devise_token_auth 1.1.3 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/devise_token_auth/application_controller.rb +8 -0
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +14 -1
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +31 -7
- data/app/controllers/devise_token_auth/confirmations_controller.rb +9 -4
- data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +2 -1
- data/app/controllers/devise_token_auth/passwords_controller.rb +6 -2
- data/app/controllers/devise_token_auth/sessions_controller.rb +7 -1
- data/app/controllers/devise_token_auth/unlocks_controller.rb +6 -2
- data/app/models/devise_token_auth/concerns/active_record_support.rb +0 -2
- data/app/models/devise_token_auth/concerns/confirmable_support.rb +28 -0
- data/app/models/devise_token_auth/concerns/tokens_serialization.rb +16 -4
- data/app/models/devise_token_auth/concerns/user.rb +9 -10
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +4 -1
- data/app/validators/devise_token_auth_email_validator.rb +1 -1
- data/app/views/devise_token_auth/omniauth_external_window.html.erb +1 -1
- data/config/locales/en.yml +3 -0
- data/config/locales/ja.yml +1 -1
- data/config/locales/ko.yml +51 -0
- data/config/locales/pl.yml +4 -3
- data/config/locales/pt.yml +4 -3
- data/lib/devise_token_auth/blacklist.rb +5 -1
- data/lib/devise_token_auth/controllers/helpers.rb +5 -9
- data/lib/devise_token_auth/engine.rb +8 -0
- data/lib/devise_token_auth/rails/routes.rb +15 -10
- data/lib/devise_token_auth/url.rb +3 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/USAGE +1 -1
- data/lib/generators/devise_token_auth/install_generator.rb +4 -4
- data/lib/generators/devise_token_auth/install_mongoid_generator.rb +2 -2
- data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +5 -0
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -1
- data/lib/generators/devise_token_auth/templates/user.rb.erb +2 -2
- data/lib/generators/devise_token_auth/templates/user_mongoid.rb.erb +2 -2
- data/test/controllers/devise_token_auth/confirmations_controller_test.rb +95 -19
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +2 -2
- data/test/controllers/devise_token_auth/passwords_controller_test.rb +73 -21
- data/test/controllers/devise_token_auth/registrations_controller_test.rb +28 -15
- data/test/controllers/devise_token_auth/sessions_controller_test.rb +39 -10
- data/test/controllers/devise_token_auth/unlocks_controller_test.rb +21 -4
- data/test/controllers/overrides/confirmations_controller_test.rb +1 -1
- data/test/dummy/app/active_record/confirmable_user.rb +11 -0
- data/test/dummy/app/mongoid/confirmable_user.rb +52 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -2
- data/test/dummy/config/application.rb +0 -1
- data/test/dummy/config/environments/development.rb +0 -10
- data/test/dummy/config/environments/production.rb +0 -16
- data/test/dummy/config/initializers/figaro.rb +1 -1
- data/test/dummy/config/initializers/omniauth.rb +1 -0
- data/test/dummy/config/routes.rb +2 -0
- data/test/dummy/{tmp/generators/db/migrate/20170630171909_devise_token_auth_create_mangs.rb → db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb} +9 -14
- data/test/dummy/db/schema.rb +26 -1
- data/test/dummy/tmp/generators/app/controllers/application_controller.rb +6 -0
- data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb +56 -0
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +12 -0
- data/test/factories/users.rb +1 -0
- data/test/lib/devise_token_auth/blacklist_test.rb +11 -3
- data/test/lib/devise_token_auth/rails/custom_routes_test.rb +29 -0
- data/test/lib/devise_token_auth/rails/routes_test.rb +87 -0
- data/test/lib/devise_token_auth/url_test.rb +2 -2
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +1 -1
- data/test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb +1 -1
- data/test/models/concerns/tokens_serialization_test.rb +39 -5
- data/test/models/confirmable_user_test.rb +35 -0
- data/test/test_helper.rb +35 -4
- metadata +25 -19
- data/test/dummy/config/initializers/assets.rb +0 -10
- data/test/dummy/tmp/generators/app/models/mang.rb +0 -7
- data/test/dummy/tmp/generators/app/models/user.rb +0 -7
