&
+        (!@skip_reconfirmation_in_callback || !email_value_in_database.nil?)
+      @bypass_confirmation_postpone = false
+      postpone
+    end
+  end
+
+  protected
+
+  def email_value_in_database
+    if Devise.rails51? && respond_to?(:email_in_database)
+      email_in_database
+    else
+      email_was
+    end
+  end
+end

data/app/models/devise_token_auth/concerns/user.rb

@@ -44,6 +44,10 @@ module DeviseTokenAuth::Concerns::User
     def email_changed?; false; end
     def will_save_change_to_email?; false; end
 
+    if DeviseTokenAuth.send_confirmation_email && devise_modules.include?(:confirmable)
+      include DeviseTokenAuth::Concerns::ConfirmableSupport
+    end
+
     def password_required?
       return false unless provider == 'email'
       super
@@ -133,17 +137,17 @@ module DeviseTokenAuth::Concerns::User
   def token_can_be_reused?(token, client)
     # ghetto HashWithIndifferentAccess
     updated_at = tokens[client]['updated_at'] || tokens[client][:updated_at]
-    last_token = tokens[client]['last_token'] || tokens[client][:last_token]
+    last_token_hash = tokens[client]['last_token'] || tokens[client][:last_token]
 
     return true if (
       # ensure that the last token and its creation time exist
-      updated_at && last_token &&
+      updated_at && last_token_hash &&
 
       # ensure that previous token falls within the batch buffer throttle time of the last request
       updated_at.to_time > Time.zone.now - DeviseTokenAuth.batch_request_buffer_throttle &&
 
       # ensure that the token is valid
-      DeviseTokenAuth::TokenFactory.valid_token_hash?(last_token)
+      DeviseTokenAuth::TokenFactory.token_hash_is_token?(last_token_hash, token)
     )
   end
 
@@ -154,7 +158,7 @@ module DeviseTokenAuth::Concerns::User
     token = create_token(
       client: client,
       last_token: tokens.fetch(client, {})['token'],
-      updated_at: now
+      updated_at: now.to_s(:rfc822)
     )
 
     update_auth_header(token.token, token.client)
@@ -190,7 +194,7 @@ module DeviseTokenAuth::Concerns::User
   end
 
   def extend_batch_buffer(token, client)
-    tokens[client]['updated_at'] = Time.zone.now
+    tokens[client]['updated_at'] = Time.zone.now.to_s(:rfc822)
     update_auth_header(token, client)
   end
 
@@ -214,7 +218,7 @@ module DeviseTokenAuth::Concerns::User
   end
 
   def should_remove_tokens_after_password_reset?
-    if Rails::VERSION::MAJOR <= 5
+    if Rails::VERSION::MAJOR <= 5 ||defined?('Mongoid')
       encrypted_password_changed? &&
         DeviseTokenAuth.remove_tokens_after_password_reset
     else

data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb

@@ -9,7 +9,7 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
     validates_presence_of :uid, unless: :email_provider?
 
     # only validate unique emails among email registration users
-    validates :email, uniqueness: { scope: :provider }, on: :create, if: :email_provider?
+    validates :email, uniqueness: { case_sensitive: false, scope: :provider }, on: :create, if: :email_provider?
 
     # keep uid in sync with email
     before_save :sync_uid

data/config/locales/ja.yml

@@ -29,7 +29,7 @@ ja:
     messages:
       validate_sign_up_params: "リクエストボディに適切なアカウント新規登録データを送信してください。"
       validate_account_update_params: "リクエストボディに適切なアカウント更新のデータを送信してください。"
-      not_email: "はメールアドレスではありません"
+      not_email: "は有効ではありません"
   devise:
     mailer:
       confirmation_instructions:

