digix_devise_token_auth 0.1.44

Sign up to get free protection for your applications and to get access to all the features.
Files changed (149) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +13 -0
  3. data/README.md +952 -0
  4. data/Rakefile +35 -0
  5. data/app/controllers/devise_token_auth/application_controller.rb +76 -0
  6. data/app/controllers/devise_token_auth/concerns/resource_finder.rb +43 -0
  7. data/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +165 -0
  8. data/app/controllers/devise_token_auth/confirmations_controller.rb +30 -0
  9. data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +243 -0
  10. data/app/controllers/devise_token_auth/passwords_controller.rb +202 -0
  11. data/app/controllers/devise_token_auth/registrations_controller.rb +205 -0
  12. data/app/controllers/devise_token_auth/sessions_controller.rb +133 -0
  13. data/app/controllers/devise_token_auth/token_validations_controller.rb +29 -0
  14. data/app/controllers/devise_token_auth/unlocks_controller.rb +89 -0
  15. data/app/models/devise_token_auth/concerns/user.rb +260 -0
  16. data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +26 -0
  17. data/app/validators/email_validator.rb +21 -0
  18. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  19. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  20. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  21. data/app/views/devise_token_auth/omniauth_external_window.html.erb +38 -0
  22. data/config/initializers/devise.rb +196 -0
  23. data/config/locales/da-DK.yml +50 -0
  24. data/config/locales/de.yml +49 -0
  25. data/config/locales/en.yml +50 -0
  26. data/config/locales/es.yml +49 -0
  27. data/config/locales/fr.yml +49 -0
  28. data/config/locales/it.yml +46 -0
  29. data/config/locales/ja.yml +46 -0
  30. data/config/locales/nl.yml +30 -0
  31. data/config/locales/pl.yml +48 -0
  32. data/config/locales/pt-BR.yml +46 -0
  33. data/config/locales/pt.yml +48 -0
  34. data/config/locales/ro.yml +46 -0
  35. data/config/locales/ru.yml +50 -0
  36. data/config/locales/sq.yml +46 -0
  37. data/config/locales/uk.yml +59 -0
  38. data/config/locales/vi.yml +50 -0
  39. data/config/locales/zh-CN.yml +46 -0
  40. data/config/locales/zh-HK.yml +48 -0
  41. data/config/locales/zh-TW.yml +48 -0
  42. data/lib/devise_token_auth.rb +8 -0
  43. data/lib/devise_token_auth/controllers/helpers.rb +149 -0
  44. data/lib/devise_token_auth/controllers/url_helpers.rb +8 -0
  45. data/lib/devise_token_auth/engine.rb +90 -0
  46. data/lib/devise_token_auth/rails/routes.rb +114 -0
  47. data/lib/devise_token_auth/url.rb +37 -0
  48. data/lib/devise_token_auth/version.rb +3 -0
  49. data/lib/generators/devise_token_auth/USAGE +31 -0
  50. data/lib/generators/devise_token_auth/install_generator.rb +160 -0
  51. data/lib/generators/devise_token_auth/install_views_generator.rb +16 -0
  52. data/lib/generators/devise_token_auth/templates/devise_token_auth.rb +48 -0
  53. data/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +55 -0
  54. data/lib/generators/devise_token_auth/templates/user.rb +7 -0
  55. data/lib/tasks/devise_token_auth_tasks.rake +4 -0
  56. data/test/controllers/custom/custom_confirmations_controller_test.rb +21 -0
  57. data/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +29 -0
  58. data/test/controllers/custom/custom_passwords_controller_test.rb +75 -0
  59. data/test/controllers/custom/custom_registrations_controller_test.rb +54 -0
  60. data/test/controllers/custom/custom_sessions_controller_test.rb +37 -0
  61. data/test/controllers/custom/custom_token_validations_controller_test.rb +40 -0
  62. data/test/controllers/demo_group_controller_test.rb +153 -0
  63. data/test/controllers/demo_mang_controller_test.rb +284 -0
  64. data/test/controllers/demo_user_controller_test.rb +601 -0
