devise_token_auth 1.2.1 → 1.2.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (29) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -1
  3. data/app/controllers/devise_token_auth/application_controller.rb +5 -1
  4. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +2 -1
  5. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +3 -3
  6. data/app/controllers/devise_token_auth/confirmations_controller.rb +7 -4
  7. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +11 -18
  8. data/app/controllers/devise_token_auth/passwords_controller.rb +4 -2
  9. data/app/controllers/devise_token_auth/sessions_controller.rb +12 -8
  10. data/app/controllers/devise_token_auth/unlocks_controller.rb +2 -1
  11. data/app/models/devise_token_auth/concerns/user.rb +9 -7
  12. data/lib/devise_token_auth/rails/routes.rb +4 -3
  13. data/lib/devise_token_auth/version.rb +1 -1
  14. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +8 -5
  15. data/test/controllers/custom/custom_confirmations_controller_test.rb +1 -1
  16. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +1 -1
  17. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +7 -4
  18. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +16 -19
  19. data/test/controllers/devise_token_auth/registrations_controller_test.rb +2 -2
  20. data/test/controllers/devise_token_auth/sessions_controller_test.rb +111 -38
  21. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +1 -1
  22. data/test/dummy/app/controllers/application_controller.rb +2 -6
  23. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +2 -1
  24. data/test/dummy/app/controllers/overrides/passwords_controller.rb +2 -1
  25. data/test/dummy/config/environments/test.rb +6 -2
  26. data/test/dummy/tmp/generators/app/models/user.rb +8 -10
  27. data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +11 -5
  28. data/test/dummy/tmp/generators/db/migrate/{20220822003050_devise_token_auth_create_users.rb → 20230415183419_devise_token_auth_create_users.rb} +2 -2
  29. metadata +89 -89
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: be08ae7f01121ebe8c6b9b8fe04bcc2bdc83a2c8108452ffc986f1865278e85f
4
- data.tar.gz: 272f45dc6f28fba16b6a523f47cbb9ecf3be9c05d4aa644ee0d0998fa5272f43
3
+ metadata.gz: 135b5088d17b20d187a6ffe314356dd2a2474d9bd98898bc9e36bc931e6c9fef
4
+ data.tar.gz: cf3c3c6fc19564248bdcb22e3b99624bd25a027383649a45c7e7bf1fddfd5bbd
5
5
  SHA512:
6
- metadata.gz: cc54c90eee4fdf43e6d9b72ca905fc58e4338f1310b289bbede651978bd4f407556392d3d4c61cfaeabf6d4fba179768e02ec9c00bc245b33ba629972676c676
7
- data.tar.gz: 00e139ae99fe395580ef8f846cca46516792b68cda0e0201e551e90ca9c70679fcf9519d3682ea82095588e78a93bb2def3db2bebe670a0e96f933e7087fee4b
6
+ metadata.gz: 5f6e88376261bcea31e98d8af66cc298755d2cbc2724c481a100d78273824b1dcfcc016bbc2af2b43d1dcac945fc6a4015d351f321da9a432ec4c5129f8c58f0
7
+ data.tar.gz: bde72417d1882c6f69076d3bfe8cebd077e39a681898fb0c5603643770a3d81eb0ac3d42dd46f8ae27aff4dae74a138159160974c1996ef4e28d252baf6b52ba
data/README.md CHANGED
@@ -1,7 +1,7 @@
1
1
  # Devise Token Auth
2
2
 
3
3
  [![Gem Version](https://badge.fury.io/rb/devise_token_auth.svg)](http://badge.fury.io/rb/devise_token_auth)
4
- [![Build Status](https://travis-ci.org/lynndylanhurley/devise_token_auth.svg?branch=master)](https://travis-ci.org/lynndylanhurley/devise_token_auth)
4
+ [![Build Status](https://github.com/lynndylanhurley/devise_token_auth/actions/workflows/test.yml/badge.svg?branch=master)](https://github.com/lynndylanhurley/devise_token_auth/actions/workflows/test.yml)
5
5
  [![Code Climate](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/badges/gpa.svg)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth)
6
6
  [![Test Coverage](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/badges/coverage.svg)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/coverage)
7
7
  [![Downloads](https://img.shields.io/gem/dt/devise_token_auth.svg)](https://rubygems.org/gems/devise_token_auth)
@@ -22,6 +22,7 @@ Also, it maintains a session for each client/device, so you can have as many ses
22
22
  * [Angular-Token](https://github.com/neroniaky/angular-token) for [Angular](https://github.com/angular/angular)
23
23
  * [redux-token-auth](https://github.com/kylecorbelli/redux-token-auth) for [React with Redux](https://github.com/reactjs/react-redux)
24
24
  * [jToker](https://github.com/lynndylanhurley/j-toker) for [jQuery](https://jquery.com/)
25
+ * [vanilla-token-auth](https://github.com/theblang/vanilla-token-auth) for an unopinionated client
25
26
  * Oauth2 authentication using [OmniAuth](https://github.com/intridea/omniauth).
26
27
  * Email authentication using [Devise](https://github.com/plataformatec/devise), including:
27
28
  * User registration, update and deletion
@@ -84,12 +84,16 @@ module DeviseTokenAuth
84
84
  end
85
85
  end
86
86
 
87
+ def redirect_options
88
+ {}
89
+ end
90
+
87
91
  # When using a cookie to transport the auth token we can set it immediately in flows such as
88
92
  # reset password and OmniAuth success, rather than making the client scrape the token from
89
93
  # query params (to then send in the initial validate_token request).
90
94
  # TODO: We should be able to stop exposing the token in query params when this method is used
91
95
  def set_token_in_cookie(resource, token)
92
- auth_header = resource.build_auth_header(token.token, token.client)
96
+ auth_header = resource.build_auth_headers(token.token, token.client)
93
97
  cookies[DeviseTokenAuth.cookie_name] = DeviseTokenAuth.cookie_attributes.merge(value: auth_header.to_json)
94
98
  end
95
99
  end
@@ -22,7 +22,8 @@ module DeviseTokenAuth::Concerns::ResourceFinder
22
22
  def find_resource(field, value)
23
23
  @resource = if database_adapter&.include?('mysql')
24
24
  # fix for mysql default case insensitivity
25
- resource_class.where("BINARY #{field} = ? AND provider= ?", value, provider).first
25
+ field_sanitized = resource_class.connection.quote_column_name(field)
26
+ resource_class.where("BINARY #{field_sanitized} = ? AND provider= ?", value, provider).first
26
27
  else
27
28
  resource_class.dta_find_by(field => value, 'provider' => provider)
28
29
  end
@@ -111,7 +111,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
111
111
  # cleared by sign out in the meantime
112
112
  return if @resource.reload.tokens[@token.client].nil?
113
113
 
114
- auth_header = @resource.build_auth_header(@token.token, @token.client)
114
+ auth_header = @resource.build_auth_headers(@token.token, @token.client)
115
115
 
