RubyGems - devise_token_auth - Versions diffs - 0.2.0 → 1.0.0.rc1 - Mend

devise_token_auth 0.2.0 → 1.0.0.rc1

Potentially problematic release.

This version of devise_token_auth might be problematic. Click here for more details.

Files changed (92) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0a953783eff82cbde0a065ca2584f23643f1c8f2
-  data.tar.gz: 2352f6967f0b98a4820cfee2bb018a0cec03e2a9
+  metadata.gz: b4979d300ecd6cc6549803714b7737e897bca1ad
+  data.tar.gz: 1b73b2890e2f654812585cfeded1f7b682267b36
 SHA512:
-  metadata.gz: 476435f1a4543e96af97cd46768ad59d2779f0da6c162e07fe30edd3a39b2453bba8cee2e12593d785db9487374c59f1350118c9730e87764feae312a35049b3
-  data.tar.gz: 959f6d1aff53512992a3a5bab172512ae8796972b0d2207f979a8300b772d2611556a7be7265224bcc04dc0bb83bdc2bd2342485bb2da20f3aab361e61d5866d
+  metadata.gz: 38f0c132610a90f5e5a23d31c596e43eddbdc640deaf7a5c003901895c4045afabdc9c238e044519be04616ecc62765bf23b149c8e888d7a258e9620259c2ad0
+  data.tar.gz: e6cb430221c6a9218bbdf85d5bba1026d5eff253503bc3c517c1ff1bff4b36d7cde279ecc8e50810455576cfad81ac9d12594e02224fe9666ae15172a1473d8c

data/README.md CHANGED

@@ -4,7 +4,6 @@
 [![Build Status](https://travis-ci.org/lynndylanhurley/devise_token_auth.svg?branch=master)](https://travis-ci.org/lynndylanhurley/devise_token_auth)
 [![Code Climate](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/badges/gpa.svg)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth)
 [![Test Coverage](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/badges/coverage.svg)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/coverage)
-[![Dependency Status](https://gemnasium.com/lynndylanhurley/devise_token_auth.svg)](https://gemnasium.com/lynndylanhurley/devise_token_auth)
 [![Downloads](https://img.shields.io/gem/dt/devise_token_auth.svg)](https://rubygems.org/gems/devise_token_auth)
 [![Backers on Open Collective](https://opencollective.com/devise_token_auth/backers/badge.svg)](#backers)
 [![Sponsors on Open Collective](https://opencollective.com/devise_token_auth/sponsors/badge.svg)](#sponsors)
@@ -50,7 +49,7 @@ Then install the gem using bundle:
 bundle install
 ~~~
-## [Docs](https://maicolben.gitbooks.io/devise-token-auth/content/docs/config/)
+## [Docs](https://devise-token-auth.gitbook.io/devise-token-auth)
 ## Need help?

data/Rakefile CHANGED

@@ -16,11 +16,9 @@ RDoc::Task.new(:rdoc) do |rdoc|
   rdoc.rdoc_files.include('lib/**/*.rb')
 end
-APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
 load 'rails/tasks/engine.rake'
 Bundler::GemHelper.install_tasks
 require 'rake/testtask'
@@ -33,5 +31,12 @@ Rake::TestTask.new(:test) do |t|
   t.warning = false
 end
 task default: :test
+require 'rubocop/rake_task'
+desc 'Run RuboCop'
+RuboCop::RakeTask.new(:rubocop) do |task|
+  task.formatters = %w[fuubar offenses worst]
+  task.fail_on_error = false # don't abort rake on failure
+end

data/app/controllers/devise_token_auth/application_controller.rb CHANGED

@@ -5,16 +5,14 @@ module DeviseTokenAuth
     include DeviseTokenAuth::Concerns::SetUserByToken
     include DeviseTokenAuth::Concerns::ResourceFinder
-    def resource_data(opts={})
+    def resource_data(opts = {})
       response_data = opts[:resource_json] || @resource.as_json
-      if json_api?