- data/test/dummy/tmp/generators/config/routes.rb +0 -9
- data/test/dummy/tmp/generators/db/migrate/20170630171909_devise_token_auth_create_users.rb +0 -54
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fb2d73d7859e1754b505d6f554c8d298ba899444b4fe4e1b47d50ca9bab453e8
|
4
|
+
data.tar.gz: 3572d4ff07d68f62d8e51270959fd20451d9edb4832d576b9342939275390dee
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 50c95181401bedfd959a407d450f222ab185d75000825385dd691a064e831b36263eb1338d25f6378a743ac9009b73f80df3e24cb09ce5680a0e6723fc98acb9
|
7
|
+
data.tar.gz: 91910874d7e473d31eb39cf40c6860da4ab5b59aa874a0f1296faa17718103124018568cf289486a9d49a3ec1b967f14e23c18afb8d3f6cd3ec2fd837d663a83
|
@@ -75,5 +75,13 @@ module DeviseTokenAuth
|
|
75
75
|
response = response.merge(data) if data
|
76
76
|
render json: response, status: status
|
77
77
|
end
|
78
|
+
|
79
|
+
def success_message(name, email)
|
80
|
+
if Devise.paranoid
|
81
|
+
I18n.t("devise_token_auth.#{name}.sended_paranoid")
|
82
|
+
else
|
83
|
+
I18n.t("devise_token_auth.#{name}.sended", email: email)
|
84
|
+
end
|
85
|
+
end
|
78
86
|
end
|
79
87
|
end
|
@@ -20,7 +20,7 @@ module DeviseTokenAuth::Concerns::ResourceFinder
|
|
20
20
|
end
|
21
21
|
|
22
22
|
def find_resource(field, value)
|
23
|
-
@resource = if
|
23
|
+
@resource = if database_adapter&.include?('mysql')
|
24
24
|
# fix for mysql default case insensitivity
|
25
25
|
resource_class.where("BINARY #{field} = ? AND provider= ?", value, provider).first
|
26
26
|
else
|
@@ -28,6 +28,19 @@ module DeviseTokenAuth::Concerns::ResourceFinder
|
|
28
28
|
end
|
29
29
|
end
|
30
30
|
|
31
|
+
def database_adapter
|
32
|
+
@database_adapter ||= begin
|
33
|
+
rails_version = [Rails::VERSION::MAJOR, Rails::VERSION::MINOR].join(".")
|
34
|
+
|
35
|
+
adapter =
|
36
|
+
if rails_version >= "6.1"
|
37
|
+
resource_class.try(:connection_db_config)&.try(:adapter)
|
38
|
+
else
|
39
|
+
resource_class.try(:connection_config)&.try(:[], :adapter)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
31
44
|
def resource_class(m = nil)
|
32
45
|
mapping = if m
|
33
46
|
Devise.mappings[m]
|
@@ -17,7 +17,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
|
|
17
17
|
@used_auth_by_token = true
|
18
18
|
|
19
19
|
# initialize instance variables
|
20
|
-
@token
|
20
|
+
@token ||= DeviseTokenAuth::TokenFactory.new
|
21
21
|
@resource ||= nil
|
22
22
|
@is_batch_request ||= nil
|
23
23
|
end
|
@@ -35,18 +35,27 @@ module DeviseTokenAuth::Concerns::SetUserByToken
|
|
35
35
|
access_token_name = DeviseTokenAuth.headers_names[:'access-token']
|
36
36
|
client_name = DeviseTokenAuth.headers_names[:'client']
|
37
37
|
|
38
|
+
# gets values from cookie if configured and present
|
39
|
+
parsed_auth_cookie = {}
|
40
|
+
if DeviseTokenAuth.cookie_enabled
|
41
|
+
auth_cookie = request.cookies[DeviseTokenAuth.cookie_name]
|
42
|
+
if auth_cookie.present?
|
43
|
+
parsed_auth_cookie = JSON.parse(auth_cookie)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
38
47
|
# parse header for values necessary for authentication
|
39
|
-
uid = request.headers[uid_name] || params[uid_name]
|
48
|
+
uid = request.headers[uid_name] || params[uid_name] || parsed_auth_cookie[uid_name]
|
40
49
|
@token = DeviseTokenAuth::TokenFactory.new unless @token
|
41
|
-
@token.token ||= request.headers[access_token_name] || params[access_token_name]
|
42
|
-
@token.client ||= request.headers[client_name] || params[client_name]
|
50
|
+
@token.token ||= request.headers[access_token_name] || params[access_token_name] || parsed_auth_cookie[access_token_name]
|
51
|
+
@token.client ||= request.headers[client_name] || params[client_name] || parsed_auth_cookie[client_name]
|
43
52
|
|
44
53
|
# client isn't required, set to 'default' if absent
|
45
54
|
@token.client ||= 'default'
|
46
55
|
|
47
56
|
# check for an existing user, authenticated via warden/devise, if enabled
|
48
57
|
if DeviseTokenAuth.enable_standard_devise_support
|
49
|
-
devise_warden_user = warden.user(
|
58
|
+
devise_warden_user = warden.user(mapping)
|
50
59
|
if devise_warden_user && devise_warden_user.tokens[@token.client].nil?
