devise_token_auth_multitenancy 1.1.3.alpha1 → 1.1.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +2 -6
  3. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +1 -1
  4. data/app/controllers/devise_token_auth/confirmations_controller.rb +1 -1
  5. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +1 -1
  6. data/lib/devise_token_auth/engine.rb +5 -1
  7. data/lib/devise_token_auth/version.rb +1 -1
  8. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a2629c625678b6fe3183a4911f62928760efb42e3dbc8ba0d3d0ad683f16ed53
4
- data.tar.gz: 11e0d389391f5e9b10c91f8ea40de6d1c47d522da183c7985772b1d7a802849f
3
+ metadata.gz: 9f940e116f3fdd07602f3d7003fc16fe58b0094d5ef82409bd8f573df191704a
4
+ data.tar.gz: 201a15e02f827171b3e82cfe2c919df345b40e78c8b9f43fa420f66344e2f7d8
5
5
  SHA512:
6
- metadata.gz: 72539e4fb0909287d245e12c4eb969a5ab3c7d725d635e3aed294eb0e9aa5f3f16c9e8071cf35217b6fc00f243d028e49818b5c29d7fb629c61fb9237b856b6d
7
- data.tar.gz: 5de4ac336c727ee7bcdd338b243526c2701ed50a6ecdd488bcfbce3012f62b4a6f80e54ba085faf7aa3097fb71ee06c4722ac92d78cb173788781deeda20a00b
6
+ metadata.gz: b27b3d4fa8873b5f8aa6a19ec4dc324206fa4813888162c7f35357340d8af21ee704c025c8fb78fe263b70813ada624b9e32d9bd09e2e4e8ca6b5b73ab3b4b39
7
+ data.tar.gz: 2e18d3a5cd4bdf14a6022772284b85505949a97b204924652b2d6fa7bd9eeba000dddb8164ecb251a7b9073c936d09987f1ef9ed0178f3334ebedd0ae2a8c647
data/app/controllers/devise_token_auth/concerns/resource_finder.rb CHANGED
@@ -20,12 +20,8 @@ module DeviseTokenAuth::Concerns::ResourceFinder
20
20
  end
21
21
 
22
22
  def find_resource(field, value)
23
- @resource = if resource_class.try(:connection_config).try(:[], :adapter).try(:include?, 'mysql')
24
- # fix for mysql default case insensitivity
25
- resource_class.where("BINARY #{field} = ? AND provider= ?", value, provider).first
26
- else
27
- resource_class.dta_find_by(field => value, 'provider' => provider)
28
- end
23
+ attrs = { field => value, 'provider' => provider }
24
+ @resource = resource_class.dta_find_by(attrs, self.instance_eval(&DeviseTokenAuth.multitenancy_finder_params))
29
25
  end
30
26
 
31
27
  def resource_class(m = nil)
data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb CHANGED
@@ -66,7 +66,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
66
66
  end
67
67
 
68
68
  # mitigate timing attacks by finding by uid instead of auth token
69
- user = uid && rc.dta_find_by(uid: uid)
69
+ user = uid && rc.dta_find_by({uid: uid}, self.instance_eval(&DeviseTokenAuth.multitenancy_finder_params))
70
70
  scope = rc.to_s.underscore.to_sym
71
71
 
72
72
  if user && user.valid_token?(@token.token, @token.client)
data/app/controllers/devise_token_auth/confirmations_controller.rb CHANGED
@@ -35,7 +35,7 @@ module DeviseTokenAuth
35
35
 
36
36
  @email = get_case_insensitive_field_from_resource_params(:email)
37
37
 
38
- @resource = resource_class.dta_find_by(uid: @email, provider: provider)
38
+ @resource = resource_class.dta_find_by({uid: @email, provider: provider}, self.instance_eval(&DeviseTokenAuth.multitenancy_finder_params))
39
39
 
40
40
  return render_not_found_error unless @resource
41
41
 
data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb CHANGED
@@ -9,7 +9,7 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
9
9
  validates_presence_of :uid, unless: :email_provider?
10
10
 
11
11
  # only validate unique emails among email registration users
12
- validates :email, uniqueness: { case_sensitive: false, scope: :provider }, on: :create, if: :email_provider?
12
+ validates :email, uniqueness: { case_sensitive: false, scope: [ :provider ] + DeviseTokenAuth.multitenancy_scope_fields }, on: :create, if: :email_provider?
13
13
 
14
14
  # keep uid in sync with email
15
15
  before_save :sync_uid
data/lib/devise_token_auth/engine.rb CHANGED
@@ -27,7 +27,9 @@ module DeviseTokenAuth
27
27
  :headers_names,
28
28
  :bypass_sign_in,
29
29
  :send_confirmation_email,
30
- :require_client_password_reset_token
30
+ :require_client_password_reset_token,
31
+ :multitenancy_scope_fields,
32
+ :multitenancy_finder_params
31
33
 
32
34
  self.change_headers_on_each_request = true
33
35
  self.max_number_of_devices = 10
@@ -50,6 +52,8 @@ module DeviseTokenAuth
50
52
  self.bypass_sign_in = true
51
53
  self.send_confirmation_email = false
52
54
  self.require_client_password_reset_token = false
55
+ self.multitenancy_scope_fields = []
56
+ self.multitenancy_finder_params = lambda { return {} }
53
57
 
54
58
  def self.setup(&block)
55
59
  yield self
data/lib/devise_token_auth/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module DeviseTokenAuth
4
- VERSION = '1.1.3.alpha1'.freeze
4
+ VERSION = '1.1.3.1'.freeze
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_token_auth_multitenancy
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.3.alpha1
4
+ version: 1.1.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Lynn Hurley
@@ -365,9 +365,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
365
365
  version: 2.2.0
366
366
  required_rubygems_version: !ruby/object:Gem::Requirement
367
367
  requirements:
368
- - - ">"
368
+ - - ">="
369
369
  - !ruby/object:Gem::Version
370
- version: 1.3.1
370
+ version: '0'
371
371
  requirements: []
372
372
  rubygems_version: 3.0.6
373
373
  signing_key: