RubyGems - devise_token_auth - Versions diffs - 0.1.38 → 0.1.39 - Mend

devise_token_auth 0.1.38 → 0.1.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devise_token_auth might be problematic. Click here for more details.

Files changed (14) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: aa39458371b7528fd21f448db0ee9925c85925c0
-  data.tar.gz: a0eaf377f37b1a5c36ff93df23effaee5747ebb5
+  metadata.gz: 69aefa1a60b35d0639a7ce60d2145992a1421288
+  data.tar.gz: 99d081fe410204ca5b64eb0406a602731d564b4b
 SHA512:
-  metadata.gz: 0cd833a8afc253f5c72622ef1536a10d0fc527ff830c089e3b6c8ce76c909dcd0a084d3c7cc6b563d663c009308043e3b2d8128c60d35dd5e58ba3df4f355d9f
-  data.tar.gz: 29f59819d0a882b8dc83c9ac78f172b8b8e7f20b80b4c361d3867ddff89295be122e0ced3d82e7387f0eaa7ffdfedb911daf685552e272f24d83bfc1bc564cc1
+  metadata.gz: 187e75b7fc83677e77b11cadcdcb7f30ca60e825d246d83a5f68530ca1dd3aa034183f9750efd16b826c4ed83bd50f7b99e6eb48329b4933f5b6e7c7997c1894
+  data.tar.gz: 1b95f3264baece0776433da8f186c2e48a47b52f8308212ed1038c78458e4ddf5fc601560cdb191cc40a504a69d2faaa4cc339e5397094dedaf821dd7ab1c144

data/README.md CHANGED

@@ -136,7 +136,7 @@ The following routes are available for use by your client. These routes live rel
 | path | method | purpose |
 |:-----|:-------|:--------|
 | /    | POST   | Email registration. Requires **`email`**, **`password`**, and **`password_confirmation`** params. A verification email will be sent to the email address provided. Accepted params can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. |
-| / | DELETE | Account deletion. This route will destroy users identified by their **`uid`** and **`auth_token`** headers. |
+| / | DELETE | Account deletion. This route will destroy users identified by their **`uid`**, **`access_token`** and **`client`** headers. |
 | / | PUT | Account updates. This route will update an existing user's account settings. The default accepted params are **`password`** and **`password_confirmation`**, but this can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. If **`config.check_current_password_before_update`** is set to `:attributes` the **`current_password`** param is checked before any update, if it is set to `:password` the **`current_password`** param is checked only if the request updates user password. |
 | /sign_in | POST | Email authentication. Requires **`email`** and **`password`** as params. This route will return a JSON representation of the `User` model on successful login along with the `access-token` and `client` in the header of the response. |
 | /sign_out | DELETE | Use this route to end the user's current session. This route will invalidate the user's authentication token. You must pass in **`uid`**, **`client`**, and **`access-token`** in the request headers. |

data/config/locales/zh-CN.yml ADDED

@@ -0,0 +1,54 @@
+zh-CN:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "您将在几分钟后收到一封电子邮件'%{email}',内有验证账号的步骤说明"
+      bad_credentials: "不正确的登录信息，请重试"
+      not_supported: "请使用 POST /sign_in 进行登录. GET 是不支持的."
+      user_not_found: "没有找到账号或没有成功登录"
+    token_validations:
+      invalid: "不正确的登录资料"
+    registrations:
+      missing_confirm_success_url: "缺少数据 'confirm_success_url'"
+      redirect_url_not_allowed: "不支持转向到 '%{redirect_url}'"
+      email_already_exists: "邮箱'%{email}'已被使用"
+      account_with_uid_destroyed: "账号 '%{uid}' 已被移除。"
+      account_to_destroy_not_found: "无法找到目标帐号。"
+      user_not_found: "找不到帐号。"
+    passwords:
+      missing_email: "必需提供邮箱。"
+      missing_redirect_url: "欠缺 redirect URL."
+      not_allowed_redirect_url: "不支持转向到 '%{redirect_url}'"
+      sended: "您将在几分钟后收到一封电子邮件'%{email}，内含可重新设定密码的链接。"
+      user_not_found: "找不到帐号 '%{email}'。"
+      password_not_required: "这不是一个需要密码的帐号. 请使用 '%{provider}' 进行登入"
+      missing_passwords: "必需填写'密码'与'确认密码'。"
+      successfully_updated: "您的密码已被修改。"
+  errors:
+    messages:
+      already_in_use: "已被使用。"
+      validate_sign_up_params: "请在request body中填入有效的注册内容"
+      validate_account_update_params: "请在request body中填入有效的更新帐号资料"
+      not_email: "这不是一个合适的邮箱。"
+  devise:
+    mailer:
+      confirmation_instructions:
+        confirm_link_msg: "可以使用下面的链接确定你的邮箱"
+        confirm_account_link: "确定你的帐号"
+      reset_password_instructions:
+        request_reset_link_msg: "已申请修改您的密码，你可以用下面的链接进入"
+        password_change_link: "修改我的密码"
+        ignore_mail_msg: "如你没有申请，请忽略"
+        no_changes_msg: "在你点击上面链接前，你的密码都没有改变"
+      unlock_instructions:
+        account_lock_msg: "由于多次登入失败，我们已锁定你的帐号"
+        unlock_link_msg: "可以使用下面的链接解锁你的帐号"
+        unlock_link: "解锁帐号"
+  activerecord:
+    errors:
+      models:
+        user:
+          attributes:
+            email:
+              already_in_use: "邮箱已被使用"
+  hello: "你好"
+  welcome: "欢迎"

data/lib/devise_token_auth/rails/routes.rb CHANGED

@@ -73,8 +73,22 @@ module ActionDispatch::Routing
               set_omniauth_path_prefix!(DeviseTokenAuth.omniauth_prefix)
+              redirect_params = {}.tap {|hash| qs.each{|k, v| hash[k] = v.first}}
+              if DeviseTokenAuth.redirect_whitelist
+                redirect_url = request.params['auth_origin_url']
+                unless DeviseTokenAuth.redirect_whitelist.include?(redirect_url)
+                  message = I18n.t(
+                    'devise_token_auth.registrations.redirect_url_not_allowed',
+                    redirect_url: redirect_url
+                  )
+                  redirect_params['message'] = message
+                  next "#{::OmniAuth.config.path_prefix}/failure?#{redirect_params.to_param}"
+                end
+              end
               # re-construct the path for omniauth
-              "#{::OmniAuth.config.path_prefix}/#{params[:provider]}?#{{}.tap {|hash| qs.each{|k, v| hash[k] = v.first}}.to_param}"
+              "#{::OmniAuth.config.path_prefix}/#{params[:provider]}?#{redirect_params.to_param}"
             }, via: [:get]
           end
         end

data/lib/devise_token_auth/version.rb CHANGED

@@ -1,3 +1,3 @@
 module DeviseTokenAuth
-  VERSION = "0.1.38"
+  VERSION = "0.1.39"
 end

data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb CHANGED

@@ -1,4 +1,4 @@
-class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
+class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration<%= '[' << Rails::VERSION::STRING[0..2] << ']'%>
   def change
     create_table(:<%= user_class.pluralize.underscore %>) do |t|
       ## Required