|
51
60
|
@used_auth_by_token = false
|
52
61
|
@resource = devise_warden_user
|
@@ -101,9 +110,13 @@ module DeviseTokenAuth::Concerns::SetUserByToken
|
|
101
110
|
# update the response header
|
102
111
|
response.headers.merge!(auth_header)
|
103
112
|
|
113
|
+
# set a server cookie if configured
|
114
|
+
if DeviseTokenAuth.cookie_enabled
|
115
|
+
set_cookie(auth_header)
|
116
|
+
end
|
104
117
|
else
|
105
118
|
unless @resource.reload.valid?
|
106
|
-
@resource =
|
119
|
+
@resource = @resource.class.find(@resource.to_param) # errors remain after reload
|
107
120
|
# if we left the model in a bad state, something is wrong in our app
|
108
121
|
unless @resource.valid?
|
109
122
|
raise DeviseTokenAuth::Errors::InvalidModel, "Cannot set auth token in invalid model. Errors: #{@resource.errors.full_messages}"
|
@@ -123,11 +136,22 @@ module DeviseTokenAuth::Concerns::SetUserByToken
|
|
123
136
|
# cleared by sign out in the meantime
|
124
137
|
return if @used_auth_by_token && @resource.tokens[@token.client].nil?
|
125
138
|
|
139
|
+
_auth_header_from_batch_request = auth_header_from_batch_request
|
140
|
+
|
126
141
|
# update the response header
|
127
|
-
response.headers.merge!(
|
142
|
+
response.headers.merge!(_auth_header_from_batch_request)
|
143
|
+
|
144
|
+
# set a server cookie if configured
|
145
|
+
if DeviseTokenAuth.cookie_enabled
|
146
|
+
set_cookie(_auth_header_from_batch_request)
|
147
|
+
end
|
128
148
|
end # end lock
|
129
149
|
end
|
130
150
|
|
151
|
+
def set_cookie(auth_header)
|
152
|
+
cookies[DeviseTokenAuth.cookie_name] = DeviseTokenAuth.cookie_attributes.merge(value: auth_header.to_json)
|
153
|
+
end
|
154
|
+
|
131
155
|
def is_batch_request?(user, client)
|
132
156
|
!params[:unbatch] &&
|
133
157
|
user.tokens[client] &&
|
@@ -13,6 +13,7 @@ module DeviseTokenAuth
|
|
13
13
|
|
14
14
|
if signed_in?(resource_name)
|
15
15
|
token = signed_in_resource.create_token
|
16
|
+
signed_in_resource.save!
|
16
17
|
|
17
18
|
redirect_headers = build_redirect_headers(token.token,
|
18
19
|
token.client,
|
@@ -54,13 +55,17 @@ module DeviseTokenAuth
|
|
54
55
|
|
55
56
|
def render_create_success
|
56
57
|
render json: {
|
57
|
-
|
58
|
-
|
59
|
-
|
58
|
+
success: true,
|
59
|
+
message: success_message('confirmations', @email)
|
60
|
+
}
|
60
61
|
end
|
61
62
|
|
62
63
|
def render_not_found_error
|
63
|
-
|
64
|
+
if Devise.paranoid
|
65
|
+
render_error(404, I18n.t('devise_token_auth.confirmations.sended_paranoid'))
|
66
|
+
else
|
67
|
+
render_error(404, I18n.t('devise_token_auth.confirmations.user_not_found', email: @email))
|
68
|
+
end
|
64
69
|
end
|
65
70
|
|
66
71
|
private
|
@@ -112,7 +112,8 @@ module DeviseTokenAuth
|
|
112
112
|
|
113
113
|
# break out provider attribute assignment for easy method extension
|
114
114
|
def assign_provider_attrs(user, auth_hash)
|
115
|
-
attrs = auth_hash['info'].
|
115
|
+
attrs = auth_hash['info'].to_hash
|
116
|
+
attrs = attrs.slice(*user.attribute_names)
|
116
117
|
user.assign_attributes(attrs)
|
117
118
|
end
|
118
119
|
|
@@ -128,7 +128,7 @@ module DeviseTokenAuth
|
|
128
128
|
def render_create_success
|
129
129
|
render json: {
|
130
130
|
success: true,
|
131
|
-
message:
|
131
|
+
message: success_message('passwords', @email)
|
132
132
|
}
|
133
133
|
end
|
134
134
|
|
@@ -181,7 +181,11 @@ module DeviseTokenAuth
|
|
181
181
|
end
|
182
182
|
|
183
183
|
def render_not_found_error
|
184
|
-
|
184
|
+
if Devise.paranoid
|
185
|
+
render_error(404, I18n.t('devise_token_auth.passwords.sended_paranoid'))
|
186
|
+
else
|
187
|
+
render_error(404, I18n.t('devise_token_auth.passwords.user_not_found', email: @email))
|
188
|
+
end
|
185
189
|
end
|
186
190
|
|
187
191
|
def validate_redirect_url_param
|
@@ -48,13 +48,19 @@ module DeviseTokenAuth
|
|
48
48
|
def destroy
|
49
49
|
# remove auth instance variables so that after_action does not run
|
50
50
|
user = remove_instance_variable(:@resource) if @resource
|
51
|
-
client = @token.client
|
51
|
+
client = @token.client
|
52
52
|
@token.clear!