116
116
  # update the response header
117
117
  response.headers.merge!(auth_header)
@@ -154,8 +154,8 @@ module DeviseTokenAuth::Concerns::SetUserByToken
154
154
  # update the response header
155
155
  response.headers.merge!(_auth_header_from_batch_request)
156
156
 
157
- # set a server cookie if configured
158
- if DeviseTokenAuth.cookie_enabled
157
+ # set a server cookie if configured and is not a batch request
158
+ if DeviseTokenAuth.cookie_enabled && !@is_batch_request
159
159
  set_cookie(_auth_header_from_batch_request)
160
160
  end
161
161
  end # end lock
@@ -22,11 +22,15 @@ module DeviseTokenAuth
22
22
  redirect_to_link = signed_in_resource.build_auth_url(redirect_url, redirect_headers)
23
23
  else
24
24
  redirect_to_link = DeviseTokenAuth::Url.generate(redirect_url, redirect_header_options)
25
- end
25
+ end
26
26
 
27
- redirect_to(redirect_to_link)
27
+ redirect_to(redirect_to_link, redirect_options)
28
28
  else
29
- raise ActionController::RoutingError, 'Not Found'
29
+ if redirect_url
30
+ redirect_to DeviseTokenAuth::Url.generate(redirect_url, account_confirmation_success: false)
31
+ else
32
+ raise ActionController::RoutingError, 'Not Found'
33
+ end
30
34
  end
31
35
  end
32
36
 
@@ -81,6 +85,5 @@ module DeviseTokenAuth
81
85
  DeviseTokenAuth.default_confirm_success_url
82
86
  )
83
87
  end
84
-
85
88
  end
86
89
  end
@@ -23,7 +23,7 @@ module DeviseTokenAuth
23
23
  session['dta.omniauth.auth'] = request.env['omniauth.auth'].except('extra')
24
24
  session['dta.omniauth.params'] = request.env['omniauth.params']
25
25
 
26
- redirect_to redirect_route, status: 307
26
+ redirect_to redirect_route, {status: 307}.merge(redirect_options)
27
27
  end
28
28
 
29
29
  def get_redirect_route(devise_mapping)
@@ -111,7 +111,6 @@ module DeviseTokenAuth
111
111
  end
112
112
  end
113
113
  @_omniauth_params
114
-
115
114
  end
116
115
 
117
116
  # break out provider attribute assignment for easy method extension
@@ -133,23 +132,19 @@ module DeviseTokenAuth
133
132
  end
134
133
 
135
134
  def resource_class(mapping = nil)
136
- if omniauth_params['resource_class']
137
- omniauth_params['resource_class'].constantize
138
- elsif params['resource_class']
139
- params['resource_class'].constantize
140
- else
141
- raise 'No resource_class found'
142
- end
135
+ return @resource_class if defined?(@resource_class)
136
+
137
+ constant_name = omniauth_params['resource_class'].presence || params['resource_class'].presence
138
+ @resource_class = ObjectSpace.each_object(Class).detect { |cls| cls.to_s == constant_name && cls.pretty_print_inspect.starts_with?(constant_name) }
139
+ raise 'No resource_class found' if @resource_class.nil?
140
+
141
+ @resource_class
143
142
  end
144
143
 
145
144
  def resource_name
146
145
  resource_class
147
146
  end
148
147
 
149
- def omniauth_window_type
150
- omniauth_params['omniauth_window_type']
151
- end
152
-
153
148
  def unsafe_auth_origin_url
154
149
  omniauth_params['auth_origin_url'] || omniauth_params['origin']
155
150
  end
@@ -168,12 +163,11 @@ module DeviseTokenAuth
168
163
  omniauth_params.nil? ? params['omniauth_window_type'] : omniauth_params['omniauth_window_type']
169
164
  end
170
165
 
171
- # this sesison value is set by the redirect_callbacks method. its purpose
166
+ # this session value is set by the redirect_callbacks method. its purpose
172
167
  # is to persist the omniauth auth hash value thru a redirect. the value
173
- # must be destroyed immediatly after it is accessed by omniauth_success
168
+ # must be destroyed immediately after it is accessed by omniauth_success
174
169
  def auth_hash
175
170
  @_auth_hash ||= session.delete('dta.omniauth.auth')
176
- @_auth_hash
177
171
  end
178
172
 
179
173
  # ensure that this controller responds to :devise_controller? conditionals.
@@ -233,7 +227,7 @@ module DeviseTokenAuth
233
227
  elsif auth_origin_url # default to same-window implementation, which forwards back to auth_origin_url
234
228
 
235
229
  # build and redirect to destination url
236
- redirect_to DeviseTokenAuth::Url.generate(auth_origin_url, data.merge(blank: true))
230
+ redirect_to DeviseTokenAuth::Url.generate(auth_origin_url, data.merge(blank: true).merge(redirect_options))
237
231
  else
238
232
 
239
233
  # there SHOULD always be an auth_origin_url, but if someone does something silly
@@ -287,5 +281,4 @@ module DeviseTokenAuth
287
281
  @resource
288
282
  end
289
283
  end
290
-
291
284
  end
@@ -49,7 +49,8 @@ module DeviseTokenAuth
49
49
  yield @resource if block_given?
50
50
 
51
51
  if require_client_password_reset_token?
52
- redirect_to DeviseTokenAuth::Url.generate(@redirect_url, reset_password_token: resource_params[:reset_password_token])
52
+ redirect_to DeviseTokenAuth::Url.generate(@redirect_url, reset_password_token: resource_params[:reset_password_token]),
53
+ redirect_options
53
54
  else
54
55
  if DeviseTokenAuth.cookie_enabled
55
56
  set_token_in_cookie(@resource, token)
@@ -60,7 +61,8 @@ module DeviseTokenAuth
60
61
  token.client,
61
62
  redirect_header_options)
62
63
  redirect_to(@resource.build_auth_url(@redirect_url,
63
- redirect_headers))
64
+ redirect_headers),
65
+ redirect_options)
64
66
  end
65
67
  else
66
68
  render_edit_error
@@ -11,11 +11,7 @@ module DeviseTokenAuth
11
11
  end
12
12
 
13
13
  def create
14
- # Check
15
- field = (resource_params.keys.map(&:to_sym) & resource_class.authentication_keys).first
16
-
17
- @resource = nil
18
- if field
14
+ if field = (resource_params.keys.map(&:to_sym) & resource_class.authentication_keys).first
19
15
  q_value = get_case_insensitive_field_from_resource_params(field)
20
16
 
21
17
  @resource = find_resource(field, q_value)
@@ -29,18 +25,19 @@ module DeviseTokenAuth
29
25
 
30
26
  create_and_assign_token
31
27
 
32
- sign_in(:user, @resource, store: false, bypass: false)
28
+ sign_in(@resource, scope: :user, store: false, bypass: false)
33
29
 
