devise_token_auth 0.1.37.beta3 → 0.1.37.beta4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ffa6f5208f809271811e8f10ad47f507a6be3ac3
-  data.tar.gz: 43213799e05d5e563942857af0c3cbfa2f615c9d
+  metadata.gz: 0c1401be1479787b9115c2aa8fd04adab21776de
+  data.tar.gz: 4bf54ad1a795451ae573144a78ba1b414437b223
 SHA512:
-  metadata.gz: 51e5c2023671a2de2a8c02c516e0520e1f6f3024c49db891855c6fd76df4cf0525baa560229d7e23ead186457a1ebc5d02dd9ab223312ce7e5b7017f1ec5bb63
-  data.tar.gz: 0dd625a07cf22e41c990a1c1bbb7b00ef9572ead21eb7ac7067acb1c90de3e0c376e2a44ee6db74996c64bb706fe159df41074ee4a97763794c813b463928e91
+  metadata.gz: 701cb424a22649841c9c3ece6a60417a1b31869c0b10fab9e38a6861090707cd379aa9cfe4b0d3f85308026ec247445df3347f49f19858a9a78ba48b7752522e
+  data.tar.gz: a94ca49f3d48a15c8af51e4ef502c428059c510088e32f63d3f29a0a4488a4ebab635c0cc8201470044a3bd4089d229b614c6f9ed5bcb3270e0e95fd90c7d101

data/README.md

@@ -164,6 +164,8 @@ The following settings are available for configuration in `config/initializers/d
 | **`default_confirm_success_url`** | `nil` | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful email confirmation. If this param is set, the API will redirect to this value when no value is provided by the cilent. |
 | **`default_password_reset_url`** | `nil` | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful password resets. If this param is set, the API will redirect to this value when no value is provided by the cilent. |
 | **`redirect_whitelist`** | `nil` | As an added security measure, you can limit the URLs to which the API will redirect after email token validation (password reset, email confirmation, etc.). This value should be an array containing exact matches to the client URLs to be visited after validation. |
+| **`enable_standard_devise_support`** | `false` | By default, only Bearer Token authentication is implemented out of the box. If, however, you wish to integrate with legacy Devise authentication, you can do so by enabling this flag. NOTE: This feature is highly experimental! |
+
 
 Additionally, you can configure other aspects of devise by manually creating the traditional devise.rb file at `config/initializers/devise.rb`. Here are some examples of what you can do in this file:
 
@@ -773,8 +775,16 @@ When posting issues, please include the following information to speed up the tr
 
 ### Can I use this gem alongside standard Devise?
 
-Yes! But you will need to use separate routes for standard Devise. So do something like this:
+Yes! But you will need to enable the support use separate routes for standard Devise. So do something like this:
+
+#### config/initializers/devise_token_auth.rb
+~~~ruby
+DeviseTokenAuth.setup do |config|
+  # enable_standard_devise_support = false
+end
+~~~
 
+#### config/routes.rb
 ~~~ruby
 Rails.application.routes.draw do
 

data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb

@@ -31,12 +31,14 @@ module DeviseTokenAuth::Concerns::SetUserByToken
     # client_id isn't required, set to 'default' if absent
     @client_id ||= 'default'
 
-    # check for an existing user, authenticated via warden/devise
-    devise_warden_user = warden.user(rc.to_s.underscore.to_sym)
-    if devise_warden_user && devise_warden_user.tokens[@client_id].nil?
-      @used_auth_by_token = false
-      @resource = devise_warden_user
-      @resource.create_new_auth_token
+    # check for an existing user, authenticated via warden/devise, if enabled
+    if DeviseTokenAuth.enable_standard_devise_support
+      devise_warden_user = warden.user(rc.to_s.underscore.to_sym)
+      if devise_warden_user && devise_warden_user.tokens[@client_id].nil?
+        @used_auth_by_token = false
+        @resource = devise_warden_user
+        @resource.create_new_auth_token
+      end
     end
 
     # user has already been found and authenticated
@@ -54,7 +56,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
     user = uid && rc.find_by_uid(uid)
 
     if user && user.valid_token?(@token, @client_id)
-      sign_in(:user, user, store: false, bypass: false)
+      sign_in(:user, user, store: false, bypass: true)
       return @resource = user
     else
       # zero all values previously set values

data/app/controllers/devise_token_auth/passwords_controller.rb

@@ -103,7 +103,7 @@ module DeviseTokenAuth
           config:         params[:config]
         }))
       else
-        raise ActionController::RoutingError.new('Not Found')
+        render_edit_error
       end
     end
 
@@ -179,6 +179,10 @@ module DeviseTokenAuth
       }, status: @error_status
     end
 
+    def render_edit_error
+      raise ActionController::RoutingError.new('Not Found')
+    end
+
     def render_update_error_unauthorized
       render json: {
         success: false,

data/app/models/devise_token_auth/concerns/user.rb

@@ -178,6 +178,12 @@ module DeviseTokenAuth::Concerns::User
       last_token: last_token,
       updated_at: Time.now
     }
+	
+    max_clients = DeviseTokenAuth.max_number_of_devices
+    while self.tokens.keys.length > 0 and max_clients < self.tokens.keys.length
+      oldest_token = self.tokens.min_by { |cid, v| v[:expiry] || v["expiry"] }
+      self.tokens.delete(oldest_token.first)
+    end	
 
     self.save!
