devise_token_auth 0.1.39 → 0.1.40

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 69aefa1a60b35d0639a7ce60d2145992a1421288
-  data.tar.gz: 99d081fe410204ca5b64eb0406a602731d564b4b
+  metadata.gz: f3e318b47eb34d368c22c9fb6858d558e877322f
+  data.tar.gz: 36100cc69480a97cfcd99ab3ef0ec6bf142b9e89
 SHA512:
-  metadata.gz: 187e75b7fc83677e77b11cadcdcb7f30ca60e825d246d83a5f68530ca1dd3aa034183f9750efd16b826c4ed83bd50f7b99e6eb48329b4933f5b6e7c7997c1894
-  data.tar.gz: 1b95f3264baece0776433da8f186c2e48a47b52f8308212ed1038c78458e4ddf5fc601560cdb191cc40a504a69d2faaa4cc339e5397094dedaf821dd7ab1c144
+  metadata.gz: 5b9d347ffaa08b281d78a9155c26093824ec8fea9e21693dc1e6a699a8254d409d5dee86606561607aa33675eceb5282c02525ce2df2c5e282d3f20b23709e33
+  data.tar.gz: d851b30ebc2fe9d7fce6ad65cfb7b7bd507abc34757743c0487736f13fedd2627166c82c129d9e0ba2609810fcbfe3d405900a247ef79ba144544830b5844834

data/README.md

@@ -12,7 +12,10 @@
 
 This gem provides the following features:
 
-* Seamless integration with both the the venerable [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) module for [angular.js](https://github.com/angular/angular.js) and the outstanding [jToker](https://github.com/lynndylanhurley/j-toker) plugin for [jQuery](https://jquery.com/).
+* Seamless integration with:
+  * [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) for [AngularJS](https://github.com/angular/angular.js)
+  * [Angular2-Token](https://github.com/neroniaky/angular2-token) for [Angular2](https://github.com/angular/angular)
+  * [jToker](https://github.com/lynndylanhurley/j-toker) for [jQuery](https://jquery.com/)
 * Oauth2 authentication using [OmniAuth](https://github.com/intridea/omniauth).
 * Email authentication using [Devise](https://github.com/plataformatec/devise), including:
   * User registration
@@ -24,7 +27,9 @@ This gem provides the following features:
 
 # Live Demos
 
-[Here is a demo](http://ng-token-auth-demo.herokuapp.com/) of this app running with the [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) module and [AngularJS](https://angularjs.org/).
+[Here is a demo](http://ng-token-auth-demo.herokuapp.com/) of this app running with the [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) module and [AngularJS](https://github.com/angular/angular.js).
+
+[Here is a demo](https://angular2-token.herokuapp.com) of this app running with the [Angular2-Token](https://github.com/neroniaky/angular2-token) service and [Angular2](https://github.com/angular/angular).
 
 [Here is a demo](https://j-toker-demo.herokuapp.com/) of this app using the [jToker](https://github.com/lynndylanhurley/j-toker) plugin and [React](http://facebook.github.io/react/).
 
@@ -163,7 +168,7 @@ The following settings are available for configuration in `config/initializers/d
 | **`omniauth_prefix`** | `"/omniauth"` | This route will be the prefix for all oauth2 redirect callbacks. For example, using the default '/omniauth' setting, the github oauth2 provider will redirect successful authentications to '/omniauth/github/callback'. [Read more](#omniauth-provider-settings). |
 | **`default_confirm_success_url`** | `nil` | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful email confirmation. If this param is set, the API will redirect to this value when no value is provided by the client. |
 | **`default_password_reset_url`** | `nil` | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful password resets. If this param is set, the API will redirect to this value when no value is provided by the client. |
-| **`redirect_whitelist`** | `nil` | As an added security measure, you can limit the URLs to which the API will redirect after email token validation (password reset, email confirmation, etc.). This value should be an array containing exact matches to the client URLs to be visited after validation. |
+| **`redirect_whitelist`** | `nil` | As an added security measure, you can limit the URLs to which the API will redirect after email token validation (password reset, email confirmation, etc.). This value should be an array containing matches to the client URLs to be visited after validation. Wildcards are supported. |
 | **`enable_standard_devise_support`** | `false` | By default, only Bearer Token authentication is implemented out of the box. If, however, you wish to integrate with legacy Devise authentication, you can do so by enabling this flag. NOTE: This feature is highly experimental! |
 | **`remove_tokens_after_password_reset`** | `false` | By default, old tokens are not invalidated when password is changed. Enable this option if you want to make passwords updates to logout other devices. |
 | **`default_callbacks`** | `true` | By default User model will include the `DeviseTokenAuth::Concerns::UserOmniauthCallbacks` concern, which has `email`, `uid` validations & `uid` synchronization callbacks. |
@@ -499,6 +504,7 @@ Models that include the `DeviseTokenAuth::Concerns::User` concern will have acce
 ### View Live Multi-User Demos
 
 * [AngularJS](http://ng-token-auth-demo.herokuapp.com/multi-user)
+* [Angular2](https://angular2-token.herokuapp.com)
 * [React + jToker](http://j-toker-demo.herokuapp.com/#/alt-user)
 
 This gem supports the use of multiple user models. One possible use case is to authenticate visitors using a model called `User`, and to authenticate administrators with a model called `Admin`. Take the following steps to add another authentication model to your app:
@@ -764,20 +770,20 @@ These files may be edited to suit your taste. You can customize the e-mail subje
 
 When posting issues, please include the following information to speed up the troubleshooting process:
 