34
30
  yield @resource if block_given?
35
31
 
36
32
  render_create_success
37
- elsif @resource && !(!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
33
+ elsif @resource && !Devise.paranoid && !(!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
38
34
  if @resource.respond_to?(:locked_at) && @resource.locked_at
39
35
  render_create_error_account_locked
40
36
  else
41
37
  render_create_error_not_confirmed
42
38
  end
43
39
  else
40
+ hash_password_in_paranoid_mode
44
41
  render_create_error_bad_credentials
45
42
  end
46
43
  end
@@ -78,7 +75,6 @@ module DeviseTokenAuth
78
75
  def get_auth_params
79
76
  auth_key = nil
80
77
  auth_val = nil
81
-
82
78
  # iterate thru allowed auth keys, use first found
83
79
  resource_class.authentication_keys.each do |k|
84
80
  if resource_params[k]
@@ -145,5 +141,13 @@ module DeviseTokenAuth
145
141
  @resource.save!
146
142
  end
147
143
  end
144
+
145
+ def hash_password_in_paranoid_mode
146
+ # In order to avoid timing attacks in paranoid mode, we want the password hash to be
147
+ # calculated even if no resource has been found. Devise's DatabaseAuthenticatable warden
148
+ # strategy handles this case similarly:
149
+ # https://github.com/heartcombo/devise/blob/main/lib/devise/strategies/database_authenticatable.rb
150
+ resource_class.new.password = resource_params[:password] if Devise.paranoid
151
+ end
148
152
  end
149
153
  end
@@ -44,7 +44,8 @@ module DeviseTokenAuth
44
44
  token.client,
45
45
  redirect_header_options)
46
46
  redirect_to(@resource.build_auth_url(after_unlock_path_for(@resource),
47
- redirect_headers))
47
+ redirect_headers),
48
+ redirect_options)
48
49
  else
49
50
  render_show_error
50
51
  end
@@ -176,10 +176,10 @@ module DeviseTokenAuth::Concerns::User
176
176
  updated_at: now
177
177
  )
178
178
 
179
- update_auth_header(token.token, token.client)
179
+ update_auth_headers(token.token, token.client)
180
180
  end
181
181
 
182
- def build_auth_header(token, client = 'default')
182
+ def build_auth_headers(token, client = 'default')
183
183
  # client may use expiry to prevent validation request if expired
184
184
  # must be cast as string or headers will break
185
185
  expiry = tokens[client]['expiry'] || tokens[client][:expiry]
@@ -190,17 +190,19 @@ module DeviseTokenAuth::Concerns::User
190
190
  DeviseTokenAuth.headers_names[:"expiry"] => expiry.to_s,
191
191
  DeviseTokenAuth.headers_names[:"uid"] => uid
192
192
  }
193
- headers.merge!(build_bearer_token(headers))
193
+ headers.merge(build_bearer_token(headers))
194
194
  end
195
195
 
196
196
  def build_bearer_token(auth)
197
+ return {} if DeviseTokenAuth.cookie_enabled # There is no need for the bearer token if it is using cookies
198
+
197
199
  encoded_token = Base64.strict_encode64(auth.to_json)
198
200
  bearer_token = "Bearer #{encoded_token}"
199
- {DeviseTokenAuth.headers_names[:"authorization"] => bearer_token}
201
+ { DeviseTokenAuth.headers_names[:"authorization"] => bearer_token }
200
202
  end
201
203
 
202
- def update_auth_header(token, client = 'default')
203
- headers = build_auth_header(token, client)
204
+ def update_auth_headers(token, client = 'default')
205
+ headers = build_auth_headers(token, client)
204
206
  clean_old_tokens
205
207
  save!
206
208
 
@@ -216,7 +218,7 @@ module DeviseTokenAuth::Concerns::User
216
218
 
217
219
  def extend_batch_buffer(token, client)
218
220
  tokens[client]['updated_at'] = Time.zone.now
219
- update_auth_header(token, client)
221
+ update_auth_headers(token, client)
220
222
  end
221
223
 
222
224
  def confirmed?
@@ -65,8 +65,8 @@ module ActionDispatch::Routing
65
65
 
66
66
  # omniauth routes. only define if omniauth is installed and not skipped.
67
67
  if defined?(::OmniAuth) && !opts[:skip].include?(:omniauth_callbacks)
68
- match "#{full_path}/failure", controller: omniauth_ctrl, action: 'omniauth_failure', via: [:get]
69
- match "#{full_path}/:provider/callback", controller: omniauth_ctrl, action: 'omniauth_success', via: [:get]
68
+ match "#{full_path}/failure", controller: omniauth_ctrl, action: 'omniauth_failure', via: [:get, :post]
69
+ match "#{full_path}/:provider/callback", controller: omniauth_ctrl, action: 'omniauth_success', via: [:get, :post]
70
70
 
71
71
  match "#{DeviseTokenAuth.omniauth_prefix}/:provider/callback", controller: omniauth_ctrl, action: 'redirect_callbacks', via: [:get, :post]
72
72
  match "#{DeviseTokenAuth.omniauth_prefix}/failure", controller: omniauth_ctrl, action: 'omniauth_failure', via: [:get, :post]
@@ -75,7 +75,8 @@ module ActionDispatch::Routing
75
75
  # resource as "resource_class" param
76
76
  match "#{full_path}/:provider", to: redirect(status: 307) { |params, request|
77
77
  # get the current querystring
78
- qs = CGI::parse(request.env['QUERY_STRING'])
78
+ # TODO: deprecate in favor of using params
79
+ qs = CGI::parse(request.env['QUERY_STRING'].empty? ? request.body.read : request.env['QUERY_STRING'] )
79
80
 
80
81
  # append name of current resource
81
82
  qs['resource_class'] = [resource]
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module DeviseTokenAuth
4
- VERSION = '1.2.1'.freeze
4
+ VERSION = '1.2.2'.freeze
5
5
  end
@@ -42,11 +42,14 @@ DeviseTokenAuth.setup do |config|
42
42
  # config.default_callbacks = true
43
43
 
44
44
  # Makes it possible to change the headers names
45
- # config.headers_names = {:'access-token' => 'access-token',
46
- # :'client' => 'client',
47
- # :'expiry' => 'expiry',
48
- # :'uid' => 'uid',
49
- # :'token-type' => 'token-type' }
45
+ # config.headers_names = {
46
+ # :'authorization' => 'Authorization',
47
+ # :'access-token' => 'access-token',
48
+ # :'client' => 'client',
49
+ # :'expiry' => 'expiry',
50
+ # :'uid' => 'uid',
51
+ # :'token-type' => 'token-type'
52
+ # }
50
53
 
