devise_token_auth 0.1.38 → 0.1.39
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devise_token_auth might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/config/locales/zh-CN.yml +54 -0
- data/lib/devise_token_auth/rails/routes.rb +15 -1
- data/lib/devise_token_auth/version.rb +1 -1
- data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +1 -1
- data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +42 -0
- data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/test/lib/generators/devise_token_auth/install_generator_test.rb +4 -0
- metadata +7 -8
- data/test/dummy/tmp/generators/app/models/user.rb +0 -7
- data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb +0 -48
- data/test/dummy/tmp/generators/db/migrate/20160711201448_devise_token_auth_create_users.rb +0 -54
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 69aefa1a60b35d0639a7ce60d2145992a1421288
|
4
|
+
data.tar.gz: 99d081fe410204ca5b64eb0406a602731d564b4b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 187e75b7fc83677e77b11cadcdcb7f30ca60e825d246d83a5f68530ca1dd3aa034183f9750efd16b826c4ed83bd50f7b99e6eb48329b4933f5b6e7c7997c1894
|
7
|
+
data.tar.gz: 1b95f3264baece0776433da8f186c2e48a47b52f8308212ed1038c78458e4ddf5fc601560cdb191cc40a504a69d2faaa4cc339e5397094dedaf821dd7ab1c144
|
data/README.md
CHANGED
@@ -136,7 +136,7 @@ The following routes are available for use by your client. These routes live rel
|
|
136
136
|
| path | method | purpose |
|
137
137
|
|:-----|:-------|:--------|
|
138
138
|
| / | POST | Email registration. Requires **`email`**, **`password`**, and **`password_confirmation`** params. A verification email will be sent to the email address provided. Accepted params can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. |
|
139
|
-
| / | DELETE | Account deletion. This route will destroy users identified by their **`uid`** and **`
|
139
|
+
| / | DELETE | Account deletion. This route will destroy users identified by their **`uid`**, **`access_token`** and **`client`** headers. |
|
140
140
|
| / | PUT | Account updates. This route will update an existing user's account settings. The default accepted params are **`password`** and **`password_confirmation`**, but this can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. If **`config.check_current_password_before_update`** is set to `:attributes` the **`current_password`** param is checked before any update, if it is set to `:password` the **`current_password`** param is checked only if the request updates user password. |
|
141
141
|
| /sign_in | POST | Email authentication. Requires **`email`** and **`password`** as params. This route will return a JSON representation of the `User` model on successful login along with the `access-token` and `client` in the header of the response. |
|
142
142
|
| /sign_out | DELETE | Use this route to end the user's current session. This route will invalidate the user's authentication token. You must pass in **`uid`**, **`client`**, and **`access-token`** in the request headers. |
|
@@ -0,0 +1,54 @@
|
|
1
|
+
zh-CN:
|
2
|
+
devise_token_auth:
|
3
|
+
sessions:
|
4
|
+
not_confirmed: "您将在几分钟后收到一封电子邮件'%{email}',内有验证账号的步骤说明"
|
5
|
+
bad_credentials: "不正确的登录信息,请重试"
|
6
|
+
not_supported: "请使用 POST /sign_in 进行登录. GET 是不支持的."
|
7
|
+
user_not_found: "没有找到账号或没有成功登录"
|
8
|
+
token_validations:
|
9
|
+
invalid: "不正确的登录资料"
|
10
|
+
registrations:
|
11
|
+
missing_confirm_success_url: "缺少数据 'confirm_success_url'"
|
12
|
+
redirect_url_not_allowed: "不支持转向到 '%{redirect_url}'"
|
13
|
+
email_already_exists: "邮箱'%{email}'已被使用"
|
14
|
+
account_with_uid_destroyed: "账号 '%{uid}' 已被移除。"
|
15
|
+
account_to_destroy_not_found: "无法找到目标帐号。"
|
16
|
+
user_not_found: "找不到帐号。"
|
17
|
+
passwords:
|
18
|
+
missing_email: "必需提供邮箱。"
|
19
|
+
missing_redirect_url: "欠缺 redirect URL."