 

data/app/validators/email_validator.rb

@@ -1,7 +1,21 @@
 class EmailValidator < ActiveModel::EachValidator
   def validate_each(record, attribute, value)
     unless value =~ /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
-      record.errors[attribute] << (options[:message] || I18n.t("errors.not_email"))
+      record.errors[attribute] << email_invalid_message
     end
   end
-end
+  
+  private
+  
+  def email_invalid_message
+    # Try strictly set message:
+    message = options[:message]
+    
+    if message.nil?
+      # Try DeviceTokenAuth translations or fallback to ActiveModel translations
+      message = I18n.t(:'errors.not_email', default: :'errors.messages.invalid')
+    end
+    
+    message
+  end  
+end

data/app/views/devise/mailer/confirmation_instructions.html.erb

@@ -1,5 +1,5 @@
-<p>Welcome <%= @email %>!</p>
+<p><%= t(:welcome).capitalize + ' ' + @email %>!</p>
 
-<p>You can confirm your account email through the link below:</p>
+<p><%= t '.confirm_link_msg' %> </p>
 
-<p><%= link_to 'Confirm my account', confirmation_url(@resource, {confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']}).html_safe %></p>
+<p><%= link_to t('.confirm_account_link'), confirmation_url(@resource, {confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']}).html_safe %></p>

data/app/views/devise/mailer/reset_password_instructions.html.erb

@@ -1,8 +1,8 @@
-<p>Hello <%= @resource.email %>!</p>
+<p><%= t(:hello).capitalize %> <%= @resource.email %>!</p>
 
-<p>Someone has requested a link to change your password. You can do this through the link below.</p>
+<p><%= t '.request_reset_link_msg' %></p>
 
-<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s).html_safe %></p>
+<p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s).html_safe %></p>
 
-<p>If you didn't request this, please ignore this email.</p>
-<p>Your password won't change until you access the link above and create a new one.</p>
+<p><%= t '.ignore_mail_msg' %></p>
+<p><%= t '.no_changes_msg' %></p>

data/app/views/devise/mailer/unlock_instructions.html.erb

@@ -1,7 +1,7 @@
-<p>Hello <%= @resource.email %>!</p>
+<p><%= t :hello %> <%= @resource.email %>!</p>
 
-<p>Your account has been locked due to an excessive number of unsuccessful sign in attempts.</p>
+<p><%= t '.account_lock_msg' %></p>
 
-<p>Click the link below to unlock your account:</p>
+<p><%= t '.unlock_link_msg' %></p>
 
-<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token).html_safe %></p>
+<p><%= link_to t('.unlock_link'), unlock_url(@resource, unlock_token: @token) %></p>

data/config/locales/de.yml

@@ -0,0 +1,50 @@
+de:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "Ein E-Mail zu Bestätigung wurde an Ihre Adresse %{email} gesendet. Sie müssen den Anleitungsschritten im E-Mail folgen, um Ihren Account zu aktivieren"
+      bad_credentials: "Ungültige Anmeldeinformationen. Bitte versuchen Sie es erneut."
+      not_supported: "Verwenden Sie POST /sign_in zur Anmeldung. GET wird nicht unterstützt."
+      user_not_found: "Benutzer wurde nicht gefunden oder konnte nicht angemeldet werden."
+    token_validations:
+      invalid: "Ungültige Anmeldeinformationen"
+    registrations:
+      missing_confirm_success_url: "Fehlender Paramter `confirm_success_url`."
+      redirect_url_not_allowed: "Weiterleitung zu %{redirect_url} ist nicht gestattet."
+      email_already_exists: "Es gibt bereits einen Account für %{email}."
+      account_with_uid_destroyed: "Account mit der uid %{uid} wurde gelöscht."
+      account_to_destroy_not_found: "Der Account, der gelöscht werden soll, kann nicht gefunden werden."
+      user_not_found: "Benutzer kann nicht gefunden werden."
+    passwords:
+      missing_email: "Sie müssen eine E-Mail Adresse angeben."
+      missing_redirect_url: "Es fehlt der URL zu Weiterleitung."
+      not_allowed_redirect_url: "Weiterleitung zu %{redirect_url} ist nicht gestattet."
+      sended: "Ein E-Mail mit Anleitung zum Rücksetzen Ihres Passwortes wurde an %{email} gesendet."
+      user_not_found: "Der Benutzer mit E-Mail-Adresse '%{email}' kann nicht gefunden werden."
+      password_not_required: "Dieser Account benötigt kein Passwort. Melden Sie Sich stattdessen über Ihren Account bei %{provider} an."
+      missing_passwords: 'Sie müssen die Felder "Passwort" and "Passwortbestätigung" ausfüllen.'
+      successfully_updated: "Ihr Passwort wurde erfolgreich aktualisiert."
+  errors:
+    validate_sign_up_params: "Bitte übermitteln sie vollständige Anmeldeinformationen im Body des Requests."
+    validate_account_update_params: "Bitte übermitteln sie vollständige Informationen zur Aktualisierung im Body des Requests."