-* **Version**: which version of this gem (and [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) / [jToker](https://github.com/lynndylanhurley/j-toker) if applicable) are you using?
+* **Version**: which version of this gem (and [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth), [jToker](https://github.com/lynndylanhurley/j-toker) or [Angular2-Token](https://github.com/neroniaky/angular2-token) if applicable) are you using?
 * **Request and response headers**: these can be found in the "Network" tab of your browser's web inspector.
 * **Rails Stacktrace**: this can be found in the `log/development.log` of your API.
 * **Environmental Info**: How is your application different from the [reference implementation](https://github.com/lynndylanhurley/devise_token_auth_demo)? This may include (but is not limited to) the following details:
   * **Routes**: are you using some crazy namespace, scope, or constraint?
   * **Gems**: are you using MongoDB, Grape, RailsApi, ActiveAdmin, etc.?
   * **Custom Overrides**: what have you done in terms of [custom controller overrides](#custom-controller-overrides)?
-  * **Custom Frontend**: are you using [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth), [jToker](https://github.com/lynndylanhurley/j-toker), or something else?
+  * **Custom Frontend**: are you using [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth), [jToker](https://github.com/lynndylanhurley/j-toker), [Angular2-Token](https://github.com/neroniaky/angular2-token), or something else?
 
 # FAQ
 
 ### Can I use this gem alongside standard Devise?
 
-Yes! But you will need to enable the support use separate routes for standard Devise. So do something like this:
+Yes! But you will need to enable the support of separate routes for standard Devise. So do something like this:
 