|
53
53
|
|
54
54
|
if user && client && user.tokens[client]
|
55
55
|
user.tokens.delete(client)
|
56
56
|
user.save!
|
57
57
|
|
58
|
+
if DeviseTokenAuth.cookie_enabled
|
59
|
+
# If a cookie is set with a domain specified then it must be deleted with that domain specified
|
60
|
+
# See https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html
|
61
|
+
cookies.delete(DeviseTokenAuth.cookie_name, domain: DeviseTokenAuth.cookie_attributes[:domain])
|
62
|
+
end
|
63
|
+
|
58
64
|
yield user if block_given?
|
59
65
|
|
60
66
|
render_destroy_success
|
@@ -63,7 +63,7 @@ module DeviseTokenAuth
|
|
63
63
|
def render_create_success
|
64
64
|
render json: {
|
65
65
|
success: true,
|
66
|
-
message:
|
66
|
+
message: success_message('unlocks', @email)
|
67
67
|
}
|
68
68
|
end
|
69
69
|
|
@@ -79,7 +79,11 @@ module DeviseTokenAuth
|
|
79
79
|
end
|
80
80
|
|
81
81
|
def render_not_found_error
|
82
|
-
|
82
|
+
if Devise.paranoid
|
83
|
+
render_error(404, I18n.t('devise_token_auth.unlocks.sended_paranoid'))
|
84
|
+
else
|
85
|
+
render_error(404, I18n.t('devise_token_auth.unlocks.user_not_found', email: @email))
|
86
|
+
end
|
83
87
|
end
|
84
88
|
|
85
89
|
def resource_params
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module DeviseTokenAuth::Concerns::ConfirmableSupport
|
2
|
+
extend ActiveSupport::Concern
|
3
|
+
|
4
|
+
included do
|
5
|
+
# Override standard devise `postpone_email_change?` method
|
6
|
+
# for not to use `will_save_change_to_email?` & `email_changed?` methods.
|
7
|
+
def postpone_email_change?
|
8
|
+
postpone = self.class.reconfirmable &&
|
9
|
+
email_value_in_database != email &&
|
10
|
+
!@bypass_confirmation_postpone &&
|
11
|
+
self.email.present? &&
|
12
|
+
(!@skip_reconfirmation_in_callback || !email_value_in_database.nil?)
|
13
|
+
@bypass_confirmation_postpone = false
|
14
|
+
postpone
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
protected
|
19
|
+
|
20
|
+
def email_value_in_database
|
21
|
+
rails51 = Rails.gem_version >= Gem::Version.new("5.1.x")
|
22
|
+
if rails51 && respond_to?(:email_in_database)
|
23
|
+
email_in_database
|
24
|
+
else
|
25
|
+
email_was
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -1,12 +1,14 @@
|
|
1
1
|
module DeviseTokenAuth::Concerns::TokensSerialization
|
2
|
+
extend self
|
2
3
|
# Serialization hash to json
|
3
|
-
def
|
4
|
-
|
5
|
-
|
4
|
+
def dump(object)
|
5
|
+
JSON.generate(object && object.transform_values do |token|
|
6
|
+
serialize_updated_at(token).compact
|
7
|
+
end.compact)
|
6
8
|
end
|
7
9
|
|
8
10
|
# Deserialization json to hash
|
9
|
-
def
|
11
|
+
def load(json)
|
10
12
|
case json
|
11
13
|
when String
|
12
14
|
JSON.parse(json)
|
@@ -16,4 +18,14 @@ module DeviseTokenAuth::Concerns::TokensSerialization
|
|
16
18
|
json
|
17
19
|
end
|
18
20
|
end
|
21
|
+
|
22
|
+
private
|
23
|
+
|
24
|
+
def serialize_updated_at(token)
|
25
|
+
updated_at_key = ['updated_at', :updated_at].find(&token.method(:[]))
|
26
|
+
|
27
|
+
return token unless token[updated_at_key].respond_to?(:iso8601)
|
28
|
+
|
29
|
+
token.merge updated_at_key => token[updated_at_key].iso8601
|
30
|
+
end
|
19
31
|
end
|
@@ -44,6 +44,10 @@ module DeviseTokenAuth::Concerns::User
|
|
44
44
|
def email_changed?; false; end
|
45
45
|
def will_save_change_to_email?; false; end
|
46
46
|
|
47
|
+
if DeviseTokenAuth.send_confirmation_email && devise_modules.include?(:confirmable)
|
48
|
+
include DeviseTokenAuth::Concerns::ConfirmableSupport
|
49
|
+
end
|
50
|
+
|
47
51
|
def password_required?