51
54
  # Makes it possible to use custom uid column
52
55
  # config.other_uid = "foo"
@@ -11,7 +11,7 @@ class Custom::ConfirmationsControllerTest < ActionController::TestCase
11
11
  @new_user = create(:user)
12
12
  @new_user.send_confirmation_instructions(redirect_url: @redirect_url)
13
13
  @mail = ActionMailer::Base.deliveries.last
14
- @token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
14
+ @token = @mail.body.match(/confirmation_token=([^&]*)[&"]/)[1]
15
15
  @client_config = @mail.body.match(/config=([^&]*)&/)[1]
16
16
 
17
17
  get :show,
@@ -20,7 +20,7 @@ class Custom::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
20
20
 
21
21
  test 'yield resource to block on omniauth_success success' do
22
22
  @redirect_url = 'http://ng-token-auth.dev/'
23
- get '/nice_user_auth/facebook',
23
+ post '/nice_user_auth/facebook',
24
24
  params: { auth_origin_url: @redirect_url,
25
25
  omniauth_window_type: 'newWindow' }
26
26
 
@@ -11,7 +11,7 @@ require 'test_helper'
11
11
  class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
12
12
  describe DeviseTokenAuth::ConfirmationsController do
13
13
  def token_and_client_config_from(body)
14
- token = body.match(/confirmation_token=([^&]*)&/)[1]
14
+ token = body.match(/confirmation_token=([^&]*)[&"]/)[1]
15
15
  client_config = body.match(/config=([^&]*)&/)[1]
16
16
  [token, client_config]
17
17
  end
@@ -202,9 +202,12 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase
202
202
 
203
203
  describe 'failure' do
204
204
  test 'user should not be confirmed' do
205
- assert_raises(ActionController::RoutingError) do
206
- get :show, params: { confirmation_token: 'bogus' }
207
- end
205
+ get :show,
206
+ params: { confirmation_token: 'bogus',
207
+ redirect_url: @redirect_url }
208
+
209
+ assert_redirected_to(/^#{@redirect_url}/)
210
+
208
211
  @resource = assigns(:resource)
209
212
  refute @resource.confirmed?
210
213
  end
@@ -13,7 +13,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
13
13
  end
14
14
 
15
15
  before do
16
- @redirect_url = 'http://ng-token-auth.dev/'
16
+ @redirect_url = 'https://ng-token-auth.dev/'
17
17
  end
18
18
 
19
19
  def get_parsed_data_json
@@ -98,7 +98,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
98
98
 
99
99
  describe 'with alternate user model' do
100
100
  before do
101
- get '/mangs/facebook',
101
+ post '/mangs/facebook',
102
102
  params: {
103
103
  auth_origin_url: @redirect_url,
104
104
  omniauth_window_type: 'newWindow'
@@ -123,7 +123,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
123
123
  before do
124
124
  @fav_color = 'alizarin crimson'
125
125
  @unpermitted_param = 'M. Bison'
126
- get '/auth/facebook',
126
+ post '/auth/facebook',
127
127
  params: { auth_origin_url: @redirect_url,
128
128
  favorite_color: @fav_color,
129
129
  name: @unpermitted_param,
@@ -160,7 +160,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
160
160
  end
161
161
 
162
162
  test 'response contains oauth_registration attr' do
163
- get '/auth/facebook',
163
+ post '/auth/facebook',
164
164
  params: { auth_origin_url: @redirect_url,
165
165
  omniauth_window_type: 'newWindow' }
166
166
 
@@ -176,7 +176,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
176
176
  end
177
177
 
178
178
  test 'response does not contain oauth_registration attr' do
179
- get '/auth/facebook',
179
+ post '/auth/facebook',
180
180
  params: { auth_origin_url: @redirect_url,
181
181
  omniauth_window_type: 'newWindow' }
182
182
 
@@ -189,7 +189,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
189
189
 
190
190
  describe 'using namespaces' do
191
191
  before do
192
- get '/api/v1/auth/facebook',
192
+ post '/api/v1/auth/facebook',
193
193
  params: { auth_origin_url: @redirect_url,
194
194
  omniauth_window_type: 'newWindow' }
195
195
 
@@ -234,7 +234,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
234
234
 
235
235
  describe 'with omniauth_window_type=sameWindow' do
236
236
  test 'redirects to auth_origin_url with all expected query params' do
237
- get '/auth/facebook',
237
+ post '/auth/facebook',
238
238
  params: { auth_origin_url: '/auth_origin',
239
239
  omniauth_window_type: 'sameWindow' }
240
240
 
@@ -258,7 +258,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
258
258
  end
259
259
 
260
260
  def get_success(params = {})
261
- get '/auth/facebook',
261
+ post '/auth/facebook',
262
262
  params: {
263
263
  auth_origin_url: @redirect_url,
264
264
  omniauth_window_type: 'newWindow'
@@ -282,7 +282,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
282
282
 
283
283
  test 'renders expected data' do
284
284
  silence_omniauth do
285
- get '/auth/facebook',
285
+ post '/auth/facebook',
286
286
  params: { auth_origin_url: @redirect_url,
287
287
  omniauth_window_type: 'newWindow' }
288
288
 
@@ -298,7 +298,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
298
298
 
299
299
  test 'renders something with no auth_origin_url' do
300
300
  silence_omniauth do
301
- get '/auth/facebook'
301
+ post '/auth/facebook'
302
302
  follow_all_redirects!
303
303
  end
304
304
  assert_equal 200, response.status
@@ -339,7 +339,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
339
339
  end
340
340
 
341
341
  test 'request using non-whitelisted redirect fail' do
342
- get '/auth/facebook',
342
+ post '/auth/facebook',
343
343
  params: { auth_origin_url: @bad_redirect_url,
344
344
  omniauth_window_type: 'newWindow' }
345
345
 
@@ -351,7 +351,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
351
351
  end
352
352
 
353
353
  test 'request to whitelisted redirect should succeed' do
354
- get '/auth/facebook',
354
+ post '/auth/facebook',
355
355
  params: {
356
356
  auth_origin_url: @good_redirect_url,
357
357
  omniauth_window_type: 'newWindow'
@@ -365,7 +365,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
365
365
 
366
366
  test 'should support wildcards' do
367
367
  DeviseTokenAuth.redirect_whitelist = ["#{@good_redirect_url[0..8]}*"]
368
- get '/auth/facebook',
368
+ post '/auth/facebook',
369
369
  params: { auth_origin_url: @good_redirect_url,
370
370
  omniauth_window_type: 'newWindow' }
371
371
 
@@ -397,7 +397,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
397
397
  end
398
398
 
399
399
  test 'request using non-whitelisted redirect fail' do
400
- get '/auth/facebook',
400
+ post '/auth/facebook',
401
401
  params: { auth_origin_url: @bad_redirect_url,
402
402
  omniauth_window_type: 'sameWindow' }
403
403
 
@@ -408,7 +408,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
408
408
  end
409
409
 