+    not_email: "ist keine E-Mail Adresse"
+    messages:
+      already_in_use: "bereits in Verwendung"
+  devise:
+    mailer:
+      confirmation_instructions:
+        subject: "Bestätigungs-"
+        confirm_link_msg: "Sie können Ihr Konto E-Mail über den untenstehenden Link bestätigen:"
+        confirm_account_link: "Ihr Konto zu bestätigen"
+      reset_password_instructions:
+        subject: "Wiederherstellungskennwort Anweisungen"
+        request_reset_link_msg: "Jemand hat einen Link auf Ihr Kennwort zu ändern angefordert. Sie können dies durch den folgenden Link tun:"
+        password_change_link: "Kennwort ändern"
+        ignore_mail_msg: "Wenn Sie nicht angefordert haben diese , ignorieren Sie bitte diese E-Mail:"
+        no_changes_msg: "Ihr Passwort wird nicht geändert , bis Sie auf den obigen Link zugreifen und eine neue erstellen ."
+      unlock_instructions:
+        subject: "entsperren Anweisungen"
+        account_lock_msg: "Ihr Konto wurde aufgrund einer übermäßigen Anzahl von erfolglosen Zeichen in Versuchen gesperrt."
+        unlock_link_msg: "Klicken Sie auf den Link unten , um Ihr Konto zu entsperren :"
+        unlock_link: "Entsperren Sie Ihr Konto "
+  hello: "hallo"
+  welcome: "willkommen"

data/config/locales/en.yml

@@ -23,10 +23,25 @@ en:
       password_not_required: "This account does not require a password. Sign in using your %{provider} account instead."
       missing_passwords: 'You must fill out the fields labeled "password" and "password confirmation".'
       successfully_updated: "Your password has been successfully updated."
-
   errors:
     validate_sign_up_params: "Please submit proper sign up data in request body."
     validate_account_update_params: "Please submit proper account update data in request body."
     not_email: "is not an email"
-    message:
-      already_in_use: already in use
+    messages:
+      already_in_use: already in use
+  devise:
+    mailer:
+      confirmation_instructions:
+        confirm_link_msg: "You can confirm your account email through the link below:"
+        confirm_account_link: Confirm my account
+      reset_password_instructions:
+        request_reset_link_msg: "Someone has requested a link to change your password. You can do this through the link below."
+        password_change_link: Change my password
+        ignore_mail_msg: "If you didn't request this, please ignore this email."
+        no_changes_msg: "Your password won't change until you access the link above and create a new one."
+      unlock_instructions:
+        account_lock_msg: Your account has been locked due to an excessive number of unsuccessful sign in attempts.
+        unlock_link_msg: "Click the link below to unlock your account:"
+        unlock_link: Unlock my account
+  hello: hello
+  welcome: welcome

data/config/locales/es.yml

@@ -23,10 +23,28 @@ es:
       password_not_required: "Esta cuenta no requiere contraseña. Iniciar sesión utilizando %{provider}."
       missing_passwords: 'Debe llenar los campos "contraseña" y "confirmación de contraseña".'
       successfully_updated: "Su contraseña ha sido actualizada con éxito."
-
   errors:
     validate_sign_up_params: "Los datos introducidos en la solicitud de acceso no son válidos."
     validate_account_update_params: "Los datos introducidos en la solicitud de actualización no son válidos."
     not_email: "no es un correo electrónico"
     messages:
-      already_in_use: ya ha sido ocupado
+      already_in_use: ya ha sido ocupado
+  devise:
+    mailer:
+      confirmation_instructions:
+        subject: Instrucciones de confirmación
+        confirm_link_msg: "Para confirmar su cuenta ingrese en el siguiente link:"
+        confirm_account_link: Confirmar cuenta
+      reset_password_instructions:
+        subject: Instrucciones para restablecer su contraseña
+        request_reset_link_msg: "Ha solicitado un cambio de contraseña. Para continuar ingrese en el siguiente link:"
+        password_change_link: Cambiar contraseña
+        ignore_mail_msg: Por favor ignore este mensaje si no ha solicitado esta acción.
+        no_changes_msg: "Importante: Su contraseña no será actualizada a menos que ingrese en el link."
+      unlock_instructions:
+        subject: Instrucciones de desbloqueo
+        account_lock_msg: Su cuenta ha sido bloqueada debido a sucesivos intentos de ingresos fallidos
+        unlock_link_msg: "Para desbloquear su cuenta ingrese en el siguiente link:"
+        unlock_link: Desbloquear cuenta  
+  hello: hola
+  welcome: bienvenido

data/config/locales/fr.yml

@@ -1,7 +1,7 @@
 fr:
   devise_token_auth:
     sessions:
-      not_confirmed: "Une email de confirmation de votre compte a été envoyé à %{email}. Merci de suivre les instructions afin de valider votre compte"
+      not_confirmed: "Un e-mail de confirmation de votre compte a été envoyé à %{email}. Merci de suivre les instructions afin de valider votre compte"
       bad_credentials: "Mot de passe ou identifiant invalide."
       not_supported: "Utilisez POST /sign_in pour la connexion. GET n'est pas supporté."
       user_not_found: "L'utilisateur est inconnu ou n'est pas connecté."
@@ -10,21 +10,41 @@ fr:
     registrations:
       missing_confirm_success_url: "Le paramètre `confirm_success_url` est manquant."
       redirect_url_not_allowed: "Redirection vers %{redirect_url} n'est pas autorisée."
-      email_already_exists: "Un compte existe déjà avec cet email: %{email}"
+      email_already_exists: "Un compte existe déjà avec cette addresse e-mail: %{email}"
       account_with_uid_destroyed: "Le compte avec l'identifiant %{uid} a été supprimé."
