rails_jwt_auth 1.4.0 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69a475be8d5dab54fa47660b2f4b8679cae86ad9b55c94aaa03c203eed2ea77c
-  data.tar.gz: bfb0807d0ac1ae764ce96da16343e793585d69379cc262be1082cbe67658d166
+  metadata.gz: bc1754797f099cba50a36044a69225fbeffee8e01120b9aa394209761d30eaf4
+  data.tar.gz: da443b714e8d7af7fb687a66e46fc6f3a46feb8837239debd1d16c76c34a49dc
 SHA512:
-  metadata.gz: 65c67921e7cc2a63f219b583716a75b7b1a6fbf8d149f25a7e4163414fc1a9243c3d43b10c028b8020ae6944833cfd649aec5f4bd6f6b3bb71d0852c8832f294
-  data.tar.gz: 13dfac135db5c7bd74c6bb49bfe0bff51196190037e11c500e1fa7ad9531d3b4cabfb1aa5b5d208e962db3b058539eb8ae22db526343042d2f814d9c4b871f10
+  metadata.gz: f72dd3b12df746bd2d95291090b5e5f4dce0c0cdcba429b4de5ac2290c811e55637790cbbbb93209bf8184ae9a827986b1000b3d8c9fb834f2151e9b610ba993
+  data.tar.gz: 68a3963c17ef09d9225550a79f3989572e5edb8b4c7023d40fca80b647c06c1cdd2848a0bbe76d0d11a339ffc88801d80f7f131ab829ddbb3ef60dabf6a2168a

data/README.md

@@ -1,6 +1,6 @@
 # RailsJwtAuth
 
-[![Gem Version](https://badge.fury.io/rb/rails_jwt_auth.svg)](https://badge.fury.io/rb/rails_jwt_auth)
+![Gem Version](https://badge.fury.io/rb/rails_jwt_auth.svg)
 ![Build Status](https://travis-ci.org/rjurado01/rails_jwt_auth.svg?branch=master)
 
 Rails-API authentication solution based on JWT and inspired by Devise.
@@ -59,7 +59,7 @@ rails g rails_jwt_auth:migrate
 
 ## Configuration
 
-You can edit configuration options into `config/initializers/auth_token_auth.rb` file created by generator.
+You can edit configuration options into `config/initializers/rails_jwt_auth.rb` file created by generator.
 
 | Option                          | Default value     | Description                                                            |
 | ------------------------------- | ----------------- | ---------------------------------------------------------------------- |
@@ -187,12 +187,31 @@ end
 
     Return current signed-in user.
 
+-   **jwt_payload**
+
+    Return current jwt payload.
+
 -   **signed_in?**
 
     Verify if a user is signed in.
 
 ## Default Controllers API
 
+|       Prefix | Verb   | URI Pattern                  | Controller#Action                   |
+| ------------ | ------ | ---------------------------- | ----------------------------------- |
+|      session | DELETE | /session(.:format)           | rails_jwt_auth/sessions#destroy     |
+|              | POST   | /session(.:format)           | rails_jwt_auth/sessions#create      |
+| registration | POST   | /registration(.:format)      | rails_jwt_auth/registrations#create |
+|confirmations | POST   | /confirmations(.:format)     | rails_jwt_auth/confirmations#create |
+| confirmation | PATCH  | /confirmations/:id(.:format) | rails_jwt_auth/confirmations#update |
+|              | PUT    | /confirmations/:id(.:format) | rails_jwt_auth/confirmations#update |
+|    passwords | POST   | /passwords(.:format)         | rails_jwt_auth/passwords#create     |
+|     password | PATCH  | /passwords/:id(.:format)     | rails_jwt_auth/passwords#update     |
+|              | PUT    | /passwords/:id(.:format)     | rails_jwt_auth/passwords#update     |
+|  invitations | POST   | /invitations(.:format)       | rails_jwt_auth/invitations#create   |
+|   invitation | PATCH  | /invitations/:id(.:format)   | rails_jwt_auth/invitations#update   |
+|              | PUT    | /invitations/:id(.:format)   | rails_jwt_auth/invitations#update   |
+
 ### Session
 
 Session api is defined by `RailsJwtAuth::SessionsController`.
@@ -205,8 +224,8 @@ Session api is defined by `RailsJwtAuth::SessionsController`.
   method: POST,
   data: {
     session: {
-      email: "user@email.com",
-      password: "12345678"
+      email: 'user@email.com',
+      password: '12345678'
     }
   }
 }
@@ -234,36 +253,26 @@ Registration api is defined by `RailsJwtAuth::RegistrationsController`.
   method: POST,
   data: {
     user: {
-      email: "user@email.com",
-      password: "12345678"
+      email: 'user@email.com',
+      password: '12345678'
     }
   }
 }
 ```
 
-2.  Delete user:
-
-```js
-{
-  url: host/registration,
-  method: DELETE,
-  headers: { 'Authorization': 'Bearer auth_token'}
-}
-```
-
 ### Confirmation
 
 Confirmation api is defined by `RailsJwtAuth::ConfirmationsController`.
 
+It is necessary to set a value for `confirmations_url` option into `config/initializers/rails_jwt_auth.rb`.
+
 1.  Confirm user:
 
 ```js
 {
-  url: host/confirmation,
+  url: host/confirmations/:token,
   method: PUT
-  data: {
-    confirmation_token: "token"
-  }
+  data: {}
 }
 ```
 
@@ -271,11 +280,11 @@ Confirmation api is defined by `RailsJwtAuth::ConfirmationsController`.
 
 ```js
 {
-  url: host/confirmation,
+  url: host/confirmations,
   method: POST,
   data: {
     confirmation: {
-      email: "user@example.com"
+      email: 'user@example.com'
     }
   }
 }
@@ -289,11 +298,11 @@ Password api is defined by `RailsJwtAuth::PasswordsController`.
 
 ```js
 {
-  url: host/password,
+  url: host/passwords,
   method: POST,
   data: {
     password: {
-      email: "user@example.com"
+      email: 'user@example.com'
     }
   }
 }
@@ -303,10 +312,9 @@ Password api is defined by `RailsJwtAuth::PasswordsController`.
 
 ```js
 {
-  url: host/password,
+  url: host/passwords/:token,
   method: PUT,
   data: {
-    reset_password_token: "token",
     password: {
       password: '1234',
       password_confirmation: '1234'
@@ -327,7 +335,7 @@ Invitations api is provided by `RailsJwtAuth::InvitationsController`.
   method: POST,
   data: {
     invitation: {
-      email: "user@example.com",
+      email: 'user@example.com',
       // More fields of your user
     }
   }
@@ -360,7 +368,8 @@ Unlock api is provided by `RailsJwtAuth::UnlocksController`.
 ```js
 {
   url: host/unlocks/:unlock_token,
-  method: PUT
+  method: PUT,
+  data: {}
 }
 ```
 
@@ -436,7 +445,10 @@ class CurrentUserController < ApplicationController
 
   def update
     if update_params[:password]
-      current_user.update_with_password(update_params)
+      # update password and remove other sessions tokens
+      current_user.update_with_password(
+        update_params.merge(auth_tokens: [jwt_payload['auth_token']])
+      )
     else
       current_user.update_attributes(update_params)
     end
@@ -481,7 +493,7 @@ require 'rails_jwt_auth/spec_helpers'
 ...
 RSpec.configure do |config|
   ...
-  config.include RailsJwtAuth::SpecHelpers, :type => :controller
+  config.include RailsJwtAuth::SpecHelpers, type: :controller
 end
 ```
 
@@ -489,11 +501,11 @@ And then we can just call sign_in(user) to sign in as a user:
 
 ```ruby
 describe ExampleController
-  it "blocks unauthenticated access" do
-    expect { get :index }.to raise_error(RailsJwtAuth::Errors::NotAuthorized)
+  it 'blocks unauthenticated access' do
+    expect { get :index }.to raise_error(RailsJwtAuth::NotAuthorized)
   end
 
-  it "allows authenticated access" do
+  it 'allows authenticated access' do
     sign_in user
     get :index
     expect(response).to be_success

data/app/controllers/concerns/rails_jwt_auth/authenticable_helper.rb

@@ -6,18 +6,22 @@ module RailsJwtAuth
       @current_user
     end
 
+    def jwt_payload
+      @jwt_payload
+    end
+
     def signed_in?
       !current_user.nil?
     end
 
     def authenticate!
       begin
-        payload = RailsJwtAuth::JwtManager.decode_from_request(request).first
+        @jwt_payload = RailsJwtAuth::JwtManager.decode_from_request(request).first
       rescue JWT::ExpiredSignature, JWT::VerificationError, JWT::DecodeError
         unauthorize!
       end
 
-      if !@current_user = RailsJwtAuth.model.from_token_payload(payload)
+      if !@current_user = RailsJwtAuth.model.from_token_payload(@jwt_payload)
         unauthorize!
       elsif @current_user.respond_to? :update_tracked_fields!
         @current_user.update_tracked_fields!(request)
@@ -26,8 +30,8 @@ module RailsJwtAuth
 
     def authenticate
       begin
-        payload = RailsJwtAuth::JwtManager.decode_from_request(request).first
-        @current_user = RailsJwtAuth.model.from_token_payload(payload)
+        @jwt_payload = RailsJwtAuth::JwtManager.decode_from_request(request).first
+        @current_user = RailsJwtAuth.model.from_token_payload(@jwt_payload)
       rescue JWT::ExpiredSignature, JWT::VerificationError, JWT::DecodeError
         @current_user = nil
       end

data/app/controllers/concerns/rails_jwt_auth/params_helper.rb

@@ -9,7 +9,7 @@ module RailsJwtAuth
     end
 
     def confirmation_create_params
-      params.require(:confirmation).permit(:email)
+      params.require(:confirmation).permit(RailsJwtAuth.email_field_name)
     end
 
     def session_create_params
@@ -17,7 +17,7 @@ module RailsJwtAuth
     end
 
     def password_create_params
-      params.require(:password).permit(:email)
+      params.require(:password).permit(RailsJwtAuth.email_field_name)
     end
 
     def password_update_params
@@ -25,7 +25,7 @@ module RailsJwtAuth
     end
 
     def invitation_create_params
-      params.require(:invitation).permit(:email)
+      params.require(:invitation).permit(RailsJwtAuth.email_field_name)
     end
 
     def invitation_update_params

data/app/controllers/rails_jwt_auth/confirmations_controller.rb

@@ -4,7 +4,10 @@ module RailsJwtAuth
     include RenderHelper
 
     def create
-      user = RailsJwtAuth.model.where(email: confirmation_create_params[:email]).first
+      user = RailsJwtAuth.model.where(
+        email: confirmation_create_params[RailsJwtAuth.email_field_name]
+      ).first
+
       return render_422(email: [{error: :not_found}]) unless user
 
       user.send_confirmation_instructions ? render_204 : render_422(user.errors.details)

data/app/controllers/rails_jwt_auth/invitations_controller.rb

@@ -4,6 +4,7 @@ module RailsJwtAuth
     include RenderHelper
 
     def create
+      authenticate!
       user = RailsJwtAuth.model.invite!(invitation_create_params)
       user.errors.empty? ? render_204 : render_422(user.errors.details)
     end

data/app/controllers/rails_jwt_auth/passwords_controller.rb

@@ -4,8 +4,17 @@ module RailsJwtAuth
     include RenderHelper
 
     def create
-      user = RailsJwtAuth.model.where(email: password_create_params[:email].to_s.downcase).first
-      return render_422(email: [{error: :not_found}]) unless user
+      email_field = RailsJwtAuth.email_field_name
+
+      if password_create_params[email_field].blank?
+        return render_422(email_field => [{error: :blank}])
+      end
+
+      user = RailsJwtAuth.model.where(
+        email_field => password_create_params[email_field].to_s.strip.downcase
+      ).first
+
+      return render_422(email_field => [{error: :not_found}]) unless user
 
       user.send_reset_password_instructions ? render_204 : render_422(user.errors.details)
     end

data/app/mailers/rails_jwt_auth/mailer.rb

@@ -2,9 +2,13 @@ if defined?(ActionMailer)
   class RailsJwtAuth::Mailer < ApplicationMailer
     default from: RailsJwtAuth.mailer_sender
 
-    def confirmation_instructions(user)
+    before_action do
+      @user = RailsJwtAuth.model.find(params[:user_id])
+      @subject = I18n.t("rails_jwt_auth.mailer.#{action_name}.subject")
+    end
+
+    def confirmation_instructions
       raise RailsJwtAuth::NotConfirmationsUrl unless RailsJwtAuth.confirmations_url.present?
-      @user = user
 
       @confirmations_url = add_param_to_url(
         RailsJwtAuth.confirmations_url,
@@ -12,19 +16,15 @@ if defined?(ActionMailer)
         @user.confirmation_token
       )
 
-      subject = I18n.t('rails_jwt_auth.mailer.confirmation_instructions.subject')
-      mail(to: @user.unconfirmed_email || @user[RailsJwtAuth.email_field_name], subject: subject)
+      mail(to: @user.unconfirmed_email || @user[RailsJwtAuth.email_field_name], subject: @subject)
     end
 
-    def email_changed(user)
-      @user = user
-      subject = I18n.t('rails_jwt_auth.mailer.email_changed.subject')
-      mail(to: @user[RailsJwtAuth.email_field_name!], subject: subject)
+    def email_changed
+      mail(to: @user[RailsJwtAuth.email_field_name!], subject: @subject)
     end
 
-    def reset_password_instructions(user)
+    def reset_password_instructions
       raise RailsJwtAuth::NotResetPasswordsUrl unless RailsJwtAuth.reset_passwords_url.present?
-      @user = user
 
       @reset_passwords_url = add_param_to_url(
         RailsJwtAuth.reset_passwords_url,
@@ -32,13 +32,11 @@ if defined?(ActionMailer)
         @user.reset_password_token
       )
 
-      subject = I18n.t('rails_jwt_auth.mailer.reset_password_instructions.subject')
-      mail(to: @user[RailsJwtAuth.email_field_name], subject: subject)
+      mail(to: @user[RailsJwtAuth.email_field_name], subject: @subject)
     end
 
-    def set_password_instructions(user)
+    def set_password_instructions
       raise RailsJwtAuth::NotSetPasswordsUrl unless RailsJwtAuth.set_passwords_url.present?
-      @user = user
 
       @reset_passwords_url = add_param_to_url(
         RailsJwtAuth.set_passwords_url,
@@ -46,13 +44,11 @@ if defined?(ActionMailer)
         @user.reset_password_token
       )
 
-      subject = I18n.t('rails_jwt_auth.mailer.set_password_instructions.subject')
-      mail(to: @user[RailsJwtAuth.email_field_name], subject: subject)
+      mail(to: @user[RailsJwtAuth.email_field_name], subject: @subject)
     end
 
-    def send_invitation(user)
+    def send_invitation
       raise RailsJwtAuth::NotInvitationsUrl unless RailsJwtAuth.invitations_url.present?
-      @user = user
 
       @invitations_url = add_param_to_url(
         RailsJwtAuth.invitations_url,
@@ -60,17 +56,13 @@ if defined?(ActionMailer)
         @user.invitation_token
       )
 
-      subject = I18n.t('rails_jwt_auth.mailer.send_invitation.subject')
-      mail(to: @user[RailsJwtAuth.email_field_name], subject: subject)
+      mail(to: @user[RailsJwtAuth.email_field_name], subject: @subject)
     end
 
-    def send_unlock_instructions(user)
-      @user = user
-      subject = I18n.t('rails_jwt_auth.mailer.send_unlock_instructions.subject')
-
+    def send_unlock_instructions
       @unlock_url = add_param_to_url(RailsJwtAuth.unlock_url, 'unlock_token', @user.unlock_token)
 
-      mail(to: @user[RailsJwtAuth.email_field_name], subject: subject)
+      mail(to: @user[RailsJwtAuth.email_field_name], subject: @subject)
     end
 
     protected

data/app/models/concerns/rails_jwt_auth/authenticatable.rb

@@ -46,8 +46,10 @@ module RailsJwtAuth
                                  'invalid'
                                end
 
-      # abort reset password if exists to allow save
-      self.reset_password_token = self.reset_password_sent_at = nil if reset_password_token
+      # if recoberable module is enabled ensure clean recovery to allow save
+      if self.respond_to? :reset_password_token
+        self.reset_password_token = self.reset_password_sent_at = nil
+      end
 
       assign_attributes(params)
       valid? # validates first other fields

data/app/models/concerns/rails_jwt_auth/confirmable.rb

@@ -34,12 +34,10 @@ module RailsJwtAuth
             self.confirmation_token = SecureRandom.base58(24)
             self.confirmation_sent_at = Time.current
 
-            mailer = Mailer.confirmation_instructions(self)
-            RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+            RailsJwtAuth.send_email(:confirmation_instructions, self)
 
             if RailsJwtAuth.send_email_changed_notification
-              mailer = Mailer.email_changed(self)
-              RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+              RailsJwtAuth.send_email(:email_changed, self)
             end
           end
         end
@@ -58,8 +56,7 @@ module RailsJwtAuth
       self.confirmation_sent_at = Time.current
       return false unless save
 
-      mailer = Mailer.confirmation_instructions(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+      RailsJwtAuth.send_email(:confirmation_instructions, self)
       true
     end
 
@@ -72,9 +69,15 @@ module RailsJwtAuth
       self.confirmation_token = nil
 
       if unconfirmed_email
-        self[RailsJwtAuth.email_field_name!] = unconfirmed_email
-        self.email_confirmation = unconfirmed_email if respond_to?(:email_confirmation)
+        email_field = RailsJwtAuth.email_field_name!
+
+        self[email_field] = unconfirmed_email
         self.unconfirmed_email = nil
+
+        # supports email confirmation attr_accessor validation
+        if respond_to?("#{email_field}_confirmation")
+          self.instance_variable_set("@#{email_field}_confirmation", self[email_field])
+        end
       end
 
       save

data/app/models/concerns/rails_jwt_auth/invitable.rb

@@ -112,9 +112,8 @@ module RailsJwtAuth
     end
 
     def send_invitation_mail
-      RailsJwtAuth.email_field_name! # ensure email field es valid
-      mailer = Mailer.send_invitation(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+      RailsJwtAuth.email_field_name! # ensure email field is valid
+      RailsJwtAuth.send_email(:send_invitation, self)
     end
 
     def invitation_period_valid?

data/app/models/concerns/rails_jwt_auth/lockable.rb

@@ -68,8 +68,7 @@ module RailsJwtAuth
       self.unlock_token = SecureRandom.base58(24)
       save(validate: false)
 
-      mailer = Mailer.send_unlock_instructions(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+      RailsJwtAuth.send_email(:send_unlock_instructions, self)
     end
 
     def access_locked?

data/app/models/concerns/rails_jwt_auth/recoverable.rb

@@ -14,7 +14,10 @@ module RailsJwtAuth
         validate :validate_reset_password_token, if: :password_digest_changed?
 
         before_update do
-          self.reset_password_token = nil if password_digest_changed? && reset_password_token
+          if password_digest_changed? && reset_password_token
+            self.reset_password_token = nil
+            self.auth_tokens = []
+          end
         end
       end
     end
@@ -37,8 +40,7 @@ module RailsJwtAuth
       self.reset_password_sent_at = Time.current
       return false unless save
 
-      mailer = Mailer.reset_password_instructions(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+      RailsJwtAuth.send_email(:reset_password_instructions, self)
     end
 
     def set_and_send_password_instructions
@@ -53,8 +55,7 @@ module RailsJwtAuth
       self.reset_password_sent_at = Time.current
       return false unless save
 
-      mailer = Mailer.set_password_instructions(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+      RailsJwtAuth.send_email(:set_password_instructions, self)
       true
     end
 

data/lib/generators/rails_jwt_auth/install_generator.rb

@@ -6,8 +6,8 @@ class RailsJwtAuth::InstallGenerator < Rails::Generators::Base
   end
 
   def create_routes
-    route "resources :session, controller: 'rails_jwt_auth/sessions', only: [:create, :destroy]"
-    route "resources :registration, controller: 'rails_jwt_auth/registrations', only: [:create, :update, :destroy]"
+    route "resource :session, controller: 'rails_jwt_auth/sessions', only: [:create, :destroy]"
+    route "resource :registration, controller: 'rails_jwt_auth/registrations', only: [:create]"
 
     route "resources :confirmations, controller: 'rails_jwt_auth/confirmations', only: [:create, :update]"
     route "resources :passwords, controller: 'rails_jwt_auth/passwords', only: [:create, :update]"

data/lib/rails_jwt_auth.rb

@@ -114,4 +114,9 @@ module RailsJwtAuth
 
     field_name
   end
+
+  def self.send_email(method, user)
+    mailer = RailsJwtAuth::Mailer.with(user_id: user.id.to_s).public_send(method)
+    RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+  end
 end

data/lib/rails_jwt_auth/version.rb

@@ -1,3 +1,3 @@
 module RailsJwtAuth
-  VERSION = '1.4.0'
+  VERSION = '1.7.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_jwt_auth
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.7.0
 platform: ruby
 authors:
 - rjurado
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-09-16 00:00:00.000000000 Z
+date: 2020-06-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -58,8 +58,7 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '6.1'
-description: Rails authentication solution based on Warden and JWT and inspired by
-  Devise.
+description: Rails-API authentication solution based on JWT and inspired by Devise.
 email:
 - rjurado@openmailbox.org
 executables: []
@@ -121,8 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.3
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Rails jwt authentication.