devise_token_auth 1.0.0.rc1 → 1.0.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise_token_auth might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +54 -44
- data/app/controllers/devise_token_auth/confirmations_controller.rb +9 -2
- data/app/controllers/devise_token_auth/sessions_controller.rb +1 -1
- data/config/locales/da-DK.yml +8 -8
- data/lib/devise_token_auth/errors.rb +1 -0
- data/lib/devise_token_auth/version.rb +1 -1
- data/test/controllers/devise_token_auth/token_validations_controller_test.rb +13 -0
- data/test/dummy/tmp/generators/app/models/user.rb +8 -10
- data/test/dummy/tmp/generators/config/routes.rb +4 -0
- data/test/dummy/tmp/generators/db/migrate/{20180805205504_devise_token_auth_create_users.rb → 20180920132503_devise_token_auth_create_users.rb} +0 -0
- metadata +15 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 477ab5522b51d1e2f435ec19c213a1a1e628dfec
|
|
4
|
+
data.tar.gz: 2237143fb8b5f0103dfc37226f59cf12965e5ef0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f764c8cdef2e374f8160c77b27e89f0acc992db32a187bd61ebe8cedb5ddfb3ffd0978f76a104399a4709a5644862b258973584a68a07cfc7865bc7209bdb8c4
|
|
7
|
+
data.tar.gz: 91f359fb389845f3df447f192f226d5d88e8acdf39d0ec8ede773b7e6ef006e6f59abe268fd0a2dff352c2253e41ae7100d4b54e8ee05e35876fde812b54514d
|
|
@@ -17,10 +17,10 @@ module DeviseTokenAuth::Concerns::SetUserByToken
|
|
|
17
17
|
@used_auth_by_token = true
|
|
18
18
|
|
|
19
19
|
# initialize instance variables
|
|
20
|
-
@client_id
|
|
21
|
-
@resource
|
|
22
|
-
@token
|
|
23
|
-
@is_batch_request
|
|
20
|
+
@client_id ||= nil
|
|
21
|
+
@resource ||= nil
|
|
22
|
+
@token ||= nil
|
|
23
|
+
@is_batch_request ||= nil
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
def ensure_pristine_resource
|
|
@@ -99,7 +99,8 @@ module DeviseTokenAuth::Concerns::SetUserByToken
|
|
|
99
99
|
|
|
100
100
|
def update_auth_header
|
|
101
101
|
# cannot save object if model has invalid params
|
|
102
|
-
|
|
102
|
+
|
|
103
|
+
return unless @resource && @client_id
|
|
103
104
|
|
|
104
105
|
# Generate new client_id with existing authentication
|
|
105
106
|
@client_id = nil unless @used_auth_by_token
|
|
@@ -115,54 +116,63 @@ module DeviseTokenAuth::Concerns::SetUserByToken
|
|
|
115
116
|
response.headers.merge!(auth_header)
|
|
116
117
|
|
|
117
118
|
else
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
#
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
# determine batch request status after request processing, in case
|
|
128
|
-
# another processes has updated it during that processing
|
|
129
|
-
@is_batch_request = is_batch_request?(@resource, @client_id)
|
|
130
|
-
|
|
131
|
-
auth_header = {}
|
|
132
|
-
|
|
133
|
-
# extend expiration of batch buffer to account for the duration of
|
|
134
|
-
# this request
|
|
135
|
-
if @is_batch_request
|
|
136
|
-
auth_header = @resource.extend_batch_buffer(@token, @client_id)
|
|
137
|
-
|
|
138
|
-
# Do not return token for batch requests to avoid invalidated
|
|
139
|
-
# tokens returned to the client in case of race conditions.
|
|
140
|
-
# Use a blank string for the header to still be present and
|
|
141
|
-
# being passed in a XHR response in case of
|
|
142
|
-
# 304 Not Modified responses.
|
|
143
|
-
auth_header[DeviseTokenAuth.headers_names[:"access-token"]] = ' '
|
|
144
|
-
auth_header[DeviseTokenAuth.headers_names[:"expiry"]] = ' '
|
|
145
|
-
|
|
146
|
-
# update Authorization response header with new token
|
|
147
|
-
else
|
|
148
|
-
auth_header = @resource.create_new_auth_token(@client_id)
|
|
149
|
-
end
|
|
150
|
-
|
|
151
|
-
# update the response header
|
|
152
|
-
response.headers.merge!(auth_header)
|
|
153
|
-
|
|
154
|
-
end # end lock
|
|
155
|
-
end # end ensure_pristine_resource
|
|
119
|
+
unless @resource.reload.valid?