-      account_to_destroy_not_found: "Impossible de trouver le compte à supprimer."
-      user_not_found: "Utilisateur non trouvé."
+      account_to_destroy_not_found: "Le compte à supprimer est introuvable."
+      user_not_found: "Utilisateur introuvable."
     passwords:
-      missing_email: "Vous devez soumettre un email."
-      missing_redirect_url: "Url de redirection manquante."
+      missing_email: "Vous devez soumettre un e-mail."
+      missing_redirect_url: "URL de redirection manquante."
       not_allowed_redirect_url: "Redirection vers %{redirect_url} n'est pas autorisée."
-      sended: "Un email a été envoyé à %{email} avec les instructions pour réinitialiser votre mot de passe."
-      user_not_found: "Impossible de trouver un utilisateur avec cet email: '%{email}'."
-      password_not_required: "Ce compte ne demande pas de mot de passe. Connectez vous plutôt en utilisant %{provider}."
-      missing_passwords: 'Vous devez remplir les champs "mt de passe" et "confirmation de mot de passe".'
+      sended: "Un e-mail a été envoyé à %{email} avec les instructions de réinitialisation du mot de passe."
+      user_not_found: "Impossible de trouver l'utilisateur avec l'adresse e-mail: '%{email}'."
+      password_not_required: "Ce compte ne demande pas de mot de passe. Connectez vous en utilisant %{provider}."
+      missing_passwords: 'Vous devez remplir les champs "mot de passe" et "confirmation de mot de passe".'
       successfully_updated: "Votre mot de passe a été correctement mis à jour."
-
   errors:
-    validate_sign_up_params: "Les données de l'inscription dans le corps de la requête ne sont pas valides."
+    validate_sign_up_params: "Les données d'inscription dans le corps de la requête ne sont pas valides."
     validate_account_update_params: "Les données de mise à jour dans le corps de la requête ne sont pas valides."
-    not_email: "n'est pas un email"
+    not_email: "n'est pas une adresse e-mail"
+    messages:
+      already_in_use: "déjà utilisé"
+  devise:
+    mailer:
+      confirmation_instructions:
+        subject: "Instructions de confirmation"
+        confirm_link_msg: "Vous pouvez confirmer votre compte e-mail via le lien ci-dessous :"
+        confirm_account_link: "Confirmer mon compte"
+      reset_password_instructions:
+        subject: "Instructions de récupération de mot de passe"
+        request_reset_link_msg: "Quelqu'un a demandé un lien pour changer votre mot de passe. Pour procéder ainsi, suivez le lien ci-dessous."
+        password_change_link: "Changer mon mot de passe"
+        ignore_mail_msg: "Si vous n'avez pas demandé cela, veuillez ignorer cet e-mail."
+        no_changes_msg: "Votre mot de passe ne changera pas tant que vous n'accédez pas au lien ci-dessus pour en créer un nouveau."
+      unlock_instructions:
+        subject: "Instructions de déblocage"
+        account_lock_msg: "Votre compte a été bloqué en raison de nombreuses tentatives de connection erronées."
+        unlock_link_msg: "Cliquez sur le lien ci-dessous pour déverrouiller votre compte:"
+        unlock_link: "Déverrouiller mon compte"
+  hello: bonjour
+  welcome: bienvenue

data/config/locales/pl.yml

@@ -23,8 +23,28 @@ pl:
       password_not_required: "To konto nie wymaga podania hasła. Zaloguj się używając konta %{provider}."
       missing_passwords: 'Musisz wypełnić wszystkie pola z etykietą "hasło" oraz "potwierdzenie hasła".'
       successfully_updated: "Twoje hasło zostało zaktualizowane."
-
   errors:
     validate_sign_up_params: "Proszę dostarczyć odpowiednie dane logowania w ciele zapytania."
     validate_account_update_params: "Proszę dostarczyć odpowiednie dane aktualizacji konta w ciele zapytania."
     not_email: "nie jest prawidłowym adresem e-mail"
+    messages:
+      already_in_use: "już w użyciu"
+  devise:
+    mailer:
+      confirmation_instructions:
+        subject: "Instrukcji potwierdzania"
+        confirm_link_msg: "Możesz potwierdzić swój e-mail konta poprzez link poniżej :"
+        confirm_account_link: "Potwierdź swoje konto"
+      reset_password_instructions:
+        subject: "Instrukcje resetowania hasła"
+        request_reset_link_msg: "Ktoś o link do zmiany hasła . Można to zrobić za pośrednictwem linku poniżej ."
+        password_change_link: "Zmień hasło"
+        ignore_mail_msg: "Jeśli jej nie potrzebuję , zignoruj ​​tę wiadomość."
+        no_changes_msg: "Twoje hasło nie zmieni , dopóki dostęp powyższy link i utwórz nowy ."
+      unlock_instructions:
+        subject: "Instrukcje do odblokowania"
+        account_lock_msg: "Twoje konto zostało zablokowane z powodu zbyt dużej liczby nieudanych znak w próbach ."