-        response_data['type'] = @resource.class.name.parameterize
-      end
+      response_data['type'] = @resource.class.name.parameterize if json_api?
       response_data
     end
     def resource_errors
-      return @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
+      @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
     end
     protected
@@ -44,7 +42,7 @@ module DeviseTokenAuth
       devise_parameter_sanitizer.instance_values['permitted'][resource]
     end
-    def resource_class(m=nil)
+    def resource_class(m = nil)
       if m
         mapping = Devise.mappings[m]
       else
@@ -59,7 +57,7 @@ module DeviseTokenAuth
       return ActiveModel::Serializer.setup do |config|
         config.adapter == :json_api
       end if ActiveModel::Serializer.respond_to?(:setup)
-      return ActiveModelSerializers.config.adapter == :json_api
+      ActiveModelSerializers.config.adapter == :json_api
     end
     def recoverable_enabled?

data/app/controllers/devise_token_auth/concerns/resource_finder.rb CHANGED

@@ -23,13 +23,13 @@ module DeviseTokenAuth::Concerns::ResourceFinder
     # fix for mysql default case insensitivity
     q = "#{field.to_s} = ? AND provider='#{provider.to_s}'"
     if ActiveRecord::Base.connection.adapter_name.downcase.starts_with? 'mysql'
-      q = "BINARY " + q
+      q = 'BINARY ' + q
     end
     @resource = resource_class.where(q, value).first
   end
-  def resource_class(m=nil)
+  def resource_class(m = nil)
     if m
       mapping = Devise.mappings[m]
     else

data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb CHANGED

@@ -36,7 +36,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
   end
   # user auth
-  def set_user_by_token(mapping=nil)
+  def set_user_by_token(mapping = nil)
     # determine target authentication class
     rc = resource_class(mapping)
@@ -72,7 +72,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
     return @resource if @resource && @resource.is_a?(rc)
     # ensure we clear the client_id
-    if !@token
+    unless @token
       @client_id = nil
       return
     end
@@ -84,7 +84,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
     if user && user.valid_token?(@token, @client_id)
       # sign_in with bypass: true will be deprecated in the next version of Devise
-      if self.respond_to?(:bypass_sign_in) && DeviseTokenAuth.bypass_sign_in
+      if respond_to?(:bypass_sign_in) && DeviseTokenAuth.bypass_sign_in
         bypass_sign_in(user, scope: :user)
       else
         sign_in(:user, user, store: false, event: :fetch, bypass: DeviseTokenAuth.bypass_sign_in)
@@ -135,13 +135,22 @@ module DeviseTokenAuth::Concerns::SetUserByToken
           if @is_batch_request
             auth_header = @resource.extend_batch_buffer(@token, @client_id)
+            # Do not return token for batch requests to avoid invalidated
+            # tokens returned to the client in case of race conditions.
+            # Use a blank string for the header to still be present and
+            # being passed in a XHR response in case of
+            # 304 Not Modified responses.
+            auth_header[DeviseTokenAuth.headers_names[:"access-token"]] = ' '
+            auth_header[DeviseTokenAuth.headers_names[:"expiry"]] = ' '
           # update Authorization response header with new token
           else
             auth_header = @resource.create_new_auth_token(@client_id)
-            # update the response header
-            response.headers.merge!(auth_header)
           end
+          # update the response header
+          response.headers.merge!(auth_header)
         end # end lock
       end # end ensure_pristine_resource
     end
@@ -150,11 +159,10 @@ module DeviseTokenAuth::Concerns::SetUserByToken
   private
   def is_batch_request?(user, client_id)
     !params[:unbatch] &&
-    user.tokens[client_id] &&
-    user.tokens[client_id]['updated_at'] &&
-    Time.parse(user.tokens[client_id]['updated_at']) > @request_started_at - DeviseTokenAuth.batch_request_buffer_throttle
+      user.tokens[client_id] &&
+      user.tokens[client_id]['updated_at'] &&
+      Time.parse(user.tokens[client_id]['updated_at']) > @request_started_at - DeviseTokenAuth.batch_request_buffer_throttle
   end
 end

data/app/controllers/devise_token_auth/confirmations_controller.rb CHANGED

@@ -18,14 +18,14 @@ module DeviseTokenAuth
         yield @resource if block_given?
