RubyGems - devise_token_auth - Versions diffs - 1.0.0.rc1 → 1.0.0.rc2 - Mend

devise_token_auth 1.0.0.rc1 → 1.0.0.rc2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devise_token_auth might be problematic. Click here for more details.

Files changed (12) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b4979d300ecd6cc6549803714b7737e897bca1ad
-  data.tar.gz: 1b73b2890e2f654812585cfeded1f7b682267b36
+  metadata.gz: 477ab5522b51d1e2f435ec19c213a1a1e628dfec
+  data.tar.gz: 2237143fb8b5f0103dfc37226f59cf12965e5ef0
 SHA512:
-  metadata.gz: 38f0c132610a90f5e5a23d31c596e43eddbdc640deaf7a5c003901895c4045afabdc9c238e044519be04616ecc62765bf23b149c8e888d7a258e9620259c2ad0
-  data.tar.gz: e6cb430221c6a9218bbdf85d5bba1026d5eff253503bc3c517c1ff1bff4b36d7cde279ecc8e50810455576cfad81ac9d12594e02224fe9666ae15172a1473d8c
+  metadata.gz: f764c8cdef2e374f8160c77b27e89f0acc992db32a187bd61ebe8cedb5ddfb3ffd0978f76a104399a4709a5644862b258973584a68a07cfc7865bc7209bdb8c4
+  data.tar.gz: 91f359fb389845f3df447f192f226d5d88e8acdf39d0ec8ede773b7e6ef006e6f59abe268fd0a2dff352c2253e41ae7100d4b54e8ee05e35876fde812b54514d

data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb CHANGED

@@ -17,10 +17,10 @@ module DeviseTokenAuth::Concerns::SetUserByToken
     @used_auth_by_token = true
     # initialize instance variables
-    @client_id = nil
-    @resource = nil
-    @token = nil
-    @is_batch_request = nil
+    @client_id ||= nil
+    @resource ||= nil
+    @token ||= nil
+    @is_batch_request ||= nil
   end
   def ensure_pristine_resource
@@ -99,7 +99,8 @@ module DeviseTokenAuth::Concerns::SetUserByToken
   def update_auth_header
     # cannot save object if model has invalid params
-    return unless defined?(@resource) && @resource && @resource.valid? && @client_id
+    return unless @resource && @client_id
     # Generate new client_id with existing authentication
     @client_id = nil unless @used_auth_by_token
@@ -115,54 +116,63 @@ module DeviseTokenAuth::Concerns::SetUserByToken
       response.headers.merge!(auth_header)
     else
-      ensure_pristine_resource do
-        # Lock the user record during any auth_header updates to ensure
-        # we don't have write contention from multiple threads
-        @resource.with_lock do
-          # should not append auth header if @resource related token was
-          # cleared by sign out in the meantime
-          return if @used_auth_by_token && @resource.tokens[@client_id].nil?
-          # determine batch request status after request processing, in case
-          # another processes has updated it during that processing
-          @is_batch_request = is_batch_request?(@resource, @client_id)
-          auth_header = {}
-          # extend expiration of batch buffer to account for the duration of
-          # this request
-          if @is_batch_request
-            auth_header = @resource.extend_batch_buffer(@token, @client_id)
-            # Do not return token for batch requests to avoid invalidated
-            # tokens returned to the client in case of race conditions.
-            # Use a blank string for the header to still be present and
-            # being passed in a XHR response in case of
-            # 304 Not Modified responses.
-            auth_header[DeviseTokenAuth.headers_names[:"access-token"]] = ' '
-            auth_header[DeviseTokenAuth.headers_names[:"expiry"]] = ' '
-          # update Authorization response header with new token
-          else
-            auth_header = @resource.create_new_auth_token(@client_id)
-          end
-          # update the response header
-          response.headers.merge!(auth_header)
-        end # end lock
-      end # end ensure_pristine_resource
+      unless @resource.reload.valid?
+        @resource = resource_class.find(@resource.to_param) # errors remain after reload
+        # if we left the model in a bad state, something is wrong in our app
+        unless @resource.valid?
+          raise DeviseTokenAuth::Errors::InvalidModel, "Cannot set auth token in invalid model. Errors: #{@resource.errors.full_messages}"
+        end
+      end
+      refresh_headers
     end
   end
   private
+  def refresh_headers
+    ensure_pristine_resource do
+      # Lock the user record during any auth_header updates to ensure
+      # we don't have write contention from multiple threads
+      @resource.with_lock do
+        # should not append auth header if @resource related token was
+        # cleared by sign out in the meantime
+        return if @used_auth_by_token && @resource.tokens[@client_id].nil?
+        # update the response header
+        response.headers.merge!(auth_header_from_batch_request)
+      end # end lock
+    end # end ensure_pristine_resource
+  end
   def is_batch_request?(user, client_id)
     !params[:unbatch] &&
       user.tokens[client_id] &&
       user.tokens[client_id]['updated_at'] &&
       Time.parse(user.tokens[client_id]['updated_at']) > @request_started_at - DeviseTokenAuth.batch_request_buffer_throttle
   end
+  def auth_header_from_batch_request
+    # determine batch request status after request processing, in case
+    # another processes has updated it during that processing
+    @is_batch_request = is_batch_request?(@resource, @client_id)
+    auth_header = {}
+    # extend expiration of batch buffer to account for the duration of
+    # this request
+    if @is_batch_request
+      auth_header = @resource.extend_batch_buffer(@token, @client_id)
+      # Do not return token for batch requests to avoid invalidated
+      # tokens returned to the client in case of race conditions.
+      # Use a blank string for the header to still be present and
+      # being passed in a XHR response in case of
+      # 304 Not Modified responses.
+      auth_header[DeviseTokenAuth.headers_names[:"access-token"]] = ' '
+      auth_header[DeviseTokenAuth.headers_names[:"expiry"]] = ' '
+    else
+      # update Authorization response header with new token
+      auth_header = @resource.create_new_auth_token(@client_id)
+    end
+    auth_header
+  end
 end