  65. data/test/controllers/devise_token_auth/confirmations_controller_test.rb +129 -0
  66. data/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +371 -0
  67. data/test/controllers/devise_token_auth/passwords_controller_test.rb +649 -0
  68. data/test/controllers/devise_token_auth/registrations_controller_test.rb +878 -0
  69. data/test/controllers/devise_token_auth/sessions_controller_test.rb +500 -0
  70. data/test/controllers/devise_token_auth/token_validations_controller_test.rb +90 -0
  71. data/test/controllers/devise_token_auth/unlocks_controller_test.rb +194 -0
  72. data/test/controllers/overrides/confirmations_controller_test.rb +43 -0
  73. data/test/controllers/overrides/omniauth_callbacks_controller_test.rb +49 -0
  74. data/test/controllers/overrides/passwords_controller_test.rb +66 -0
  75. data/test/controllers/overrides/registrations_controller_test.rb +40 -0
  76. data/test/controllers/overrides/sessions_controller_test.rb +33 -0
  77. data/test/controllers/overrides/token_validations_controller_test.rb +41 -0
  78. data/test/dummy/README.rdoc +28 -0
  79. data/test/dummy/app/controllers/application_controller.rb +16 -0
  80. data/test/dummy/app/controllers/auth_origin_controller.rb +5 -0
  81. data/test/dummy/app/controllers/custom/confirmations_controller.rb +13 -0
  82. data/test/dummy/app/controllers/custom/omniauth_callbacks_controller.rb +11 -0
  83. data/test/dummy/app/controllers/custom/passwords_controller.rb +40 -0
  84. data/test/dummy/app/controllers/custom/registrations_controller.rb +39 -0
  85. data/test/dummy/app/controllers/custom/sessions_controller.rb +29 -0
  86. data/test/dummy/app/controllers/custom/token_validations_controller.rb +19 -0
  87. data/test/dummy/app/controllers/demo_group_controller.rb +13 -0
  88. data/test/dummy/app/controllers/demo_mang_controller.rb +12 -0
  89. data/test/dummy/app/controllers/demo_user_controller.rb +25 -0
  90. data/test/dummy/app/controllers/overrides/confirmations_controller.rb +26 -0
  91. data/test/dummy/app/controllers/overrides/omniauth_callbacks_controller.rb +14 -0
  92. data/test/dummy/app/controllers/overrides/passwords_controller.rb +33 -0
  93. data/test/dummy/app/controllers/overrides/registrations_controller.rb +27 -0
  94. data/test/dummy/app/controllers/overrides/sessions_controller.rb +36 -0
  95. data/test/dummy/app/controllers/overrides/token_validations_controller.rb +23 -0
  96. data/test/dummy/app/helpers/application_helper.rb +1065 -0
  97. data/test/dummy/app/models/evil_user.rb +3 -0
  98. data/test/dummy/app/models/lockable_user.rb +5 -0
  99. data/test/dummy/app/models/mang.rb +3 -0
  100. data/test/dummy/app/models/nice_user.rb +7 -0
  101. data/test/dummy/app/models/only_email_user.rb +5 -0
  102. data/test/dummy/app/models/scoped_user.rb +7 -0
  103. data/test/dummy/app/models/unconfirmable_user.rb +8 -0
  104. data/test/dummy/app/models/unregisterable_user.rb +7 -0
  105. data/test/dummy/app/models/user.rb +18 -0
  106. data/test/dummy/app/views/layouts/application.html.erb +14 -0
  107. data/test/dummy/config.ru +16 -0
  108. data/test/dummy/config/application.rb +24 -0
  109. data/test/dummy/config/application.yml.bk +0 -0
  110. data/test/dummy/config/boot.rb +5 -0
  111. data/test/dummy/config/environment.rb +5 -0
  112. data/test/dummy/config/environments/development.rb +44 -0
  113. data/test/dummy/config/environments/production.rb +82 -0
  114. data/test/dummy/config/environments/test.rb +48 -0
  115. data/test/dummy/config/initializers/assets.rb +8 -0
  116. data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
  117. data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
  118. data/test/dummy/config/initializers/devise.rb +3 -0
  119. data/test/dummy/config/initializers/devise_token_auth.rb +22 -0