data/config/locales/ko.yml

@@ -0,0 +1,51 @@
+ko:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "'%{email}'로 주소 인증 메일을 발송했습니다. 계정을 활성화하기 위해서는 반드시 메일의 안내를 따라야 합니다."
+      bad_credentials: "계정 정보가 맞지 않습니다. 다시 시도해 주세요."
+      not_supported: "POST /sign_in to sign in을 사용해주세요. GET은 지원하지 않습니다."
+      user_not_found: "유저를 찾을 수 없습니다."
+      invalid: "계정 정보가 맞지 않습니다."
+    registrations:
+      missing_confirm_success_url: "'confirm_success_url' 파라미터가 없습니다."
+      redirect_url_not_allowed: "'%{redirect_url}' 주소로 리다이렉트는 허용하지 않습니다."
+      email_already_exists: "'%{email}'을 사용하는 계정이 이미 있습니다."
+      account_with_uid_destroyed: " UID가 '%{uid}'인 계정을 삭제했습니다."
+      account_to_destroy_not_found: "삭제할 계정을 찾을 수 없습니다."
+      user_not_found: "유저를 찾을 수 없습니다."
+    omniauth:
+      not_allowed_redirect_url: "'%{redirect_url}' 주소로 리다이렉트는 허용하지 않습니다."
+    passwords:
+      missing_email: "이메일 주소를 입력해야 합니다."
+      missing_redirect_url: "redirect URL이 없습니다."
+      not_allowed_redirect_url: "'%{redirect_url}' 주소로 리다이렉트는 허용하지 않습니다."
+      sended: "'%{email}'로 비밀번호를 재설정하기 위한 안내 메일을 발송했습니다."
+      user_not_found: "'%{email}'을 사용하는 유저를 찾을 수 없습니다."
+      password_not_required: "이 계정은 비밀번호가 필요하지 않습니다. '%{provider}'으로 로그인을 진행해 주세요."
+      missing_passwords: "비밀번호와 비밀번호 확인 필드를 반드시 입력해야 합니다."
+      successfully_updated: "비밀번호를 성공적으로 업데이트 했습니다."
+    unlocks:
+      missing_email: "이메일 주소를 반드시 입력해야 합니다."
+      sended: "'%{email}'로 계정 잠금 해제를 위한 안내 메일을 발송했습니다."
+      user_not_found: "'%{email}'을 사용하는 유저를 찾을 수 없습니다."
+  errors:
+    messages:
+      validate_sign_up_params: "요청 값에 알맞은 로그인 데이터를 입력하세요."
+      validate_account_update_params: "요청 값에 알맞은 업데이트 데이터를 입력하세요."
+      not_email: "이메일이 아닙니다."
+  devise:
+    mailer:
+      confirmation_instructions:
+        confirm_link_msg: "아래의 링크를 이용해 계정 인증을 할 수 있습니다."
+        confirm_account_link: "본인 계정 인증"
+      reset_password_instructions:
+        request_reset_link_msg: "누군가 당신의 비밀번호를 변경하는 링크를 요청했으며, 다음의 링크에서 비밀번호 변경이 가능합니다."
+        password_change_link: "비밀번호 변경"
+        ignore_mail_msg: "비밀번호 변경을 요청하지 않으셨다면 이 메일을 무시하십시오."
+        no_changes_msg: "위 링크에 접속하여 새로운 비밀번호를 생성하기 전까지 귀하의 비밀번호는 변경되지 않습니다."
+      unlock_instructions:
+        account_lock_msg: "로그인 실패 횟수 초과로 귀하의 계정이 잠금 처리되었습니다."
+        unlock_link_msg: "계정 잠금을 해제하려면 아래 링크를 클릭하세요."
+        unlock_link: "계정 잠금 해제"
+  hello: "안녕하세요"
+  welcome: "환영합니다"

data/config/locales/pl.yml

@@ -26,9 +26,10 @@ pl:
       missing_passwords: "Musisz wypełnić wszystkie pola z etykietą 'Hasło' oraz 'Potwierdzenie hasła'."
       successfully_updated: "Twoje hasło zostało zaktualizowane."
   errors:
-    validate_sign_up_params: "Proszę dostarczyć odpowiednie dane logowania w ciele zapytania."
-    validate_account_update_params: "Proszę dostarczyć odpowiednie dane aktualizacji konta w ciele zapytania."
-    not_email: "nie jest prawidłowym adresem e-mail"
+    messages:
+      validate_sign_up_params: "Proszę dostarczyć odpowiednie dane logowania w ciele zapytania."
+      validate_account_update_params: "Proszę dostarczyć odpowiednie dane aktualizacji konta w ciele zapytania."
+      not_email: "nie jest prawidłowym adresem e-mail"
   devise:
     mailer:
       confirmation_instructions:

data/config/locales/pt.yml

@@ -26,9 +26,10 @@ pt:
       missing_passwords: "Preencha a senha e a confirmação de senha."
       successfully_updated: "Senha atualizada com sucesso."
   errors:
-    validate_sign_up_params: "Os dados submetidos na requisição de registo são inválidos."
-    validate_account_update_params: "Os dados submetidos para atualização de conta são inválidos."
-    not_email: "não é um e-mail"
+    messages:
+      validate_sign_up_params: "Os dados submetidos na requisição de registo são inválidos."
+      validate_account_update_params: "Os dados submetidos para atualização de conta são inválidos."
+      not_email: "não é um e-mail"
   devise:
     mailer:
       confirmation_instructions:

data/lib/devise_token_auth/engine.rb

@@ -26,6 +26,7 @@ module DeviseTokenAuth
                  :default_callbacks,
                  :headers_names,
                  :bypass_sign_in,
+                 :send_confirmation_email,
                  :require_client_password_reset_token
 
   self.change_headers_on_each_request       = true
@@ -47,6 +48,7 @@ module DeviseTokenAuth
                                                 'uid': 'uid',
                                                 'token-type': 'token-type' }
   self.bypass_sign_in                       = true
+  self.send_confirmation_email              = false
   self.require_client_password_reset_token  = false
 
   def self.setup(&block)

data/lib/devise_token_auth/url.rb

@@ -11,6 +11,9 @@ module DeviseTokenAuth::Url
     query = [uri.query, params.to_query].reject(&:blank?).join('&')
     res += "?#{query}"
     res += "##{uri.fragment}" if uri.fragment
+    # repeat any query params after the fragment to deal with Angular eating any pre fragment query params, used
+    # in the reset password redirect url
+    res += "?#{query}" if uri.fragment
 
     res
   end

data/lib/devise_token_auth/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module DeviseTokenAuth
-  VERSION = '1.1.3'.freeze
+  VERSION = '1.1.4'.freeze
 end

data/lib/generators/devise_token_auth/USAGE

@@ -8,7 +8,7 @@ Arguments:
              # 'User'
   MOUNT_PATH # The path at which to mount the authentication routes. Default is
              # 'auth'. More detail documentation is here:
-             # https://github.com/lynndylanhurley/devise_token_auth#usage-tldr
+             # https://devise-token-auth.gitbook.io/devise-token-auth/usage
 
 Example:
   rails generate devise_token_auth:install User auth

data/lib/generators/devise_token_auth/install_generator.rb

@@ -75,12 +75,12 @@ module DeviseTokenAuth
       ActiveRecord::Base.connection.select_value('SELECT VERSION()')
     end
 
-    def rails5?
-      Rails.version.start_with? '5'
+    def rails_5_or_newer?
+      Rails::VERSION::MAJOR >= 5
     end
 
     def primary_key_type
-      primary_key_string if rails5?
+      primary_key_string if rails_5_or_newer?
     end
 
     def primary_key_string

data/lib/generators/devise_token_auth/install_mongoid_generator.rb

@@ -29,9 +29,9 @@ module DeviseTokenAuth
   field :tokens, type: Hash, default: {}
 
   # Include default devise modules. Others available are:
-  # :confirmable, :lockable, :timeoutable and :omniauthable
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
   devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable
+         :recoverable, :rememberable, :validatable
   include DeviseTokenAuth::Concerns::User
 
   index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })

data/lib/generators/devise_token_auth/templates/devise_token_auth.rb

@@ -52,4 +52,9 @@ DeviseTokenAuth.setup do |config|
   # If, however, you wish to integrate with legacy Devise authentication, you can
   # do so by enabling this flag. NOTE: This feature is highly experimental!
   # config.enable_standard_devise_support = false
+
+  # By default DeviseTokenAuth will not send confirmation email, even when including
+  # devise confirmable module. If you want to use devise confirmable module and
+  # send email, set it to true. (This is a setting for compatibility)
+  # config.send_confirmation_email = true
 end

data/lib/generators/devise_token_auth/templates/user.rb.erb

@@ -2,8 +2,8 @@
 
 class <%= user_class %> < ActiveRecord::Base
   # Include default devise modules. Others available are:
-  # :confirmable, :lockable, :timeoutable and :omniauthable
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
   devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable
+         :recoverable, :rememberable, :validatable
   include DeviseTokenAuth::Concerns::User
 end

data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb

@@ -43,9 +43,9 @@ class <%= user_class %>
   field :tokens, type: Hash, default: {}
 