 #### config/initializers/devise_token_auth.rb
 ~~~ruby
@@ -930,6 +936,7 @@ To run the test suite do the following:
 The last command will open the [guard](https://github.com/guard/guard) test-runner. Guard will re-run each test suite when changes are made to its corresponding files.
 
 To run just one test:
+
 1. Clone this repo
 2. Run `bundle install`
 3. Run `rake db:migrate`

data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb

@@ -13,7 +13,8 @@ module DeviseTokenAuth
       # before authentication.
       devise_mapping = [request.env['omniauth.params']['namespace_name'],
                         request.env['omniauth.params']['resource_class'].underscore.gsub('/', '_')].compact.join('_')
-      redirect_route = "#{request.protocol}#{request.host_with_port}/#{Devise.mappings[devise_mapping.to_sym].fullpath}/#{params[:provider]}/callback"
+      path = "#{Devise.mappings[devise_mapping.to_sym].fullpath}/#{params[:provider]}/callback"
+      redirect_route = URI::HTTP.build(scheme: request.scheme, host: request.host, port: request.port, path: path).to_s
 
       # preserve omniauth info for success route. ignore 'extra' in twitter
       # auth response to avoid CookieOverflow.

data/app/controllers/devise_token_auth/passwords_controller.rb

@@ -22,7 +22,7 @@ module DeviseTokenAuth
 
       # if whitelist is set, validate redirect_url against whitelist
       if DeviseTokenAuth.redirect_whitelist
-        unless DeviseTokenAuth.redirect_whitelist.include?(@redirect_url)
+        unless DeviseTokenAuth::Url.whitelisted?(@redirect_url)
           return render_create_error_not_allowed_redirect_url
         end
       end
@@ -168,7 +168,6 @@ module DeviseTokenAuth
     def render_create_success
       render json: {
         success: true,
-        data: resource_data,
         message: I18n.t("devise_token_auth.passwords.sended", email: @email)
       }
     end
@@ -223,7 +222,7 @@ module DeviseTokenAuth
     private
 
     def resource_params
-      params.permit(:email, :password, :password_confirmation, :current_password, :reset_password_token)
+      params.permit(:email, :password, :password_confirmation, :current_password, :reset_password_token, :redirect_url, :config)
     end
 
     def password_resource_params

data/app/controllers/devise_token_auth/registrations_controller.rb

@@ -29,7 +29,7 @@ module DeviseTokenAuth
 
       # if whitelist is set, validate redirect_url against whitelist
       if DeviseTokenAuth.redirect_whitelist
-        unless DeviseTokenAuth.redirect_whitelist.include?(@redirect_url)
+        unless DeviseTokenAuth::Url.whitelisted?(@redirect_url)
           return render_create_error_redirect_url_not_allowed
         end
       end

data/app/controllers/devise_token_auth/sessions_controller.rb

@@ -29,7 +29,12 @@ module DeviseTokenAuth
         @resource = resource_class.where(q, q_value).first
       end
 
-      if @resource and valid_params?(field, q_value) and @resource.valid_password?(resource_params[:password]) and (!@resource.respond_to?(:active_for_authentication?) or @resource.active_for_authentication?)
+      if @resource and valid_params?(field, q_value) and (!@resource.respond_to?(:active_for_authentication?) or @resource.active_for_authentication?)
+        valid_password = @resource.valid_password?(resource_params[:password])
+        if (@resource.respond_to?(:valid_for_authentication?) && !@resource.valid_for_authentication? { valid_password }) || !valid_password
+          render_create_error_bad_credentials
+          return
+        end
         # create client id
         @client_id = SecureRandom.urlsafe_base64(nil, false)
         @token     = SecureRandom.urlsafe_base64(nil, false)

data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb

@@ -18,7 +18,7 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
   # only validate unique email among users that registered by email
   def unique_email_user
     if provider == 'email' and self.class.where(provider: 'email', email: email).count > 0
-      errors.add(:email, I18n.t("errors.messages.already_in_use"))
+      errors.add(:email, :taken)
     end
   end
 

data/config/locales/de.yml

@@ -1,7 +1,7 @@
 de:
   devise_token_auth:
     sessions:
-      not_confirmed: "Ein E-Mail zu Bestätigung wurde an Ihre Adresse '%{email}' gesendet. Sie müssen den Anleitungsschritten im E-Mail folgen, um Ihren Account zu aktivieren"
+      not_confirmed: "Eine Bestätigungs-E-Mail wurde an Ihre Adresse '%{email}' gesendet. Sie müssen der Anleitung in der E-Mail folgen, um Ihren Account zu aktivieren."
       bad_credentials: "Ungültige Anmeldeinformationen. Bitte versuchen Sie es erneut."
       not_supported: "Verwenden Sie POST /sign_in zur Anmeldung. GET wird nicht unterstützt."
       user_not_found: "Benutzer wurde nicht gefunden oder konnte nicht angemeldet werden."
@@ -12,39 +12,38 @@ de:
       redirect_url_not_allowed: "Weiterleitung zu '%{redirect_url}' ist nicht gestattet."
       email_already_exists: "Es gibt bereits einen Account für '%{email}'."
       account_with_uid_destroyed: "Account mit der uid '%{uid}' wurde gelöscht."
-      account_to_destroy_not_found: "Der Account, der gelöscht werden soll, kann nicht gefunden werden."
+      account_to_destroy_not_found: "Der zu löschende Account kann nicht gefunden werden."
       user_not_found: "Benutzer kann nicht gefunden werden."
     passwords:
-      missing_email: "Sie müssen eine E-Mail Adresse angeben."
-      missing_redirect_url: "Es fehlt der URL zu Weiterleitung."
+      missing_email: "Sie müssen eine E-Mail-Adresse angeben."
+      missing_redirect_url: "Es fehlt die URL zu Weiterleitung."
       not_allowed_redirect_url: "Weiterleitung zu '%{redirect_url}' ist nicht gestattet."
-      sended: "Ein E-Mail mit Anleitung zum Rücksetzen Ihres Passwortes wurde an '%{email}' gesendet."
-      user_not_found: "Der Benutzer mit E-Mail-Adresse '%{email}' kann nicht gefunden werden."
-      password_not_required: "Dieser Account benötigt kein Passwort. Melden Sie Sich stattdessen über Ihren Account bei '%{provider}' an."
-      missing_passwords: "Sie müssen die Felder 'Passwort' and 'Passwortbestätigung' ausfüllen."
+      sended: "Ein E-Mail mit der Anleitung zum Zurücksetzen Ihres Passwortes wurde an '%{email}' gesendet."