+        unlock_link_msg: "Kliknij poniższy link, aby odblokować konto :"
+        unlock_link: "Odblokować konto"
+  hello: halo
+  welcome: witam

data/config/locales/pt-BR.yml

@@ -23,8 +23,28 @@ pt-BR:
       password_not_required: "Esta conta não necessita de uma senha. Faça login utilizando %{provider}."
       missing_passwords: 'Preencha a senha e a confirmação de senha.'
       successfully_updated: "Senha atualizada com sucesso."
-
   errors:
     validate_sign_up_params: "Os dados submetidos na requisição de cadastro são inválidos."
     validate_account_update_params: "Os dados submetidos para atualização de conta são inválidos."
     not_email: "não é um e-mail"
+    messages:
+      already_in_use: "em uso"
+  devise:
+    mailer:
+      confirmation_instructions:
+        subject: "Instruções de confirmação"
+        confirm_link_msg: "Você pode confirmar a sua conta de e-mail através do link abaixo :"
+        confirm_account_link: "Confirme conta"
+      reset_password_instructions:
+        subject: "Instruções para redefinir sua senha"
+        request_reset_link_msg: "Alguém pediu um link para mudar sua senha. Você pode fazer isso através do link abaixo "
+        password_change_link: "Alterar a senha"
+        ignore_mail_msg: "Se você não pediu isso, por favor, ignore este e-mail."
+        no_changes_msg: "Sua senha não será alterada até que você acessar o link acima e criar um novo."
+      unlock_instructions:
+        subject: "Instruções de desbloqueio"
+        account_lock_msg: "A sua conta foi bloqueada devido a um número excessivo de sinal de sucesso em tentativas."
+        unlock_link_msg: "Clique no link abaixo para desbloquear sua conta:"
+        unlock_link: "Desbloquear minha conta"
+  hello: "olá"
+  welcome: "bem-vindo"

data/config/locales/{pt-PT.yml → pt.yml}

@@ -1,4 +1,4 @@
-pt-PT:
+pt:
   devise_token_auth:
     sessions:
       not_confirmed: "Uma mensagem com um link de confirmação foi enviado para seu endereço de e-mail. Você precisa confirmar sua conta antes de continuar."
@@ -23,8 +23,28 @@ pt-PT:
       password_not_required: "Esta conta não necessita de uma senha. Faça login utilizando %{provider}."
       missing_passwords: 'Preencha a senha e a confirmação de senha.'
       successfully_updated: "Senha atualizada com sucesso."
-
   errors:
     validate_sign_up_params: "Os dados submetidos na requisição de registo são inválidos."
     validate_account_update_params: "Os dados submetidos para atualização de conta são inválidos."
-    not_email: "não é um e-mail"
+    not_email: "não é um e-mail"
+    messages:
+      already_in_use: "em uso"
+  devise:
+    mailer:
+      confirmation_instructions:
+        subject: "Instruções de confirmação"
+        confirm_link_msg: "Você pode confirmar a sua conta de e-mail através do link abaixo :"
+        confirm_account_link: "Confirme conta"
+      reset_password_instructions:
+        subject: "Instruções para redefinir sua senha"
+        request_reset_link_msg: "Alguém pediu um link para mudar sua senha. Você pode fazer isso através do link abaixo "
+        password_change_link: "Alterar a senha"
+        ignore_mail_msg: "Se você não pediu isso, por favor, ignore este e-mail."
+        no_changes_msg: "Sua senha não será alterada até que você acessar o link acima e criar um novo."
+      unlock_instructions:
+        subject: "Instruções de desbloqueio"
+        account_lock_msg: "A sua conta foi bloqueada devido a um número excessivo de sinal de sucesso em tentativas."
+        unlock_link_msg: "Clique no link abaixo para desbloquear sua conta:"
+        unlock_link: "Desbloquear minha conta"
+  hello: "olá"
+  welcome: "bem-vindo"

data/config/locales/ru.yml

@@ -0,0 +1,51 @@
+ru:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "Письмо с подтверждением Вашей учетной записи %{email} отправлено на электронную почту. Вы должны следовать инструкциям, приведенным в письме, прежде чем Ваша учетная запись сможет быть активирована"
+      bad_credentials: "Неверные логин или пароль. Пожалуйста, попробуйте еще раз."
+      not_supported: "Используйте POST /sign_in для входа. GET запросы не поддерживаются."
+      user_not_found: "Пользователь не найден или не вошел."
+    token_validations:
+      invalid: "Неверные данные для входа"
+    registrations:
+      missing_confirm_success_url: "Отсутствует параметр `confirm_success_url`."
+      redirect_url_not_allowed: "Переадресация на %{redirect_url} не разрешена."
+      email_already_exists: "Учетная запись для %{email} уже существует"
+      account_with_uid_destroyed: "Учетная запись с uid %{uid} удалена."
+      account_to_destroy_not_found: "Не удается найти учетную запись для удаления."
+      user_not_found: "Пользователь не найден."
+    passwords:
+      missing_email: "Вы должны указать адрес электронной почты."
+      missing_redirect_url: "Отсутствует адрес переадресации."
+      not_allowed_redirect_url: "Переадресация на %{redirect_url} не разрешена."
+      sended: "Инструкция по восстановлению пароля отправлена на Вашу электронную почту %{email}."
+      user_not_found: "Не удается найти пользователя с электронной почтой '%{email}'."
+      password_not_required: "Эта учетная запись не требует пароля. Войдите используя учетную запись %{provider}."
+      missing_passwords: 'Вы должны заполнить поля "пароль" и "повторите пароль".'