   # Include default devise modules. Others available are:
-  # :confirmable, :lockable, :timeoutable and :omniauthable
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
   devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable
+         :recoverable, :rememberable, :validatable
   include DeviseTokenAuth::Concerns::User
 
   index({ email: 1 }, { name: 'email_index', unique: true, background: true })

data/test/controllers/devise_token_auth/confirmations_controller_test.rb

@@ -53,6 +53,10 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
             assert @resource.confirmed?
           end
 
+          test 'should save the authentication token' do
+            assert @resource.reload.tokens.present?
+          end
+
           test 'should redirect to success url' do
             assert_redirected_to(/^#{@redirect_url}/)
           end

data/test/dummy/app/active_record/confirmable_user.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class ConfirmableUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable,
+         :validatable, :confirmable
+  DeviseTokenAuth.send_confirmation_email = true
+  include DeviseTokenAuth::Concerns::User
+  DeviseTokenAuth.send_confirmation_email = false
+end

data/test/dummy/app/mongoid/confirmable_user.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+class ConfirmableUser
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+
+  ## User Info
+  field :name,      type: String
+  field :nickname,  type: String
+  field :image,     type: String
+
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+
+  ## Recoverable
+  field :reset_password_token,        type: String
+  field :reset_password_sent_at,      type: Time
+  field :reset_password_redirect_url, type: String
+  field :allow_password_change,       type: Boolean, default: false
+
+  ## Rememberable
+  field :remember_created_at, type: Time
+
+  ## Confirmable
+  field :confirmation_token,   type: String
+  field :confirmed_at,         type: Time
+  field :confirmation_sent_at, type: Time
+  field :unconfirmed_email,    type: String # Only if using reconfirmable
+
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable,
+         :validatable, :confirmable
+  DeviseTokenAuth.send_confirmation_email = true
+  include DeviseTokenAuth::Concerns::User
+  DeviseTokenAuth.send_confirmation_email = false
+end

data/test/dummy/config/initializers/figaro.rb

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-#Figaro.require("GITHUB_KEY", "GITHUB_SECRET", "FACEBOOK_KEY", "FACEBOOK_SECRET", "GOOGLE_KEY", "GOOGLE_SECRET")
+#Figaro.require("GITHUB_KEY", "GITHUB_SECRET", "FACEBOOK_KEY", "FACEBOOK_SECRET", "GOOGLE_KEY", "GOOGLE_SECRET", "APPLE_CLIENT_ID", "APPLE_TEAM_ID", "APPLE_KEY", "APPLE_PEM")

data/test/dummy/config/initializers/omniauth.rb

@@ -4,6 +4,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do |b|
   provider :github,        ENV['GITHUB_KEY'],   ENV['GITHUB_SECRET'],   scope: 'email,profile'
   provider :facebook,      ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET']
   provider :google_oauth2, ENV['GOOGLE_KEY'],   ENV['GOOGLE_SECRET']
+  provider :apple,         ENV['APPLE_CLIENT_ID'], '', { scope: 'email name', team_id: ENV['APPLE_TEAM_ID'], key_id: ENV['APPLE_KEY'], pem: ENV['APPLE_PEM'] }
   provider :developer,
            fields: [:first_name, :last_name],
            uid_field: :last_name

data/test/dummy/config/routes.rb

@@ -20,6 +20,8 @@ Rails.application.routes.draw do
 
   mount_devise_token_auth_for 'LockableUser', at: 'lockable_user_auth'
 