|
20
|
+
not_allowed_redirect_url: "不支持转向到 '%{redirect_url}'"
|
21
|
+
sended: "您将在几分钟后收到一封电子邮件'%{email},内含可重新设定密码的链接。"
|
22
|
+
user_not_found: "找不到帐号 '%{email}'。"
|
23
|
+
password_not_required: "这不是一个需要密码的帐号. 请使用 '%{provider}' 进行登入"
|
24
|
+
missing_passwords: "必需填写'密码'与'确认密码'。"
|
25
|
+
successfully_updated: "您的密码已被修改。"
|
26
|
+
errors:
|
27
|
+
messages:
|
28
|
+
already_in_use: "已被使用。"
|
29
|
+
validate_sign_up_params: "请在request body中填入有效的注册内容"
|
30
|
+
validate_account_update_params: "请在request body中填入有效的更新帐号资料"
|
31
|
+
not_email: "这不是一个合适的邮箱。"
|
32
|
+
devise:
|
33
|
+
mailer:
|
34
|
+
confirmation_instructions:
|
35
|
+
confirm_link_msg: "可以使用下面的链接确定你的邮箱"
|
36
|
+
confirm_account_link: "确定你的帐号"
|
37
|
+
reset_password_instructions:
|
38
|
+
request_reset_link_msg: "已申请修改您的密码,你可以用下面的链接进入"
|
39
|
+
password_change_link: "修改我的密码"
|
40
|
+
ignore_mail_msg: "如你没有申请,请忽略"
|
41
|
+
no_changes_msg: "在你点击上面链接前,你的密码都没有改变"
|
42
|
+
unlock_instructions:
|
43
|
+
account_lock_msg: "由于多次登入失败,我们已锁定你的帐号"
|
44
|
+
unlock_link_msg: "可以使用下面的链接解锁你的帐号"
|
45
|
+
unlock_link: "解锁帐号"
|
46
|
+
activerecord:
|
47
|
+
errors:
|
48
|
+
models:
|
49
|
+
user:
|
50
|
+
attributes:
|
51
|
+
email:
|
52
|
+
already_in_use: "邮箱已被使用"
|
53
|
+
hello: "你好"
|
54
|
+
welcome: "欢迎"
|
@@ -73,8 +73,22 @@ module ActionDispatch::Routing
|
|
73
73
|
|
74
74
|
set_omniauth_path_prefix!(DeviseTokenAuth.omniauth_prefix)
|
75
75
|
|
76
|
+
redirect_params = {}.tap {|hash| qs.each{|k, v| hash[k] = v.first}}
|
77
|
+
|
78
|
+
if DeviseTokenAuth.redirect_whitelist
|
79
|
+
redirect_url = request.params['auth_origin_url']
|
80
|
+
unless DeviseTokenAuth.redirect_whitelist.include?(redirect_url)
|
81
|
+
message = I18n.t(
|
82
|
+
'devise_token_auth.registrations.redirect_url_not_allowed',
|
83
|
+
redirect_url: redirect_url
|
84
|
+
)
|
85
|
+
redirect_params['message'] = message
|
86
|
+
next "#{::OmniAuth.config.path_prefix}/failure?#{redirect_params.to_param}"
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
76
90
|
# re-construct the path for omniauth
|
77
|
-
"#{::OmniAuth.config.path_prefix}/#{params[:provider]}?#{
|
91
|
+
"#{::OmniAuth.config.path_prefix}/#{params[:provider]}?#{redirect_params.to_param}"
|
78
92
|
}, via: [:get]
|
79
93
|
end
|
80
94
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
|
1
|
+
class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration<%= '[' << Rails::VERSION::STRING[0..2] << ']'%>
|
2
2
|
def change
|
3
3
|
create_table(:<%= user_class.pluralize.underscore %>) do |t|
|
4
4
|
## Required
|
@@ -279,4 +279,46 @@ class OmniauthTest < ActionDispatch::IntegrationTest
|
|
279
279
|
}
|
280
280
|
end
|
281
281
|
end
|
282
|
+
|
283
|
+
describe 'Using redirect_whitelist' do
|
284
|
+
before do
|
285
|
+
@user_email = 'slemp.diggler@sillybandz.gov'
|
286
|
+
OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
|
287
|
+
provider: 'facebook',
|
288
|
+
uid: '123545',
|
289
|
+
info: {
|
290
|
+
name: 'chong',
|
291
|
+
email: @user_email
|
292
|
+
}
|
293
|
+
)
|
294
|
+
@good_redirect_url = Faker::Internet.url
|
295
|
+
@bad_redirect_url = Faker::Internet.url
|
296
|
+
DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
|
297
|
+
end
|
298
|
+
|
299
|
+
teardown do
|
300
|
+
DeviseTokenAuth.redirect_whitelist = nil
|
301
|
+
end
|
302
|
+
|
303
|
+
test 'request using non-whitelisted redirect fail' do
|
304
|
+
get_via_redirect '/auth/facebook',
|
305
|
+
auth_origin_url: @bad_redirect_url,
|
306
|
+
omniauth_window_type: 'newWindow'
|
307
|
+
|
308
|
+
data_json = @response.body.match(/var data \= (.+)\;/)[1]
|
309
|
+
data = ActiveSupport::JSON.decode(data_json)
|
310
|
+
assert_equal "Redirect to '#{@bad_redirect_url}' not allowed.",
|
311
|
+
data['error']
|
312
|
+
end
|
313
|
+
|
314
|
+
test 'request to whitelisted redirect should succeed' do
|
315
|
+
get_via_redirect '/auth/facebook',
|
316
|
+
auth_origin_url: @good_redirect_url,
|
317
|
+
omniauth_window_type: 'newWindow'
|
318
|
+
|
319
|
+
data_json = @response.body.match(/var data \= (.+)\;/)[1]
|
320
|
+
data = ActiveSupport::JSON.decode(data_json)
|
321
|
+
assert_equal @user_email, data['email']
|
322
|
+
end
|
323
|
+
end
|
282
324
|
end
|
@@ -0,0 +1,5 @@
|
|
1
|
+
<p><%= t(:welcome).capitalize + ' ' + @email %>!</p>
|
2
|
+
|
3
|
+
<p><%= t '.confirm_link_msg' %> </p>
|
4
|
+
|
5
|
+
<p><%= link_to t('.confirm_account_link'), confirmation_url(@resource, {confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']}).html_safe %></p>
|
@@ -0,0 +1,8 @@
|
|
1
|
+
<p><%= t(:hello).capitalize %> <%= @resource.email %>!</p>
|
2
|
+
|
3
|
+
<p><%= t '.request_reset_link_msg' %></p>
|
4
|
+
|
5
|
+
<p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s).html_safe %></p>
|
6
|
+
|
7
|
+
<p><%= t '.ignore_mail_msg' %></p>
|
8
|
+
<p><%= t '.no_changes_msg' %></p>
|
@@ -28,6 +28,10 @@ module DeviseTokenAuth
|
|
28
28
|
assert_migration 'db/migrate/devise_token_auth_create_users.rb'
|
29
29
|
end
|
30
30
|
|
31
|
+
test 'migration file contains rails version' do
|
32
|
+
assert_migration 'db/migrate/devise_token_auth_create_users.rb', /4.2/
|
33
|
+
end
|
34
|
+
|
31
35
|
test 'subsequent runs raise no errors' do
|
32
36
|
run_generator
|
33
37
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_token_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.39
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Lynn Hurley
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-08-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -122,6 +122,7 @@ files:
|
|
122
122
|
- config/locales/pt-BR.yml
|
123
123
|
- config/locales/pt.yml
|
124
124
|
- config/locales/ru.yml
|
125
|
+
- config/locales/zh-CN.yml
|
125
126
|
- config/locales/zh-HK.yml
|
126
127
|
- config/locales/zh-TW.yml
|
127
128
|
- lib/devise_token_auth.rb
|
@@ -221,9 +222,8 @@ files:
|
|
221
222
|
- test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb
|
222
223
|
- test/dummy/db/schema.rb
|
223
224
|
- test/dummy/lib/migration_database_helper.rb
|
224
|
-
- test/dummy/tmp/generators/app/
|
225
|
-
- test/dummy/tmp/generators/
|
226
|
-
- test/dummy/tmp/generators/db/migrate/20160711201448_devise_token_auth_create_users.rb
|
225
|
+
- test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
|
226
|
+
- test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
|
227
227
|
- test/integration/navigation_test.rb
|
228
228
|
- test/lib/devise_token_auth/url_test.rb
|
229
229
|
- test/lib/generators/devise_token_auth/install_generator_test.rb
|
@@ -339,9 +339,8 @@ test_files:
|
|
339
339
|
- test/dummy/db/schema.rb
|
340
340
|
- test/dummy/lib/migration_database_helper.rb
|
341
341
|
- test/dummy/README.rdoc
|
342
|
-
- test/dummy/tmp/generators/app/
|
343
|
-
- test/dummy/tmp/generators/
|
344
|
-
- test/dummy/tmp/generators/db/migrate/20160711201448_devise_token_auth_create_users.rb