|
48
52
|
return false unless provider == 'email'
|
49
53
|
super
|
@@ -133,17 +137,17 @@ module DeviseTokenAuth::Concerns::User
|
|
133
137
|
def token_can_be_reused?(token, client)
|
134
138
|
# ghetto HashWithIndifferentAccess
|
135
139
|
updated_at = tokens[client]['updated_at'] || tokens[client][:updated_at]
|
136
|
-
|
140
|
+
last_token_hash = tokens[client]['last_token'] || tokens[client][:last_token]
|
137
141
|
|
138
142
|
return true if (
|
139
143
|
# ensure that the last token and its creation time exist
|
140
|
-
updated_at &&
|
144
|
+
updated_at && last_token_hash &&
|
141
145
|
|
142
146
|
# ensure that previous token falls within the batch buffer throttle time of the last request
|
143
147
|
updated_at.to_time > Time.zone.now - DeviseTokenAuth.batch_request_buffer_throttle &&
|
144
148
|
|
145
149
|
# ensure that the token is valid
|
146
|
-
DeviseTokenAuth::TokenFactory.
|
150
|
+
DeviseTokenAuth::TokenFactory.token_hash_is_token?(last_token_hash, token)
|
147
151
|
)
|
148
152
|
end
|
149
153
|
|
@@ -214,13 +218,8 @@ module DeviseTokenAuth::Concerns::User
|
|
214
218
|
end
|
215
219
|
|
216
220
|
def should_remove_tokens_after_password_reset?
|
217
|
-
|
218
|
-
encrypted_password_changed? &&
|
219
|
-
DeviseTokenAuth.remove_tokens_after_password_reset
|
220
|
-
else
|
221
|
-
saved_change_to_attribute?(:encrypted_password) &&
|
222
|
-
DeviseTokenAuth.remove_tokens_after_password_reset
|
223
|
-
end
|
221
|
+
DeviseTokenAuth.remove_tokens_after_password_reset &&
|
222
|
+
(respond_to?(:encrypted_password_changed?) && encrypted_password_changed?)
|
224
223
|
end
|
225
224
|
|
226
225
|
def remove_tokens_after_password_reset
|
@@ -9,7 +9,7 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
|
|
9
9
|
validates_presence_of :uid, unless: :email_provider?
|
10
10
|
|
11
11
|
# only validate unique emails among email registration users
|
12
|
-
validates :email, uniqueness: { scope: :provider }, on: :create, if: :email_provider?
|
12
|
+
validates :email, uniqueness: { case_sensitive: false, scope: :provider }, on: :create, if: :email_provider?
|
13
13
|
|
14
14
|
# keep uid in sync with email
|
15
15
|
before_save :sync_uid
|
@@ -23,6 +23,9 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
|
|
23
23
|
end
|
24
24
|
|
25
25
|
def sync_uid
|
26
|
+
unless self.new_record?
|
27
|
+
return if devise_modules.include?(:confirmable) && !@bypass_confirmation_postpone && postpone_email_change?
|
28
|
+
end
|
26
29
|
self.uid = email if email_provider?
|
27
30
|
end
|
28
31
|
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
class DeviseTokenAuthEmailValidator < ActiveModel::EachValidator
|
4
4
|
def validate_each(record, attribute, value)
|
5
5
|
unless value =~ /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
|
6
|
-
record.errors
|
6
|
+
record.errors.add(attribute, email_invalid_message)
|
7
7
|
end
|
8
8
|
end
|
9
9
|
|
@@ -15,7 +15,7 @@
|
|
15
15
|
Cordova / PhoneGap)
|
16
16
|
*/
|
17
17
|
|
18
|
-
var data = JSON.parse(decodeURIComponent('<%=
|
18
|
+
var data = JSON.parse(decodeURIComponent('<%= ERB::Util.url_encode( @data.to_json ) %>'));
|
19
19
|
|
20
20
|
window.addEventListener("message", function(ev) {
|
21
21
|
if (ev.data === "requestCredentials") {
|
data/config/locales/en.yml
CHANGED
@@ -21,6 +21,7 @@ en:
|
|
21
21
|
missing_redirect_url: "Missing redirect URL."
|
22
22
|
not_allowed_redirect_url: "Redirect to '%{redirect_url}' not allowed."
|
23
23
|
sended: "An email has been sent to '%{email}' containing instructions for resetting your password."