+      successfully_updated: "Ваш пароль успешно обновлён."
+  errors:
+    validate_sign_up_params: "Пожалуйста, укажите надлежащие данные для регистрации в теле запроса."
+    validate_account_update_params: "Пожалуйста, укажите надлежащие данные для обновления учетной записи в теле запроса."
+    not_email: "не является электронной почтой"
+    messages:
+      already_in_use: "уже используется"
+  devise:
+    mailer:
+      confirmation_instructions:
+        subject: "Инструкции подтверждения"
+        confirm_link_msg: "Вы можете подтвердить ваш адрес электронной почты через ссылку ниже :"
+        confirm_account_link: Подтвердите свой ​​счет
+      reset_password_instructions:
+        subject: "Инструкции для восстановления пароля"
+        request_reset_link_msg: "Кто-то просил ссылку , чтобы изменить пароль . Вы можете сделать это через ссылку ниже."
+        password_change_link: "Изменить пароль"
+        ignore_mail_msg: "If you didn't request this, please ignore this email."
+        no_changes_msg: "Ваш пароль не изменится, пока вы не открыть ссылку выше и создать новый."
+      unlock_instructions:
+        subject: "Разблокировать Инструкции"
+        account_lock_msg: "Ваш аккаунт был заблокирован из-за чрезмерного количества неудачных попыток в знак ."
+        unlock_link_msg: "Нажмите на ссылку ниже, чтобы разблокировать свой ​​аккаунт :"
+        unlock_link: "Открой свой ​​аккаунт"  
+  hello: "Здравствуйте"
+  welcome: "Добро пожаловат"
+

data/lib/devise_token_auth/engine.rb

@@ -10,15 +10,18 @@ module DeviseTokenAuth
   end
 
   mattr_accessor :change_headers_on_each_request,
+                 :max_number_of_devices,
                  :token_lifespan,
                  :batch_request_buffer_throttle,
                  :omniauth_prefix,
                  :default_confirm_success_url,
                  :default_password_reset_url,
                  :redirect_whitelist,
-                 :check_current_password_before_update
+                 :check_current_password_before_update,
+                 :enable_standard_devise_support
 
   self.change_headers_on_each_request       = true
+  self.max_number_of_devices                = 10
   self.token_lifespan                       = 2.weeks
   self.batch_request_buffer_throttle        = 5.seconds
   self.omniauth_prefix                      = '/omniauth'
@@ -26,6 +29,7 @@ module DeviseTokenAuth
   self.default_password_reset_url           = nil
   self.redirect_whitelist                   = nil
   self.check_current_password_before_update = false
+  self.enable_standard_devise_support       = false
 
   def self.setup(&block)
     yield self
@@ -33,7 +37,7 @@ module DeviseTokenAuth
     Rails.application.config.after_initialize do
       if defined?(::OmniAuth)
         ::OmniAuth::config.path_prefix = Devise.omniauth_path_prefix = self.omniauth_prefix
-      
+
 
         # Omniauth currently does not pass along omniauth.params upon failure redirect
         # see also: https://github.com/intridea/omniauth/issues/626

data/lib/devise_token_auth/url.rb

@@ -5,8 +5,9 @@ module DeviseTokenAuth::Url
 
     res = "#{uri.scheme}://#{uri.host}"
     res += ":#{uri.port}" if (uri.port and uri.port != 80 and uri.port != 443)
-    res += "#{uri.path}" if uri.path
-    res += "?#{params.to_query}"
+    res += "#{uri.path}" if uri.path    
+    query = [uri.query, params.to_query].reject(&:blank?).join('&')
+    res += "?#{query}"
     res += "##{uri.fragment}" if uri.fragment
 
     return res

data/lib/devise_token_auth/version.rb

@@ -1,3 +1,3 @@
 module DeviseTokenAuth
-  VERSION = "0.1.37.beta3"
+  VERSION = "0.1.37.beta4"
 end

data/lib/generators/devise_token_auth/templates/devise_token_auth.rb

@@ -3,26 +3,35 @@ DeviseTokenAuth.setup do |config|
   # client is responsible for keeping track of the changing tokens. Change
   # this to false to prevent the Authorization header from changing after
   # each request.
-  #config.change_headers_on_each_request = true
+  # config.change_headers_on_each_request = true
 
   # By default, users will need to re-authenticate after 2 weeks. This setting
   # determines how long tokens will remain valid after they are issued.
-  #config.token_lifespan = 2.weeks
+  # config.token_lifespan = 2.weeks
+
+  # Sets the max number of concurrent devices per user, which is 10 by default.
+  # After this limit is reached, the oldest tokens will be removed.
+  # config.max_number_of_devices = 10
 
   # Sometimes it's necessary to make several requests to the API at the same
   # time. In this case, each request in the batch will need to share the same
   # auth token. This setting determines how far apart the requests can be while
   # still using the same auth token.
-  #config.batch_request_buffer_throttle = 5.seconds
+  # config.batch_request_buffer_throttle = 5.seconds
 
   # This route will be the prefix for all oauth2 redirect callbacks. For
   # example, using the default '/omniauth', the github oauth2 provider will
   # redirect successful authentications to '/omniauth/github/callback'
-  #config.omniauth_prefix = "/omniauth"
+  # config.omniauth_prefix = "/omniauth"
 
   # By defult sending current password is not needed for the password update.
   # Uncomment to enforce current_password param to be checked before all
   # attribute updates. Set it to :password if you want it to be checked only if
   # password is updated.
   # config.check_current_password_before_update = :attributes
-end
+
+  # By default, only Bearer Token authentication is implemented out of the box.