410
410
  test 'request to whitelisted redirect should succeed' do
411
- get '/auth/facebook',
411
+ post '/auth/facebook',
412
412
  params: {
413
413
  auth_origin_url: '/auth_origin',
414
414
  omniauth_window_type: 'sameWindow'
@@ -422,7 +422,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest
422
422
 
423
423
  test 'should support wildcards' do
424
424
  DeviseTokenAuth.redirect_whitelist = ["#{@good_redirect_url[0..8]}*"]
425
- get '/auth/facebook',
425
+ post '/auth/facebook',
426
426
  params: {
427
427
  auth_origin_url: '/auth_origin',
428
428
  omniauth_window_type: 'sameWindow'
@@ -433,9 +433,6 @@ class OmniauthTest < ActionDispatch::IntegrationTest
433
433
  assert_equal 200, response.status
434
434
  assert_equal false, response.body.include?("Redirect to '#{@good_redirect_url}' not allowed")
435
435
  end
436
-
437
-
438
436
  end
439
-
440
437
  end
441
438
  end
@@ -306,7 +306,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
306
306
  @data = JSON.parse(response.body)
307
307
  @mail = ActionMailer::Base.deliveries.last
308
308
 
309
- @mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
309
+ @mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)[&"]/)[1]
310
310
  @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)\"/)[1])
311
311
  @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
312
312
  end
@@ -826,7 +826,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
826
826
 
827
827
  @resource.reload
828
828
 
829
- @mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)&/)[1]
829
+ @mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)[&"]/)[1]
830
830
  @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)\"/)[1])
831
831
  @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
832
832
  end
@@ -39,13 +39,17 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
39
39
  describe 'using auth cookie' do
40
40
  before do
41
41
  DeviseTokenAuth.cookie_enabled = true
42
+ post :create, params: @user_session_params
42
43
  end
43
44
 
44
45
  test 'request should return auth cookie' do
45
- post :create, params: @user_session_params
46
46
  assert response.cookies[DeviseTokenAuth.cookie_name]
47
47
  end
48
48
 
49
+ test 'request should not include bearer token' do
50
+ assert_nil response.headers["Authorization"]
51
+ end
52
+
49
53
  after do
50
54
  DeviseTokenAuth.cookie_enabled = false
51
55
  end
@@ -306,23 +310,47 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
306
310
  end
307
311
 
308
312
  describe 'Unconfirmed user' do
309
- before do
310
- @unconfirmed_user = create(:user)
311
- post :create, params: { email: @unconfirmed_user.email,
312
- password: @unconfirmed_user.password }
313
- @resource = assigns(:resource)
314
- @data = JSON.parse(response.body)
315
- end
313
+ describe 'Without paranoid mode' do
314
+ before do
315
+ @unconfirmed_user = create(:user)
316
+ post :create, params: { email: @unconfirmed_user.email,
317
+ password: @unconfirmed_user.password }
318
+ @resource = assigns(:resource)
319
+ @data = JSON.parse(response.body)
320
+ end
316
321
 
317
- test 'request should fail' do
318
- assert_equal 401, response.status
322
+ test 'request should fail' do
323
+ assert_equal 401, response.status
324
+ end
325
+
326
+ test 'response should contain errors' do
327
+ assert @data['errors']
328
+ assert_equal @data['errors'],
329
+ [I18n.t('devise_token_auth.sessions.not_confirmed',
330
+ email: @unconfirmed_user.email)]
331
+ end
319
332
  end
333
+
334
+ describe 'With paranoid mode' do
335
+ before do
336
+ @unconfirmed_user = create(:user)
337
+ swap Devise, paranoid: true do
338
+ post :create, params: { email: @unconfirmed_user.email,
339
+ password: @unconfirmed_user.password }
340
+ end
341
+ @resource = assigns(:resource)
342
+ @data = JSON.parse(response.body)
343
+ end
320
344
 
321
- test 'response should contain errors' do
322
- assert @data['errors']
323
- assert_equal @data['errors'],
324
- [I18n.t('devise_token_auth.sessions.not_confirmed',
325
- email: @unconfirmed_user.email)]
345
+ test 'request should fail' do
346
+ assert_equal 401, response.status
347
+ end
348
+
349
+ test 'response should contain errors that do not leak the existence of the account' do
350
+ assert @data['errors']
351
+ assert_equal @data['errors'],
352
+ [I18n.t('devise_token_auth.sessions.bad_credentials')]
353
+ end
326
354
  end
327
355
  end
328
356
 
@@ -371,20 +399,42 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
371
399
  end
372
400
 
373
401
  describe 'Non-existing user' do
374
- before do
375
- post :create,
376
- params: { email: -> { Faker::Internet.email },
377
- password: -> { Faker::Number.number(10) } }
378
- @resource = assigns(:resource)
379
- @data = JSON.parse(response.body)
380
- end
402
+ describe 'Without paranoid mode' do
403
+ before do
404
+ post :create,
405
+ params: { email: -> { Faker::Internet.email },
406
+ password: -> { Faker::Number.number(10) } }
407
+ @resource = assigns(:resource)
408
+ @data = JSON.parse(response.body)
409
+ end
381
410
 
382
- test 'request should fail' do
383
- assert_equal 401, response.status
411
+ test 'request should fail' do
412
+ assert_equal 401, response.status
413
+ end
414
+
415
+ test 'response should contain errors' do
416
+ assert @data['errors']
417
+ end
384
418
  end
385
419
 
386
- test 'response should contain errors' do
387
- assert @data['errors']
420
+ describe 'With paranoid mode' do
421
+ before do
422
+ mock_hash = '$2a$04$MUWADkfA6MHXDdWHoep6QOvX1o0Y56pNqt3NMWQ9zCRwKSp1HZJba'
423
+ @bcrypt_mock = MiniTest::Mock.new
424
+ @bcrypt_mock.expect(:call, mock_hash, [Object, String])
425
+
426
+ swap Devise, paranoid: true do
427
+ BCrypt::Engine.stub :hash_secret, @bcrypt_mock do
428
+ post :create,
429
+ params: { email: -> { Faker::Internet.email },
430
+ password: -> { Faker::Number.number(10) } }
431
+ end
432
+ end
433
+ end
434
+
435
+ test 'password should be hashed' do
436
+ @bcrypt_mock.verify
437
+ end
388
438
  end
389
439
  end
390
440
 
@@ -468,21 +518,44 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
468
518
  end
469
519
 
470
520
  describe 'locked user' do
471
- before do
472
- @locked_user = create(:lockable_user, :locked)
473
- post :create,
474
- params: { email: @locked_user.email,
475
- password: @locked_user.password }
476
- @data = JSON.parse(response.body)
477
- end
521
+ describe 'Without paranoid mode' do
522
+ before do
523
+ @locked_user = create(:lockable_user, :locked)
524
+ post :create,
525
+ params: { email: @locked_user.email,
526
+ password: @locked_user.password }
527
+ @data = JSON.parse(response.body)
528
+ end
478
529
 
