devise_token_auth 0.1.38 → 0.1.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of devise_token_auth might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: aa39458371b7528fd21f448db0ee9925c85925c0
4
- data.tar.gz: a0eaf377f37b1a5c36ff93df23effaee5747ebb5
3
+ metadata.gz: 69aefa1a60b35d0639a7ce60d2145992a1421288
4
+ data.tar.gz: 99d081fe410204ca5b64eb0406a602731d564b4b
5
5
  SHA512:
6
- metadata.gz: 0cd833a8afc253f5c72622ef1536a10d0fc527ff830c089e3b6c8ce76c909dcd0a084d3c7cc6b563d663c009308043e3b2d8128c60d35dd5e58ba3df4f355d9f
7
- data.tar.gz: 29f59819d0a882b8dc83c9ac78f172b8b8e7f20b80b4c361d3867ddff89295be122e0ced3d82e7387f0eaa7ffdfedb911daf685552e272f24d83bfc1bc564cc1
6
+ metadata.gz: 187e75b7fc83677e77b11cadcdcb7f30ca60e825d246d83a5f68530ca1dd3aa034183f9750efd16b826c4ed83bd50f7b99e6eb48329b4933f5b6e7c7997c1894
7
+ data.tar.gz: 1b95f3264baece0776433da8f186c2e48a47b52f8308212ed1038c78458e4ddf5fc601560cdb191cc40a504a69d2faaa4cc339e5397094dedaf821dd7ab1c144
data/README.md CHANGED
@@ -136,7 +136,7 @@ The following routes are available for use by your client. These routes live rel
136
136
  | path | method | purpose |
137
137
  |:-----|:-------|:--------|
138
138
  | / | POST | Email registration. Requires **`email`**, **`password`**, and **`password_confirmation`** params. A verification email will be sent to the email address provided. Accepted params can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. |
139
- | / | DELETE | Account deletion. This route will destroy users identified by their **`uid`** and **`auth_token`** headers. |
139
+ | / | DELETE | Account deletion. This route will destroy users identified by their **`uid`**, **`access_token`** and **`client`** headers. |
140
140
  | / | PUT | Account updates. This route will update an existing user's account settings. The default accepted params are **`password`** and **`password_confirmation`**, but this can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. If **`config.check_current_password_before_update`** is set to `:attributes` the **`current_password`** param is checked before any update, if it is set to `:password` the **`current_password`** param is checked only if the request updates user password. |
141
141
  | /sign_in | POST | Email authentication. Requires **`email`** and **`password`** as params. This route will return a JSON representation of the `User` model on successful login along with the `access-token` and `client` in the header of the response. |
142
142
  | /sign_out | DELETE | Use this route to end the user's current session. This route will invalidate the user's authentication token. You must pass in **`uid`**, **`client`**, and **`access-token`** in the request headers. |
@@ -0,0 +1,54 @@
1
+ zh-CN:
2
+ devise_token_auth:
3
+ sessions:
4
+ not_confirmed: "您将在几分钟后收到一封电子邮件'%{email}',内有验证账号的步骤说明"
5
+ bad_credentials: "不正确的登录信息,请重试"
6
+ not_supported: "请使用 POST /sign_in 进行登录. GET 是不支持的."
7
+ user_not_found: "没有找到账号或没有成功登录"
8
+ token_validations:
9
+ invalid: "不正确的登录资料"
10
+ registrations:
11
+ missing_confirm_success_url: "缺少数据 'confirm_success_url'"
12
+ redirect_url_not_allowed: "不支持转向到 '%{redirect_url}'"
13
+ email_already_exists: "邮箱'%{email}'已被使用"
14
+ account_with_uid_destroyed: "账号 '%{uid}' 已被移除。"
15
+ account_to_destroy_not_found: "无法找到目标帐号。"
16
+ user_not_found: "找不到帐号。"
17
+ passwords:
18
+ missing_email: "必需提供邮箱。"
19
+ missing_redirect_url: "欠缺 redirect URL."