+  mount_devise_token_auth_for 'ConfirmableUser', at: 'confirmable_user_auth'
+
   # test namespacing
   namespace :api do
     scope :v1 do

data/test/dummy/{tmp/generators/db/migrate/20170630171909_devise_token_auth_create_mangs.rb → db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb}

@@ -1,6 +1,7 @@
-class DeviseTokenAuthCreateMangs < ActiveRecord::Migration[4.2]
+class DeviseTokenAuthCreateConfirmableUsers < ActiveRecord::Migration[5.2]
   def change
-    create_table(:mangs) do |t|
+    
+    create_table(:confirmable_users) do |t|
       ## Required
       t.string :provider, :null => false, :default => "email"
       t.string :uid, :null => false, :default => ""
@@ -11,17 +12,11 @@ class DeviseTokenAuthCreateMangs < ActiveRecord::Migration[4.2]
       ## Recoverable
       t.string   :reset_password_token
       t.datetime :reset_password_sent_at
+      t.boolean  :allow_password_change, :default => false
 
       ## Rememberable
       t.datetime :remember_created_at
 
-      ## Trackable
-      t.integer  :sign_in_count, :default => 0, :null => false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-
       ## Confirmable
       t.string   :confirmation_token
       t.datetime :confirmed_at
@@ -45,10 +40,10 @@ class DeviseTokenAuthCreateMangs < ActiveRecord::Migration[4.2]
       t.timestamps
     end
 
-    add_index :mangs, :email,                unique: true
-    add_index :mangs, [:uid, :provider],     unique: true
-    add_index :mangs, :reset_password_token, unique: true
-    add_index :mangs, :confirmation_token,   unique: true
-    # add_index :mangs, :unlock_token,       unique: true
+    add_index :confirmable_users, :email,                unique: true
+    add_index :confirmable_users, [:uid, :provider],     unique: true
+    add_index :confirmable_users, :reset_password_token, unique: true
+    add_index :confirmable_users, :confirmation_token,   unique: true
+    # add_index :confirmable_users, :unlock_token,       unique: true
   end
 end

data/test/dummy/db/schema.rb

@@ -10,7 +10,32 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2016_06_29_184441) do
+ActiveRecord::Schema.define(version: 2019_09_24_101113) do
+
+  create_table "confirmable_users", force: :cascade do |t|
+    t.string "provider", default: "email", null: false
+    t.string "uid", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.string "reset_password_token"
+    t.datetime "reset_password_sent_at"
+    t.boolean "allow_password_change", default: false
+    t.datetime "remember_created_at"
+    t.string "confirmation_token"
+    t.datetime "confirmed_at"
+    t.datetime "confirmation_sent_at"
+    t.string "unconfirmed_email"
+    t.string "name"
+    t.string "nickname"
+    t.string "image"
+    t.string "email"
+    t.text "tokens"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["confirmation_token"], name: "index_confirmable_users_on_confirmation_token", unique: true
+    t.index ["email"], name: "index_confirmable_users_on_email", unique: true
+    t.index ["reset_password_token"], name: "index_confirmable_users_on_reset_password_token", unique: true
+    t.index ["uid", "provider"], name: "index_confirmable_users_on_uid_and_provider", unique: true
+  end
 
   create_table "lockable_users", force: :cascade do |t|
     t.string "provider", null: false

data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+<p><%= t(:welcome).capitalize + ' ' + @email %>!</p>
+
+<p><%= t '.confirm_link_msg' %> </p>
+
+<p><%= link_to t('.confirm_account_link'), confirmation_url(@resource, {confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']}).html_safe %></p>

data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+<p><%= t(:hello).capitalize %> <%= @resource.email %>!</p>
+
+<p><%= t '.request_reset_link_msg' %></p>
+
+<p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s).html_safe %></p>
+
+<p><%= t '.ignore_mail_msg' %></p>
+<p><%= t '.no_changes_msg' %></p>

data/test/factories/users.rb

@@ -36,5 +36,6 @@ FactoryBot.define do
     factory :mang_user, class: 'Mang'
     factory :only_email_user, class: 'OnlyEmailUser'
     factory :scoped_user, class: 'ScopedUser'
+    factory :confirmable_user, class: 'ConfirmableUser'
   end
 end

