devise_token_auth 0.1.37.beta1 → 0.1.37.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d25ee0a65f522b743b8e5b7a3ae0c2da989e6a91
-  data.tar.gz: 3f7550db2e481f2061b78239412ecd5f06b09b9a
+  metadata.gz: 828689f466c5670121ec9ec6d35ae3dea553ca7a
+  data.tar.gz: cee530a6eaeb934c6455481108a2af6e47626087
 SHA512:
-  metadata.gz: a90613e650e7c54c40109ad46809d1487f80eb74e75f2be01db0e96470dc2bdec5a682a0a8d6f4b62fcefacf11b839e1f4053d5547a077373eca00101f2952cc
-  data.tar.gz: b9c26b21a28271fd9646672e61cbae61d2bb8bdda78f21f1c90569c748ec0db1768f827dc983f8fe8cea1035d62c0fe977c758e2ee6046fb4923d08773ccf3b8
+  metadata.gz: 8fd45280e414f23a0c360dfced38fe6f6c5bc0ddbf6b9dc5c74f8935c5d78a321fad9263d147206f2dbe65089f84b964e4a31c4e6de2e1161267cd912f198835
+  data.tar.gz: f7ca9de3d57dbb5667522e00d45d6c628d511571076d4bddf4075b2ee5fc718867a858ca8efe9fe139fedd8b19e4215df01b860fd985875ee9eda642fb27c075

data/README.md

@@ -135,16 +135,16 @@ The following routes are available for use by your client. These routes live rel
 
 | path | method | purpose |
 |:-----|:-------|:--------|
-| /    | POST   | Email registration. Accepts **`email`**, **`password`**, and **`password_confirmation`** params. A verification email will be sent to the email address provided. Accepted params can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. |
+| /    | POST   | Email registration. Requires **`email`**, **`password`**, and **`password_confirmation`** params. A verification email will be sent to the email address provided. Accepted params can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. |
 | / | DELETE | Account deletion. This route will destroy users identified by their **`uid`** and **`auth_token`** headers. |
 | / | PUT | Account updates. This route will update an existing user's account settings. The default accepted params are **`password`** and **`password_confirmation`**, but this can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. If **`config.check_current_password_before_update`** is set to `:attributes` the **`current_password`** param is checked before any update, if it is set to `:password` the **`current_password`** param is checked only if the request updates user password. |
-| /sign_in | POST | Email authentication. Accepts **`email`** and **`password`** as params. This route will return a JSON representation of the `User` model on successful login. |
+| /sign_in | POST | Email authentication. Requires **`email`** and **`password`** as params. This route will return a JSON representation of the `User` model on successful login along with the `access-token` and `client` in the header of the response. |
 | /sign_out | DELETE | Use this route to end the user's current session. This route will invalidate the user's authentication token. |
 | /:provider | GET | Set this route as the destination for client authentication. Ideally this will happen in an external window or popup. [Read more](#omniauth-authentication). |
 | /:provider/callback | GET/POST | Destination for the oauth2 provider's callback uri. `postMessage` events containing the authenticated user's data will be sent back to the main client window from this page. [Read more](#omniauth-authentication). |
-| /validate_token | GET | Use this route to validate tokens on return visits to the client. Accepts **`uid`** and **`access-token`** as params. These values should correspond to the columns in your `User` table of the same names. |
+| /validate_token | GET | Use this route to validate tokens on return visits to the client. Requires **`uid`**, **`client`**, and **`access-token`** as params. These values should correspond to the columns in your `User` table of the same names. |
 | /password | POST | Use this route to send a password reset confirmation email to users that registered by email. Accepts **`email`** and **`redirect_url`** as params. The user matching the `email` param will be sent instructions on how to reset their password. `redirect_url` is the url to which the user will be redirected after visiting the link contained in the email. |
-| /password | PUT | Use this route to change users' passwords. Accepts **`password`** and **`password_confirmation`** as params. This route is only valid for users that registered by email (OAuth2 users will receive an error). It also checks **`current_password`** if **`config.check_current_password_before_update`** is not set `false` (disabled by default). |
+| /password | PUT | Use this route to change users' passwords. Requires **`password`** and **`password_confirmation`** as params. This route is only valid for users that registered by email (OAuth2 users will receive an error). It also checks **`current_password`** if **`config.check_current_password_before_update`** is not set `false` (disabled by default). |
 | /password/edit | GET | Verify user by password reset token. This route is the destination URL for password reset confirmation. This route must contain **`reset_password_token`** and **`redirect_url`** params. These values will be set automatically by the confirmation email that is generated by the password reset request. |
 
 [Jump here](#usage-cont) for more usage information.

data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb

@@ -125,6 +125,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
 
 
   def is_batch_request?(user, client_id)
+    not params[:unbatch] and
     user.tokens[client_id] and
     user.tokens[client_id]['updated_at'] and
     Time.parse(user.tokens[client_id]['updated_at']) > @request_started_at - DeviseTokenAuth.batch_request_buffer_throttle

data/app/controllers/devise_token_auth/passwords_controller.rb

@@ -103,7 +103,7 @@ module DeviseTokenAuth
           config:         params[:config]
         }))
       else
-        render_edit_error
+        raise ActionController::RoutingError.new('Not Found')
       end
     end
 
