rails_jwt_auth 1.4.1 → 1.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6dea41e10dc4a6cbed20dda27ee1c6e0f68a947c08fa83e0c617e7f2407156b8
-  data.tar.gz: b1331f29423b908ba9712c1a5ebf303dc21a13577507c27ff47ce08f6c585902
+  metadata.gz: b624ce7e99bced2abcbe29c05955af2fa4ccf7b6d9badc74e5effdd2b98ac4e9
+  data.tar.gz: 427995dd79006f041e27de387ce9affa2294d2eedcefcf02eaf502c3f9d60630
 SHA512:
-  metadata.gz: 68dda6972d70400b76987eec57c1e3323eb3f7eac49c3f4eb3102a8ca0fe9d2b8e621743aa50147545ce3d4ddb17cc15d20942872fe94f077aa6094238e1afed
-  data.tar.gz: 573960c4cad77a2cce9de2e33008c2beae5210fce9f1d3b9c1fc3747a5ca18bab3a133f3055d24a85e83bd22713606564d100a134735e09d7ebade47e6b7ffea
+  metadata.gz: ffda5aa2b329f926133837ba6fa254643c0637eaef292b3f63ec4305dedd34f3e1d238fa52033bfbbe4e9407d916af6ff4fefcee2f58923d08a1e906b7991be9
+  data.tar.gz: d0a639b9e6345feaaa3d28095cbed507e549fa8a1d61c4f125cb79a7ee895ba937c1bdd13324d4742e5f6b7594bd6d4dee146b314301bc4b026b721b0bd6ad07

data/README.md

@@ -59,7 +59,7 @@ rails g rails_jwt_auth:migrate
 
 ## Configuration
 
-You can edit configuration options into `config/initializers/auth_token_auth.rb` file created by generator.
+You can edit configuration options into `config/initializers/rails_jwt_auth.rb` file created by generator.
 
 | Option                          | Default value     | Description                                                            |
 | ------------------------------- | ----------------- | ---------------------------------------------------------------------- |
@@ -187,12 +187,31 @@ end
 
     Return current signed-in user.
 
+-   **jwt_payload**
+
+    Return current jwt payload.
+
 -   **signed_in?**
 
     Verify if a user is signed in.
 
 ## Default Controllers API
 
+|       Prefix | Verb   | URI Pattern                  | Controller#Action                   |
+| ------------ | ------ | ---------------------------- | ----------------------------------- |
+|      session | DELETE | /session(.:format)           | rails_jwt_auth/sessions#destroy     |
+|              | POST   | /session(.:format)           | rails_jwt_auth/sessions#create      |
+| registration | POST   | /registration(.:format)      | rails_jwt_auth/registrations#create |
+|confirmations | POST   | /confirmations(.:format)     | rails_jwt_auth/confirmations#create |
+| confirmation | PATCH  | /confirmations/:id(.:format) | rails_jwt_auth/confirmations#update |
+|              | PUT    | /confirmations/:id(.:format) | rails_jwt_auth/confirmations#update |
+|    passwords | POST   | /passwords(.:format)         | rails_jwt_auth/passwords#create     |
+|     password | PATCH  | /passwords/:id(.:format)     | rails_jwt_auth/passwords#update     |
+|              | PUT    | /passwords/:id(.:format)     | rails_jwt_auth/passwords#update     |
+|  invitations | POST   | /invitations(.:format)       | rails_jwt_auth/invitations#create   |
+|   invitation | PATCH  | /invitations/:id(.:format)   | rails_jwt_auth/invitations#update   |
+|              | PUT    | /invitations/:id(.:format)   | rails_jwt_auth/invitations#update   |
+
 ### Session
 
 Session api is defined by `RailsJwtAuth::SessionsController`.
@@ -205,8 +224,8 @@ Session api is defined by `RailsJwtAuth::SessionsController`.
   method: POST,
   data: {
     session: {
-      email: "user@email.com",
-      password: "12345678"
+      email: 'user@email.com',
+      password: '12345678'
     }
   }
 }
@@ -234,8 +253,8 @@ Registration api is defined by `RailsJwtAuth::RegistrationsController`.
   method: POST,
   data: {
     user: {
-      email: "user@email.com",
-      password: "12345678"
+      email: 'user@email.com',
+      password: '12345678'
     }
   }
 }
@@ -245,15 +264,15 @@ Registration api is defined by `RailsJwtAuth::RegistrationsController`.
 