|
342
|
+
- test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
|
343
|
+
- test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
|
345
344
|
- test/integration/navigation_test.rb
|
346
345
|
- test/lib/devise_token_auth/url_test.rb
|
347
346
|
- test/lib/generators/devise_token_auth/install_generator_test.rb
|
@@ -1,48 +0,0 @@
|
|
1
|
-
DeviseTokenAuth.setup do |config|
|
2
|
-
# By default the authorization headers will change after each request. The
|
3
|
-
# client is responsible for keeping track of the changing tokens. Change
|
4
|
-
# this to false to prevent the Authorization header from changing after
|
5
|
-
# each request.
|
6
|
-
# config.change_headers_on_each_request = true
|
7
|
-
|
8
|
-
# By default, users will need to re-authenticate after 2 weeks. This setting
|
9
|
-
# determines how long tokens will remain valid after they are issued.
|
10
|
-
# config.token_lifespan = 2.weeks
|
11
|
-
|
12
|
-
# Sets the max number of concurrent devices per user, which is 10 by default.
|
13
|
-
# After this limit is reached, the oldest tokens will be removed.
|
14
|
-
# config.max_number_of_devices = 10
|
15
|
-
|
16
|
-
# Sometimes it's necessary to make several requests to the API at the same
|
17
|
-
# time. In this case, each request in the batch will need to share the same
|
18
|
-
# auth token. This setting determines how far apart the requests can be while
|
19
|
-
# still using the same auth token.
|
20
|
-
# config.batch_request_buffer_throttle = 5.seconds
|
21
|
-
|
22
|
-
# This route will be the prefix for all oauth2 redirect callbacks. For
|
23
|
-
# example, using the default '/omniauth', the github oauth2 provider will
|
24
|
-
# redirect successful authentications to '/omniauth/github/callback'
|
25
|
-
# config.omniauth_prefix = "/omniauth"
|
26
|
-
|
27
|
-
# By default sending current password is not needed for the password update.
|
28
|
-
# Uncomment to enforce current_password param to be checked before all
|
29
|
-
# attribute updates. Set it to :password if you want it to be checked only if
|
30
|
-
# password is updated.
|
31
|
-
# config.check_current_password_before_update = :attributes
|
32
|
-
|
33
|
-
# By default we will use callbacks for single omniauth.
|
34
|
-
# It depends on fields like email, provider and uid.
|
35
|
-
# config.default_callbacks = true
|
36
|
-
|
37
|
-
# Makes it possible to change the headers names
|
38
|
-
# config.headers_names = {:'access-token' => 'access-token',
|
39
|
-
# :'client' => 'client',
|
40
|
-
# :'expiry' => 'expiry',
|
41
|
-
# :'uid' => 'uid',
|
42
|
-
# :'token-type' => 'token-type' }
|
43
|
-
|
44
|
-
# By default, only Bearer Token authentication is implemented out of the box.
|
45
|
-
# If, however, you wish to integrate with legacy Devise authentication, you can
|
46
|
-
# do so by enabling this flag. NOTE: This feature is highly experimental!
|
47
|
-
# config.enable_standard_devise_support = false
|
48
|
-
end
|
@@ -1,54 +0,0 @@
|
|
1
|
-
class DeviseTokenAuthCreateUsers < ActiveRecord::Migration
|
2
|
-
def change
|
3
|
-
create_table(:users) do |t|
|
4
|
-
## Required
|
5
|
-
t.string :provider, :null => false, :default => "email"
|
6
|
-
t.string :uid, :null => false, :default => ""
|
7
|
-
|
8
|
-
## Database authenticatable
|
9
|
-
t.string :encrypted_password, :null => false, :default => ""
|
10
|
-
|
11
|
-
## Recoverable
|
12
|
-
t.string :reset_password_token
|
13
|
-
t.datetime :reset_password_sent_at
|
14
|
-
|
15
|
-
## Rememberable
|
16
|
-
t.datetime :remember_created_at
|
17
|
-
|
18
|
-
## Trackable
|
19
|
-
t.integer :sign_in_count, :default => 0, :null => false
|
20
|
-
t.datetime :current_sign_in_at
|
21
|
-
t.datetime :last_sign_in_at
|
22
|
-
t.string :current_sign_in_ip
|
23
|
-
t.string :last_sign_in_ip
|
24
|
-
|
25
|
-
## Confirmable
|
26
|
-
t.string :confirmation_token
|
27
|
-
t.datetime :confirmed_at
|
28
|
-
t.datetime :confirmation_sent_at
|
29
|
-
t.string :unconfirmed_email # Only if using reconfirmable
|
30
|
-
|
31
|
-
## Lockable
|
32
|
-
# t.integer :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
|
33
|
-
# t.string :unlock_token # Only if unlock strategy is :email or :both
|
34
|
-
# t.datetime :locked_at
|
35
|
-
|
36
|
-
## User Info
|
37
|
-
t.string :name
|
38
|
-
t.string :nickname
|
39
|
-
t.string :image
|
40
|
-
t.string :email
|
41
|
-
|
42
|
-
## Tokens
|
43
|
-
t.text :tokens
|
44
|
-
|
45
|
-
t.timestamps
|
46
|
-
end
|
47
|
-
|
48
|
-
add_index :users, :email
|
49
|
-
add_index :users, [:uid, :provider], :unique => true
|
50
|
-
add_index :users, :reset_password_token, :unique => true
|
51
|
-
# add_index :users, :confirmation_token, :unique => true
|
52
|
-
# add_index :users, :unlock_token, :unique => true
|
53
|
-
end
|
54
|
-
end
|