|
24
|
+
sended_paranoid: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
|
24
25
|
user_not_found: "Unable to find user with email '%{email}'."
|
25
26
|
password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."
|
26
27
|
missing_passwords: "You must fill out the fields labeled 'Password' and 'Password confirmation'."
|
@@ -28,9 +29,11 @@ en:
|
|
28
29
|
unlocks:
|
29
30
|
missing_email: "You must provide an email address."
|
30
31
|
sended: "An email has been sent to '%{email}' containing instructions for unlocking your account."
|
32
|
+
sended_paranoid: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
|
31
33
|
user_not_found: "Unable to find user with email '%{email}'."
|
32
34
|
confirmations:
|
33
35
|
sended: "An email has been sent to '%{email}' containing instructions for confirming your account."
|
36
|
+
sended_paranoid: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
|
34
37
|
user_not_found: "Unable to find user with email '%{email}'."
|
35
38
|
missing_email: "You must provide an email address."
|
36
39
|
|
data/config/locales/ja.yml
CHANGED
@@ -29,7 +29,7 @@ ja:
|
|
29
29
|
messages:
|
30
30
|
validate_sign_up_params: "リクエストボディに適切なアカウント新規登録データを送信してください。"
|
31
31
|
validate_account_update_params: "リクエストボディに適切なアカウント更新のデータを送信してください。"
|
32
|
-
not_email: "
|
32
|
+
not_email: "は有効ではありません"
|
33
33
|
devise:
|
34
34
|
mailer:
|
35
35
|
confirmation_instructions:
|
@@ -0,0 +1,51 @@
|
|
1
|
+
ko:
|
2
|
+
devise_token_auth:
|
3
|
+
sessions:
|
4
|
+
not_confirmed: "'%{email}'로 주소 인증 메일을 발송했습니다. 계정을 활성화하기 위해서는 반드시 메일의 안내를 따라야 합니다."
|
5
|
+
bad_credentials: "계정 정보가 맞지 않습니다. 다시 시도해 주세요."
|
6
|
+
not_supported: "POST /sign_in to sign in을 사용해주세요. GET은 지원하지 않습니다."
|
7
|
+
user_not_found: "유저를 찾을 수 없습니다."
|
8
|
+
invalid: "계정 정보가 맞지 않습니다."
|
9
|
+
registrations:
|
10
|
+
missing_confirm_success_url: "'confirm_success_url' 파라미터가 없습니다."
|
11
|
+
redirect_url_not_allowed: "'%{redirect_url}' 주소로 리다이렉트는 허용하지 않습니다."
|
12
|
+
email_already_exists: "'%{email}'을 사용하는 계정이 이미 있습니다."
|
13
|
+
account_with_uid_destroyed: " UID가 '%{uid}'인 계정을 삭제했습니다."
|
14
|
+
account_to_destroy_not_found: "삭제할 계정을 찾을 수 없습니다."
|
15
|
+
user_not_found: "유저를 찾을 수 없습니다."
|
16
|
+
omniauth:
|
17
|
+
not_allowed_redirect_url: "'%{redirect_url}' 주소로 리다이렉트는 허용하지 않습니다."
|
18
|
+
passwords:
|
19
|
+
missing_email: "이메일 주소를 입력해야 합니다."
|
20
|
+
missing_redirect_url: "redirect URL이 없습니다."
|
21
|
+
not_allowed_redirect_url: "'%{redirect_url}' 주소로 리다이렉트는 허용하지 않습니다."
|
22
|
+
sended: "'%{email}'로 비밀번호를 재설정하기 위한 안내 메일을 발송했습니다."
|
23
|
+
user_not_found: "'%{email}'을 사용하는 유저를 찾을 수 없습니다."
|
24
|
+
password_not_required: "이 계정은 비밀번호가 필요하지 않습니다. '%{provider}'으로 로그인을 진행해 주세요."
|
25
|
+
missing_passwords: "비밀번호와 비밀번호 확인 필드를 반드시 입력해야 합니다."
|
26
|
+
successfully_updated: "비밀번호를 성공적으로 업데이트 했습니다."
|
27
|
+
unlocks:
|
28
|
+
missing_email: "이메일 주소를 반드시 입력해야 합니다."
|
29
|
+
sended: "'%{email}'로 계정 잠금 해제를 위한 안내 메일을 발송했습니다."
|
30
|
+
user_not_found: "'%{email}'을 사용하는 유저를 찾을 수 없습니다."
|
31
|
+
errors:
|
32
|
+
messages:
|
33
|
+
validate_sign_up_params: "요청 값에 알맞은 로그인 데이터를 입력하세요."
|
34
|
+
validate_account_update_params: "요청 값에 알맞은 업데이트 데이터를 입력하세요."