@@ -179,12 +179,6 @@ module DeviseTokenAuth
       }, status: @error_status
     end
 
-    def render_edit_error
-      render json: {
-        success: false
-      }, status: 404
-    end
-
     def render_update_error_unauthorized
       render json: {
         success: false,

data/app/models/devise_token_auth/concerns/user.rb

@@ -233,7 +233,7 @@ module DeviseTokenAuth::Concerns::User
   # only validate unique email among users that registered by email
   def unique_email_user
     if provider == 'email' and self.class.where(provider: 'email', email: email).count > 0
-      errors.add(:email, :already_in_use, default: "address is already in use")
+      errors.add(:email, :already_in_use)
     end
   end
 

data/config/locales/en.yml

@@ -27,4 +27,6 @@ en:
   errors:
     validate_sign_up_params: "Please submit proper sign up data in request body."
     validate_account_update_params: "Please submit proper account update data in request body."
-    not_email: "is not an email"
+    not_email: "is not an email"
+    message:
+      already_in_use: already in use

data/config/locales/es.yml

@@ -27,4 +27,6 @@ es:
   errors:
     validate_sign_up_params: "Los datos introducidos en la solicitud de acceso no son válidos."
     validate_account_update_params: "Los datos introducidos en la solicitud de actualización no son válidos."
-    not_email: "no es un correo electrónico"
+    not_email: "no es un correo electrónico"
+    messages:
+      already_in_use: ya ha sido ocupado

data/lib/devise_token_auth/version.rb

@@ -1,3 +1,3 @@
 module DeviseTokenAuth
-  VERSION = "0.1.37.beta1"
+  VERSION = "0.1.37.beta2"
 end

data/test/controllers/demo_user_controller_test.rb

@@ -201,6 +201,31 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           end
         end
 
+        describe 'unbatch' do
+          before do
+            @resource.reload
+            age_token(@resource, @client_id)
+
+            get '/demo/members_only', {}, @auth_headers
+
+            @first_is_batch_request = assigns(:is_batch_request)
+            @first_user = assigns(:resource).dup
+            @first_access_token = response.headers['access-token']
+            @first_response_status = response.status
+
+            get '/demo/members_only?unbatch=true', {}, @auth_headers
+
+            @second_is_batch_request = assigns(:is_batch_request)
+            @second_user = assigns(:resource)
+            @second_access_token = response.headers['access-token']
+            @second_response_status = response.status
+          end
+
+          it 'should NOT treat the second request as a batch request when "unbatch" param is set' do
+            refute @second_is_batch_request
+          end
+        end
+
         describe 'time out' do
           before do
             @resource.reload

data/test/controllers/devise_token_auth/passwords_controller_test.rb

@@ -123,13 +123,13 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
           end
 
           describe 'password reset link failure' do
-            test 'respone should return 404' do
-              xhr :get, :edit, {
-                  reset_password_token: 'bogus',
+            test 'response should return 404' do
+              assert_raises(ActionController::RoutingError) {
+                xhr :get, :edit, {
+                  reset_password_token: "bogus",
                   redirect_url: @mail_redirect_url
+                }
               }
-
-              assert_equal 404, response.status
             end
           end
 

data/test/dummy/tmp/generators/app/models/user.rb

@@ -4,4 +4,8 @@ class User < ActiveRecord::Base
           :recoverable, :rememberable, :trackable, :validatable,
           :confirmable, :omniauthable
   include DeviseTokenAuth::Concerns::User
+
+  def whatever
+    puts 'whatever'
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise_token_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.37.beta1
+  version: 0.1.37.beta2
 platform: ruby
 authors:
 - Lynn Hurley
@@ -207,10 +207,9 @@ files:
 - test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb
 - test/dummy/db/schema.rb
 - test/dummy/lib/migration_database_helper.rb
-- test/dummy/tmp/generators/app/controllers/application_controller.rb
 - test/dummy/tmp/generators/app/models/user.rb
 - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
-- test/dummy/tmp/generators/db/migrate/20151025010329_devise_token_auth_create_users.rb
+- test/dummy/tmp/generators/db/migrate/20151025020205_devise_token_auth_create_users.rb
 - test/integration/navigation_test.rb
 - test/lib/devise_token_auth/url_test.rb
 - test/lib/generators/devise_token_auth/install_generator_test.rb
@@ -324,10 +323,9 @@ test_files:
 - test/dummy/db/schema.rb
 - test/dummy/lib/migration_database_helper.rb
 - test/dummy/README.rdoc
-- test/dummy/tmp/generators/app/controllers/application_controller.rb
 - test/dummy/tmp/generators/app/models/user.rb
 - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
-- test/dummy/tmp/generators/db/migrate/20151025010329_devise_token_auth_create_users.rb
+- test/dummy/tmp/generators/db/migrate/20151025020205_devise_token_auth_create_users.rb
 - test/integration/navigation_test.rb
 - test/lib/devise_token_auth/url_test.rb
 - test/lib/generators/devise_token_auth/install_generator_test.rb

data/test/dummy/tmp/generators/app/controllers/application_controller.rb

@@ -1,6 +0,0 @@
-class ApplicationController < ActionController::Base
-  include DeviseTokenAuth::Concerns::SetUserByToken
-  def whatever
-    'whatever'
-  end
-end