+      user_not_found: "Der Benutzer mit der E-Mail-Adresse '%{email}' kann nicht gefunden werden."
+      password_not_required: "Dieser Account benötigt kein Passwort. Melden Sie sich stattdessen über Ihren Account bei '%{provider}' an."
+      missing_passwords: "Sie müssen die Felder 'Passwort' und 'Passwortbestätigung' ausfüllen."
       successfully_updated: "Ihr Passwort wurde erfolgreich aktualisiert."
   errors:
     messages:
       validate_sign_up_params: "Bitte übermitteln sie vollständige Anmeldeinformationen im Body des Requests."
       validate_account_update_params: "Bitte übermitteln sie vollständige Informationen zur Aktualisierung im Body des Requests."
-      not_email: "ist keine E-Mail Adresse"
-      already_in_use: "bereits in Verwendung"
+      not_email: "ist keine E-Mail-Adresse"
   devise:
     mailer:
       confirmation_instructions:
-        subject: "Bestätigungs-"
-        confirm_link_msg: "Sie können Ihr Konto E-Mail über den untenstehenden Link bestätigen:"
-        confirm_account_link: "Ihr Konto zu bestätigen"
+        subject: "Bestätigung Ihres Kontos"
+        confirm_link_msg: "Sie können Ihr Konto über den untenstehenden Link bestätigen:"
+        confirm_account_link: "Konto bestätigen"
       reset_password_instructions:
-        subject: "Wiederherstellungskennwort Anweisungen"
-        request_reset_link_msg: "Jemand hat einen Link auf Ihr Kennwort zu ändern angefordert. Sie können dies durch den folgenden Link tun:"
-        password_change_link: "Kennwort ändern"
-        ignore_mail_msg: "Wenn Sie nicht angefordert haben diese , ignorieren Sie bitte diese E-Mail:"
-        no_changes_msg: "Ihr Passwort wird nicht geändert , bis Sie auf den obigen Link zugreifen und eine neue erstellen ."
+        subject: "Passwort zurücksetzen"
+        request_reset_link_msg: "Jemand hat einen Link zur Änderungen Ihres Passwortes angefordert. Sie können dies durch den folgenden Link tun:"
+        password_change_link: "Passwort ändern"
+        ignore_mail_msg: "Wenn Sie keine Änderung Ihres Passwortes angefordert haben, ignorieren Sie bitte diese E-Mail:"
+        no_changes_msg: "Ihr Passwort wird nicht geändert, bis Sie auf den obigen Link zugreifen und eine neues Passwort erstellen."
       unlock_instructions:
-        subject: "entsperren Anweisungen"
-        account_lock_msg: "Ihr Konto wurde aufgrund einer übermäßigen Anzahl von erfolglosen Zeichen in Versuchen gesperrt."
-        unlock_link_msg: "Klicken Sie auf den Link unten , um Ihr Konto zu entsperren :"
-        unlock_link: "Entsperren Sie Ihr Konto "
+        subject: "Anweisungen zum Entsperren Ihres Kontos"
+        account_lock_msg: "Ihr Konto wurde aufgrund einer übermäßigen Anzahl von erfolglosen Anmeldeversuchen gesperrt."
+        unlock_link_msg: "Klicken Sie auf den Link unten, um Ihr Konto zu entsperren:"
+        unlock_link: "Entsperren Sie Ihr Konto"
   hello: "hallo"
-  welcome: "willkommen"
+  welcome: "willkommen"

data/config/locales/en.yml

@@ -25,7 +25,6 @@ en:
       successfully_updated: "Your password has been successfully updated."
   errors:
     messages:
-      already_in_use: "already in use"
       validate_sign_up_params: "Please submit proper sign up data in request body."
       validate_account_update_params: "Please submit proper account update data in request body."
       not_email: "is not an email"
@@ -44,4 +43,4 @@ en:
         unlock_link_msg: "Click the link below to unlock your account:"
         unlock_link: "Unlock my account"
   hello: "hello"
-  welcome: "welcome"
+  welcome: "welcome"

data/config/locales/es.yml

@@ -28,7 +28,6 @@ es:
       validate_sign_up_params: "Los datos introducidos en la solicitud de acceso no son válidos."
       validate_account_update_params: "Los datos introducidos en la solicitud de actualización no son válidos."
       not_email: "no es un correo electrónico"
-      already_in_use: "ya ha sido ocupado"
   devise:
     mailer:
       confirmation_instructions:
@@ -47,4 +46,4 @@ es:
         unlock_link_msg: "Para desbloquear su cuenta ingrese en el siguiente link:"
         unlock_link: "Desbloquear cuenta"
   hello: "hola"
-  welcome: "bienvenido"
+  welcome: "bienvenido"

data/config/locales/fr.yml

@@ -25,7 +25,6 @@ fr:
       successfully_updated: "Votre mot de passe a été correctement mis à jour."
   errors:
     messages:
-      already_in_use: "déjà utilisé(e)"
       validate_sign_up_params: "Les données d'inscription dans le corps de la requête ne sont pas valides."
       validate_account_update_params: "Les données de mise à jour dans le corps de la requête ne sont pas valides."
       not_email: "n'est pas une adresse e-mail"
@@ -47,4 +46,4 @@ fr:
         unlock_link_msg: "Cliquez sur le lien ci-dessous pour déverrouiller votre compte:"
         unlock_link: "Déverrouiller mon compte"
   hello: "bonjour"
-  welcome: "bienvenue"
+  welcome: "bienvenue"

data/config/locales/it.yml

@@ -0,0 +1,46 @@
+it:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "Un'email di conferma è stata mandata al tuo account '%{email}'. Segui le istruzioni nell'email per attivare il tuo account."
+      bad_credentials: "Credenziali di login non valide. Riprova."
+      not_supported: "Usa POST /sign_in per eseguire il login. GET non è supportato."
+      user_not_found: "Utente non trovato o non autenticato."
+    token_validations:
+      invalid: "Credenziali di login non valide"
+    registrations:
+      missing_confirm_success_url: "Parametro 'confirm_success_url' mancante."
+      redirect_url_not_allowed: "Redirezione a '%{redirect_url}' non consentita."
+      email_already_exists: "Esiste già un account per '%{email}'"
+      account_with_uid_destroyed: "L'account con UID '%{uid}' è stato eliminato."
+      account_to_destroy_not_found: "Impossibile trovare l'account da eliminare."
+      user_not_found: "Utente non trovato."
+    passwords:
+      missing_email: "Devi fornire un indirizzo email."
+      missing_redirect_url: "Redirect URL mancante."
+      not_allowed_redirect_url: "Redirezione a '%{redirect_url}' non consentita."
+      sended: "E' stata inviata un'email a '%{email}' contenente le istruzioni per reimpostare la password."