data/app/controllers/devise_token_auth/confirmations_controller.rb CHANGED

@@ -22,8 +22,15 @@ module DeviseTokenAuth
         redirect_headers = build_redirect_headers(token,
                                                   client_id,
                                                   redirect_header_options)
-        redirect_to(@resource.build_auth_url(params[:redirect_url],
-                                             redirect_headers))
+        # give redirect value from params priority
+        @redirect_url = params[:redirect_url]
+        # fall back to default value if provided
+        @redirect_url ||= DeviseTokenAuth.default_confirm_success_url
+        redirect_to(@resource.build_auth_url(@redirect_url, redirect_headers))
       else
         raise ActionController::RoutingError, 'Not Found'
       end

data/app/controllers/devise_token_auth/sessions_controller.rb CHANGED

@@ -24,7 +24,7 @@ module DeviseTokenAuth
       if @resource && valid_params?(field, q_value) && (!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
         valid_password = @resource.valid_password?(resource_params[:password])
         if (@resource.respond_to?(:valid_for_authentication?) && !@resource.valid_for_authentication? { valid_password }) || !valid_password
-         return render_create_error_bad_credentials
+          return render_create_error_bad_credentials
         end
         @client_id, @token = @resource.create_token
         @resource.save

data/config/locales/da-DK.yml CHANGED

@@ -2,11 +2,11 @@ da-DK:
   devise_token_auth:
     sessions:
       not_confirmed: "Der er sendt en bekræftelsesemail til din konto på '%{email}'. Følg venligst instruktionerne i emailen for at aktivere din konto."
-      bad_credentials: "Ugyldigt kombination af brugernavn og kodeord. Prøv venligst igen."
+      bad_credentials: "Ugyldig kombination af brugernavn og kodeord. Prøv venligst igen."
       not_supported: "Brug POST /sign_in for at logge ind. GET er ikke supporteret."
       user_not_found: "Brugeren er ikke fundet eller er ikke logget ind."
     token_validations:
-      invalid: "Ugyldig legitimationsoplysninger."
+      invalid: "Ugyldige legitimationsoplysninger."
     registrations:
       missing_confirm_success_url: "Der mangler et 'confirm_success_url' parameter."
       redirect_url_not_allowed: "Omdirigering til '%{redirect_url}' er ikke tilladt."
@@ -21,7 +21,7 @@ da-DK:
       sended: "En email er blevet sendt til '%{email}' med instruktioner for at nulstille dit kodeord."
       user_not_found: "Kan ikke finde en bruger med '%{email}'."
       password_not_required: "Denne bruger kræver ikke et kodeord. Log ind med '%{provider}' konto i stedet."
-      missing_passwords: "Du skal fylde alle felter ud som indeholder 'Password' og 'Password confirmation'."
+      missing_passwords: "Du skal udfylde både kodeord og bekræftelse af kodeord."
       successfully_updated: "Dit kodeord er opdateret."
     unlocks:
       missing_email: "Du skal udfylde en email."
@@ -35,15 +35,15 @@ da-DK:
   devise:
     mailer:
       confirmation_instructions:
-        confirm_link_msg: "Du kan bekræfte din konto email for linket herunder:"
+        confirm_link_msg: "Du kan bekræfte din kontos email gennem linket herunder:"
         confirm_account_link: "Bekræft min konto"
       reset_password_instructions:
-        request_reset_link_msg: "Der er nogle der har anmodet om et link til at ændre dit kodeord. Det kan du gøre gennem linket nedenfor."
-        password_change_link: "Ændre mit kodeord."
+        request_reset_link_msg: "Nogen har anmodet om et link til at ændre dit kodeord. Det kan du gøre via linket nedenfor."
+        password_change_link: "Skift mit kodeord."
         ignore_mail_msg: "Hvis du ikke anmodede om dette, ignorer venligst denne email."
-        no_changes_msg: "Din kodeord vil ikke ændres indtil du går ind på linket ovenfor og laver et nyt et."
+        no_changes_msg: "Dit kodeord ændres først når du følger linket ovenfor og skaber et nyt."
       unlock_instructions:
-        account_lock_msg: "Din konto er blevet låst fordi der er for mange forkerte log ind-forsøg."
+        account_lock_msg: "Din konto er blevet låst fordi der har været for mange ugyldige log ind-forsøg."
         unlock_link_msg: "Klik linket nedenfor, for at låse din konto op:"
         unlock_link: "Lås min konto op"
   hello: "hej"

