devise_token_auth_multitenancy 1.1.3.alpha1 → 1.1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/devise_token_auth/concerns/resource_finder.rb +2 -6
- data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +1 -1
- data/app/controllers/devise_token_auth/confirmations_controller.rb +1 -1
- data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +1 -1
- data/lib/devise_token_auth/engine.rb +5 -1
- data/lib/devise_token_auth/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9f940e116f3fdd07602f3d7003fc16fe58b0094d5ef82409bd8f573df191704a
|
4
|
+
data.tar.gz: 201a15e02f827171b3e82cfe2c919df345b40e78c8b9f43fa420f66344e2f7d8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b27b3d4fa8873b5f8aa6a19ec4dc324206fa4813888162c7f35357340d8af21ee704c025c8fb78fe263b70813ada624b9e32d9bd09e2e4e8ca6b5b73ab3b4b39
|
7
|
+
data.tar.gz: 2e18d3a5cd4bdf14a6022772284b85505949a97b204924652b2d6fa7bd9eeba000dddb8164ecb251a7b9073c936d09987f1ef9ed0178f3334ebedd0ae2a8c647
|
@@ -20,12 +20,8 @@ module DeviseTokenAuth::Concerns::ResourceFinder
|
|
20
20
|
end
|
21
21
|
|
22
22
|
def find_resource(field, value)
|
23
|
-
|
24
|
-
|
25
|
-
resource_class.where("BINARY #{field} = ? AND provider= ?", value, provider).first
|
26
|
-
else
|
27
|
-
resource_class.dta_find_by(field => value, 'provider' => provider)
|
28
|
-
end
|
23
|
+
attrs = { field => value, 'provider' => provider }
|
24
|
+
@resource = resource_class.dta_find_by(attrs, self.instance_eval(&DeviseTokenAuth.multitenancy_finder_params))
|
29
25
|
end
|
30
26
|
|
31
27
|
def resource_class(m = nil)
|
@@ -66,7 +66,7 @@ module DeviseTokenAuth::Concerns::SetUserByToken
|
|
66
66
|
end
|
67
67
|
|
68
68
|
# mitigate timing attacks by finding by uid instead of auth token
|
69
|
-
user = uid && rc.dta_find_by(uid: uid)
|
69
|
+
user = uid && rc.dta_find_by({uid: uid}, self.instance_eval(&DeviseTokenAuth.multitenancy_finder_params))
|
70
70
|
scope = rc.to_s.underscore.to_sym
|
71
71
|
|
72
72
|
if user && user.valid_token?(@token.token, @token.client)
|
@@ -35,7 +35,7 @@ module DeviseTokenAuth
|
|
35
35
|
|
36
36
|
@email = get_case_insensitive_field_from_resource_params(:email)
|
37
37
|
|
38
|
-
@resource = resource_class.dta_find_by(uid: @email, provider: provider)
|
38
|
+
@resource = resource_class.dta_find_by({uid: @email, provider: provider}, self.instance_eval(&DeviseTokenAuth.multitenancy_finder_params))
|
39
39
|
|
40
40
|
return render_not_found_error unless @resource
|
41
41
|
|
@@ -9,7 +9,7 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
|
|
9
9
|
validates_presence_of :uid, unless: :email_provider?
|
10
10
|
|
11
11
|
# only validate unique emails among email registration users
|
12
|
-
validates :email, uniqueness: { case_sensitive: false, scope: :provider }, on: :create, if: :email_provider?
|
12
|
+
validates :email, uniqueness: { case_sensitive: false, scope: [ :provider ] + DeviseTokenAuth.multitenancy_scope_fields }, on: :create, if: :email_provider?
|
13
13
|
|
14
14
|
# keep uid in sync with email
|
15
15
|
before_save :sync_uid
|
@@ -27,7 +27,9 @@ module DeviseTokenAuth
|
|
27
27
|
:headers_names,
|
28
28
|
:bypass_sign_in,
|
29
29
|
:send_confirmation_email,
|
30
|
-
:require_client_password_reset_token
|
30
|
+
:require_client_password_reset_token,
|
31
|
+
:multitenancy_scope_fields,
|
32
|
+
:multitenancy_finder_params
|
31
33
|
|
32
34
|
self.change_headers_on_each_request = true
|
33
35
|
self.max_number_of_devices = 10
|
@@ -50,6 +52,8 @@ module DeviseTokenAuth
|
|
50
52
|
self.bypass_sign_in = true
|
51
53
|
self.send_confirmation_email = false
|
52
54
|
self.require_client_password_reset_token = false
|
55
|
+
self.multitenancy_scope_fields = []
|
56
|
+
self.multitenancy_finder_params = lambda { return {} }
|
53
57
|
|
54
58
|
def self.setup(&block)
|
55
59
|
yield self
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_token_auth_multitenancy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.3.
|
4
|
+
version: 1.1.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Lynn Hurley
|
@@ -365,9 +365,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
365
365
|
version: 2.2.0
|
366
366
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
367
367
|
requirements:
|
368
|
-
- - "
|
368
|
+
- - ">="
|
369
369
|
- !ruby/object:Gem::Version
|
370
|
-
version:
|
370
|
+
version: '0'
|
371
371
|
requirements: []
|
372
372
|
rubygems_version: 3.0.6
|
373
373
|
signing_key:
|