  120. data/test/dummy/config/initializers/figaro.rb +1 -0
  121. data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
  122. data/test/dummy/config/initializers/inflections.rb +16 -0
  123. data/test/dummy/config/initializers/mime_types.rb +4 -0
  124. data/test/dummy/config/initializers/omniauth.rb +8 -0
  125. data/test/dummy/config/initializers/session_store.rb +3 -0
  126. data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
  127. data/test/dummy/config/routes.rb +72 -0
  128. data/test/dummy/config/spring.rb +1 -0
  129. data/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +63 -0
  130. data/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +62 -0
  131. data/test/dummy/db/migrate/20140829044006_add_operating_thetan_to_user.rb +6 -0
  132. data/test/dummy/db/migrate/20140916224624_add_favorite_color_to_mangs.rb +5 -0
  133. data/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +64 -0
  134. data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb +60 -0
  135. data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +61 -0
  136. data/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +61 -0
  137. data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +61 -0
  138. data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +61 -0
  139. data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb +61 -0
  140. data/test/dummy/db/schema.rb +258 -0
  141. data/test/dummy/lib/migration_database_helper.rb +29 -0
  142. data/test/integration/navigation_test.rb +10 -0
  143. data/test/lib/devise_token_auth/url_test.rb +24 -0
  144. data/test/lib/generators/devise_token_auth/install_generator_test.rb +187 -0
  145. data/test/lib/generators/devise_token_auth/install_views_generator_test.rb +23 -0
  146. data/test/models/only_email_user_test.rb +35 -0
  147. data/test/models/user_test.rb +169 -0
  148. data/test/test_helper.rb +77 -0
  149. metadata +342 -0
@@ -0,0 +1,202 @@
1
+ module DeviseTokenAuth
2
+ class PasswordsController < DeviseTokenAuth::ApplicationController
3
+ before_action :set_user_by_token, :only => [:update]
4
+ skip_after_action :update_auth_header, :only => [:create, :edit]
5
+
6
+ # this action is responsible for generating password reset tokens and
7
+ # sending emails
8
+ def create
9
+ unless resource_params[:email]
10
+ return render_create_error_missing_email
11
+ end
12
+
13
+ # give redirect value from params priority
14
+ @redirect_url = params[:redirect_url]
15
+
16
+ # fall back to default value if provided
17
+ @redirect_url ||= DeviseTokenAuth.default_password_reset_url
18
+
19
+ unless @redirect_url
20
+ return render_create_error_missing_redirect_url
21
+ end
22
+
23
+ # if whitelist is set, validate redirect_url against whitelist
24
+ if DeviseTokenAuth.redirect_whitelist
25
+ unless DeviseTokenAuth::Url.whitelisted?(@redirect_url)
26
+ return render_create_error_not_allowed_redirect_url
27
+ end
28
+ end
29
+
30
+ @email = get_case_insensitive_field_from_resource_params(:email)
31
+ @resource = find_resource(:uid, @email)
32
+
33
+ if @resource
34
+ yield @resource if block_given?
35
+ @resource.send_reset_password_instructions({
36
+ email: @email,
37
+ provider: 'email',
38
+ redirect_url: @redirect_url,
39
+ client_config: params[:config_name]
40
+ })
41
+
42
+ if @resource.errors.empty?
43
+ return render_create_success
44
+ else
45
+ render_create_error @resource.errors
46
+ end
47
+ else
48
+ render_not_found_error
49
+ end
50
+ end
51
+
52
+ # this is where users arrive after visiting the password reset confirmation link
53
+ def edit
54
+ # if a user is not found, return nil
55
+ @resource = with_reset_password_token(resource_params[:reset_password_token])
56
+
57
+ if @resource && @resource.reset_password_period_valid?
58
+ client_id, token = @resource.create_token
59
+
60
+ # ensure that user is confirmed
61
+ @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at
62
+
63
+ # allow user to change password once without current_password
64
+ @resource.allow_password_change = true if recoverable_enabled?
65
+
66
+ @resource.save!
67
+
68
+ yield @resource if block_given?
69
+
70
+ redirect_header_options = {reset_password: true}
71
+ redirect_headers = build_redirect_headers(token,
72
+ client_id,
73
+ redirect_header_options)
74
+ redirect_to(@resource.build_auth_url(params[:redirect_url],
75
+ redirect_headers))
76
+ else
77
+ render_edit_error
78
+ end
79
+ end
80
+
81
+ def update
82
+ # make sure user is authorized
83
+ unless @resource
84
+ return render_update_error_unauthorized
85
+ end
86
+
87
+ # make sure account doesn't use oauth2 provider
88
+ unless @resource.provider == 'email'
89
+ return render_update_error_password_not_required
90
+ end
91
+
92
+ # ensure that password params were sent
93
+ unless password_resource_params[:password] && password_resource_params[:password_confirmation]
94
+ return render_update_error_missing_password
95
+ end
96
+
97
+ if @resource.send(resource_update_method, password_resource_params)
98
+ @resource.allow_password_change = false if recoverable_enabled?
99
+ @resource.save!
100
+
101
+ yield @resource if block_given?
102
+ return render_update_success
103
+ else
104
+ return render_update_error
105
+ end
106
+ end
107
+
108
+ protected
109
+
110
+ def resource_update_method
111
+ allow_password_change = recoverable_enabled? && @resource.allow_password_change == true
112
+ if DeviseTokenAuth.check_current_password_before_update == false || allow_password_change
113
+ "update_attributes"
114
+ else
115
+ "update_with_password"
116
+ end
117
+ end
118
+
119
+ def render_create_error_missing_email
120
+ render_error(401, I18n.t("devise_token_auth.passwords.missing_email"))
121
+ end
122
+
123
+ def render_create_error_missing_redirect_url
124
+ render_error(401, I18n.t("devise_token_auth.passwords.missing_redirect_url"))
125
+ end
126
+
127
+ def render_create_error_not_allowed_redirect_url
128
+ response = {
129
+ status: 'error',
130
+ data: resource_data
131
+ }
132
+ message = I18n.t("devise_token_auth.passwords.not_allowed_redirect_url", redirect_url: @redirect_url)
133
+ render_error(422, message, response)
134
+ end
135
+
136
+ def render_create_success
137
+ render json: {
138
+ success: true,
139
+ message: I18n.t("devise_token_auth.passwords.sended", email: @email)
140
+ }
141
+ end
142
+
143
+ def render_create_error(errors)
144
+ render json: {
145
+ success: false,
146
+ errors: errors,
147
+ }, status: 400
148
+ end
149
+
150
+ def render_edit_error
151
+ raise ActionController::RoutingError.new('Not Found')
152
+ end
153
+
154
+ def render_update_error_unauthorized
155
+ render_error(401, 'Unauthorized')
156
+ end
157
+
158
+ def render_update_error_password_not_required
159
+ render_error(422, I18n.t("devise_token_auth.passwords.password_not_required", provider: @resource.provider.humanize))
160
+ end
161
+
162
+ def render_update_error_missing_password
163
+ render_error(422, I18n.t("devise_token_auth.passwords.missing_passwords"))
164
+ end
165
+
166
+ def render_update_success
167
+ render json: {
168
+ success: true,
169
+ data: resource_data,
170
+ message: I18n.t("devise_token_auth.passwords.successfully_updated")
171
+ }
172
+ end
173
+
174
+ def render_update_error
175
+ return render json: {
176
+ success: false,
177
+ errors: resource_errors
178
+ }, status: 422
179
+ end
180
+
181
+ private
182
+
183
+ def resource_params
184
+ params.permit(:email, :reset_password_token)
185
+ end
186
+
187
+ def password_resource_params
188
+ params.permit(*params_for_resource(:account_update))
189
+ end
190
+
191
+ def with_reset_password_token token
192
+ recoverable = resource_class.with_reset_password_token(token)
193
+
194
+ recoverable.reset_password_token = token if recoverable && recoverable.reset_password_token.present?