|
|
120
|
+
@resource = resource_class.find(@resource.to_param) # errors remain after reload
|
|
121
|
+
# if we left the model in a bad state, something is wrong in our app
|
|
122
|
+
unless @resource.valid?
|
|
123
|
+
raise DeviseTokenAuth::Errors::InvalidModel, "Cannot set auth token in invalid model. Errors: #{@resource.errors.full_messages}"
|
|
124
|
+
end
|
|
125
|
+
end
|
|
126
|
+
refresh_headers
|
|
156
127
|
end
|
|
157
|
-
|
|
158
128
|
end
|
|
159
129
|
|
|
160
130
|
private
|
|
161
131
|
|
|
132
|
+
def refresh_headers
|
|
133
|
+
ensure_pristine_resource do
|
|
134
|
+
# Lock the user record during any auth_header updates to ensure
|
|
135
|
+
# we don't have write contention from multiple threads
|
|
136
|
+
@resource.with_lock do
|
|
137
|
+
# should not append auth header if @resource related token was
|
|
138
|
+
# cleared by sign out in the meantime
|
|
139
|
+
return if @used_auth_by_token && @resource.tokens[@client_id].nil?
|
|
140
|
+
|
|
141
|
+
# update the response header
|
|
142
|
+
response.headers.merge!(auth_header_from_batch_request)
|
|
143
|
+
end # end lock
|
|
144
|
+
end # end ensure_pristine_resource
|
|
145
|
+
end
|
|
146
|
+
|
|
162
147
|
def is_batch_request?(user, client_id)
|
|
163
148
|
!params[:unbatch] &&
|
|
164
149
|
user.tokens[client_id] &&
|
|
165
150
|
user.tokens[client_id]['updated_at'] &&
|
|
166
151
|
Time.parse(user.tokens[client_id]['updated_at']) > @request_started_at - DeviseTokenAuth.batch_request_buffer_throttle
|
|
167
152
|
end
|
|
153
|
+
|
|
154
|
+
def auth_header_from_batch_request
|
|
155
|
+
# determine batch request status after request processing, in case
|
|
156
|
+
# another processes has updated it during that processing
|
|
157
|
+
@is_batch_request = is_batch_request?(@resource, @client_id)
|
|
158
|
+
|
|
159
|
+
auth_header = {}
|
|
160
|
+
# extend expiration of batch buffer to account for the duration of
|
|
161
|
+
# this request
|
|
162
|
+
if @is_batch_request
|
|
163
|
+
auth_header = @resource.extend_batch_buffer(@token, @client_id)
|
|
164
|
+
|
|
165
|
+
# Do not return token for batch requests to avoid invalidated
|
|
166
|
+
# tokens returned to the client in case of race conditions.
|
|
167
|
+
# Use a blank string for the header to still be present and
|
|
168
|
+
# being passed in a XHR response in case of
|
|
169
|
+
# 304 Not Modified responses.
|
|
170
|
+
auth_header[DeviseTokenAuth.headers_names[:"access-token"]] = ' '
|
|
171
|
+
auth_header[DeviseTokenAuth.headers_names[:"expiry"]] = ' '
|
|
172
|
+
else
|
|
173
|
+
# update Authorization response header with new token
|
|
174
|
+
auth_header = @resource.create_new_auth_token(@client_id)
|
|
175
|
+
end
|
|
176
|
+
auth_header
|
|
177
|
+
end
|
|
168
178
|
end
|
|
@@ -22,8 +22,15 @@ module DeviseTokenAuth
|
|
|
22
22
|
redirect_headers = build_redirect_headers(token,
|
|
23
23
|
client_id,
|
|
24
24
|
redirect_header_options)
|
|
25
|
-
|
|
26
|
-
|
|
25
|
+
|
|
26
|
+
# give redirect value from params priority
|
|
27
|
+
@redirect_url = params[:redirect_url]
|
|
28
|
+
|
|
29
|
+
# fall back to default value if provided
|
|
30
|
+
@redirect_url ||= DeviseTokenAuth.default_confirm_success_url
|
|
31
|
+
|
|
32
|
+
|
|
33
|
+
redirect_to(@resource.build_auth_url(@redirect_url, redirect_headers))
|
|
27
34
|
else
|
|
28
35
|
raise ActionController::RoutingError, 'Not Found'
|
|
29
36
|
end
|
|
@@ -24,7 +24,7 @@ module DeviseTokenAuth
|
|
|
24
24
|
if @resource && valid_params?(field, q_value) && (!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
|
|
25
25
|
valid_password = @resource.valid_password?(resource_params[:password])
|
|
26
26
|
if (@resource.respond_to?(:valid_for_authentication?) && !@resource.valid_for_authentication? { valid_password }) || !valid_password
|
|
27
|
-
|
|
27
|
+
return render_create_error_bad_credentials
|
|
28
28
|
end
|
|
29
29
|
@client_id, @token = @resource.create_token
|
|
30
30
|
@resource.save
|
data/config/locales/da-DK.yml
CHANGED
|
@@ -2,11 +2,11 @@ da-DK:
|
|
|
2
2
|
devise_token_auth:
|
|
3
3
|
sessions:
|
|
4
4
|
not_confirmed: "Der er sendt en bekræftelsesemail til din konto på '%{email}'. Følg venligst instruktionerne i emailen for at aktivere din konto."