479
- test 'request should fail' do
480
- assert_equal 401, response.status
530
+ test 'request should fail' do
531
+ assert_equal 401, response.status
532
+ end
533
+
534
+ test 'response should contain errors' do
535
+ assert @data['errors']
536
+ assert_equal @data['errors'], [I18n.t('devise.mailer.unlock_instructions.account_lock_msg')]
537
+ end
481
538
  end
482
539
 
483
- test 'response should contain errors' do
484
- assert @data['errors']
485
- assert_equal @data['errors'], [I18n.t('devise.mailer.unlock_instructions.account_lock_msg')]
540
+ describe 'With paranoid mode' do
541
+ before do
542
+ @locked_user = create(:lockable_user, :locked)
543
+ swap Devise, paranoid: true do
544
+ post :create,
545
+ params: { email: @locked_user.email,
546
+ password: @locked_user.password }
547
+ end
548
+ @data = JSON.parse(response.body)
549
+ end
550
+
551
+ test 'request should fail' do
552
+ assert_equal 401, response.status
553
+ end
554
+
555
+ test 'response should contain errors that do not leak the existence of the account' do
556
+ assert @data['errors']
557
+ assert_equal @data['errors'], [I18n.t('devise_token_auth.sessions.bad_credentials')]
558
+ end
486
559
  end
487
560
  end
488
561
 
@@ -25,7 +25,7 @@ class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTe
25
25
 
26
26
  @favorite_color = 'gray'
27
27
 
28
- get '/evil_user_auth/facebook',
28
+ post '/evil_user_auth/facebook',
29
29
  params: {
30
30
  auth_origin_url: Faker::Internet.url,
31
31
  favorite_color: @favorite_color,
@@ -8,11 +8,7 @@ class ApplicationController < ActionController::Base
8
8
  protected
9
9
 
10
10
  def configure_permitted_parameters
11
- permitted_parameters = devise_parameter_sanitizer.instance_values['permitted']
12
- permitted_parameters[:sign_up] << :operating_thetan
13
- permitted_parameters[:sign_up] << :favorite_color
14
- permitted_parameters[:account_update] << :operating_thetan
15
- permitted_parameters[:account_update] << :favorite_color
16
- permitted_parameters[:account_update] << :current_password
11
+ devise_parameter_sanitizer.permit(:sign_up, keys: [:operating_thetan, :favorite_color])
12
+ devise_parameter_sanitizer.permit(:account_update, keys: [:operating_thetan, :favorite_color, :current_password])
17
13
  end
18
14
  end
@@ -19,7 +19,8 @@ module Overrides
19
19
  redirect_header_options)
20
20
 
21
21
  redirect_to(@resource.build_auth_url(params[:redirect_url],
22
- redirect_headers))
22
+ redirect_headers),
23
+ redirect_options)
23
24
  else
24
25
  raise ActionController::RoutingError, 'Not Found'
25
26
  end
@@ -26,7 +26,8 @@ module Overrides
26
26
  token.client,
27
27
  redirect_header_options)
28
28
  redirect_to(@resource.build_auth_url(params[:redirect_url],
29
- redirect_headers))
29
+ redirect_headers),
30
+ redirect_options)
30
31
  else
31
32
  raise ActionController::RoutingError, 'Not Found'
32
33
  end
@@ -15,14 +15,18 @@ Rails.application.configure do
15
15
  config.eager_load = false
16
16
 
17
17
  # Configure static asset server for tests with Cache-Control for performance.
18
- Rails::VERSION::MAJOR == 5 ?
18
+ Rails::VERSION::MAJOR >= 5 ?
19
19
  (config.public_file_server.enabled = true) :
20
20
  (config.serve_static_files = true)
21
21
 
22
- Rails::VERSION::MAJOR == 5 ?
22
+ Rails::VERSION::MAJOR >= 5 ?
23
23
  (config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }) :
24
24
  (config.static_cache_control = 'public, max-age=3600')
25
25
 
26
+ if Rails::VERSION::MAJOR > 6 && ENV['DEVISE_TOKEN_AUTH_ORM'] != 'mongoid'
27
+ config.active_record.legacy_connection_handling = false
28
+ end
29
+
26
30
  # Show full error reports and disable caching.
27
31
  config.consider_all_requests_local = true
28
32
  config.action_controller.perform_caching = false
@@ -1,11 +1,9 @@
1
- class User < ApplicationRecord
2
- # Include default devise modules.
3
- devise :database_authenticatable, :registerable,
4
- :recoverable, :rememberable, :trackable, :validatable,
5
- :confirmable, :omniauthable
6
- include DeviseTokenAuth::Concerns::User
1
+ # frozen_string_literal: true
7
2
 
8
- def whatever
9
- puts 'whatever'
10
- end
11
- end
3
+ class User < ActiveRecord::Base
4
+ # Include default devise modules. Others available are:
5
+ # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
6
+ devise :database_authenticatable, :registerable,
7
+ :recoverable, :rememberable, :validatable
8
+ include DeviseTokenAuth::Concerns::User
9
+ end
@@ -42,11 +42,17 @@ DeviseTokenAuth.setup do |config|
42
42
  # config.default_callbacks = true
43
43
 
44
44
  # Makes it possible to change the headers names
45
- # config.headers_names = {:'access-token' => 'access-token',
46
- # :'client' => 'client',
47
- # :'expiry' => 'expiry',
48
- # :'uid' => 'uid',
49
- # :'token-type' => 'token-type' }
45
+ # config.headers_names = {
46
+ # :'authorization' => 'Authorization',
47
+ # :'access-token' => 'access-token',
48
+ # :'client' => 'client',
49
+ # :'expiry' => 'expiry',
50
+ # :'uid' => 'uid',
51
+ # :'token-type' => 'token-type'
52
+ # }
53
+
54
+ # Makes it possible to use custom uid column
55
+ # config.other_uid = "foo"
50
56
 
51
57
  # By default, only Bearer Token authentication is implemented out of the box.
52
58
  # If, however, you wish to integrate with legacy Devise authentication, you can
@@ -1,7 +1,7 @@
1
- class DeviseTokenAuthCreateUsers < ActiveRecord::Migration[5.2]
1
+ class DeviseTokenAuthCreateUsers < ActiveRecord::Migration[7.0]
2
2
  def change
3
3
 