20
+ not_allowed_redirect_url: "不支持转向到 '%{redirect_url}'"
21
+ sended: "您将在几分钟后收到一封电子邮件'%{email},内含可重新设定密码的链接。"
22
+ user_not_found: "找不到帐号 '%{email}'。"
23
+ password_not_required: "这不是一个需要密码的帐号. 请使用 '%{provider}' 进行登入"
24
+ missing_passwords: "必需填写'密码'与'确认密码'。"
25
+ successfully_updated: "您的密码已被修改。"
26
+ errors:
27
+ messages:
28
+ already_in_use: "已被使用。"
29
+ validate_sign_up_params: "请在request body中填入有效的注册内容"
30
+ validate_account_update_params: "请在request body中填入有效的更新帐号资料"
31
+ not_email: "这不是一个合适的邮箱。"
32
+ devise:
33
+ mailer:
34
+ confirmation_instructions:
35
+ confirm_link_msg: "可以使用下面的链接确定你的邮箱"
36
+ confirm_account_link: "确定你的帐号"
37
+ reset_password_instructions:
38
+ request_reset_link_msg: "已申请修改您的密码,你可以用下面的链接进入"
39
+ password_change_link: "修改我的密码"
40
+ ignore_mail_msg: "如你没有申请,请忽略"
41
+ no_changes_msg: "在你点击上面链接前,你的密码都没有改变"
42
+ unlock_instructions:
43
+ account_lock_msg: "由于多次登入失败,我们已锁定你的帐号"
44
+ unlock_link_msg: "可以使用下面的链接解锁你的帐号"
45
+ unlock_link: "解锁帐号"
46
+ activerecord:
47
+ errors:
48
+ models:
49
+ user:
50
+ attributes:
51
+ email:
52
+ already_in_use: "邮箱已被使用"
53
+ hello: "你好"
54
+ welcome: "欢迎"
@@ -73,8 +73,22 @@ module ActionDispatch::Routing
73
73
 
74
74
  set_omniauth_path_prefix!(DeviseTokenAuth.omniauth_prefix)
75
75
 
76
+ redirect_params = {}.tap {|hash| qs.each{|k, v| hash[k] = v.first}}
77
+
78
+ if DeviseTokenAuth.redirect_whitelist
79
+ redirect_url = request.params['auth_origin_url']
80
+ unless DeviseTokenAuth.redirect_whitelist.include?(redirect_url)
81
+ message = I18n.t(
82
+ 'devise_token_auth.registrations.redirect_url_not_allowed',
83
+ redirect_url: redirect_url
84
+ )
85
+ redirect_params['message'] = message
86
+ next "#{::OmniAuth.config.path_prefix}/failure?#{redirect_params.to_param}"
87
+ end
88
+ end
89
+
76
90
  # re-construct the path for omniauth
77
- "#{::OmniAuth.config.path_prefix}/#{params[:provider]}?#{{}.tap {|hash| qs.each{|k, v| hash[k] = v.first}}.to_param}"
91
+ "#{::OmniAuth.config.path_prefix}/#{params[:provider]}?#{redirect_params.to_param}"
78
92
  }, via: [:get]
79
93
  end
80
94
  end
@@ -1,3 +1,3 @@
1
1
  module DeviseTokenAuth
2
- VERSION = "0.1.38"
2
+ VERSION = "0.1.39"
3
3
  end
@@ -1,4 +1,4 @@
1
- class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
1
+ class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration<%= '[' << Rails::VERSION::STRING[0..2] << ']'%>
2
2
  def change
3
3
  create_table(:<%= user_class.pluralize.underscore %>) do |t|
4
4
  ## Required
@@ -279,4 +279,46 @@ class OmniauthTest < ActionDispatch::IntegrationTest
279
279
  }
280
280
  end
281
281
  end
282
+
283
+ describe 'Using redirect_whitelist' do
284
+ before do
285
+ @user_email = 'slemp.diggler@sillybandz.gov'
286
+ OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
287
+ provider: 'facebook',
288
+ uid: '123545',
289
+ info: {
290
+ name: 'chong',
291
+ email: @user_email
292
+ }
293
+ )
294
+ @good_redirect_url = Faker::Internet.url
295
+ @bad_redirect_url = Faker::Internet.url
296
+ DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
297
+ end
298
+
299
+ teardown do
300
+ DeviseTokenAuth.redirect_whitelist = nil
301
+ end
302
+
303
+ test 'request using non-whitelisted redirect fail' do
304
+ get_via_redirect '/auth/facebook',
305
+ auth_origin_url: @bad_redirect_url,
306
+ omniauth_window_type: 'newWindow'
307
+
308
+ data_json = @response.body.match(/var data \= (.+)\;/)[1]
309
+ data = ActiveSupport::JSON.decode(data_json)
310
