rails_jwt_auth 0.23.2 → 1.0.0

data/app/controllers/rails_jwt_auth/invitations_controller.rb

@@ -4,20 +4,17 @@ module RailsJwtAuth
     include RenderHelper
 
     def create
-      attr_hash = invitation_create_params
-      user = RailsJwtAuth.model.invite!(attr_hash)
+      user = RailsJwtAuth.model.invite!(invitation_create_params)
       user.errors.empty? ? render_204 : render_422(user.errors.details)
     end
 
     def update
-      attr_hash = invitation_update_params
-      user = RailsJwtAuth.model.where(invitation_token: params[:id]).first
+      return render_404 unless
+        params[:id] &&
+        (user = RailsJwtAuth.model.where(invitation_token: params[:id]).first)
 
-      return render_404 if user.blank?
-
-      user.assign_attributes attr_hash
+      user.assign_attributes invitation_update_params
       user.accept_invitation!
-
       return render_204 if user.errors.empty? && user.save
 
       render_422(user.errors.details)

data/app/controllers/rails_jwt_auth/passwords_controller.rb

@@ -11,13 +11,9 @@ module RailsJwtAuth
     end
 
     def update
-      if params[:reset_password_token].blank?
-        return render_422(reset_password_token: [{error: :not_found}])
-      end
-
-      user = RailsJwtAuth.model.where(reset_password_token: params[:reset_password_token]).first
-
-      return render_422(reset_password_token: [{error: :not_found}]) unless user
+      return render_404 unless
+        params[:id] &&
+        (user = RailsJwtAuth.model.where(reset_password_token: params[:id]).first)
 
       return render_422(password: [{error: :blank}]) if password_update_params[:password].blank?
 

data/app/controllers/rails_jwt_auth/sessions_controller.rb

@@ -1,36 +1,40 @@
-require 'rails_jwt_auth/jwt/manager'
-require 'rails_jwt_auth/jwt/request'
-
 module RailsJwtAuth
   class SessionsController < ApplicationController
     include ParamsHelper
     include RenderHelper
 
     def create
-      user = RailsJwtAuth.model.where(RailsJwtAuth.auth_field_name =>
-        session_create_params[RailsJwtAuth.auth_field_name].to_s.downcase).first
+      user = find_user
 
       if !user
         render_422 session: [{error: :invalid_session}]
       elsif user.respond_to?('confirmed?') && !user.confirmed?
         render_422 session: [{error: :unconfirmed}]
       elsif user.authenticate(session_create_params[:password])
-        render_session get_jwt(user), user
+        render_session generate_jwt(user), user
       else
         render_422 session: [{error: :invalid_session}]
       end
     end
 
     def destroy
+      return render_404 unless RailsJwtAuth.simultaneous_sessions > 0
+
       authenticate!
-      current_user.destroy_auth_token Jwt::Request.new(request).auth_token
+      payload = JwtManager.decode_from_request(request)&.first
+      current_user.destroy_auth_token payload['auth_token']
       render_204
     end
 
     private
 
-    def get_jwt(user)
-      RailsJwtAuth::Jwt::Manager.encode(user.to_token_payload(request))
+    def generate_jwt(user)
+      JwtManager.encode(user.to_token_payload(request))
+    end
+
+    def find_user
+      auth_field = RailsJwtAuth.auth_field_name!
+      RailsJwtAuth.model.where(auth_field => session_create_params[auth_field]).first
     end
   end
 end

data/app/mailers/rails_jwt_auth/mailer.rb

@@ -2,71 +2,56 @@ if defined?(ActionMailer)
   class RailsJwtAuth::Mailer < ApplicationMailer
     default from: RailsJwtAuth.mailer_sender
 
-    def confirmation_instructions(id)
-      @user = RailsJwtAuth.model.find(id)
+    def confirmation_instructions(user)
+      raise RailsJwtAuth::NotConfirmationsUrl unless RailsJwtAuth.confirmations_url.present?
+      @user = user
 
-      if RailsJwtAuth.confirmation_url
-        url, params = RailsJwtAuth.confirmation_url.split('?')
-        params = params ? params.split('&') : []
-        params.push("confirmation_token=#{@user.confirmation_token}")
-
-        @confirmation_url = "#{url}?#{params.join('&')}"
-      else
-        @confirmation_url = confirmation_url(confirmation_token: @user.confirmation_token)
-      end
+      url, params = RailsJwtAuth.confirmations_url.split('?')
+      params = params ? params.split('&') : []
+      params.push("confirmation_token=#{@user.confirmation_token}")
+      @confirmations_url = "#{url}?#{params.join('&')}"
 
       subject = I18n.t('rails_jwt_auth.mailer.confirmation_instructions.subject')
-      mail(to: @user.unconfirmed_email || @user.email, subject: subject)
+      mail(to: @user.unconfirmed_email || @user[RailsJwtAuth.email_field_name], subject: subject)
     end
 
-    def reset_password_instructions(id)
-      @user = RailsJwtAuth.model.find(id)
-
-      if RailsJwtAuth.reset_password_url
-        url, params = RailsJwtAuth.reset_password_url.split('?')
-        params = params ? params.split('&') : []
-        params.push("reset_password_token=#{@user.reset_password_token}")
+    def reset_password_instructions(user)
+      raise RailsJwtAuth::NotResetPasswordsUrl unless RailsJwtAuth.reset_passwords_url.present?
+      @user = user
 
-        @reset_password_url = "#{url}?#{params.join('&')}"
-      else
-        @reset_password_url = password_url(reset_password_token: @user.reset_password_token)
-      end
+      url, params = RailsJwtAuth.reset_passwords_url.split('?')
+      params = params ? params.split('&') : []
+      params.push("reset_password_token=#{@user.reset_password_token}")
+      @reset_passwords_url = "#{url}?#{params.join('&')}"
 
       subject = I18n.t('rails_jwt_auth.mailer.reset_password_instructions.subject')
-      mail(to: @user.email, subject: subject)
+      mail(to: @user[RailsJwtAuth.email_field_name], subject: subject)
     end
 
-    def set_password_instructions(id)
-      @user = RailsJwtAuth.model.find(id)
-
-      if RailsJwtAuth.set_password_url
-        url, params = RailsJwtAuth.set_password_url.split('?')
-        params = params ? params.split('&') : []
-        params.push("reset_password_token=#{@user.reset_password_token}")
+    def set_password_instructions(user)
+      raise RailsJwtAuth::NotSetPasswordsUrl unless RailsJwtAuth.set_passwords_url.present?
+      @user = user
 
-        @reset_password_url = "#{url}?#{params.join('&')}"
-      else
-        @reset_password_url = password_url(reset_password_token: @user.reset_password_token)
-      end
+      url, params = RailsJwtAuth.set_passwords_url.split('?')
+      params = params ? params.split('&') : []
+      params.push("reset_password_token=#{@user.reset_password_token}")
+      @reset_passwords_url = "#{url}?#{params.join('&')}"
 
       subject = I18n.t('rails_jwt_auth.mailer.set_password_instructions.subject')
-      mail(to: @user.email, subject: subject)
+      mail(to: @user[RailsJwtAuth.email_field_name], subject: subject)
     end
 
-    def send_invitation(id)
-      @user = RailsJwtAuth.model.find(id)
+    def send_invitation(user)
+      raise RailsJwtAuth::NotInvitationsUrl unless RailsJwtAuth.invitations_url.present?
+      @user = user
 
-      if RailsJwtAuth.accept_invitation_url
-        url, params = RailsJwtAuth.accept_invitation_url.split '?'
-        params = params ? params.split('&') : []
-        params.push("invitation_token=#{@user.invitation_token}")
-        @accept_invitation_url = "#{url}?#{params.join('&')}"
-      else
-        @accept_invitation_url = invitations_url(invitation_token: @user.invitation_token)
-      end
+      url, params = RailsJwtAuth.invitations_url.split '?'
+      params = params ? params.split('&') : []
+      params.push("invitation_token=#{@user.invitation_token}")
+      @invitations_url = "#{url}?#{params.join('&')}"
 
       subject = I18n.t('rails_jwt_auth.mailer.send_invitation.subject')
-      mail(to: @user.email, subject: subject)
+      mail(to: @user[RailsJwtAuth.email_field_name], subject: subject)
     end
   end
 end

data/app/models/concerns/rails_jwt_auth/authenticatable.rb

@@ -2,6 +2,21 @@ include ActiveModel::SecurePassword
 
 module RailsJwtAuth
   module Authenticatable
+    def self.included(base)
+      base.extend(ClassMethods)
+
+      base.class_eval do
+        if defined?(Mongoid) && ancestors.include?(Mongoid::Document)
+          field :password_digest, type: String
+          field :auth_tokens, type: Array if RailsJwtAuth.simultaneous_sessions > 0
+        elsif defined?(ActiveRecord) && ancestors.include?(ActiveRecord::Base)
+          serialize :auth_tokens, Array
+        end
+
+        has_secure_password
+      end
+    end
+
     def regenerate_auth_token(token = nil)
       new_token = SecureRandom.base58(24)
 
@@ -35,42 +50,33 @@ module RailsJwtAuth
         errors.add(:password, 'blank')
       end
 
+      params.merge!(reset_password_token: nil, reset_password_sent_at: nil) if reset_password_token
+
       errors.empty? ? update_attributes(params) : false
     end
 
-    def to_token_payload(_request)
-      {auth_token: regenerate_auth_token}
+    def to_token_payload(_request=nil)
+      if RailsJwtAuth.simultaneous_sessions > 0
+        {auth_token: regenerate_auth_token}
+      else
+        {id: id.to_s}
+      end
     end
 
     module ClassMethods
-      def get_by_token(token)
-        if defined?(Mongoid) && ancestors.include?(Mongoid::Document)
-          where(auth_tokens: token).first
-        elsif defined?(ActiveRecord) && ancestors.include?(ActiveRecord::Base)
-          where('auth_tokens like ?', "%#{token}%").first
+      def from_token_payload(payload)
+        if RailsJwtAuth.simultaneous_sessions > 0
+          get_by_token(payload['auth_token'])
+        else
+          where(id: payload['id']).first
         end
       end
-    end
 
-    def self.included(base)
-      base.extend(ClassMethods)
-
-      base.class_eval do
+      def get_by_token(token)
         if defined?(Mongoid) && ancestors.include?(Mongoid::Document)
-          field RailsJwtAuth.auth_field_name, type: String
-          field :password_digest,             type: String
-          field :auth_tokens,                 type: Array
+          where(auth_tokens: token).first
         elsif defined?(ActiveRecord) && ancestors.include?(ActiveRecord::Base)
-          serialize :auth_tokens, Array
-        end
-
-        validates RailsJwtAuth.auth_field_name, presence: true, uniqueness: true
-        validates RailsJwtAuth.auth_field_name, email: true if RailsJwtAuth.auth_field_email
-
-        has_secure_password
-
-        before_validation do
-          self.email = email.downcase if email
+          where('auth_tokens like ?', "%#{token}%").first
         end
       end
     end

data/app/models/concerns/rails_jwt_auth/confirmable.rb

@@ -1,42 +1,5 @@
 module RailsJwtAuth
   module Confirmable
-    def send_confirmation_instructions
-      if confirmed? && !unconfirmed_email
-        errors.add(:email, :already_confirmed)
-        return false
-      end
-
-      self.confirmation_token = SecureRandom.base58(24)
-      self.confirmation_sent_at = Time.now
-      return false unless save
-
-      mailer = Mailer.confirmation_instructions(id.to_s)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
-      true
-    end
-
-    def confirmed?
-      confirmed_at.present?
-    end
-
-    def confirm!
-      self.confirmed_at = Time.now.utc
-      self.confirmation_token = nil
-
-      if unconfirmed_email
-        self.email = unconfirmed_email
-        self.email_confirmation = unconfirmed_email if respond_to?(:email_confirmation)
-        self.unconfirmed_email = nil
-      end
-
-      save
-    end
-
-    def skip_confirmation!
-      self.confirmed_at = Time.now.utc
-      self.confirmation_token = nil
-    end
-
     def self.included(base)
       base.class_eval do
         if defined?(Mongoid) && ancestors.include?(Mongoid::Document)
@@ -44,7 +7,6 @@ module RailsJwtAuth
           # http://edgeguides.rubyonrails.org/active_job_basics.html#globalid
           include GlobalID::Identification if RailsJwtAuth.deliver_later
 
-          field :email,                type: String
           field :unconfirmed_email,    type: String
           field :confirmation_token,   type: String
           field :confirmation_sent_at, type: Time
@@ -60,29 +22,74 @@ module RailsJwtAuth
         end
 
         before_update do
-          if email_changed? && email_was && !confirmed_at_changed? && !self['invitation_token']
-            self.unconfirmed_email = email
-            self.email = email_was
+          email_field = RailsJwtAuth.email_field_name!
+
+          if public_send("#{email_field}_changed?") &&
+             public_send("#{email_field}_was") &&
+             !confirmed_at_changed? &&
+             !self['invitation_token']
+            self.unconfirmed_email = self[email_field]
+            self[email_field] = public_send("#{email_field}_was")
 
             self.confirmation_token = SecureRandom.base58(24)
-            self.confirmation_sent_at = Time.now
+            self.confirmation_sent_at = Time.current
 
-            mailer = Mailer.confirmation_instructions(id.to_s)
+            mailer = Mailer.confirmation_instructions(self)
             RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
           end
         end
       end
     end
 
-    private
+    def send_confirmation_instructions
+      email_field = RailsJwtAuth.email_field_name!
+
+      if confirmed? && !unconfirmed_email
+        errors.add(email_field, :already_confirmed)
+        return false
+      end
+
+      self.confirmation_token = SecureRandom.base58(24)
+      self.confirmation_sent_at = Time.current
+      return false unless save
+
+      mailer = Mailer.confirmation_instructions(self)
+      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+      true
+    end
+
+    def confirmed?
+      confirmed_at.present?
+    end
+
+    def confirm!
+      self.confirmed_at = Time.current
+      self.confirmation_token = nil
+
+      if unconfirmed_email
+        self[RailsJwtAuth.email_field_name!] = unconfirmed_email
+        self.email_confirmation = unconfirmed_email if respond_to?(:email_confirmation)
+        self.unconfirmed_email = nil
+      end
+
+      save
+    end
+
+    def skip_confirmation!
+      self.confirmed_at = Time.current
+      self.confirmation_token = nil
+    end
+
+    protected
 
     def validate_confirmation
       return true unless confirmed_at
+      email_field = RailsJwtAuth.email_field_name!
 
-      if confirmed_at_was && !email_changed?
-        errors.add(:email, :already_confirmed)
+      if confirmed_at_was && !public_send("#{email_field}_changed?")
+        errors.add(email_field, :already_confirmed)
       elsif confirmation_sent_at &&
-            (confirmation_sent_at < (Time.now - RailsJwtAuth.confirmation_expiration_time))
+            (confirmation_sent_at < (Time.current - RailsJwtAuth.confirmation_expiration_time))
         errors.add(:confirmation_token, :expired)
       end
     end

data/app/models/concerns/rails_jwt_auth/invitable.rb

@@ -1,7 +1,5 @@
 module RailsJwtAuth
   module Invitable
-    extend ActiveSupport::Concern
-
     def self.included(base)
       base.extend ClassMethods
       base.class_eval do
@@ -31,7 +29,7 @@ module RailsJwtAuth
       # @return [user] The user created or found by email.
       def invite!(attributes={})
         attrs = ActiveSupport::HashWithIndifferentAccess.new(attributes.to_h)
-        auth_field = RailsJwtAuth.auth_field_name
+        auth_field = RailsJwtAuth.auth_field_name!
         auth_attribute = attrs.delete(auth_field)
 
         raise ArgumentError unless auth_attribute
@@ -46,7 +44,7 @@ module RailsJwtAuth
 
     # Accept an invitation by clearing token and setting invitation_accepted_at
     def accept_invitation
-      self.invitation_accepted_at = Time.now.utc
+      self.invitation_accepted_at = Time.current
       self.invitation_token = nil
     end
 
@@ -55,14 +53,14 @@ module RailsJwtAuth
 
       if valid_invitation?
         accept_invitation
-        self.confirmed_at = Time.now.utc if respond_to?(:confirmed_at) && confirmed_at.nil?
+        self.confirmed_at = Time.current if respond_to?(:confirmed_at) && confirmed_at.nil?
       else
         errors.add(:invitation_token, :invalid)
       end
     end
 
     def invite!
-      self.invitation_created_at = Time.now.utc if new_record?
+      self.invitation_created_at = Time.current if new_record?
 
       unless password || password_digest
         passw = SecureRandom.base58(16)
@@ -74,18 +72,18 @@ module RailsJwtAuth
 
       # users that are registered and were not invited are not reinvitable
       if !new_record? && !invited?
-        errors.add(RailsJwtAuth.auth_field_name, :taken)
+        errors.add(RailsJwtAuth.auth_field_name!, :taken)
       end
 
       # users that have already accepted an invitation are not reinvitable
       if !new_record? && invited? && invitation_accepted_at.present?
-        errors.add(RailsJwtAuth.auth_field_name, :taken)
+        errors.add(RailsJwtAuth.auth_field_name!, :taken)
       end
 
       return self unless errors.empty?
 
       generate_invitation_token if invitation_token.nil?
-      self.invitation_sent_at = Time.now.utc
+      self.invitation_sent_at = Time.current
 
       send_invitation_mail if save(validate: false)
       self
@@ -114,14 +112,15 @@ module RailsJwtAuth
     end
 
     def send_invitation_mail
-      mailer = Mailer.send_invitation(id.to_s)
+      RailsJwtAuth.email_field_name! # ensure email field es valid
+      mailer = Mailer.send_invitation(self)
       RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
     end
 
     def invitation_period_valid?
       time = invitation_sent_at || invitation_created_at
       expiration_time = RailsJwtAuth.invitation_expiration_time
-      time && (expiration_time.to_i.zero? || time.utc >= expiration_time.ago)
+      time && (expiration_time.to_i.zero? || time >= expiration_time.ago)
     end
   end
 end