4
- create_table(:users) do |t|
4
+ create_table(:users, id: :uuid) do |t|
5
5
  ## Required
6
6
  t.string :provider, :null => false, :default => "email"
7
7
  t.string :uid, :null => false, :default => ""
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_token_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.1
4
+ version: 1.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Lynn Hurley
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-09-10 00:00:00.000000000 Z
11
+ date: 2023-06-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -146,14 +146,14 @@ dependencies:
146
146
  requirements:
147
147
  - - "~>"
148
148
  - !ruby/object:Gem::Version
149
- version: '1.0'
149
+ version: '2.0'
150
150
  type: :development
151
151
  prerelease: false
152
152
  version_requirements: !ruby/object:Gem::Requirement
153
153
  requirements:
154
154
  - - "~>"
155
155
  - !ruby/object:Gem::Version
156
- version: '1.0'
156
+ version: '2.0'
157
157
  description: For use with client side single page apps such as the venerable https://github.com/lynndylanhurley/ng-token-auth.
158
158
  email:
159
159
  - lynn.dylan.hurley@gmail.com
@@ -321,7 +321,7 @@ files:
321
321
  - test/dummy/lib/migration_database_helper.rb
322
322
  - test/dummy/tmp/generators/app/models/user.rb
323
323
  - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
324
- - test/dummy/tmp/generators/db/migrate/20220822003050_devise_token_auth_create_users.rb
324
+ - test/dummy/tmp/generators/db/migrate/20230415183419_devise_token_auth_create_users.rb
325
325
  - test/factories/users.rb
326
326
  - test/lib/devise_token_auth/blacklist_test.rb
327
327
  - test/lib/devise_token_auth/rails/custom_routes_test.rb
@@ -338,11 +338,11 @@ files:
338
338
  - test/models/user_test.rb
339
339
  - test/support/controllers/routes.rb
340
340
  - test/test_helper.rb
341
- homepage: http://github.com/lynndylanhurley/devise_token_auth
341
+ homepage: https://github.com/lynndylanhurley/devise_token_auth
342
342
  licenses:
343
343
  - WTFPL
344
344
  metadata: {}
345
- post_install_message:
345
+ post_install_message:
346
346
  rdoc_options: []
347
347
  require_paths:
348
348
  - lib
@@ -357,119 +357,119 @@ required_rubygems_version: !ruby/object:Gem::Requirement
357
357
  - !ruby/object:Gem::Version
358
358
  version: '0'
359
359
  requirements: []
360
- rubygems_version: 3.1.6
361
- signing_key:
360
+ rubygems_version: 3.3.7
361
+ signing_key:
362
362
  specification_version: 4
363
363
  summary: Token based authentication for rails. Uses Devise + OmniAuth.
364
364
  test_files:
365
- - test/dummy/app/mongoid/only_email_user.rb
366
- - test/dummy/app/mongoid/scoped_user.rb
367
- - test/dummy/app/mongoid/confirmable_user.rb
368
- - test/dummy/app/mongoid/mang.rb
369
- - test/dummy/app/mongoid/unregisterable_user.rb
370
- - test/dummy/app/mongoid/lockable_user.rb
371
- - test/dummy/app/mongoid/unconfirmable_user.rb
372
- - test/dummy/app/mongoid/user.rb
373
- - test/dummy/app/models/concerns/favorite_color.rb
374
- - test/dummy/app/active_record/only_email_user.rb
375
- - test/dummy/app/active_record/scoped_user.rb
365
+ - test/controllers/custom/custom_confirmations_controller_test.rb
366
+ - test/controllers/custom/custom_omniauth_callbacks_controller_test.rb
367
+ - test/controllers/custom/custom_passwords_controller_test.rb
368
+ - test/controllers/custom/custom_registrations_controller_test.rb
369
+ - test/controllers/custom/custom_sessions_controller_test.rb
370
+ - test/controllers/custom/custom_token_validations_controller_test.rb
371
+ - test/controllers/demo_group_controller_test.rb
372
+ - test/controllers/demo_mang_controller_test.rb
373
+ - test/controllers/demo_user_controller_test.rb
374
+ - test/controllers/devise_token_auth/confirmations_controller_test.rb
375
+ - test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb
376
+ - test/controllers/devise_token_auth/passwords_controller_test.rb
377
+ - test/controllers/devise_token_auth/registrations_controller_test.rb
378
+ - test/controllers/devise_token_auth/sessions_controller_test.rb
379
+ - test/controllers/devise_token_auth/token_validations_controller_test.rb
380
+ - test/controllers/devise_token_auth/unlocks_controller_test.rb
381
+ - test/controllers/overrides/confirmations_controller_test.rb
382
+ - test/controllers/overrides/omniauth_callbacks_controller_test.rb
383
+ - test/controllers/overrides/passwords_controller_test.rb
384
+ - test/controllers/overrides/registrations_controller_test.rb
385
+ - test/controllers/overrides/sessions_controller_test.rb
386
+ - test/controllers/overrides/token_validations_controller_test.rb
387
+ - test/dummy/README.rdoc
376
388
  - test/dummy/app/active_record/confirmable_user.rb
377
- - test/dummy/app/active_record/mang.rb
378
- - test/dummy/app/active_record/unregisterable_user.rb
379
389
  - test/dummy/app/active_record/lockable_user.rb
390
+ - test/dummy/app/active_record/mang.rb
391
+ - test/dummy/app/active_record/only_email_user.rb
392
+ - test/dummy/app/active_record/scoped_user.rb
380
393
  - test/dummy/app/active_record/unconfirmable_user.rb
394
+ - test/dummy/app/active_record/unregisterable_user.rb
381
395
  - test/dummy/app/active_record/user.rb
382
- - test/dummy/app/controllers/overrides/token_validations_controller.rb
383
- - test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb
384
- - test/dummy/app/controllers/overrides/passwords_controller.rb
385
- - test/dummy/app/controllers/overrides/sessions_controller.rb
386
- - test/dummy/app/controllers/overrides/confirmations_controller.rb
387
- - test/dummy/app/controllers/overrides/registrations_controller.rb
388
396
  - test/dummy/app/controllers/application_controller.rb
389
- - test/dummy/app/controllers/demo_user_controller.rb
390
397
  - test/dummy/app/controllers/auth_origin_controller.rb
391
- - test/dummy/app/controllers/demo_mang_controller.rb
392
- - test/dummy/app/controllers/demo_group_controller.rb
393
- - test/dummy/app/controllers/custom/token_validations_controller.rb
398
+ - test/dummy/app/controllers/custom/confirmations_controller.rb
394
399
  - test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb
395
400
  - test/dummy/app/controllers/custom/passwords_controller.rb
396
- - test/dummy/app/controllers/custom/sessions_controller.rb
397
- - test/dummy/app/controllers/custom/confirmations_controller.rb
398
401
  - test/dummy/app/controllers/custom/registrations_controller.rb
399
- - test/dummy/app/views/layouts/application.html.erb
402
+ - test/dummy/app/controllers/custom/sessions_controller.rb
403
+ - test/dummy/app/controllers/custom/token_validations_controller.rb
404
+ - test/dummy/app/controllers/demo_group_controller.rb
405
+ - test/dummy/app/controllers/demo_mang_controller.rb
406
+ - test/dummy/app/controllers/demo_user_controller.rb
407
+ - test/dummy/app/controllers/overrides/confirmations_controller.rb
408
+ - test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb
409
+ - test/dummy/app/controllers/overrides/passwords_controller.rb
410
+ - test/dummy/app/controllers/overrides/registrations_controller.rb
411
+ - test/dummy/app/controllers/overrides/sessions_controller.rb
412
+ - test/dummy/app/controllers/overrides/token_validations_controller.rb
400
413
  - test/dummy/app/helpers/application_helper.rb
401
- - test/dummy/config/routes.rb
402
- - test/dummy/config/environments/production.rb
403
- - test/dummy/config/environments/development.rb
404
- - test/dummy/config/environments/test.rb
405
- - test/dummy/config/spring.rb
406
- - test/dummy/config/environment.rb
414
+ - test/dummy/app/models/concerns/favorite_color.rb
415
+ - test/dummy/app/mongoid/confirmable_user.rb
416
+ - test/dummy/app/mongoid/lockable_user.rb
417
+ - test/dummy/app/mongoid/mang.rb
418
+ - test/dummy/app/mongoid/only_email_user.rb
419
+ - test/dummy/app/mongoid/scoped_user.rb
420
+ - test/dummy/app/mongoid/unconfirmable_user.rb
421
+ - test/dummy/app/mongoid/unregisterable_user.rb
422
+ - test/dummy/app/mongoid/user.rb
423
+ - test/dummy/app/views/layouts/application.html.erb
407
424
  - test/dummy/config/application.rb
408
- - test/dummy/config/boot.rb
409
425
  - test/dummy/config/application.yml.bk
426
+ - test/dummy/config/boot.rb
427
+ - test/dummy/config/environment.rb
428
+ - test/dummy/config/environments/development.rb
429
+ - test/dummy/config/environments/production.rb
430
+ - test/dummy/config/environments/test.rb
410
431
  - test/dummy/config/initializers/backtrace_silencers.rb
432
+ - test/dummy/config/initializers/cookies_serializer.rb
433
+ - test/dummy/config/initializers/devise.rb
411
434
  - test/dummy/config/initializers/devise_token_auth.rb
412
- - test/dummy/config/initializers/mime_types.rb
435
+ - test/dummy/config/initializers/figaro.rb
413
436
  - test/dummy/config/initializers/filter_parameter_logging.rb
437
+ - test/dummy/config/initializers/inflections.rb
438
+ - test/dummy/config/initializers/mime_types.rb
439
+ - test/dummy/config/initializers/omniauth.rb
414
440
  - test/dummy/config/initializers/session_store.rb
415
441
  - test/dummy/config/initializers/wrap_parameters.rb
416
- - test/dummy/config/initializers/cookies_serializer.rb
417
- - test/dummy/config/initializers/devise.rb
418
- - test/dummy/config/initializers/omniauth.rb
419
- - test/dummy/config/initializers/inflections.rb
420
- - test/dummy/config/initializers/figaro.rb
442
+ - test/dummy/config/routes.rb
443
+ - test/dummy/config/spring.rb
421
444
  - test/dummy/config.ru
422
- - test/dummy/lib/migration_database_helper.rb
423
- - test/dummy/db/schema.rb
424
- - test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb
445
+ - test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb
446
+ - test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb
425
447
  - test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb
426
448
  - test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb
427
- - test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb
428
449
  - test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb
429
- - test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb
450
+ - test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb
451
+ - test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb
430
452
  - test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb
431
- - test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb
432
- - test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb
453
+ - test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb
433
454
  - test/dummy/db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb
455
+ - test/dummy/db/schema.rb
456
+ - test/dummy/lib/migration_database_helper.rb
434
457
  - test/dummy/tmp/generators/app/models/user.rb
435
458
  - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
436
- - test/dummy/tmp/generators/db/migrate/20220822003050_devise_token_auth_create_users.rb
437
- - test/dummy/README.rdoc
438
- - test/models/only_email_user_test.rb
439
- - test/models/confirmable_user_test.rb
440
- - test/models/concerns/mongoid_support_test.rb
441
- - test/models/concerns/tokens_serialization_test.rb
442
- - test/models/user_test.rb
443
- - test/support/controllers/routes.rb
459
+ - test/dummy/tmp/generators/db/migrate/20230415183419_devise_token_auth_create_users.rb
444
460
  - test/factories/users.rb
445
- - test/lib/devise_token_auth/url_test.rb
446
461
  - test/lib/devise_token_auth/blacklist_test.rb
447
- - test/lib/devise_token_auth/token_factory_test.rb
448
462
  - test/lib/devise_token_auth/rails/custom_routes_test.rb
449
463
  - test/lib/devise_token_auth/rails/routes_test.rb
464
+ - test/lib/devise_token_auth/token_factory_test.rb
465
+ - test/lib/devise_token_auth/url_test.rb
450
466
  - test/lib/generators/devise_token_auth/install_generator_test.rb
451
- - test/lib/generators/devise_token_auth/install_views_generator_test.rb
452
467
  - test/lib/generators/devise_token_auth/install_generator_with_namespace_test.rb
468
+ - test/lib/generators/devise_token_auth/install_views_generator_test.rb
469
+ - test/models/concerns/mongoid_support_test.rb
470
+ - test/models/concerns/tokens_serialization_test.rb
471
+ - test/models/confirmable_user_test.rb
472
+ - test/models/only_email_user_test.rb
473
+ - test/models/user_test.rb
474
+ - test/support/controllers/routes.rb
453
475
  - test/test_helper.rb
454
- - test/controllers/overrides/token_validations_controller_test.rb
455
- - test/controllers/overrides/confirmations_controller_test.rb
456
- - test/controllers/overrides/registrations_controller_test.rb
457
- - test/controllers/overrides/omniauth_callbacks_controller_test.rb
458
- - test/controllers/overrides/sessions_controller_test.rb
459
- - test/controllers/overrides/passwords_controller_test.rb
460
- - test/controllers/demo_mang_controller_test.rb
461
- - test/controllers/devise_token_auth/token_validations_controller_test.rb
462
- - test/controllers/devise_token_auth/confirmations_controller_test.rb
463
- - test/controllers/devise_token_auth/unlocks_controller_test.rb
464
- - test/controllers/devise_token_auth/registrations_controller_test.rb
465
- - test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb
466
- - test/controllers/devise_token_auth/sessions_controller_test.rb
467
- - test/controllers/devise_token_auth/passwords_controller_test.rb
468
- - test/controllers/demo_user_controller_test.rb
469
- - test/controllers/custom/custom_omniauth_callbacks_controller_test.rb
470
- - test/controllers/custom/custom_sessions_controller_test.rb
471
- - test/controllers/custom/custom_confirmations_controller_test.rb
472
- - test/controllers/custom/custom_token_validations_controller_test.rb
473
- - test/controllers/custom/custom_registrations_controller_test.rb
474
- - test/controllers/custom/custom_passwords_controller_test.rb
475
- - test/controllers/demo_group_controller_test.rb