195
+ recoverable
196
+ end
197
+
198
+ def render_not_found_error
199
+ render_error(404, I18n.t("devise_token_auth.passwords.user_not_found", email: @email))
200
+ end
201
+ end
202
+ end
@@ -0,0 +1,205 @@
1
+ module DeviseTokenAuth
2
+ class RegistrationsController < DeviseTokenAuth::ApplicationController
3
+ before_action :set_user_by_token, only: [:destroy, :update]
4
+ before_action :validate_sign_up_params, only: :create
5
+ before_action :validate_account_update_params, only: :update
6
+ skip_after_action :update_auth_header, only: [:create, :destroy]
7
+
8
+ def create
9
+ @resource = resource_class.new(sign_up_params.except(:confirm_success_url))
10
+ @resource.provider = provider
11
+
12
+ # honor devise configuration for case_insensitive_keys
13
+ if resource_class.case_insensitive_keys.include?(:email)
14
+ @resource.email = sign_up_params[:email].try :downcase
15
+ else
16
+ @resource.email = sign_up_params[:email]
17
+ end
18
+
19
+ # give redirect value from params priority
20
+ @redirect_url = sign_up_params[:confirm_success_url]
21
+
22
+ # fall back to default value if provided
23
+ @redirect_url ||= DeviseTokenAuth.default_confirm_success_url
24
+
25
+ # success redirect url is required
26
+ if confirmable_enabled? && !@redirect_url
27
+ return render_create_error_missing_confirm_success_url
28
+ end
29
+
30
+ # if whitelist is set, validate redirect_url against whitelist
31
+ if DeviseTokenAuth.redirect_whitelist
32
+ unless DeviseTokenAuth::Url.whitelisted?(@redirect_url)
33
+ return render_create_error_redirect_url_not_allowed
34
+ end
35
+ end
36
+
37
+ begin
38
+ # override email confirmation, must be sent manually from ctrl
39
+ resource_class.set_callback("create", :after, :send_on_create_confirmation_instructions)
40
+ resource_class.skip_callback("create", :after, :send_on_create_confirmation_instructions)
41
+ if @resource.respond_to? :skip_confirmation_notification!
42
+ # Fix duplicate e-mails by disabling Devise confirmation e-mail
43
+ @resource.skip_confirmation_notification!
44
+ end
45
+ if @resource.save
46
+ yield @resource if block_given?
47
+
48
+ unless @resource.confirmed?
49
+ # user will require email authentication
50
+ @resource.send_confirmation_instructions({
51
+ client_config: params[:config_name],
52
+ redirect_url: @redirect_url
53
+ })
54
+
55
+ else
56
+ # email auth has been bypassed, authenticate user
57
+ @client_id, @token = @resource.create_token
58
+
59
+ @resource.save!
60
+
61
+ update_auth_header
62
+ end
63
+ render_create_success
64
+ else
65
+ clean_up_passwords @resource
66
+ render_create_error
67
+ end
68
+ rescue ActiveRecord::RecordNotUnique
69
+ clean_up_passwords @resource
70
+ render_create_error_email_already_exists
71
+ end
72
+ end
73
+
74
+ def update
75
+ if @resource
76
+ if @resource.send(resource_update_method, account_update_params)
77
+ yield @resource if block_given?
78
+ render_update_success
79
+ else
80
+ render_update_error
81
+ end
82
+ else
83
+ render_update_error_user_not_found
84
+ end
85
+ end
86
+
87
+ def destroy
88
+ if @resource
89
+ @resource.destroy
90
+ yield @resource if block_given?