-        redirect_header_options = {account_confirmation_success: true}
+        redirect_header_options = { account_confirmation_success: true }
         redirect_headers = build_redirect_headers(token,
                                                   client_id,
                                                   redirect_header_options)
         redirect_to(@resource.build_auth_url(params[:redirect_url],
                                              redirect_headers))
       else
-        raise ActionController::RoutingError.new('Not Found')
+        raise ActionController::RoutingError, 'Not Found'
       end
     end
   end

data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb CHANGED

@@ -2,7 +2,6 @@
 module DeviseTokenAuth
   class OmniauthCallbacksController < DeviseTokenAuth::ApplicationController
     attr_reader :auth_params
     skip_before_action :set_user_by_token, raise: false
     skip_after_action :update_auth_header
@@ -48,7 +47,7 @@ module DeviseTokenAuth
     def omniauth_failure
       @error = params[:message]
-      render_data_or_redirect('authFailure', {error: @error})
+      render_data_or_redirect('authFailure', error: @error)
     end
     protected
@@ -62,7 +61,7 @@ module DeviseTokenAuth
     # after use.  In the failure case, finally, the omniauth params
     # are added as query params in our monkey patch to OmniAuth in engine.rb
     def omniauth_params
-      if !defined?(@_omniauth_params)
+      unless defined?(@_omniauth_params)
         if request.env['omniauth.params'] && request.env['omniauth.params'].any?
           @_omniauth_params = request.env['omniauth.params']
         elsif session['dta.omniauth.params'] && session['dta.omniauth.params'].any?
@@ -88,13 +87,11 @@ module DeviseTokenAuth
     def whitelisted_params
       whitelist = params_for_resource(:sign_up)
-      whitelist.inject({}){|coll, key|
+      whitelist.inject({}) do |coll, key|
         param = omniauth_params[key.to_s]
-        if param
-          coll[key] = param
-        end
+        coll[key] = param if param
         coll
-      }
+      end
     end
     def resource_class(mapping = nil)
@@ -103,7 +100,7 @@ module DeviseTokenAuth
       elsif params['resource_class']
         params['resource_class'].constantize
       else
-        raise "No resource_class found"
+        raise 'No resource_class found'
       end
     end
@@ -151,10 +148,10 @@ module DeviseTokenAuth
     def set_random_password
       # set crazy password for new oauth users. this is only used to prevent
-        # access via email sign-in.
-        p = SecureRandom.urlsafe_base64(nil, false)
-        @resource.password = p
-        @resource.password_confirmation = p
+      # access via email sign-in.
+      p = SecureRandom.urlsafe_base64(nil, false)
+      @resource.password = p
+      @resource.password_confirmation = p
     end
     def create_auth_params
@@ -175,10 +172,8 @@ module DeviseTokenAuth
     end
     def render_data(message, data)
-      @data = data.merge({
-        message: message
-      })
-      render :layout => nil, :template => "devise_token_auth/omniauth_external_window"
+      @data = data.merge(message: message)
+      render layout: nil, template: 'devise_token_auth/omniauth_external_window'
     end
     def render_data_or_redirect(message, data, user_data = {})
@@ -209,22 +204,22 @@ module DeviseTokenAuth
     end
     def fallback_render(text)
-        render inline: %Q|
+        render inline: %Q(
             <html>
                     <head></head>
                     <body>
                             #{text}
                     </body>
-            </html>|
+            </html>)
     end
     def get_resource_from_auth_hash
       # find or create user by provider and provider uid
-      @resource = resource_class.where({
-        uid:      auth_hash['uid'],
+      @resource = resource_class.where(
+        uid: auth_hash['uid'],
         provider: auth_hash['provider']
-      }).first_or_initialize
+      ).first_or_initialize
       if @resource.new_record?
         @oauth_registration = true
@@ -240,6 +235,5 @@ module DeviseTokenAuth
       @resource
     end
   end
 end

data/app/controllers/devise_token_auth/passwords_controller.rb CHANGED

@@ -2,21 +2,19 @@
 module DeviseTokenAuth
   class PasswordsController < DeviseTokenAuth::ApplicationController
-    before_action :set_user_by_token, :only => [:update]
-    skip_after_action :update_auth_header, :only => [:create, :edit]
+    before_action :set_user_by_token, only: [:update]
+    skip_after_action :update_auth_header, only: [:create, :edit]
     # this action is responsible for generating password reset tokens and
     # sending emails
     def create
-      unless resource_params[:email]
-        return render_create_error_missing_email
-      end
+      return render_create_error_missing_email unless resource_params[:email]
       # give redirect value from params priority
       @redirect_url = params.fetch(
-          :redirect_url,
-          DeviseTokenAuth.default_password_reset_url
-        )
+        :redirect_url,
+        DeviseTokenAuth.default_password_reset_url
+      )
       return render_create_error_missing_redirect_url unless @redirect_url
       return render_create_error_not_allowed_redirect_url if blacklisted_redirect_url?