+  # If, however, you wish to integrate with legacy Devise authentication, you can
+  # do so by enabling this flag. NOTE: This feature is highly experimental!
+  # enable_standard_devise_support = false
+end

data/test/controllers/demo_user_controller_test.rb

@@ -284,14 +284,25 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
         end
       end
 
-      describe 'existing Warden authentication with ignored token data' do
+    end
+
+    describe 'enable_standard_devise_support' do
+
+      before do
+        @resource = users(:confirmed_email_user)
+        @auth_headers = @resource.create_new_auth_token
+        DeviseTokenAuth.enable_standard_devise_support = true
+      end
+
+      describe 'Existing Warden authentication' do
         before do
           @resource = users(:second_confirmed_email_user)
           @resource.skip_confirmation!
           @resource.save!
           login_as( @resource, :scope => :user)
 
-          get '/demo/members_only', {}, @auth_headers
+          # no auth headers sent, testing that warden authenticates correctly.
+          get '/demo/members_only', {}, nil
 
           @resp_token       = response.headers['access-token']
           @resp_client_id   = response.headers['client']
@@ -311,6 +322,19 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           it 'should not define current_mang' do
             refute_equal @resource, @controller.current_mang
           end
+		  
+		  
+          it 'should increase the number of tokens by a factor of 2 up to 11' do
+            @first_token = @resource.tokens.keys.first
+
+            DeviseTokenAuth.max_number_of_devices = 11
+            (1..10).each do |n|
+              assert_equal [11, 2*n].min, @resource.reload.tokens.keys.length
+              get '/demo/members_only', {}, nil
+            end
+
+            assert_not_includes @resource.reload.tokens.keys, @first_token
+          end
         end
 
         it 'should return success status' do
@@ -329,69 +353,69 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
           assert @resp_client_id
         end
 
-        it "should not use the existing token's client" do
-          refute_equal @auth_headers['client'], @resp_client_id
-        end
-
         it "should return the user's uid in the auth header" do
           assert @resp_uid
         end
+      end
 
-        it "should not return the token user's uid in the auth header" do
-          refute_equal @resp_uid, @auth_headers['uid']
+      describe 'existing Warden authentication with ignored token data' do
+        before do
+          @resource = users(:second_confirmed_email_user)
+          @resource.skip_confirmation!
+          @resource.save!
+          login_as( @resource, :scope => :user)
+
+          get '/demo/members_only', {}, @auth_headers
+
+          @resp_token       = response.headers['access-token']
+          @resp_client_id   = response.headers['client']
+          @resp_expiry      = response.headers['expiry']
+          @resp_uid         = response.headers['uid']
         end
-      end
-    end
 
-    describe 'Existing Warden authentication' do
-      before do
-        @resource = users(:second_confirmed_email_user)
-        @resource.skip_confirmation!
-        @resource.save!
-        login_as( @resource, :scope => :user)
+        describe 'devise mappings' do
+          it 'should define current_user' do
+            assert_equal @resource, @controller.current_user
+          end
 
-        # no auth headers sent, testing that warden authenticates correctly.
-        get '/demo/members_only', {}, nil
+          it 'should define user_signed_in?' do
+            assert @controller.user_signed_in?
+          end
 
-        @resp_token       = response.headers['access-token']
-        @resp_client_id   = response.headers['client']
-        @resp_expiry      = response.headers['expiry']
-        @resp_uid         = response.headers['uid']
-      end
+          it 'should not define current_mang' do
+            refute_equal @resource, @controller.current_mang
+          end
+        end
 
-      describe 'devise mappings' do
-        it 'should define current_user' do
-          assert_equal @resource, @controller.current_user
+        it 'should return success status' do
+          assert_equal 200, response.status
         end
 
-        it 'should define user_signed_in?' do
-          assert @controller.user_signed_in?
+        it 'should receive new token after successful request' do
+          assert @resp_token
         end
 
-        it 'should not define current_mang' do
-          refute_equal @resource, @controller.current_mang
+        it 'should set the token expiry in the auth header' do
+          assert @resp_expiry
         end
-      end
 
-      it 'should return success status' do
-        assert_equal 200, response.status
-      end
+        it 'should return the client id in the auth header' do
+          assert @resp_client_id
+        end
 
-      it 'should receive new token after successful request' do
-        assert @resp_token
-      end
+        it "should not use the existing token's client" do
+          refute_equal @auth_headers['client'], @resp_client_id
+        end
 
-      it 'should set the token expiry in the auth header' do
-        assert @resp_expiry
-      end
+        it "should return the user's uid in the auth header" do
+          assert @resp_uid
+        end
 
-      it 'should return the client id in the auth header' do
-        assert @resp_client_id
+        it "should not return the token user's uid in the auth header" do
+          refute_equal @resp_uid, @auth_headers['uid']
+        end
       end
 
-      it "should return the user's uid in the auth header" do
-        assert @resp_uid
-      end
     end
 
   end

data/test/controllers/devise_token_auth/registrations_controller_test.rb

@@ -763,13 +763,15 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
       end
 
       test "Mang should be destroyed" do
+        @resource.skip_confirmation!