+      user_not_found: "Impossibile trovare un utente con email '%{email}'."
+      password_not_required: "Questo account non richiede una password. Accedi utilizzando l'account di '%{provider}'."
+      missing_passwords: "Devi riempire i campi 'Password' e 'Password confirmation'."
+      successfully_updated: "La tua password è stata aggiornata correttamente."
+  errors:
+    messages:
+      validate_sign_up_params: "Dati di registrazione non validi."
+      validate_account_update_params: "Dati di aggiornamento dell'account non validi."
+      not_email: "non è un'email"
+  devise:
+    mailer:
+      confirmation_instructions:
+        confirm_link_msg: "Puoi confermare il tuo account email cliccando sul seguente link:"
+        confirm_account_link: "Conferma il mio account"
+      reset_password_instructions:
+        request_reset_link_msg: "Qualcuno ha richiesto un link per cambiare la tua password. Puoi farlo cliccando sul seguente link."
+        password_change_link: "Cambia la mia password"
+        ignore_mail_msg: "Se non hai richiesto questa operazione, puoi ignorare l'email."
+        no_changes_msg: "La tua password non cambierà finchè non cliccherai sul link sopra per crearne una nuova."
+      unlock_instructions:
+        account_lock_msg: "Il tuo account è stato bloccato a causa di un numero eccessivo di tentativi di accesso non validi."
+        unlock_link_msg: "Clicca sul seguente link per sbloccare il tuo account:"
+        unlock_link: "Sblocca il mio account"
+  hello: "ciao"
+  welcome: "benvenuto"

data/config/locales/ja.yml

@@ -25,7 +25,6 @@ ja:
       successfully_updated: "パスワードの更新に成功しました。"
   errors:
     messages:
-      already_in_use: "すでに利用されています。"
       validate_sign_up_params: "リクエストボディに適切なアカウント新規登録データを送信してください。"
       validate_account_update_params: "リクエストボディに適切なアカウント更新のデータを送信してください。"
       not_email: "はメールアドレスではありません"

data/config/locales/nl.yml

@@ -25,7 +25,6 @@ nl:
       successfully_updated: "Uw wachtwoord is aangepast."
   errors:
     messages:
-      already_in_use: "al in gebruik"
       validate_sign_up_params: "Gegevens voor aanmaken van het account zijn niet geldig."
       validate_account_update_params: "Gegevens voor updaten van het account zijn niet geldig."
       not_email: "is geen geldig e-emailadres"

data/config/locales/pl.yml

@@ -27,8 +27,6 @@ pl:
     validate_sign_up_params: "Proszę dostarczyć odpowiednie dane logowania w ciele zapytania."
     validate_account_update_params: "Proszę dostarczyć odpowiednie dane aktualizacji konta w ciele zapytania."
     not_email: "nie jest prawidłowym adresem e-mail"
-    messages:
-      already_in_use: "już w użyciu"
   devise:
     mailer:
       confirmation_instructions:
@@ -47,4 +45,4 @@ pl:
         unlock_link_msg: "Kliknij poniższy link, aby odblokować konto :"
         unlock_link: "Odblokować konto"
   hello: "halo"
-  welcome: "witam"
+  welcome: "witam"

data/config/locales/pt-BR.yml

@@ -25,7 +25,6 @@ pt-BR:
       successfully_updated: "Senha atualizada com sucesso."
   errors:
     messages:
-      already_in_use: "em uso"
       validate_sign_up_params: "Os dados submetidos na requisição de cadastro são inválidos."
       validate_account_update_params: "Os dados submetidos para atualização de conta são inválidos."
       not_email: "não é um e-mail"
@@ -44,4 +43,4 @@ pt-BR:
         unlock_link_msg: "Clique no link abaixo para desbloquear sua conta:"
         unlock_link: "Desbloquear minha conta"
   hello: "olá"
-  welcome: "bem-vindo"
+  welcome: "bem-vindo"

data/config/locales/pt.yml

@@ -27,8 +27,6 @@ pt:
     validate_sign_up_params: "Os dados submetidos na requisição de registo são inválidos."
     validate_account_update_params: "Os dados submetidos para atualização de conta são inválidos."
     not_email: "não é um e-mail"
-    messages:
-      already_in_use: "em uso"
   devise:
     mailer:
       confirmation_instructions:
@@ -47,4 +45,4 @@ pt:
         unlock_link_msg: "Clique no link abaixo para desbloquear sua conta:"
         unlock_link: "Desbloquear minha conta"
   hello: "olá"
-  welcome: "bem-vindo"
+  welcome: "bem-vindo"

data/config/locales/ro.yml

@@ -0,0 +1,46 @@
+ro:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "Un email de confirmare a fost trimis către contul tău la '%{email}'. Pentru a-ți activa contul este necesar să urmezi instrucțiunile din acesta."
+      bad_credentials: "Datele introduse sunt incorecte. Te rugăm să incerci din nou."
+      not_supported: "Folosește functionalitatea POST /sign_in pentru a te autentifica. GET nu este suportat."
+      user_not_found: "Utilizatorul nu a fost găsit sau nu este logat în cont."
+    token_validations:
+      invalid: "Datele introduse pentru autentificare sunt invalide."
+    registrations:
+      missing_confirm_success_url: "Parametrul 'confirm_success_url' lipsește."
+      redirect_url_not_allowed: "Redirecționarea către '%{redirect_url}' nu este permisă."
+      email_already_exists: "Un cont cu email '%{email} deja există.'"
+      account_with_uid_destroyed: "Contul cu UID '%{uid}' a fost șters."
+      account_to_destroy_not_found: "Nu se poate localiza contul pentru ștergere."
+      user_not_found: "Utilizatorul nu a fost găsit."
+    passwords:
+      missing_email: "Trebuie să introduci o adresă de e-mail."
+      missing_redirect_url: "URL-ul pentru redirecționare lipsește."
+      not_allowed_redirect_url: "Redirecționarea către '%{redirect_url}' nu este permisă."
+      sended: "Un e-mail cu instrucțiuni pentru resetare a parolei a fost trimis către '%{email}'."
+      user_not_found: "Utilizatorul cu email-ul '%{email}' nu a fost găsit."
+      password_not_required: "Acest cont nu necesită parolă. Autentifică-te in schimb cu '%{provider}'."
+      missing_passwords: "Cămpurile 'Parolă' și 'Confirmare parolă' trebuiesc completate."
+      successfully_updated: "Parola contului a fost schimbată cu succes."
+  errors:
+    messages:
+      validate_sign_up_params: "Trimite credențiale valide în body-ul request-ului."
+      validate_account_update_params: "Trimite credențiale valide în body-ul request-ului."
+      not_email: "nu este un email"
+  devise:
+    mailer:
+      confirmation_instructions:
+        confirm_link_msg: "Poți confirma contul accesănd link-ul de mai jos:"