data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb CHANGED

@@ -279,4 +279,46 @@ class OmniauthTest < ActionDispatch::IntegrationTest
       }
     end
   end
+  describe 'Using redirect_whitelist' do
+    before do
+      @user_email = 'slemp.diggler@sillybandz.gov'
+      OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
+        provider: 'facebook',
+        uid: '123545',
+        info: {
+          name: 'chong',
+          email: @user_email
+        }
+      )
+      @good_redirect_url = Faker::Internet.url
+      @bad_redirect_url = Faker::Internet.url
+      DeviseTokenAuth.redirect_whitelist = [@good_redirect_url]
+    end
+    teardown do
+      DeviseTokenAuth.redirect_whitelist = nil
+    end
+    test 'request using non-whitelisted redirect fail' do
+      get_via_redirect '/auth/facebook',
+                       auth_origin_url: @bad_redirect_url,
+                       omniauth_window_type: 'newWindow'
+      data_json = @response.body.match(/var data \= (.+)\;/)[1]
+      data = ActiveSupport::JSON.decode(data_json)
+      assert_equal "Redirect to '#{@bad_redirect_url}' not allowed.",
+                   data['error']
+    end
+    test 'request to whitelisted redirect should succeed' do
+      get_via_redirect '/auth/facebook',
+                       auth_origin_url: @good_redirect_url,
+                       omniauth_window_type: 'newWindow'
+      data_json = @response.body.match(/var data \= (.+)\;/)[1]
+      data = ActiveSupport::JSON.decode(data_json)
+      assert_equal @user_email, data['email']
+    end
+  end
 end

data/test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb ADDED

@@ -0,0 +1,5 @@
+<p><%= t(:welcome).capitalize + ' ' + @email %>!</p>
+<p><%= t '.confirm_link_msg' %> </p>
+<p><%= link_to t('.confirm_account_link'), confirmation_url(@resource, {confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']}).html_safe %></p>

data/test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb ADDED

@@ -0,0 +1,8 @@
+<p><%= t(:hello).capitalize %> <%= @resource.email %>!</p>
+<p><%= t '.request_reset_link_msg' %></p>
+<p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s).html_safe %></p>
+<p><%= t '.ignore_mail_msg' %></p>
+<p><%= t '.no_changes_msg' %></p>

data/test/lib/generators/devise_token_auth/install_generator_test.rb CHANGED

@@ -28,6 +28,10 @@ module DeviseTokenAuth
         assert_migration 'db/migrate/devise_token_auth_create_users.rb'
       end
+      test 'migration file contains rails version' do
+        assert_migration 'db/migrate/devise_token_auth_create_users.rb', /4.2/
+      end
       test 'subsequent runs raise no errors' do
         run_generator
       end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_token_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.38
+  version: 0.1.39
 platform: ruby
 authors:
 - Lynn Hurley
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-07-11 00:00:00.000000000 Z
+date: 2016-08-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -122,6 +122,7 @@ files:
 - config/locales/pt-BR.yml
 - config/locales/pt.yml
 - config/locales/ru.yml
+- config/locales/zh-CN.yml
 - config/locales/zh-HK.yml
 - config/locales/zh-TW.yml
 - lib/devise_token_auth.rb
@@ -221,9 +222,8 @@ files:
 - test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb
 - test/dummy/db/schema.rb
 - test/dummy/lib/migration_database_helper.rb
-- test/dummy/tmp/generators/app/models/user.rb
-- test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
-- test/dummy/tmp/generators/db/migrate/20160711201448_devise_token_auth_create_users.rb
+- test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
+- test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
 - test/integration/navigation_test.rb
 - test/lib/devise_token_auth/url_test.rb
 - test/lib/generators/devise_token_auth/install_generator_test.rb
@@ -339,9 +339,8 @@ test_files:
 - test/dummy/db/schema.rb
 - test/dummy/lib/migration_database_helper.rb
 - test/dummy/README.rdoc
-- test/dummy/tmp/generators/app/models/user.rb
-- test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
-- test/dummy/tmp/generators/db/migrate/20160711201448_devise_token_auth_create_users.rb
+- test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
+- test/dummy/tmp/generators/app/views/devise/mailer/reset_password_instructions.html.erb
 - test/integration/navigation_test.rb
 - test/lib/devise_token_auth/url_test.rb
 - test/lib/generators/devise_token_auth/install_generator_test.rb