+ assert_equal "Redirect to '#{@bad_redirect_url}' not allowed.",
311
+ data['error']
312
+ end
313
+
314
+ test 'request to whitelisted redirect should succeed' do
315
+ get_via_redirect '/auth/facebook',
316
+ auth_origin_url: @good_redirect_url,
317
+ omniauth_window_type: 'newWindow'
318
+
319
+ data_json = @response.body.match(/var data \= (.+)\;/)[1]
320
+ data = ActiveSupport::JSON.decode(data_json)
321
+ assert_equal @user_email, data['email']
322
+ end
323
+ end
282
324
  end
@@ -0,0 +1,5 @@
1
+ <p><%= t(:welcome).capitalize + ' ' + @email %>!</p>
2
+
3
+ <p><%= t '.confirm_link_msg' %> </p>
4
+
5
+ <p><%= link_to t('.confirm_account_link'), confirmation_url(@resource, {confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']}).html_safe %></p>
@@ -0,0 +1,8 @@
1
+ <p><%= t(:hello).capitalize %> <%= @resource.email %>!</p>
2
+
3
+ <p><%= t '.request_reset_link_msg' %></p>
4
+
5
+ <p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s).html_safe %></p>
6
+
7
+ <p><%= t '.ignore_mail_msg' %></p>
8
+ <p><%= t '.no_changes_msg' %></p>
@@ -28,6 +28,10 @@ module DeviseTokenAuth
28
28
  assert_migration 'db/migrate/devise_token_auth_create_users.rb'
29
29
  end
30
30
 
31
+ test 'migration file contains rails version' do
32
+ assert_migration 'db/migrate/devise_token_auth_create_users.rb', /4.2/
33
+ end
34
+
31
35
  test 'subsequent runs raise no errors' do
32
36
  run_generator
33
37
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_token_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.38
4
+ version: 0.1.39
5
5
  platform: ruby
6
6
  authors:
7
7
  - Lynn Hurley
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-07-11 00:00:00.000000000 Z
11
+ date: 2016-08-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -122,6 +122,7 @@ files:
122
122
  - config/locales/pt-BR.yml
123
123
  - config/locales/pt.yml
124
124
  - config/locales/ru.yml
125
+ - config/locales/zh-CN.yml
125
126
  - config/locales/zh-HK.yml
126
127
  - config/locales/zh-TW.yml
127
128
  - lib/devise_token_auth.rb
@@ -221,9 +222,8 @@ files:
221
222
  - test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb
222
223
  - test/dummy/db/schema.rb
223
224
  - test/dummy/lib/migration_database_helper.rb
224
- - test/dummy/tmp/generators/app/models/user.rb
225
- - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
226
- - test/dummy/tmp/generators/db/migrate/20160711201448_devise_token_auth_create_users.rb
225
+ - test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
226
+ - test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
227
227
  - test/integration/navigation_test.rb
228
228
  - test/lib/devise_token_auth/url_test.rb
229
229
  - test/lib/generators/devise_token_auth/install_generator_test.rb
@@ -339,9 +339,8 @@ test_files:
339
339
  - test/dummy/db/schema.rb
340
340
  - test/dummy/lib/migration_database_helper.rb
341
341
  - test/dummy/README.rdoc
342
- - test/dummy/tmp/generators/app/models/user.rb
343
- - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
344
- - test/dummy/tmp/generators/db/migrate/20160711201448_devise_token_auth_create_users.rb
342
+ - test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
343
+ - test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
345
344
  - test/integration/navigation_test.rb
346
345
  - test/lib/devise_token_auth/url_test.rb
347
346
  - test/lib/generators/devise_token_auth/install_generator_test.rb
@@ -1,7 +0,0 @@
1
- class User < ActiveRecord::Base
2
- # Include default devise modules.