data/test/lib/devise_token_auth/url_test.rb

@@ -4,10 +4,10 @@ require 'test_helper'
 
 class DeviseTokenAuth::UrlTest < ActiveSupport::TestCase
   describe 'DeviseTokenAuth::Url#generate' do
-    test 'URI fragment should appear at the end of URL' do
+    test 'URI fragment should appear at the end of URL with repeat of query params' do
       params = { client_id: 123 }
       url = 'http://example.com#fragment'
-      assert_equal DeviseTokenAuth::Url.send(:generate, url, params), 'http://example.com?client_id=123#fragment'
+      assert_equal DeviseTokenAuth::Url.send(:generate, url, params), 'http://example.com?client_id=123#fragment?client_id=123'
     end
 
     describe 'with existing query params' do

data/test/models/confirmable_user_test.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class ConfirmableUserTest < ActiveSupport::TestCase
+  describe ConfirmableUser do
+    describe 'creation' do
+      test 'email should be saved' do
+        @resource = create(:confirmable_user)
+        assert @resource.email.present?
+      end
+    end
+
+    describe 'updating email' do
+      test 'new email should be saved to unconfirmed_email' do
+        @resource = create(:confirmable_user, email: 'old_address@example.com')
+        @resource.update(email: 'new_address@example.com')
+        assert @resource.unconfirmed_email == 'new_address@example.com'
+      end
+
+      test 'old email should be kept in email' do
+        @resource = create(:confirmable_user, email: 'old_address@example.com')
+        @resource.update(email: 'new_address@example.com')
+        assert @resource.email == 'old_address@example.com'
+      end
+
+      test 'confirmation_token should be changed' do
+        @resource = create(:confirmable_user, email: 'old_address@example.com')
+        old_token = @resource.confirmation_token
+        @resource.update(email: 'new_address@example.com')
+        assert @resource.confirmation_token != old_token
+      end
+    end
+  end
+end