+        confirm_account_link: "Confirmă cont"
+      reset_password_instructions:
+        request_reset_link_msg: "Cineva a solicitat un link pentru schimbarea parolei contului tău. Poți face această schimbare accesând link-ul de mai jos."
+        password_change_link: "Schimbă parola"
+        ignore_mail_msg: "Dacă nu ai solicitat această schimbare ignoră acest e-mail."
+        no_changes_msg: "Parola ta nu se va schimba până când nu vei accesa link-ul de mai sus și vei crea o nouă parolă."
+      unlock_instructions:
+        account_lock_msg: "Contul tău a fost blocat din cauză că cineva a încercat accesarea lui de mai mult ori într-un timp foarte scurt."
+        unlock_link_msg: "Click pe acest link pentru a debloca contul:"
+        unlock_link: "Deblochează contul."
+  hello: "salut"
+  welcome: "bun venit"

data/config/locales/ru.yml

@@ -24,11 +24,10 @@ ru:
       missing_passwords: "Вы должны заполнить поля 'пароль' и 'повторите пароль'."
       successfully_updated: "Ваш пароль успешно обновлён."
   errors:
-    validate_sign_up_params: "Пожалуйста, укажите надлежащие данные для регистрации в теле запроса."
-    validate_account_update_params: "Пожалуйста, укажите надлежащие данные для обновления учетной записи в теле запроса."
-    not_email: "не является электронной почтой"
     messages:
-      already_in_use: "уже используется"
+      validate_sign_up_params: "Пожалуйста, укажите надлежащие данные для регистрации в теле запроса."
+      validate_account_update_params: "Пожалуйста, укажите надлежащие данные для обновления учетной записи в теле запроса."
+      not_email: "не является электронной почтой"
   devise:
     mailer:
       confirmation_instructions:

data/config/locales/zh-CN.yml

@@ -25,7 +25,6 @@ zh-CN:
       successfully_updated: "您的密码已被修改。"
   errors:
     messages:
-      already_in_use: "已被使用。"
       validate_sign_up_params: "请在request body中填入有效的注册内容"
       validate_account_update_params: "请在request body中填入有效的更新帐号资料"
       not_email: "这不是一个合适的邮箱。"
@@ -43,12 +42,5 @@ zh-CN:
         account_lock_msg: "由于多次登入失败，我们已锁定你的帐号"
         unlock_link_msg: "可以使用下面的链接解锁你的帐号"
         unlock_link: "解锁帐号"
-  activerecord:
-    errors:
-      models:
-        user:
-          attributes:
-            email:
-              already_in_use: "邮箱已被使用"
   hello: "你好"
-  welcome: "欢迎"
+  welcome: "欢迎"

data/config/locales/zh-HK.yml

@@ -27,7 +27,6 @@ zh-TW:
       successfully_updated: "您的密碼已被修改。"
   errors:
     messages:
-      already_in_use: "已被使用。"
       validate_sign_up_params: "請在request body中填入有效的註冊內容"
       validate_account_update_params: "請在request body中填入有效的更新帳號資料"
       not_email: "這不是一個合適的電郵。"

data/config/locales/zh-TW.yml

@@ -27,7 +27,6 @@ zh-TW:
       successfully_updated: "您的密碼已被修改。"
   errors:
     messages:
-      already_in_use: "已被使用。"
       validate_sign_up_params: "請在request body中填入有效的註冊內容"
       validate_account_update_params: "請在request body中填入有效的更新帳號資料"
       not_email: "這不是一個合適的電郵。"

data/lib/devise_token_auth/rails/routes.rb

@@ -12,6 +12,7 @@ module ActionDispatch::Routing
       confirmations_ctrl     = opts[:controllers][:confirmations] || "devise_token_auth/confirmations"
       token_validations_ctrl = opts[:controllers][:token_validations] || "devise_token_auth/token_validations"
       omniauth_ctrl          = opts[:controllers][:omniauth_callbacks] || "devise_token_auth/omniauth_callbacks"
+      unlocks_ctrl           = opts[:controllers][:unlocks]
 
       # define devise controller mappings
       controllers = {:sessions           => sessions_ctrl,
@@ -19,6 +20,8 @@ module ActionDispatch::Routing
                      :passwords          => passwords_ctrl,
                      :confirmations      => confirmations_ctrl}
 
+      controllers[:unlocks] = unlocks_ctrl if unlocks_ctrl
+
       # remove any unwanted devise modules
       opts[:skip].each{|item| controllers.delete(item)}
 
@@ -77,7 +80,7 @@ module ActionDispatch::Routing
 
               if DeviseTokenAuth.redirect_whitelist
                 redirect_url = request.params['auth_origin_url']
-                unless DeviseTokenAuth.redirect_whitelist.include?(redirect_url)
+                unless DeviseTokenAuth::Url.whitelisted?(redirect_url)
                   message = I18n.t(
                     'devise_token_auth.registrations.redirect_url_not_allowed',
                     redirect_url: redirect_url

data/lib/devise_token_auth/url.rb

@@ -5,7 +5,7 @@ module DeviseTokenAuth::Url
 
     res = "#{uri.scheme}://#{uri.host}"
     res += ":#{uri.port}" if (uri.port and uri.port != 80 and uri.port != 443)
-    res += "#{uri.path}" if uri.path    
+    res += "#{uri.path}" if uri.path
     query = [uri.query, params.to_query].reject(&:blank?).join('&')
     res += "?#{query}"
     res += "##{uri.fragment}" if uri.fragment
@@ -13,4 +13,25 @@ module DeviseTokenAuth::Url
     return res
   end
 
+  def self.whitelisted?(url)
+    !!DeviseTokenAuth.redirect_whitelist.find { |pattern| !!Wildcat.new(pattern).match(url) }
+  end
+
+
+  # wildcard convenience class
+  class Wildcat
+    def self.parse_to_regex(str)
+      escaped = Regexp.escape(str).gsub('\*','.*?')
+      Regexp.new("^#{escaped}$", Regexp::IGNORECASE)
+    end
+
+    def initialize(str)
+      @regex = self.class.parse_to_regex(str)
+    end
+
+    def match(str)
+      !!@regex.match(str)
+    end
+  end
+
 end

data/lib/devise_token_auth/version.rb

@@ -1,3 +1,3 @@
 module DeviseTokenAuth
-  VERSION = "0.1.39"
+  VERSION = "0.1.40"
 end

data/lib/generators/devise_token_auth/USAGE

@@ -8,7 +8,7 @@ Arguments:
              # 'User'
   MOUNT_PATH # The path at which to mount the authentication routes. Default is
              # 'auth'. More detail documentation is here:
-             # https://github.com/lynndylanhurley/devise_token_auth#usage
+             # https://github.com/lynndylanhurley/devise_token_auth#usage-tldr
 
 Example:
   rails generate devise_token_auth:install User auth

data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb

@@ -45,10 +45,10 @@ class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
       t.timestamps
     end
 
-    add_index :<%= user_class.pluralize.underscore %>, :email
-    add_index :<%= user_class.pluralize.underscore %>, [:uid, :provider],     :unique => true