3
- devise :database_authenticatable, :registerable,
4
- :recoverable, :rememberable, :trackable, :validatable,
5
- :confirmable, :omniauthable
6
- include DeviseTokenAuth::Concerns::User
7
- end
@@ -1,48 +0,0 @@
1
- DeviseTokenAuth.setup do |config|
2
- # By default the authorization headers will change after each request. The
3
- # client is responsible for keeping track of the changing tokens. Change
4
- # this to false to prevent the Authorization header from changing after
5
- # each request.
6
- # config.change_headers_on_each_request = true
7
-
8
- # By default, users will need to re-authenticate after 2 weeks. This setting
9
- # determines how long tokens will remain valid after they are issued.
10
- # config.token_lifespan = 2.weeks
11
-
12
- # Sets the max number of concurrent devices per user, which is 10 by default.
13
- # After this limit is reached, the oldest tokens will be removed.
14
- # config.max_number_of_devices = 10
15
-
16
- # Sometimes it's necessary to make several requests to the API at the same
17
- # time. In this case, each request in the batch will need to share the same
18
- # auth token. This setting determines how far apart the requests can be while
19
- # still using the same auth token.
20
- # config.batch_request_buffer_throttle = 5.seconds
21
-
22
- # This route will be the prefix for all oauth2 redirect callbacks. For
23
- # example, using the default '/omniauth', the github oauth2 provider will
24
- # redirect successful authentications to '/omniauth/github/callback'
25
- # config.omniauth_prefix = "/omniauth"
26
-
27
- # By default sending current password is not needed for the password update.
28
- # Uncomment to enforce current_password param to be checked before all
29
- # attribute updates. Set it to :password if you want it to be checked only if
30
- # password is updated.
31
- # config.check_current_password_before_update = :attributes
32
-
33
- # By default we will use callbacks for single omniauth.
34
- # It depends on fields like email, provider and uid.
35
- # config.default_callbacks = true
36
-
37
- # Makes it possible to change the headers names
38
- # config.headers_names = {:'access-token' => 'access-token',
39
- # :'client' => 'client',
40
- # :'expiry' => 'expiry',
41
- # :'uid' => 'uid',
42
- # :'token-type' => 'token-type' }
43
-
44
- # By default, only Bearer Token authentication is implemented out of the box.
45
- # If, however, you wish to integrate with legacy Devise authentication, you can
46
- # do so by enabling this flag. NOTE: This feature is highly experimental!
47
- # config.enable_standard_devise_support = false
48
- end
@@ -1,54 +0,0 @@
1
- class DeviseTokenAuthCreateUsers < ActiveRecord::Migration
2
- def change
3
- create_table(:users) do |t|
4
- ## Required
5
- t.string :provider, :null => false, :default => "email"
6
- t.string :uid, :null => false, :default => ""
7
-
8
- ## Database authenticatable
9
- t.string :encrypted_password, :null => false, :default => ""
10
-
11
- ## Recoverable
12
- t.string :reset_password_token
13
- t.datetime :reset_password_sent_at
14
-
15
- ## Rememberable
16
- t.datetime :remember_created_at
17
-
18
- ## Trackable
19
- t.integer :sign_in_count, :default => 0, :null => false
20
- t.datetime :current_sign_in_at
21
- t.datetime :last_sign_in_at
22
- t.string :current_sign_in_ip
23
- t.string :last_sign_in_ip
24
-
25
- ## Confirmable
26
- t.string :confirmation_token
27
- t.datetime :confirmed_at
28
- t.datetime :confirmation_sent_at
29
- t.string :unconfirmed_email # Only if using reconfirmable
30
-
31
- ## Lockable
32
- # t.integer :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
33
- # t.string :unlock_token # Only if unlock strategy is :email or :both
34
- # t.datetime :locked_at
35
-
36
- ## User Info
37
- t.string :name
38
- t.string :nickname
39
- t.string :image
40
- t.string :email
41
-
42
- ## Tokens
43
- t.text :tokens
44
-
45
- t.timestamps
46
- end
47
-
48
- add_index :users, :email
49
- add_index :users, [:uid, :provider], :unique => true
50
- add_index :users, :reset_password_token, :unique => true
51
- # add_index :users, :confirmation_token, :unique => true
52
- # add_index :users, :unlock_token, :unique => true
53
- end
54
- end