data/lib/devise_token_auth/errors.rb CHANGED

@@ -3,5 +3,6 @@
 module DeviseTokenAuth
   module Errors
     class NoResourceDefinedError < StandardError; end
+    class InvalidModel < StandardError; end
   end
 end

data/lib/devise_token_auth/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module DeviseTokenAuth
-  VERSION = '1.0.0.rc1'.freeze
+  VERSION = '1.0.0.rc2'.freeze
 end

data/test/controllers/devise_token_auth/token_validations_controller_test.rb CHANGED

@@ -45,6 +45,19 @@ class DeviseTokenAuth::TokenValidationsControllerTest < ActionDispatch::Integrat
       end
     end
+    describe 'with invalid user' do
+      before do
+        @resource.update_column :email, 'invalid'
+      end
+      test 'request should raise invalid model error' do
+        error = assert_raises DeviseTokenAuth::Errors::InvalidModel do
+          get '/auth/validate_token', params: {}, headers: @auth_headers
+        end
+        assert_equal(error.message, "Cannot set auth token in invalid model. Errors: [\"Email is not an email\"]")
+      end
+    end
     describe 'failure' do
       before do
         get '/api/v1/auth/validate_token',

data/test/dummy/tmp/generators/app/models/user.rb CHANGED

@@ -1,11 +1,9 @@
-            class User < ApplicationRecord
-            # Include default devise modules.
-            devise :database_authenticatable, :registerable,
-                    :recoverable, :rememberable, :trackable, :validatable,
-                    :confirmable, :omniauthable
-            include DeviseTokenAuth::Concerns::User
+# frozen_string_literal: true
-              def whatever
-                puts 'whatever'
-              end
-            end
+class User < ActiveRecord::Base
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable, :validatable
+  include DeviseTokenAuth::Concerns::User
+end

data/test/dummy/tmp/generators/config/routes.rb ADDED

@@ -0,0 +1,4 @@
+            Rails.application.routes.draw do
+  mount_devise_token_auth_for 'User', at: 'auth'
+              patch '/chong', to: 'bong#index'
+            end

data/test/dummy/tmp/generators/db/migrate/{20180805205504_devise_token_auth_create_users.rb → 20180920132503_devise_token_auth_create_users.rb} RENAMED

File without changes

metadata CHANGED

@@ -1,19 +1,22 @@
 --- !ruby/object:Gem::Specification
 name: devise_token_auth
 version: !ruby/object:Gem::Version
-  version: 1.0.0.rc1
+  version: 1.0.0.rc2
 platform: ruby
 authors:
 - Lynn Hurley
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-08-10 00:00:00.000000000 Z
+date: 2018-09-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '6'
@@ -21,6 +24,9 @@ dependencies:
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '6'
@@ -33,7 +39,7 @@ dependencies:
         version: 3.5.2
     - - "<"
       - !ruby/object:Gem::Version
-        version: '4.5'
+        version: '4.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -43,7 +49,7 @@ dependencies:
         version: 3.5.2
     - - "<"
       - !ruby/object:Gem::Version
-        version: '4.5'
+        version: '4.6'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -247,7 +253,8 @@ files:
 - test/dummy/lib/migration_database_helper.rb
 - test/dummy/tmp/generators/app/models/user.rb
 - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
-- test/dummy/tmp/generators/db/migrate/20180805205504_devise_token_auth_create_users.rb
+- test/dummy/tmp/generators/config/routes.rb
+- test/dummy/tmp/generators/db/migrate/20180920132503_devise_token_auth_create_users.rb
 - test/factories/users.rb
 - test/lib/devise_token_auth/url_test.rb
 - test/lib/generators/devise_token_auth/install_generator_test.rb
@@ -269,7 +276,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">"
@@ -342,8 +349,9 @@ test_files:
 - test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb
 - test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb
 - test/dummy/tmp/generators/app/models/user.rb
+- test/dummy/tmp/generators/config/routes.rb
 - test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
-- test/dummy/tmp/generators/db/migrate/20180805205504_devise_token_auth_create_users.rb
+- test/dummy/tmp/generators/db/migrate/20180920132503_devise_token_auth_create_users.rb
 - test/dummy/README.rdoc
 - test/models/only_email_user_test.rb
 - test/models/user_test.rb