data/test/dummy/tmp/generators/app/models/user.rb DELETED

@@ -1,7 +0,0 @@
-class User < ActiveRecord::Base
-  # Include default devise modules.
-  devise :database_authenticatable, :registerable,
-          :recoverable, :rememberable, :trackable, :validatable,
-          :confirmable, :omniauthable
-  include DeviseTokenAuth::Concerns::User
-end

data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb DELETED

@@ -1,48 +0,0 @@
-DeviseTokenAuth.setup do |config|
-  # By default the authorization headers will change after each request. The
-  # client is responsible for keeping track of the changing tokens. Change
-  # this to false to prevent the Authorization header from changing after
-  # each request.
-  # config.change_headers_on_each_request = true
-  # By default, users will need to re-authenticate after 2 weeks. This setting
-  # determines how long tokens will remain valid after they are issued.
-  # config.token_lifespan = 2.weeks
-  # Sets the max number of concurrent devices per user, which is 10 by default.
-  # After this limit is reached, the oldest tokens will be removed.
-  # config.max_number_of_devices = 10
-  # Sometimes it's necessary to make several requests to the API at the same
-  # time. In this case, each request in the batch will need to share the same
-  # auth token. This setting determines how far apart the requests can be while
-  # still using the same auth token.
-  # config.batch_request_buffer_throttle = 5.seconds
-  # This route will be the prefix for all oauth2 redirect callbacks. For
-  # example, using the default '/omniauth', the github oauth2 provider will
-  # redirect successful authentications to '/omniauth/github/callback'
-  # config.omniauth_prefix = "/omniauth"
-  # By default sending current password is not needed for the password update.
-  # Uncomment to enforce current_password param to be checked before all
-  # attribute updates. Set it to :password if you want it to be checked only if
-  # password is updated.
-  # config.check_current_password_before_update = :attributes
-  # By default we will use callbacks for single omniauth.
-  # It depends on fields like email, provider and uid.
-  # config.default_callbacks = true
-  # Makes it possible to change the headers names
-  # config.headers_names = {:'access-token' => 'access-token',
-  #                        :'client' => 'client',
-  #                        :'expiry' => 'expiry',
-  #                        :'uid' => 'uid',
-  #                        :'token-type' => 'token-type' }
-  # By default, only Bearer Token authentication is implemented out of the box.
-  # If, however, you wish to integrate with legacy Devise authentication, you can
-  # do so by enabling this flag. NOTE: This feature is highly experimental!
-  # config.enable_standard_devise_support = false
-end

data/test/dummy/tmp/generators/db/migrate/20160711201448_devise_token_auth_create_users.rb DELETED

@@ -1,54 +0,0 @@
-class DeviseTokenAuthCreateUsers < ActiveRecord::Migration
-  def change
-    create_table(:users) do |t|
-      ## Required
-      t.string :provider, :null => false, :default => "email"
-      t.string :uid, :null => false, :default => ""
-      ## Database authenticatable
-      t.string :encrypted_password, :null => false, :default => ""
-      ## Recoverable
-      t.string   :reset_password_token
-      t.datetime :reset_password_sent_at
-      ## Rememberable
-      t.datetime :remember_created_at
-      ## Trackable
-      t.integer  :sign_in_count, :default => 0, :null => false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-      ## Confirmable
-      t.string   :confirmation_token
-      t.datetime :confirmed_at
-      t.datetime :confirmation_sent_at
-      t.string   :unconfirmed_email # Only if using reconfirmable
-      ## Lockable
-      # t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
-      # t.string   :unlock_token # Only if unlock strategy is :email or :both
-      # t.datetime :locked_at
-      ## User Info
-      t.string :name
-      t.string :nickname
-      t.string :image
-      t.string :email
-      ## Tokens
-      t.text :tokens
-      t.timestamps
-    end
-    add_index :users, :email
-    add_index :users, [:uid, :provider],     :unique => true
-    add_index :users, :reset_password_token, :unique => true
-    # add_index :users, :confirmation_token,   :unique => true
-    # add_index :users, :unlock_token,         :unique => true
-  end
-end