|
|
5
|
-
bad_credentials: "
|
|
5
|
+
bad_credentials: "Ugyldig kombination af brugernavn og kodeord. Prøv venligst igen."
|
|
6
6
|
not_supported: "Brug POST /sign_in for at logge ind. GET er ikke supporteret."
|
|
7
7
|
user_not_found: "Brugeren er ikke fundet eller er ikke logget ind."
|
|
8
8
|
token_validations:
|
|
9
|
-
invalid: "
|
|
9
|
+
invalid: "Ugyldige legitimationsoplysninger."
|
|
10
10
|
registrations:
|
|
11
11
|
missing_confirm_success_url: "Der mangler et 'confirm_success_url' parameter."
|
|
12
12
|
redirect_url_not_allowed: "Omdirigering til '%{redirect_url}' er ikke tilladt."
|
|
@@ -21,7 +21,7 @@ da-DK:
|
|
|
21
21
|
sended: "En email er blevet sendt til '%{email}' med instruktioner for at nulstille dit kodeord."
|
|
22
22
|
user_not_found: "Kan ikke finde en bruger med '%{email}'."
|
|
23
23
|
password_not_required: "Denne bruger kræver ikke et kodeord. Log ind med '%{provider}' konto i stedet."
|
|
24
|
-
missing_passwords: "Du skal
|
|
24
|
+
missing_passwords: "Du skal udfylde både kodeord og bekræftelse af kodeord."
|
|
25
25
|
successfully_updated: "Dit kodeord er opdateret."
|
|
26
26
|
unlocks:
|
|
27
27
|
missing_email: "Du skal udfylde en email."
|
|
@@ -35,15 +35,15 @@ da-DK:
|
|
|
35
35
|
devise:
|
|
36
36
|
mailer:
|
|
37
37
|
confirmation_instructions:
|
|
38
|
-
confirm_link_msg: "Du kan bekræfte din
|
|
38
|
+
confirm_link_msg: "Du kan bekræfte din kontos email gennem linket herunder:"
|
|
39
39
|
confirm_account_link: "Bekræft min konto"
|
|
40
40
|
reset_password_instructions:
|
|
41
|
-
request_reset_link_msg: "
|
|
42
|
-
password_change_link: "
|
|
41
|
+
request_reset_link_msg: "Nogen har anmodet om et link til at ændre dit kodeord. Det kan du gøre via linket nedenfor."
|
|
42
|
+
password_change_link: "Skift mit kodeord."
|
|
43
43
|
ignore_mail_msg: "Hvis du ikke anmodede om dette, ignorer venligst denne email."
|
|
44
|
-
no_changes_msg: "
|
|
44
|
+
no_changes_msg: "Dit kodeord ændres først når du følger linket ovenfor og skaber et nyt."
|
|
45
45
|
unlock_instructions:
|
|
46
|
-
account_lock_msg: "Din konto er blevet låst fordi der
|
|
46
|
+
account_lock_msg: "Din konto er blevet låst fordi der har været for mange ugyldige log ind-forsøg."
|
|
47
47
|
unlock_link_msg: "Klik linket nedenfor, for at låse din konto op:"
|
|
48
48
|
unlock_link: "Lås min konto op"
|
|
49
49
|
hello: "hej"
|
|
@@ -45,6 +45,19 @@ class DeviseTokenAuth::TokenValidationsControllerTest < ActionDispatch::Integrat
|
|
|
45
45
|
end
|
|
46
46
|
end
|
|
47
47
|
|
|
48
|
+
describe 'with invalid user' do
|
|
49
|
+
before do
|
|
50
|
+
@resource.update_column :email, 'invalid'
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
test 'request should raise invalid model error' do
|
|
54
|
+
error = assert_raises DeviseTokenAuth::Errors::InvalidModel do
|
|
55
|
+
get '/auth/validate_token', params: {}, headers: @auth_headers
|
|
56
|
+
end
|
|
57
|
+
assert_equal(error.message, "Cannot set auth token in invalid model. Errors: [\"Email is not an email\"]")