@@ -26,12 +24,12 @@ module DeviseTokenAuth
       if @resource
         yield @resource if block_given?
-        @resource.send_reset_password_instructions({
+        @resource.send_reset_password_instructions(
           email: @email,
           provider: 'email',
           redirect_url: @redirect_url,
           client_config: params[:config_name]
-        })
+        )
         if @resource.errors.empty?
           return render_create_success
@@ -61,7 +59,7 @@ module DeviseTokenAuth
         yield @resource if block_given?
-        redirect_header_options = {reset_password: true}
+        redirect_header_options = { reset_password: true }
         redirect_headers = build_redirect_headers(token,
                                                   client_id,
                                                   redirect_header_options)
@@ -74,9 +72,7 @@ module DeviseTokenAuth
     def update
       # make sure user is authorized
-      unless @resource
-        return render_update_error_unauthorized
-      end
+      return render_update_error_unauthorized unless @resource
       # make sure account doesn't use oauth2 provider
       unless @resource.provider == 'email'
@@ -104,18 +100,18 @@ module DeviseTokenAuth
     def resource_update_method
       allow_password_change = recoverable_enabled? && @resource.allow_password_change == true
       if DeviseTokenAuth.check_current_password_before_update == false || allow_password_change
-        "update_attributes"
+        'update_attributes'
       else
-        "update_with_password"
+        'update_with_password'
       end
     end
     def render_create_error_missing_email
-      render_error(401, I18n.t("devise_token_auth.passwords.missing_email"))
+      render_error(401, I18n.t('devise_token_auth.passwords.missing_email'))
     end
     def render_create_error_missing_redirect_url
-      render_error(401, I18n.t("devise_token_auth.passwords.missing_redirect_url"))
+      render_error(401, I18n.t('devise_token_auth.passwords.missing_redirect_url'))
     end
     def render_create_error_not_allowed_redirect_url
@@ -123,26 +119,26 @@ module DeviseTokenAuth
         status: 'error',
         data:   resource_data
       }
-      message = I18n.t("devise_token_auth.passwords.not_allowed_redirect_url", redirect_url: @redirect_url)
+      message = I18n.t('devise_token_auth.passwords.not_allowed_redirect_url', redirect_url: @redirect_url)
       render_error(422, message, response)
     end
     def render_create_success
       render json: {
         success: true,
-        message: I18n.t("devise_token_auth.passwords.sended", email: @email)
+        message: I18n.t('devise_token_auth.passwords.sended', email: @email)
       }
     end
     def render_create_error(errors)
       render json: {
         success: false,
-        errors: errors,
+        errors: errors
       }, status: 400
     end
     def render_edit_error
-      raise ActionController::RoutingError.new('Not Found')
+      raise ActionController::RoutingError, 'Not Found'
     end
     def render_update_error_unauthorized
@@ -150,23 +146,23 @@ module DeviseTokenAuth
     end
     def render_update_error_password_not_required
-      render_error(422, I18n.t("devise_token_auth.passwords.password_not_required", provider: @resource.provider.humanize))
+      render_error(422, I18n.t('devise_token_auth.passwords.password_not_required', provider: @resource.provider.humanize))
     end
     def render_update_error_missing_password
-      render_error(422, I18n.t("devise_token_auth.passwords.missing_passwords"))
+      render_error(422, I18n.t('devise_token_auth.passwords.missing_passwords'))
     end
     def render_update_success
       render json: {
         success: true,
         data: resource_data,
-        message: I18n.t("devise_token_auth.passwords.successfully_updated")
+        message: I18n.t('devise_token_auth.passwords.successfully_updated')
       }
     end
     def render_update_error
-      return render json: {
+      render json: {
         success: false,
         errors: resource_errors
       }, status: 422
@@ -190,7 +186,7 @@ module DeviseTokenAuth
     end
     def render_not_found_error
-      render_error(404, I18n.t("devise_token_auth.passwords.user_not_found", email: @email))
+      render_error(404, I18n.t('devise_token_auth.passwords.user_not_found', email: @email))
     end
   end
 end