-    add_index :<%= user_class.pluralize.underscore %>, :reset_password_token, :unique => true
-    # add_index :<%= user_class.pluralize.underscore %>, :confirmation_token,   :unique => true
-    # add_index :<%= user_class.pluralize.underscore %>, :unlock_token,         :unique => true
+    add_index :<%= user_class.pluralize.underscore %>, :email,                unique: true
+    add_index :<%= user_class.pluralize.underscore %>, [:uid, :provider],     unique: true
+    add_index :<%= user_class.pluralize.underscore %>, :reset_password_token, unique: true
+    add_index :<%= user_class.pluralize.underscore %>, :confirmation_token,   unique: true
+    # add_index :<%= user_class.pluralize.underscore %>, :unlock_token,       unique: true
   end
 end

data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb

@@ -66,6 +66,11 @@ class OmniauthTest < ActionDispatch::IntegrationTest
       get_success
     end
 
+    test 'should be redirected via valid url' do
+      get_success
+      assert_equal 'http://www.example.com/auth/facebook/callback', request.original_url
+    end
+
     describe 'with default user model' do
       before do
         get_success
@@ -320,5 +325,17 @@ class OmniauthTest < ActionDispatch::IntegrationTest
       data = ActiveSupport::JSON.decode(data_json)
       assert_equal @user_email, data['email']
     end
+
+    test 'should support wildcards' do
+      DeviseTokenAuth.redirect_whitelist = ["#{@good_redirect_url[0..8]}*"]
+      get_via_redirect '/auth/facebook',
+                       auth_origin_url: @good_redirect_url,
+                       omniauth_window_type: 'newWindow'
+
+      data_json = @response.body.match(/var data \= (.+)\;/)[1]
+      data = ActiveSupport::JSON.decode(data_json)
+      assert_equal @user_email, data['email']
+    end
+
   end
 end

data/test/controllers/devise_token_auth/passwords_controller_test.rb

@@ -73,6 +73,21 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
           end
         end
 
+        describe 'successfully requested password reset' do
+          before do
+            xhr :post, :create, {
+              email:        @resource.email,
+              redirect_url: @redirect_url
+            }
+
+            @data = JSON.parse(response.body)
+          end
+
+            test 'response should not contain extra data' do
+              assert_equal @data['data'], nil
+            end
+        end
+
 
         describe 'case-sensitive email' do
           before do

data/test/controllers/devise_token_auth/sessions_controller_test.rb

@@ -389,5 +389,94 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase
         refute OnlyEmailUser.method_defined?(:confirmed_at)
       end
     end
+
+    describe "Lockable User" do
+      setup do
+        @request.env['devise.mapping'] = Devise.mappings[:lockable_user]
+      end
+
+      teardown do
+        @request.env['devise.mapping'] = Devise.mappings[:user]
+      end
+
+      before do
+        @original_lock_strategy = Devise.lock_strategy
+        @original_unlock_strategy = Devise.unlock_strategy
+        @original_maximum_attempts = Devise.maximum_attempts
+        Devise.lock_strategy = :failed_attempts
+        Devise.unlock_strategy = :email
+        Devise.maximum_attempts = 5
+      end
+
+      after do
+        Devise.lock_strategy = @original_lock_strategy
+        Devise.maximum_attempts = @original_maximum_attempts
+        Devise.unlock_strategy = @original_unlock_strategy
+      end
+
+      describe "locked user" do
+        before do
+          @locked_user = lockable_users(:locked_user)
+          xhr :post, :create, {
+            email: @locked_user.email,
+            password: 'secret123'
+          }
+          @data = JSON.parse(response.body)
+        end
+
+        test "request should fail" do
+          assert_equal 401, response.status
+        end
+
+        test "response should contain errors" do
+          assert @data['errors']
+          assert_equal @data['errors'], [I18n.t("devise_token_auth.sessions.not_confirmed", email: @locked_user.email)]
+        end
+      end
+
+      describe "unlocked user with bad password" do
+        before do
+          @unlocked_user = lockable_users(:unlocked_user)
+          xhr :post, :create, {
+            email: @unlocked_user.email,
+            password: 'bad-password'
+          }
+          @data = JSON.parse(response.body)
+        end
+
+        test "request should fail" do
+          assert_equal 401, response.status
+        end
+
+        test "should increase failed_attempts" do
+          assert_equal 1, @unlocked_user.reload.failed_attempts
+        end
+
+        test "response should contain errors" do
+          assert @data['errors']
+          assert_equal @data['errors'], [I18n.t("devise_token_auth.sessions.bad_credentials")]
+        end
+
+        describe 'after maximum_attempts should block the user' do
+          before do
+            4.times do
+              xhr :post, :create, {
+                email: @unlocked_user.email,
+                password: 'bad-password'
+              }
+            end
+            @data = JSON.parse(response.body)
+          end
+
+          test "should increase failed_attempts" do
+            assert_equal 5, @unlocked_user.reload.failed_attempts
+          end
+
+          test "should block the user" do
+            assert_equal true, @unlocked_user.reload.access_locked?
+          end
+        end
+      end
+    end
   end
 end

data/test/dummy/app/models/lockable_user.rb

@@ -0,0 +1,5 @@
+class LockableUser < ActiveRecord::Base
+  # Include default devise modules.
+  devise :database_authenticatable, :registerable, :lockable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/config/routes.rb

@@ -34,6 +34,8 @@ Rails.application.routes.draw do
 
   mount_devise_token_auth_for 'UnconfirmableUser', at: 'unconfirmable_user_auth'
 
+  mount_devise_token_auth_for 'LockableUser', at: 'lockable_user_auth'
+
   # test namespacing
   namespace :api do
     scope :v1 do

data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb

@@ -0,0 +1,60 @@
+include MigrationDatabaseHelper
+
+class DeviseTokenAuthCreateLockableUsers < ActiveRecord::Migration
+  def change