|
35
|
+
not_email: "이메일이 아닙니다."
|
36
|
+
devise:
|
37
|
+
mailer:
|
38
|
+
confirmation_instructions:
|
39
|
+
confirm_link_msg: "아래의 링크를 이용해 계정 인증을 할 수 있습니다."
|
40
|
+
confirm_account_link: "본인 계정 인증"
|
41
|
+
reset_password_instructions:
|
42
|
+
request_reset_link_msg: "누군가 당신의 비밀번호를 변경하는 링크를 요청했으며, 다음의 링크에서 비밀번호 변경이 가능합니다."
|
43
|
+
password_change_link: "비밀번호 변경"
|
44
|
+
ignore_mail_msg: "비밀번호 변경을 요청하지 않으셨다면 이 메일을 무시하십시오."
|
45
|
+
no_changes_msg: "위 링크에 접속하여 새로운 비밀번호를 생성하기 전까지 귀하의 비밀번호는 변경되지 않습니다."
|
46
|
+
unlock_instructions:
|
47
|
+
account_lock_msg: "로그인 실패 횟수 초과로 귀하의 계정이 잠금 처리되었습니다."
|
48
|
+
unlock_link_msg: "계정 잠금을 해제하려면 아래 링크를 클릭하세요."
|
49
|
+
unlock_link: "계정 잠금 해제"
|
50
|
+
hello: "안녕하세요"
|
51
|
+
welcome: "환영합니다"
|
data/config/locales/pl.yml
CHANGED
@@ -26,9 +26,10 @@ pl:
|
|
26
26
|
missing_passwords: "Musisz wypełnić wszystkie pola z etykietą 'Hasło' oraz 'Potwierdzenie hasła'."
|
27
27
|
successfully_updated: "Twoje hasło zostało zaktualizowane."
|
28
28
|
errors:
|
29
|
-
|
30
|
-
|
31
|
-
|
29
|
+
messages:
|
30
|
+
validate_sign_up_params: "Proszę dostarczyć odpowiednie dane logowania w ciele zapytania."
|
31
|
+
validate_account_update_params: "Proszę dostarczyć odpowiednie dane aktualizacji konta w ciele zapytania."
|
32
|
+
not_email: "nie jest prawidłowym adresem e-mail"
|
32
33
|
devise:
|
33
34
|
mailer:
|
34
35
|
confirmation_instructions:
|
data/config/locales/pt.yml
CHANGED
@@ -26,9 +26,10 @@ pt:
|
|
26
26
|
missing_passwords: "Preencha a senha e a confirmação de senha."
|
27
27
|
successfully_updated: "Senha atualizada com sucesso."
|
28
28
|
errors:
|
29
|
-
|
30
|
-
|
31
|
-
|
29
|
+
messages:
|
30
|
+
validate_sign_up_params: "Os dados submetidos na requisição de registo são inválidos."
|
31
|
+
validate_account_update_params: "Os dados submetidos para atualização de conta são inválidos."
|
32
|
+
not_email: "não é um e-mail"
|
32
33
|
devise:
|
33
34
|
mailer:
|
34
35
|
confirmation_instructions:
|
@@ -1,2 +1,6 @@
|
|
1
1
|
# don't serialize tokens
|
2
|
-
Devise::Models::Authenticatable::
|
2
|
+
if defined? Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION
|
3
|
+
Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION << :tokens
|
4
|
+
else
|
5
|
+
Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION << :tokens
|
6
|
+
end
|
@@ -34,12 +34,6 @@ module DeviseTokenAuth
|
|
34
34
|
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
35
35
|
def authenticate_#{group_name}!(favourite=nil, opts={})
|
36
36
|
unless #{group_name}_signed_in?
|
37
|
-
mappings = #{mappings}
|
38
|
-
mappings.unshift mappings.delete(favourite.to_sym) if favourite
|
39
|
-
mappings.each do |mapping|
|
40
|
-
set_user_by_token(mapping)
|
41
|
-
end
|
42
|
-
|
43
37
|
unless current_#{group_name}
|
44
38
|
render_authenticate_error
|
45
39
|
end
|
@@ -47,12 +41,14 @@ module DeviseTokenAuth
|
|
47
41
|
end
|
48
42
|
|
49
43
|
def #{group_name}_signed_in?