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
48
61
|
describe 'failure' do
|
|
49
62
|
before do
|
|
50
63
|
get '/api/v1/auth/validate_token',
|
|
@@ -1,11 +1,9 @@
|
|
|
1
|
-
|
|
2
|
-
# Include default devise modules.
|
|
3
|
-
devise :database_authenticatable, :registerable,
|
|
4
|
-
:recoverable, :rememberable, :trackable, :validatable,
|
|
5
|
-
:confirmable, :omniauthable
|
|
6
|
-
include DeviseTokenAuth::Concerns::User
|
|
1
|
+
# frozen_string_literal: true
|
|
7
2
|
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
3
|
+
class User < ActiveRecord::Base
|
|
4
|
+
# Include default devise modules. Others available are:
|
|
5
|
+
# :confirmable, :lockable, :timeoutable and :omniauthable
|
|
6
|
+
devise :database_authenticatable, :registerable,
|
|
7
|
+
:recoverable, :rememberable, :trackable, :validatable
|
|
8
|
+
include DeviseTokenAuth::Concerns::User
|
|
9
|
+
end
|
|
File without changes
|
metadata
CHANGED
|
@@ -1,19 +1,22 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_token_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.0.
|
|
4
|
+
version: 1.0.0.rc2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Lynn Hurley
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-09-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: 4.2.0
|
|
17
20
|
- - "<"
|
|
18
21
|
- !ruby/object:Gem::Version
|
|
19
22
|
version: '6'
|
|
@@ -21,6 +24,9 @@ dependencies:
|
|
|
21
24
|
prerelease: false
|
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
26
|
requirements:
|
|
27
|
+
- - ">="
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: 4.2.0
|
|
24
30
|
- - "<"
|
|
25
31
|
- !ruby/object:Gem::Version
|
|
26
32
|
version: '6'
|
|
@@ -33,7 +39,7 @@ dependencies:
|
|
|
33
39
|
version: 3.5.2
|
|
34
40
|
- - "<"
|
|
35
41
|
- !ruby/object:Gem::Version
|
|
36
|
-
version: '4.
|
|
42
|
+
version: '4.6'
|
|
37
43
|
type: :runtime
|
|
38
44
|
prerelease: false
|
|
39
45
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -43,7 +49,7 @@ dependencies:
|
|
|
43
49
|
version: 3.5.2
|
|
44
50
|
- - "<"
|
|
45
51
|
- !ruby/object:Gem::Version
|
|
46
|
-
version: '4.
|
|
52
|
+
version: '4.6'
|
|
47
53
|
- !ruby/object:Gem::Dependency
|
|
48
54
|
name: appraisal
|
|
49
55
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -247,7 +253,8 @@ files:
|
|
|
247
253
|
- test/dummy/lib/migration_database_helper.rb
|
|
248
254
|
- test/dummy/tmp/generators/app/models/user.rb
|
|
249
255
|
- test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
|
|
250
|
-
- test/dummy/tmp/generators/
|
|
256
|
+
- test/dummy/tmp/generators/config/routes.rb
|
|
257
|
+
- test/dummy/tmp/generators/db/migrate/20180920132503_devise_token_auth_create_users.rb
|
|
251
258
|
- test/factories/users.rb
|
|
252
259
|
- test/lib/devise_token_auth/url_test.rb
|
|
253
260
|
- test/lib/generators/devise_token_auth/install_generator_test.rb
|
|
@@ -269,7 +276,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
269
276
|
requirements:
|
|
270
277
|
- - ">="
|
|
271
278
|
- !ruby/object:Gem::Version
|
|
272
|
-
version:
|
|
279
|
+
version: 2.2.0
|
|
273
280
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
274
281
|
requirements:
|
|
275
282
|
- - ">"
|
|
@@ -342,8 +349,9 @@ test_files:
|
|
|
342
349
|
- test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb
|
|
343
350
|
- test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb
|
|
344
351
|
- test/dummy/tmp/generators/app/models/user.rb
|
|
352
|
+
- test/dummy/tmp/generators/config/routes.rb
|
|
345
353
|
- test/dummy/tmp/generators/config/initializers/devise_token_auth.rb
|
|
346
|
-
- test/dummy/tmp/generators/db/migrate/
|
|
354
|
+
- test/dummy/tmp/generators/db/migrate/20180920132503_devise_token_auth_create_users.rb
|
|
347
355
|
- test/dummy/README.rdoc
|
|
348
356
|
- test/models/only_email_user_test.rb
|
|
349
357
|
- test/models/user_test.rb
|