+    create_table(:lockable_users) do |t|
+      ## Required
+      t.string :provider, :null => false
+      t.string :uid, :null => false, :default => ""
+
+      ## Database authenticatable
+      t.string :encrypted_password, :null => false, :default => ""
+
+      ## Recoverable
+      # t.string   :reset_password_token
+      # t.datetime :reset_password_sent_at
+
+      ## Rememberable
+      # t.datetime :remember_created_at
+
+      ## Trackable
+      # t.integer  :sign_in_count, :default => 0, :null => false
+      # t.datetime :current_sign_in_at
+      # t.datetime :last_sign_in_at
+      # t.string   :current_sign_in_ip
+      # t.string   :last_sign_in_ip
+
+      ## Confirmable
+      # t.string   :confirmation_token
+      # t.datetime :confirmed_at
+      # t.datetime :confirmation_sent_at
+      # t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
+      t.string   :unlock_token # Only if unlock strategy is :email or :both
+      t.datetime :locked_at
+
+      ## User Info
+      t.string :name
+      t.string :nickname
+      t.string :image
+      t.string :email
+
+      ## Tokens
+      if json_supported_database?
+        t.json :tokens
+      else
+        t.text :tokens
+      end
+
+      t.timestamps
+    end
+
+    add_index :lockable_users, :email
+    add_index :lockable_users, [:uid, :provider],     :unique => true
+    # add_index :lockable_users, :reset_password_token, :unique => true
+    # add_index :lockable_users, :confirmation_token,   :unique => true
+    add_index :lockable_users, :unlock_token,         :unique => true
+  end
+end

data/test/dummy/db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20160103235141) do
+ActiveRecord::Schema.define(version: 20160629184441) do
 
   create_table "evil_users", force: :cascade do |t|
     t.string   "email"
@@ -44,6 +44,26 @@ ActiveRecord::Schema.define(version: 20160103235141) do
   add_index "evil_users", ["reset_password_token"], name: "index_evil_users_on_reset_password_token", unique: true
   add_index "evil_users", ["uid", "provider"], name: "index_evil_users_on_uid_and_provider", unique: true
 
+  create_table "lockable_users", force: :cascade do |t|
+    t.string   "provider",                        null: false
+    t.string   "uid",                default: "", null: false
+    t.string   "encrypted_password", default: "", null: false
+    t.integer  "failed_attempts",    default: 0,  null: false
+    t.string   "unlock_token"
+    t.datetime "locked_at"
+    t.string   "name"
+    t.string   "nickname"
+    t.string   "image"
+    t.string   "email"
+    t.text     "tokens"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "lockable_users", ["email"], name: "index_lockable_users_on_email"
+  add_index "lockable_users", ["uid", "provider"], name: "index_lockable_users_on_uid_and_provider", unique: true
+  add_index "lockable_users", ["unlock_token"], name: "index_lockable_users_on_unlock_token", unique: true
+
   create_table "mangs", force: :cascade do |t|
     t.string   "email"
     t.string   "encrypted_password",          default: "", null: false

data/test/models/user_test.rb

@@ -35,6 +35,28 @@ class UserTest < ActiveSupport::TestCase
       end
     end
 
+    describe 'email uniqueness' do
+      test 'model should not save if email is taken' do
+        provider = 'email'
+
+        User.create(
+          email: @email,
+          provider: provider,
+          password: @password,
+          password_confirmation: @password
+        )
+
+        @resource.email                 = @email
+        @resource.provider              = provider
+        @resource.password              = @password
+        @resource.password_confirmation = @password
+
+        refute @resource.save
+        assert @resource.errors.messages[:email] == [I18n.t('errors.messages.taken')]
+        assert @resource.errors.messages[:email].none? { |e| e =~ /translation missing/ }
+      end
+    end
+
     describe 'oauth2 authentication' do
       test 'model should save even if email is blank' do
         @resource.provider              = 'facebook'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_token_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.39
+  version: 0.1.40
 platform: ruby
 authors:
 - Lynn Hurley
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-08-16 00:00:00.000000000 Z
+date: 2017-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -116,11 +116,13 @@ files:
 - config/locales/en.yml
 - config/locales/es.yml
 - config/locales/fr.yml
+- config/locales/it.yml
 - config/locales/ja.yml
 - config/locales/nl.yml
 - config/locales/pl.yml
 - config/locales/pt-BR.yml
 - config/locales/pt.yml
+- config/locales/ro.yml
 - config/locales/ru.yml
 - config/locales/zh-CN.yml
 - config/locales/zh-HK.yml
@@ -180,6 +182,7 @@ files:
 - test/dummy/app/controllers/overrides/token_validations_controller.rb
 - test/dummy/app/helpers/application_helper.rb
 - test/dummy/app/models/evil_user.rb
+- test/dummy/app/models/lockable_user.rb
 - test/dummy/app/models/mang.rb
 - test/dummy/app/models/nice_user.rb
 - test/dummy/app/models/only_email_user.rb
@@ -220,6 +223,7 @@ files:
 - test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb
 - test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb
 - test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb
+- test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb
 - test/dummy/db/schema.rb
 - test/dummy/lib/migration_database_helper.rb
 - test/dummy/tmp/generators/app/views/devise/mailer/confirmation_instructions.html.erb
@@ -296,6 +300,7 @@ test_files:
 - test/dummy/app/controllers/overrides/token_validations_controller.rb
 - test/dummy/app/helpers/application_helper.rb
 - test/dummy/app/models/evil_user.rb
+- test/dummy/app/models/lockable_user.rb
 - test/dummy/app/models/mang.rb
 - test/dummy/app/models/nice_user.rb
 - test/dummy/app/models/only_email_user.rb
@@ -336,6 +341,7 @@ test_files:
 - test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb
 - test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb
 - test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb
+- test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb
 - test/dummy/db/schema.rb
 - test/dummy/lib/migration_database_helper.rb
 - test/dummy/README.rdoc