data/test/test_helper.rb

@@ -46,7 +46,7 @@ class ActiveSupport::TestCase
 
   def age_token(user, client_id)
     if user.tokens[client_id]
-      user.tokens[client_id]['updated_at'] = Time.zone.now - (DeviseTokenAuth.batch_request_buffer_throttle + 10.seconds)
+      user.tokens[client_id]['updated_at'] = (Time.zone.now - (DeviseTokenAuth.batch_request_buffer_throttle + 10.seconds)).to_s(:rfc822)
       user.save!
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_token_auth
 version: !ruby/object:Gem::Version
-  version: 1.1.3
+  version: 1.1.4
 platform: ruby
 authors:
 - Lynn Hurley
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-09-26 00:00:00.000000000 Z
+date: 2020-06-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -30,6 +30,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: sprockets
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.7.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.7.2
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
@@ -84,14 +98,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.6
+        version: '1.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.6
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -175,6 +189,7 @@ files:
 - app/controllers/devise_token_auth/token_validations_controller.rb
 - app/controllers/devise_token_auth/unlocks_controller.rb
 - app/models/devise_token_auth/concerns/active_record_support.rb
+- app/models/devise_token_auth/concerns/confirmable_support.rb
 - app/models/devise_token_auth/concerns/mongoid_support.rb
 - app/models/devise_token_auth/concerns/tokens_serialization.rb
 - app/models/devise_token_auth/concerns/user.rb
@@ -192,6 +207,7 @@ files:
 - config/locales/he.yml
 - config/locales/it.yml
 - config/locales/ja.yml
+- config/locales/ko.yml
 - config/locales/nl.yml
 - config/locales/pl.yml
 - config/locales/pt-BR.yml
@@ -248,6 +264,7 @@ files:
 - test/controllers/overrides/sessions_controller_test.rb
 - test/controllers/overrides/token_validations_controller_test.rb
 - test/dummy/README.rdoc
+- test/dummy/app/active_record/confirmable_user.rb
 - test/dummy/app/active_record/lockable_user.rb
 - test/dummy/app/active_record/mang.rb
 - test/dummy/app/active_record/only_email_user.rb
@@ -274,6 +291,7 @@ files:
 - test/dummy/app/controllers/overrides/token_validations_controller.rb
 - test/dummy/app/helpers/application_helper.rb
 - test/dummy/app/models/concerns/favorite_color.rb
+- test/dummy/app/mongoid/confirmable_user.rb
 - test/dummy/app/mongoid/lockable_user.rb
 - test/dummy/app/mongoid/mang.rb
 - test/dummy/app/mongoid/only_email_user.rb
@@ -313,14 +331,11 @@ files:
 - test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb
 - test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb
 - test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb
+- test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb
 - test/dummy/db/schema.rb
 - test/dummy/lib/migration_database_helper.rb
-- test/dummy/tmp/generators/app/models/mang.rb
-- test/dummy/tmp/generators/app/models/user.rb
-- test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
-- test/dummy/tmp/generators/config/routes.rb
-- test/dummy/tmp/generators/db/migrate/20170630171909_devise_token_auth_create_mangs.rb
-- test/dummy/tmp/generators/db/migrate/20170630171909_devise_token_auth_create_users.rb
+- test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
+- test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
 - test/factories/users.rb
 - test/lib/devise_token_auth/blacklist_test.rb
 - test/lib/devise_token_auth/token_factory_test.rb
@@ -330,6 +345,7 @@ files:
 - test/lib/generators/devise_token_auth/install_views_generator_test.rb
 - test/models/concerns/mongoid_support_test.rb
 - test/models/concerns/tokens_serialization_test.rb
+- test/models/confirmable_user_test.rb
 - test/models/only_email_user_test.rb
 - test/models/user_test.rb
 - test/support/controllers/routes.rb
@@ -360,6 +376,7 @@ summary: Token based authentication for rails. Uses Devise + OmniAuth.
 test_files:
 - test/dummy/app/mongoid/only_email_user.rb
 - test/dummy/app/mongoid/scoped_user.rb
+- test/dummy/app/mongoid/confirmable_user.rb
 - test/dummy/app/mongoid/mang.rb
 - test/dummy/app/mongoid/unregisterable_user.rb
 - test/dummy/app/mongoid/lockable_user.rb
@@ -368,6 +385,7 @@ test_files:
 - test/dummy/app/models/concerns/favorite_color.rb
 - test/dummy/app/active_record/only_email_user.rb
 - test/dummy/app/active_record/scoped_user.rb
+- test/dummy/app/active_record/confirmable_user.rb
 - test/dummy/app/active_record/mang.rb
 - test/dummy/app/active_record/unregisterable_user.rb
 - test/dummy/app/active_record/lockable_user.rb
@@ -425,14 +443,12 @@ test_files:
 - test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb
 - test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb
 - test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb
-- test/dummy/tmp/generators/app/models/mang.rb
-- test/dummy/tmp/generators/app/models/user.rb
-- test/dummy/tmp/generators/config/routes.rb
-- test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
-- test/dummy/tmp/generators/db/migrate/20170630171909_devise_token_auth_create_mangs.rb
-- test/dummy/tmp/generators/db/migrate/20170630171909_devise_token_auth_create_users.rb
+- test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb
+- test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
+- test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
 - test/dummy/README.rdoc
 - test/models/only_email_user_test.rb
+- test/models/confirmable_user_test.rb
 - test/models/concerns/mongoid_support_test.rb
 - test/models/concerns/tokens_serialization_test.rb
 - test/models/user_test.rb

data/test/dummy/tmp/generators/app/models/mang.rb

@@ -1,7 +0,0 @@
-class Mang < ActiveRecord::Base
-  # Include default devise modules.
-  devise :database_authenticatable, :registerable,
-          :recoverable, :rememberable, :trackable, :validatable,
-          :confirmable, :omniauthable
-  include DeviseTokenAuth::Concerns::User
-end

data/test/dummy/tmp/generators/app/models/user.rb

@@ -1,7 +0,0 @@
-class User < ActiveRecord::Base
-  # Include default devise modules.
-  devise :database_authenticatable, :registerable,
-          :recoverable, :rememberable, :trackable, :validatable,
-          :confirmable, :omniauthable
-  include DeviseTokenAuth::Concerns::User
-end