 Confirmation api is defined by `RailsJwtAuth::ConfirmationsController`.
 
+It is necessary to set a value for `confirmations_url` option into `config/initializers/rails_jwt_auth.rb`.
+
 1.  Confirm user:
 
 ```js
 {
-  url: host/confirmation,
+  url: host/confirmations/:token,
   method: PUT
-  data: {
-    confirmation_token: "token"
-  }
+  data: {}
 }
 ```
 
@@ -261,11 +280,11 @@ Confirmation api is defined by `RailsJwtAuth::ConfirmationsController`.
 
 ```js
 {
-  url: host/confirmation,
+  url: host/confirmations,
   method: POST,
   data: {
     confirmation: {
-      email: "user@example.com"
+      email: 'user@example.com'
     }
   }
 }
@@ -279,11 +298,11 @@ Password api is defined by `RailsJwtAuth::PasswordsController`.
 
 ```js
 {
-  url: host/password,
+  url: host/passwords,
   method: POST,
   data: {
     password: {
-      email: "user@example.com"
+      email: 'user@example.com'
     }
   }
 }
@@ -293,10 +312,9 @@ Password api is defined by `RailsJwtAuth::PasswordsController`.
 
 ```js
 {
-  url: host/password,
+  url: host/passwords/:token,
   method: PUT,
   data: {
-    reset_password_token: "token",
     password: {
       password: '1234',
       password_confirmation: '1234'
@@ -317,7 +335,7 @@ Invitations api is provided by `RailsJwtAuth::InvitationsController`.
   method: POST,
   data: {
     invitation: {
-      email: "user@example.com",
+      email: 'user@example.com',
       // More fields of your user
     }
   }
@@ -350,7 +368,8 @@ Unlock api is provided by `RailsJwtAuth::UnlocksController`.
 ```js
 {
   url: host/unlocks/:unlock_token,
-  method: PUT
+  method: PUT,
+  data: {}
 }
 ```
 
@@ -426,7 +445,10 @@ class CurrentUserController < ApplicationController
 
   def update
     if update_params[:password]
-      current_user.update_with_password(update_params)
+      # update password and remove other sessions tokens
+      current_user.update_with_password(
+        update_params.merge(auth_tokens: [jwt_payload['auth_token']])
+      )
     else
       current_user.update_attributes(update_params)
     end
@@ -471,7 +493,7 @@ require 'rails_jwt_auth/spec_helpers'
 ...
 RSpec.configure do |config|
   ...
-  config.include RailsJwtAuth::SpecHelpers, :type => :controller
+  config.include RailsJwtAuth::SpecHelpers, type: :controller
 end
 ```
 