|
50
|
-
#{
|
51
|
-
set_user_by_token(mapping)
|
52
|
-
end
|
44
|
+
!!current_#{group_name}
|
53
45
|
end
|
54
46
|
|
55
47
|
def current_#{group_name}(favourite=nil)
|
48
|
+
@current_#{group_name} ||= set_group_user_by_token(favourite)
|
49
|
+
end
|
50
|
+
|
51
|
+
def set_group_user_by_token(favourite)
|
56
52
|
mappings = #{mappings}
|
57
53
|
mappings.unshift mappings.delete(favourite.to_sym) if favourite
|
58
54
|
mappings.each do |mapping|
|
@@ -25,7 +25,11 @@ module DeviseTokenAuth
|
|
25
25
|
:remove_tokens_after_password_reset,
|
26
26
|
:default_callbacks,
|
27
27
|
:headers_names,
|
28
|
+
:cookie_enabled,
|
29
|
+
:cookie_name,
|
30
|
+
:cookie_attributes,
|
28
31
|
:bypass_sign_in,
|
32
|
+
:send_confirmation_email,
|
29
33
|
:require_client_password_reset_token
|
30
34
|
|
31
35
|
self.change_headers_on_each_request = true
|
@@ -46,7 +50,11 @@ module DeviseTokenAuth
|
|
46
50
|
'expiry': 'expiry',
|
47
51
|
'uid': 'uid',
|
48
52
|
'token-type': 'token-type' }
|
53
|
+
self.cookie_enabled = false
|
54
|
+
self.cookie_name = 'auth_cookie'
|
55
|
+
self.cookie_attributes = {}
|
49
56
|
self.bypass_sign_in = true
|
57
|
+
self.send_confirmation_email = false
|
50
58
|
self.require_client_password_reset_token = false
|
51
59
|
|
52
60
|
def self.setup(&block)
|
@@ -8,26 +8,31 @@ module ActionDispatch::Routing
|
|
8
8
|
opts[:skip] ||= []
|
9
9
|
|
10
10
|
# check for ctrl overrides, fall back to defaults
|
11
|
-
sessions_ctrl = opts[:controllers]
|
12
|
-
registrations_ctrl = opts[:controllers]
|
13
|
-
passwords_ctrl = opts[:controllers]
|
14
|
-
confirmations_ctrl = opts[:controllers]
|
15
|
-
token_validations_ctrl = opts[:controllers]
|
16
|
-
omniauth_ctrl = opts[:controllers]
|
17
|
-
unlocks_ctrl = opts[:controllers]
|
11
|
+
sessions_ctrl = opts[:controllers].delete(:sessions) || 'devise_token_auth/sessions'
|
12
|
+
registrations_ctrl = opts[:controllers].delete(:registrations) || 'devise_token_auth/registrations'
|
13
|
+
passwords_ctrl = opts[:controllers].delete(:passwords) || 'devise_token_auth/passwords'
|
14
|
+
confirmations_ctrl = opts[:controllers].delete(:confirmations) || 'devise_token_auth/confirmations'
|
15
|
+
token_validations_ctrl = opts[:controllers].delete(:token_validations) || 'devise_token_auth/token_validations'
|
16
|
+
omniauth_ctrl = opts[:controllers].delete(:omniauth_callbacks) || 'devise_token_auth/omniauth_callbacks'
|
17
|
+
unlocks_ctrl = opts[:controllers].delete(:unlocks) || 'devise_token_auth/unlocks'
|
18
|
+
|
19
|
+
# check for resource override
|
20
|
+
route = opts[:as] || resource.pluralize.underscore.gsub('/', '_')
|
18
21
|
|
19
22
|
# define devise controller mappings
|
20
|
-
controllers =
|
23
|
+
controllers = opts[:controllers].merge(
|
24
|
+
sessions: sessions_ctrl,
|
21
25
|
registrations: registrations_ctrl,
|
22
26
|
passwords: passwords_ctrl,
|
23
|
-
confirmations: confirmations_ctrl
|
27
|
+
confirmations: confirmations_ctrl
|
28
|
+
)
|
24
29
|
|
25
30
|
controllers[:unlocks] = unlocks_ctrl if unlocks_ctrl
|
26
31
|
|
27
32
|
# remove any unwanted devise modules
|
28
33
|
opts[:skip].each{ |item| controllers.delete(item) }
|
29
34
|
|
30
|
-
devise_for
|
35
|
+
devise_for route.to_sym,
|
31
36
|
class_name: resource,
|
32
37
|
module: :devise,
|
33
38
|
path: opts[:at].to_s,
|
@@ -11,6 +11,9 @@ module DeviseTokenAuth::Url
|
|
11
11
|
query = [uri.query, params.to_query].reject(&:blank?).join('&')
|
12
12
|
res += "?#{query}"
|
13
13
|
res += "##{uri.fragment}" if uri.fragment
|
14
|
+
# repeat any query params after the fragment to deal with Angular eating any pre fragment query params, used
|
15
|
+
# in the reset password redirect url
|
16
|
+
res += "?#{query}" if uri.fragment
|
14
17
|
|
15
18
|
res
|
16
19
|
end
|