data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb

@@ -1,48 +0,0 @@
-DeviseTokenAuth.setup do |config|
-  # By default the authorization headers will change after each request. The
-  # client is responsible for keeping track of the changing tokens. Change
-  # this to false to prevent the Authorization header from changing after
-  # each request.
-  # config.change_headers_on_each_request = true
-
-  # By default, users will need to re-authenticate after 2 weeks. This setting
-  # determines how long tokens will remain valid after they are issued.
-  # config.token_lifespan = 2.weeks
-
-  # Sets the max number of concurrent devices per user, which is 10 by default.
-  # After this limit is reached, the oldest tokens will be removed.
-  # config.max_number_of_devices = 10
-
-  # Sometimes it's necessary to make several requests to the API at the same
-  # time. In this case, each request in the batch will need to share the same
-  # auth token. This setting determines how far apart the requests can be while
-  # still using the same auth token.
-  # config.batch_request_buffer_throttle = 5.seconds
-
-  # This route will be the prefix for all oauth2 redirect callbacks. For
-  # example, using the default '/omniauth', the github oauth2 provider will
-  # redirect successful authentications to '/omniauth/github/callback'
-  # config.omniauth_prefix = "/omniauth"
-
-  # By default sending current password is not needed for the password update.
-  # Uncomment to enforce current_password param to be checked before all
-  # attribute updates. Set it to :password if you want it to be checked only if
-  # password is updated.
-  # config.check_current_password_before_update = :attributes
-
-  # By default we will use callbacks for single omniauth.
-  # It depends on fields like email, provider and uid.
-  # config.default_callbacks = true
-
-  # Makes it possible to change the headers names
-  # config.headers_names = {:'access-token' => 'access-token',
-  #                        :'client' => 'client',
-  #                        :'expiry' => 'expiry',
-  #                        :'uid' => 'uid',
-  #                        :'token-type' => 'token-type' }
-
-  # By default, only Bearer Token authentication is implemented out of the box.
-  # If, however, you wish to integrate with legacy Devise authentication, you can
-  # do so by enabling this flag. NOTE: This feature is highly experimental!
-  # config.enable_standard_devise_support = false
-end

data/test/dummy/tmp/generators/config/routes.rb

@@ -1,9 +0,0 @@
-            Rails.application.routes.draw do
-  mount_devise_token_auth_for 'User', at: 'auth'
-
-  mount_devise_token_auth_for 'Mang', at: 'mangs'
-  as :mang do
-    # Define routes for Mang within this block.
-  end
-              patch '/chong', to: 'bong#index'
-            end

data/test/dummy/tmp/generators/db/migrate/20170630171909_devise_token_auth_create_users.rb

@@ -1,54 +0,0 @@
-class DeviseTokenAuthCreateUsers < ActiveRecord::Migration[4.2]
-  def change
-    create_table(:users) do |t|
-      ## Required
-      t.string :provider, :null => false, :default => "email"
-      t.string :uid, :null => false, :default => ""
-
-      ## Database authenticatable
-      t.string :encrypted_password, :null => false, :default => ""
-
-      ## Recoverable
-      t.string   :reset_password_token
-      t.datetime :reset_password_sent_at
-
-      ## Rememberable
-      t.datetime :remember_created_at
-
-      ## Trackable
-      t.integer  :sign_in_count, :default => 0, :null => false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-
-      ## Confirmable
-      t.string   :confirmation_token
-      t.datetime :confirmed_at
-      t.datetime :confirmation_sent_at
-      t.string   :unconfirmed_email # Only if using reconfirmable
-
-      ## Lockable
-      # t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
-      # t.string   :unlock_token # Only if unlock strategy is :email or :both
-      # t.datetime :locked_at
-
-      ## User Info
-      t.string :name
-      t.string :nickname
-      t.string :image
-      t.string :email
-
-      ## Tokens
-      t.text :tokens
-
-      t.timestamps
-    end
-
-    add_index :users, :email,                unique: true
-    add_index :users, [:uid, :provider],     unique: true
-    add_index :users, :reset_password_token, unique: true
-    add_index :users, :confirmation_token,   unique: true
-    # add_index :users, :unlock_token,       unique: true
-  end
-end