91
+
92
+ render_destroy_success
93
+ else
94
+ render_destroy_error
95
+ end
96
+ end
97
+
98
+ def sign_up_params
99
+ params.permit([*params_for_resource(:sign_up), :confirm_success_url])
100
+ end
101
+
102
+ def account_update_params
103
+ params.permit(*params_for_resource(:account_update))
104
+ end
105
+
106
+ protected
107
+
108
+ def render_create_error_missing_confirm_success_url
109
+ response = {
110
+ status: 'error',
111
+ data: resource_data
112
+ }
113
+ message = I18n.t('devise_token_auth.registrations.missing_confirm_success_url')
114
+ render_error(422, message, response)
115
+ end
116
+
117
+ def render_create_error_redirect_url_not_allowed
118
+ response = {
119
+ status: 'error',
120
+ data: resource_data
121
+ }
122
+ message = I18n.t('devise_token_auth.registrations.redirect_url_not_allowed', redirect_url: @redirect_url)
123
+ render_error(422, message, response)
124
+ end
125
+
126
+ def render_create_success
127
+ render json: {
128
+ status: 'success',
129
+ data: resource_data
130
+ }
131
+ end
132
+
133
+ def render_create_error
134
+ render json: {
135
+ status: 'error',
136
+ data: resource_data,
137
+ errors: resource_errors
138
+ }, status: 422
139
+ end
140
+
141
+ def render_create_error_email_already_exists
142
+ response = {
143
+ status: 'error',
144
+ data: resource_data
145
+ }
146
+ message = I18n.t('devise_token_auth.registrations.email_already_exists', email: @resource.email)
147
+ render_error(422, message, response)
148
+ end
149
+
150
+ def render_update_success
151
+ render json: {
152
+ status: 'success',
153
+ data: resource_data
154
+ }
155
+ end
156
+
157
+ def render_update_error
158
+ render json: {
159
+ status: 'error',
160
+ errors: resource_errors
161
+ }, status: 422
162
+ end
163
+
164
+ def render_update_error_user_not_found
165
+ render_error(404, I18n.t('devise_token_auth.registrations.user_not_found'), { status: 'error' })
166
+ end
167
+
168
+ def render_destroy_success
169
+ render json: {
170
+ status: 'success',
171
+ message: I18n.t('devise_token_auth.registrations.account_with_uid_destroyed', uid: @resource.uid)
172
+ }
173
+ end
174
+
175
+ def render_destroy_error
176
+ render_error(404, I18n.t('devise_token_auth.registrations.account_to_destroy_not_found'), { status: 'error' })
177
+ end
178
+
179
+ private
180
+
181
+ def resource_update_method
182
+ if DeviseTokenAuth.check_current_password_before_update == :attributes
183
+ 'update_with_password'
184
+ elsif DeviseTokenAuth.check_current_password_before_update == :password && account_update_params.has_key?(:password)
185
+ 'update_with_password'
186
+ elsif account_update_params.has_key?(:current_password)
187
+ 'update_with_password'
188
+ else
189
+ 'update_attributes'
190
+ end
191
+ end
192
+
193
+ def validate_sign_up_params
194
+ validate_post_data sign_up_params, I18n.t('errors.messages.validate_sign_up_params')
195
+ end
196
+
197
+ def validate_account_update_params
198
+ validate_post_data account_update_params, I18n.t('errors.messages.validate_account_update_params')
199
+ end
200
+
201
+ def validate_post_data which, message
202
+ render_error(:unprocessable_entity, message, { status: 'error' }) if which.empty?