+        @resource.save!
         @auth_headers  = @resource.create_new_auth_token
         @client_id     = @auth_headers['client']
 
         # ensure request is not treated as batch request
         age_token(@resource, @client_id)
 
-        delete "/mangs", {}, @auth_headers
+        xhr :delete,  "/mangs", {}, @auth_headers
 
         assert_equal 200, response.status
         refute Mang.where(id: @resource.id).first

data/test/lib/devise_token_auth/url_test.rb

@@ -7,5 +7,22 @@ class DeviseTokenAuth::UrlTest < ActiveSupport::TestCase
 	    url = 'http://example.com#fragment'
 	    assert_equal DeviseTokenAuth::Url.send(:generate, url, params), "http://example.com?client_id=123#fragment"
 	  end
+
+	  describe 'with existing query params' do
+	  	test 'should preserve existing query params' do
+	      url = 'http://example.com?a=1'
+	      assert_equal DeviseTokenAuth::Url.send(:generate, url), "http://example.com?a=1"
+	    end
+
+	    test 'should marge existing query params with new ones' do
+	      params = {client_id: 123}
+	      url = 'http://example.com?a=1'
+	      assert_equal DeviseTokenAuth::Url.send(:generate, url, params), "http://example.com?a=1&client_id=123"
+	    end
+
+
+	  end
+
+
 	end
 end

data/test/test_helper.rb

@@ -40,13 +40,17 @@ class ActiveSupport::TestCase
   # Add more helper methods to be used by all tests here...
 
   def age_token(user, client_id)
-    user.tokens[client_id]['updated_at'] = Time.now - (DeviseTokenAuth.batch_request_buffer_throttle + 10.seconds)
-    user.save!
+    if user.tokens[client_id]
+      user.tokens[client_id]['updated_at'] = Time.now - (DeviseTokenAuth.batch_request_buffer_throttle + 10.seconds)
+      user.save!
+    end
   end
 
   def expire_token(user, client_id)
-    user.tokens[client_id]['expiry'] = (Time.now - (DeviseTokenAuth.token_lifespan.to_f + 10.seconds)).to_i
-    user.save!
+    if user.tokens[client_id]
+      user.tokens[client_id]['expiry'] = (Time.now - (DeviseTokenAuth.token_lifespan.to_f + 10.seconds)).to_i
+      user.save!
+    end
   end
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_token_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.37.beta3
+  version: 0.1.37.beta4
 platform: ruby
 authors:
 - Lynn Hurley
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-27 00:00:00.000000000 Z
+date: 2015-12-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -90,7 +90,6 @@ files:
 - LICENSE
 - README.md
 - Rakefile
-- app/controllers/devise_token_auth/CHANGELOG.md
 - app/controllers/devise_token_auth/application_controller.rb
 - app/controllers/devise_token_auth/concerns/set_user_by_token.rb
 - app/controllers/devise_token_auth/confirmations_controller.rb
@@ -106,12 +105,14 @@ files:
 - app/views/devise/mailer/unlock_instructions.html.erb
 - app/views/devise_token_auth/omniauth_external_window.html.erb
 - config/initializers/devise.rb
+- config/locales/de.yml
 - config/locales/en.yml
 - config/locales/es.yml
 - config/locales/fr.yml
 - config/locales/pl.yml
 - config/locales/pt-BR.yml
-- config/locales/pt-PT.yml
+- config/locales/pt.yml
+- config/locales/ru.yml
 - lib/devise_token_auth.rb
 - lib/devise_token_auth/controllers/helpers.rb
 - lib/devise_token_auth/controllers/url_helpers.rb
@@ -209,7 +210,7 @@ files:
 - test/dummy/lib/migration_database_helper.rb
 - test/dummy/tmp/generators/app/models/user.rb
 - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
-- test/dummy/tmp/generators/db/migrate/20151025020205_devise_token_auth_create_users.rb
+- test/dummy/tmp/generators/db/migrate/20151027080542_devise_token_auth_create_users.rb
 - test/integration/navigation_test.rb
 - test/lib/devise_token_auth/url_test.rb
 - test/lib/generators/devise_token_auth/install_generator_test.rb
@@ -325,7 +326,7 @@ test_files:
 - test/dummy/README.rdoc
 - test/dummy/tmp/generators/app/models/user.rb
 - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
-- test/dummy/tmp/generators/db/migrate/20151025020205_devise_token_auth_create_users.rb
+- test/dummy/tmp/generators/db/migrate/20151027080542_devise_token_auth_create_users.rb
 - test/integration/navigation_test.rb
 - test/lib/devise_token_auth/url_test.rb
 - test/lib/generators/devise_token_auth/install_generator_test.rb

data/app/controllers/devise_token_auth/CHANGELOG.md

@@ -1,10 +0,0 @@
-+<a name="0.1.33"></a>
-+# 0.1.33 (2015-??-??)
-+
-+## Features
-+
-+- **Improved OAuth Flow**: Supports new OAuth window flows, allowing options for `sameWindow`, `newWindow`, and `inAppBrowser`
-+
-+## Breaking Changes
-+
-+- The new OAuth redirect behavior now defaults to `sameWindow` mode, whereas the previous implementation mimicked the functionality of `newWindow`. This was changed due to limitations with the `postMessage` API support in popular browsers, as well as feedback from user-experience testing.