@@ -479,11 +501,11 @@ And then we can just call sign_in(user) to sign in as a user:
 
 ```ruby
 describe ExampleController
-  it "blocks unauthenticated access" do
-    expect { get :index }.to raise_error(RailsJwtAuth::Errors::NotAuthorized)
+  it 'blocks unauthenticated access' do
+    expect { get :index }.to raise_error(RailsJwtAuth::NotAuthorized)
   end
 
-  it "allows authenticated access" do
+  it 'allows authenticated access' do
     sign_in user
     get :index
     expect(response).to be_success

data/app/controllers/concerns/rails_jwt_auth/authenticable_helper.rb

@@ -6,18 +6,22 @@ module RailsJwtAuth
       @current_user
     end
 
+    def jwt_payload
+      @jwt_payload
+    end
+
     def signed_in?
       !current_user.nil?
     end
 
     def authenticate!
       begin
-        payload = RailsJwtAuth::JwtManager.decode_from_request(request).first
+        @jwt_payload = RailsJwtAuth::JwtManager.decode_from_request(request).first
       rescue JWT::ExpiredSignature, JWT::VerificationError, JWT::DecodeError
         unauthorize!
       end
 
-      if !@current_user = RailsJwtAuth.model.from_token_payload(payload)
+      if !@current_user = RailsJwtAuth.model.from_token_payload(@jwt_payload)
         unauthorize!
       elsif @current_user.respond_to? :update_tracked_fields!
         @current_user.update_tracked_fields!(request)
@@ -26,8 +30,8 @@ module RailsJwtAuth
 
     def authenticate
       begin
-        payload = RailsJwtAuth::JwtManager.decode_from_request(request).first
-        @current_user = RailsJwtAuth.model.from_token_payload(payload)
+        @jwt_payload = RailsJwtAuth::JwtManager.decode_from_request(request).first
+        @current_user = RailsJwtAuth.model.from_token_payload(@jwt_payload)
       rescue JWT::ExpiredSignature, JWT::VerificationError, JWT::DecodeError
         @current_user = nil
       end

data/app/controllers/concerns/rails_jwt_auth/params_helper.rb

@@ -9,7 +9,7 @@ module RailsJwtAuth
     end
 
     def confirmation_create_params
-      params.require(:confirmation).permit(:email)
+      params.require(:confirmation).permit(RailsJwtAuth.email_field_name)
     end
 
     def session_create_params
@@ -17,7 +17,7 @@ module RailsJwtAuth
     end
 
     def password_create_params
-      params.require(:password).permit(:email)
+      params.require(:password).permit(RailsJwtAuth.email_field_name)
     end
 
     def password_update_params
@@ -25,7 +25,7 @@ module RailsJwtAuth
     end
 
     def invitation_create_params
-      params.require(:invitation).permit(:email)
+      params.require(:invitation).permit(RailsJwtAuth.email_field_name)
     end
 
     def invitation_update_params

data/app/controllers/rails_jwt_auth/confirmations_controller.rb

@@ -4,7 +4,10 @@ module RailsJwtAuth
     include RenderHelper
 
     def create
-      user = RailsJwtAuth.model.where(email: confirmation_create_params[:email]).first
+      user = RailsJwtAuth.model.where(
+        email: confirmation_create_params[RailsJwtAuth.email_field_name]
+      ).first
+
       return render_422(email: [{error: :not_found}]) unless user
 
       user.send_confirmation_instructions ? render_204 : render_422(user.errors.details)

data/app/controllers/rails_jwt_auth/invitations_controller.rb

@@ -4,6 +4,7 @@ module RailsJwtAuth
     include RenderHelper
 
     def create
+      authenticate!
       user = RailsJwtAuth.model.invite!(invitation_create_params)
       user.errors.empty? ? render_204 : render_422(user.errors.details)
     end

data/app/controllers/rails_jwt_auth/passwords_controller.rb

@@ -4,8 +4,17 @@ module RailsJwtAuth
     include RenderHelper
 
     def create
-      user = RailsJwtAuth.model.where(email: password_create_params[:email].to_s.downcase).first
-      return render_422(email: [{error: :not_found}]) unless user
+      email_field = RailsJwtAuth.email_field_name
+
+      if password_create_params[email_field].blank?
+        return render_422(email_field => [{error: :blank}])
+      end
+
+      user = RailsJwtAuth.model.where(
+        email_field => password_create_params[email_field].to_s.strip.downcase
+      ).first
+
+      return render_422(email_field => [{error: :not_found}]) unless user
 
       user.send_reset_password_instructions ? render_204 : render_422(user.errors.details)
     end

data/app/mailers/rails_jwt_auth/mailer.rb

@@ -2,9 +2,13 @@ if defined?(ActionMailer)
   class RailsJwtAuth::Mailer < ApplicationMailer
     default from: RailsJwtAuth.mailer_sender
 
-    def confirmation_instructions(user)
+    before_action do
+      @user = RailsJwtAuth.model.find(params[:user_id])
+      @subject = I18n.t("rails_jwt_auth.mailer.#{action_name}.subject")
+    end
+
+    def confirmation_instructions
       raise RailsJwtAuth::NotConfirmationsUrl unless RailsJwtAuth.confirmations_url.present?
-      @user = user
 
       @confirmations_url = add_param_to_url(
         RailsJwtAuth.confirmations_url,
@@ -12,19 +16,15 @@ if defined?(ActionMailer)
         @user.confirmation_token
       )
 
-      subject = I18n.t('rails_jwt_auth.mailer.confirmation_instructions.subject')
-      mail(to: @user.unconfirmed_email || @user[RailsJwtAuth.email_field_name], subject: subject)
+      mail(to: @user.unconfirmed_email || @user[RailsJwtAuth.email_field_name], subject: @subject)
     end
 
-    def email_changed(user)
-      @user = user
-      subject = I18n.t('rails_jwt_auth.mailer.email_changed.subject')
-      mail(to: @user[RailsJwtAuth.email_field_name!], subject: subject)
+    def email_changed
+      mail(to: @user[RailsJwtAuth.email_field_name!], subject: @subject)
     end
 
-    def reset_password_instructions(user)
+    def reset_password_instructions
       raise RailsJwtAuth::NotResetPasswordsUrl unless RailsJwtAuth.reset_passwords_url.present?
-      @user = user
 
       @reset_passwords_url = add_param_to_url(
         RailsJwtAuth.reset_passwords_url,
@@ -32,13 +32,11 @@ if defined?(ActionMailer)
         @user.reset_password_token
       )
 
-      subject = I18n.t('rails_jwt_auth.mailer.reset_password_instructions.subject')
-      mail(to: @user[RailsJwtAuth.email_field_name], subject: subject)
+      mail(to: @user[RailsJwtAuth.email_field_name], subject: @subject)
     end
 
-    def set_password_instructions(user)
+    def set_password_instructions
       raise RailsJwtAuth::NotSetPasswordsUrl unless RailsJwtAuth.set_passwords_url.present?
-      @user = user
 
       @reset_passwords_url = add_param_to_url(
         RailsJwtAuth.set_passwords_url,
@@ -46,13 +44,11 @@ if defined?(ActionMailer)
         @user.reset_password_token
       )
 
-      subject = I18n.t('rails_jwt_auth.mailer.set_password_instructions.subject')
-      mail(to: @user[RailsJwtAuth.email_field_name], subject: subject)
+      mail(to: @user[RailsJwtAuth.email_field_name], subject: @subject)
     end
 
-    def send_invitation(user)
+    def send_invitation
       raise RailsJwtAuth::NotInvitationsUrl unless RailsJwtAuth.invitations_url.present?
-      @user = user
 
       @invitations_url = add_param_to_url(
         RailsJwtAuth.invitations_url,
@@ -60,17 +56,13 @@ if defined?(ActionMailer)
         @user.invitation_token
       )
 
-      subject = I18n.t('rails_jwt_auth.mailer.send_invitation.subject')
-      mail(to: @user[RailsJwtAuth.email_field_name], subject: subject)
+      mail(to: @user[RailsJwtAuth.email_field_name], subject: @subject)
     end
 
-    def send_unlock_instructions(user)
-      @user = user
-      subject = I18n.t('rails_jwt_auth.mailer.send_unlock_instructions.subject')
-
+    def send_unlock_instructions
       @unlock_url = add_param_to_url(RailsJwtAuth.unlock_url, 'unlock_token', @user.unlock_token)
 
-      mail(to: @user[RailsJwtAuth.email_field_name], subject: subject)
+      mail(to: @user[RailsJwtAuth.email_field_name], subject: @subject)
     end
 
     protected

data/app/models/concerns/rails_jwt_auth/authenticatable.rb

@@ -46,8 +46,10 @@ module RailsJwtAuth
                                  'invalid'
                                end
 
-      # abort reset password if exists to allow save
-      self.reset_password_token = self.reset_password_sent_at = nil if reset_password_token
+      # if recoberable module is enabled ensure clean recovery to allow save
+      if self.respond_to? :reset_password_token
+        self.reset_password_token = self.reset_password_sent_at = nil
+      end
 
       assign_attributes(params)
       valid? # validates first other fields

data/app/models/concerns/rails_jwt_auth/confirmable.rb

@@ -33,16 +33,14 @@ module RailsJwtAuth
 
             self.confirmation_token = SecureRandom.base58(24)
             self.confirmation_sent_at = Time.current
-
-            mailer = Mailer.confirmation_instructions(self)
-            RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
-
-            if RailsJwtAuth.send_email_changed_notification
-              mailer = Mailer.email_changed(self)
-              RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
-            end
           end
         end
+
+        if defined?(ActiveRecord) && ancestors.include?(ActiveRecord::Base)
+          after_commit :deliver_email_changed_emails, if: :saved_change_to_unconfirmed_email?
+        elsif defined?(Mongoid) && ancestors.include?(Mongoid::Document)
+          after_update :deliver_email_changed_emails, if: :unconfirmed_email_changed?
+        end
       end
     end
 
@@ -58,8 +56,7 @@ module RailsJwtAuth
       self.confirmation_sent_at = Time.current
       return false unless save
 
-      mailer = Mailer.confirmation_instructions(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+      RailsJwtAuth.send_email(:confirmation_instructions, self)
       true
     end
 
@@ -72,9 +69,15 @@ module RailsJwtAuth
       self.confirmation_token = nil
 
       if unconfirmed_email
-        self[RailsJwtAuth.email_field_name!] = unconfirmed_email
-        self.email_confirmation = unconfirmed_email if respond_to?(:email_confirmation)
+        email_field = RailsJwtAuth.email_field_name!
+
+        self[email_field] = unconfirmed_email
         self.unconfirmed_email = nil
+
+        # supports email confirmation attr_accessor validation
+        if respond_to?("#{email_field}_confirmation")
+          instance_variable_set("@#{email_field}_confirmation", self[email_field])
+        end
       end
 
       save
@@ -89,6 +92,7 @@ module RailsJwtAuth
 
     def validate_confirmation
       return true unless confirmed_at
+
       email_field = RailsJwtAuth.email_field_name!
 
       if confirmed_at_was && !public_send("#{email_field}_changed?")
@@ -98,5 +102,15 @@ module RailsJwtAuth
         errors.add(:confirmation_token, :expired)
       end
     end
+
+    def deliver_email_changed_emails
+      # send confirmation to new email
+      RailsJwtAuth.send_email(:confirmation_instructions, self)
+
+      # send notify to old email
+      if RailsJwtAuth.send_email_changed_notification
+        RailsJwtAuth.send_email(:email_changed, self)
+      end
+    end
   end
 end

data/app/models/concerns/rails_jwt_auth/invitable.rb

@@ -112,9 +112,8 @@ module RailsJwtAuth
     end
 
     def send_invitation_mail
-      RailsJwtAuth.email_field_name! # ensure email field es valid
-      mailer = Mailer.send_invitation(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+      RailsJwtAuth.email_field_name! # ensure email field is valid
+      RailsJwtAuth.send_email(:send_invitation, self)
     end
 
     def invitation_period_valid?

data/app/models/concerns/rails_jwt_auth/lockable.rb

@@ -68,8 +68,7 @@ module RailsJwtAuth
       self.unlock_token = SecureRandom.base58(24)
       save(validate: false)
 
-      mailer = Mailer.send_unlock_instructions(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+      RailsJwtAuth.send_email(:send_unlock_instructions, self)
     end
 
     def access_locked?

data/app/models/concerns/rails_jwt_auth/recoverable.rb

@@ -14,7 +14,10 @@ module RailsJwtAuth
         validate :validate_reset_password_token, if: :password_digest_changed?
 
         before_update do
-          self.reset_password_token = nil if password_digest_changed? && reset_password_token
+          if password_digest_changed? && reset_password_token
+            self.reset_password_token = nil
+            self.auth_tokens = []
+          end
         end
       end
     end
@@ -37,8 +40,7 @@ module RailsJwtAuth
       self.reset_password_sent_at = Time.current
       return false unless save
 
-      mailer = Mailer.reset_password_instructions(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+      RailsJwtAuth.send_email(:reset_password_instructions, self)
     end
 
     def set_and_send_password_instructions
@@ -53,8 +55,7 @@ module RailsJwtAuth
       self.reset_password_sent_at = Time.current
       return false unless save
 
-      mailer = Mailer.set_password_instructions(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+      RailsJwtAuth.send_email(:set_password_instructions, self)
       true
     end
 

data/lib/rails_jwt_auth.rb

@@ -114,4 +114,9 @@ module RailsJwtAuth
 
     field_name
   end
+
+  def self.send_email(method, user)
+    mailer = RailsJwtAuth::Mailer.with(user_id: user.id.to_s).public_send(method)
+    RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+  end
 end

data/lib/rails_jwt_auth/version.rb

@@ -1,3 +1,3 @@
 module RailsJwtAuth
-  VERSION = '1.4.1'
+  VERSION = '1.7.1'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_jwt_auth
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.7.1
 platform: ruby
 authors:
 - rjurado
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-12-11 00:00:00.000000000 Z
+date: 2020-06-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -120,8 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.3
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Rails jwt authentication.