203
+ end
204
+ end
205
+ end
@@ -0,0 +1,133 @@
1
+ # see http://www.emilsoman.com/blog/2013/05/18/building-a-tested/
2
+ module DeviseTokenAuth
3
+ class SessionsController < DeviseTokenAuth::ApplicationController
4
+ before_action :set_user_by_token, :only => [:destroy]
5
+ after_action :reset_session, :only => [:destroy]
6
+
7
+ def new
8
+ render_new_error
9
+ end
10
+
11
+ def create
12
+ # Check
13
+ field = (resource_params.keys.map(&:to_sym) & resource_class.authentication_keys).first
14
+
15
+ @resource = nil
16
+ if field
17
+ q_value = get_case_insensitive_field_from_resource_params(field)
18
+
19
+ @resource = find_resource(field, q_value)
20
+ end
21
+
22
+ if @resource && valid_params?(field, q_value) && (!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
23
+ valid_password = @resource.valid_password?(resource_params[:password])
24
+ if (@resource.respond_to?(:valid_for_authentication?) && !@resource.valid_for_authentication? { valid_password }) || !valid_password
25
+ return render_create_error_bad_credentials
26
+ end
27
+ @client_id, @token = @resource.create_token
28
+ @resource.save
29
+
30
+ sign_in(:user, @resource, store: false, bypass: false)
31
+
32
+ yield @resource if block_given?
33
+
34
+ render_create_success
35
+ elsif @resource && !(!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
36
+ if @resource.respond_to?(:locked_at) && @resource.locked_at
37
+ render_create_error_account_locked
38
+ else
39
+ render_create_error_not_confirmed
40
+ end
41
+ else
42
+ render_create_error_bad_credentials
43
+ end
44
+ end
45
+
46
+ def destroy
47
+ # remove auth instance variables so that after_action does not run
48
+ user = remove_instance_variable(:@resource) if @resource
49
+ client_id = remove_instance_variable(:@client_id) if @client_id
50
+ remove_instance_variable(:@token) if @token
51
+
52
+ if user && client_id && user.tokens[client_id]
53
+ user.tokens.delete(client_id)
54
+ user.save!
55
+
56
+ yield user if block_given?
57
+
58
+ render_destroy_success
59
+ else
60
+ render_destroy_error
61
+ end
62
+ end
63
+
64
+ protected
65
+
66
+ def valid_params?(key, val)
67
+ resource_params[:password] && key && val
68
+ end
69
+
70
+ def get_auth_params
71
+ auth_key = nil
72
+ auth_val = nil
73
+
74
+ # iterate thru allowed auth keys, use first found
75
+ resource_class.authentication_keys.each do |k|
76
+ if resource_params[k]
77
+ auth_val = resource_params[k]
78
+ auth_key = k
79
+ break
80
+ end
81
+ end
82
+
83
+ # honor devise configuration for case_insensitive_keys
84
+ if resource_class.case_insensitive_keys.include?(auth_key)
85
+ auth_val.downcase!
86
+ end
87
+
88
+ return {
89
+ key: auth_key,
90
+ val: auth_val
91
+ }
92
+ end
93
+
94
+ def render_new_error
95
+ render_error(405, I18n.t("devise_token_auth.sessions.not_supported"))
96
+ end
97
+
98
+ def render_create_success
99
+ render json: {
100
+ data: resource_data(resource_json: @resource.token_validation_response)
101
+ }
102
+ end
103
+
104
+ def render_create_error_not_confirmed
105
+ render_error(401, I18n.t("devise_token_auth.sessions.not_confirmed", email: @resource.email))
106
+ end
107
+
108
+ def render_create_error_account_locked
109
+ render_error(401, I18n.t("devise.mailer.unlock_instructions.account_lock_msg"))
110
+ end
111
+
112
+ def render_create_error_bad_credentials
113
+ render_error(401, I18n.t("devise_token_auth.sessions.bad_credentials"))
114
+ end
115
+
116
+ def render_destroy_success
117
+ render json: {
118
+ success:true
119
+ }, status: 200
120
+ end
121
+
122
+ def render_destroy_error
123
+ render_error(404, I18n.t("devise_token_auth.sessions.user_not_found"))
124
+ end
125
+
126
+ private
127
+
128
+ def resource_params
129
+ params.permit(*params_for_resource(:sign_in))
130
+ end
131
+
132
+ end
133
+ end