RubyGems - rails_jwt_auth - Versions diffs - 1.6.1 → 2.0.1 - Mend

rails_jwt_auth 1.6.1 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

data/app/models/concerns/rails_jwt_auth/confirmable.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module RailsJwtAuth
   module Confirmable
     def self.included(base)
@@ -20,37 +22,12 @@ module RailsJwtAuth
             send_confirmation_instructions
           end
         end
-        before_update do
-          email_field = RailsJwtAuth.email_field_name!
-          if public_send("#{email_field}_changed?") &&
-             public_send("#{email_field}_was") &&
-             !confirmed_at_changed? &&
-             !self['invitation_token']
-            self.unconfirmed_email = self[email_field]
-            self[email_field] = public_send("#{email_field}_was")
-            self.confirmation_token = SecureRandom.base58(24)
-            self.confirmation_sent_at = Time.current
-            mailer = Mailer.confirmation_instructions(self)
-            RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
-            if RailsJwtAuth.send_email_changed_notification
-              mailer = Mailer.email_changed(self)
-              RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
-            end
-          end
-        end
       end
     end
     def send_confirmation_instructions
-      email_field = RailsJwtAuth.email_field_name!
       if confirmed? && !unconfirmed_email
-        errors.add(email_field, :already_confirmed)
+        errors.add(RailsJwtAuth.email_field_name, :already_confirmed)
         return false
       end
@@ -58,8 +35,7 @@ module RailsJwtAuth
       self.confirmation_sent_at = Time.current
       return false unless save
-      mailer = Mailer.confirmation_instructions(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+      RailsJwtAuth.send_email(:confirmation_instructions, self)
       true
     end
@@ -67,35 +43,68 @@ module RailsJwtAuth
       confirmed_at.present?
     end
-    def confirm!
+    def confirm
       self.confirmed_at = Time.current
       self.confirmation_token = nil
       if unconfirmed_email
-        email_field = RailsJwtAuth.email_field_name!
+        email_field = RailsJwtAuth.email_field_name
         self[email_field] = unconfirmed_email
         self.unconfirmed_email = nil
         # supports email confirmation attr_accessor validation
         if respond_to?("#{email_field}_confirmation")
-          self.instance_variable_set("@#{email_field}_confirmation", self[email_field])
+          instance_variable_set("@#{email_field}_confirmation", self[email_field])
         end
       end
       save
     end
-    def skip_confirmation!
+    def skip_confirmation
       self.confirmed_at = Time.current
       self.confirmation_token = nil
     end
+    def update_email(params)
+      email_field = RailsJwtAuth.email_field_name.to_sym
+      params = HashWithIndifferentAccess.new(params)
+      # email change must be protected by password
+      password_error = if (password = params[:password]).blank?
+                         :blank
+                       elsif !authenticate(password)
+                         :invalid
+                       end
+      self.email = params[email_field]
+      self.confirmation_token = SecureRandom.base58(24)
+      self.confirmation_sent_at = Time.current
+      valid? # validates first other fields
+      errors.add(:password, password_error) if password_error
+      errors.add(email_field, :not_change) unless email_changed?
+      return false unless errors.empty?
+      # move email to unconfirmed_email field and restore
+      self.unconfirmed_email = email
+      self.email = email_was
+      return false unless save
+      deliver_email_changed_emails
+      true
+    end
     protected
     def validate_confirmation
       return true unless confirmed_at
-      email_field = RailsJwtAuth.email_field_name!
+      email_field = RailsJwtAuth.email_field_name
       if confirmed_at_was && !public_send("#{email_field}_changed?")
         errors.add(email_field, :already_confirmed)
@@ -104,5 +113,15 @@ module RailsJwtAuth
         errors.add(:confirmation_token, :expired)
       end
     end
+    def deliver_email_changed_emails
+      # send confirmation to new email
+      RailsJwtAuth.send_email(:confirmation_instructions, self)
+      # send notify to old email
+      if RailsJwtAuth.send_email_change_requested_notification
+        RailsJwtAuth.send_email(:email_change_requested_notification, self)
+      end
+    end
   end
 end

data/app/models/concerns/rails_jwt_auth/invitable.rb CHANGED

@@ -11,116 +11,80 @@ module RailsJwtAuth
           field :invitation_token,         type: String
           field :invitation_sent_at,       type: Time
           field :invitation_accepted_at,   type: Time
-          field :invitation_created_at,    type: Time
         end
       end
     end
     module ClassMethods
       # Creates an user and sends an invitation to him.
-      # If the user is already invited and pending of completing registration
-      # the invitation is resent by email.
-      # If the user is already registered, it returns the user with a
-      # <tt>:taken</tt> on the email field.
-      #
-      # @param [Hash] attributes Hash containing user's attributes to be filled.
-      #               Must contain an email key.
-      #
-      # @return [user] The user created or found by email.
-      def invite!(attributes={})
+      def invite(attributes={})
         attrs = ActiveSupport::HashWithIndifferentAccess.new(attributes.to_h)
-        auth_field = RailsJwtAuth.auth_field_name!
+        auth_field = RailsJwtAuth.auth_field_name
         auth_attribute = attrs.delete(auth_field)
-        raise ArgumentError unless auth_attribute
         record = RailsJwtAuth.model.find_or_initialize_by(auth_field => auth_attribute)
         record.assign_attributes(attrs)
-        record.invite!
+        record.invite
         record
       end
     end
-    # Accept an invitation by clearing token and setting invitation_accepted_at
-    def accept_invitation
-      self.invitation_accepted_at = Time.current
-      self.invitation_token = nil
-    end
-    def accept_invitation!
-      return unless invited?
-      if valid_invitation?
-        accept_invitation
-        self.confirmed_at = Time.current if respond_to?(:confirmed_at) && confirmed_at.nil?
-      else
-        errors.add(:invitation_token, :invalid)
-      end
-    end
-    def invite!
-      self.invitation_created_at = Time.current if new_record?
-      unless password || password_digest
-        passw = SecureRandom.base58(16)
-        self.password = passw
-        self.password_confirmation = passw
-      end
-      valid?
-      # users that are registered and were not invited are not reinvitable
-      if !new_record? && !invited?
-        errors.add(RailsJwtAuth.auth_field_name!, :taken)
+    # Sends an invitation to user
+    # If the user has pending invitation, new one is sent
+    def invite
+      if persisted? && !invitation_token
+        errors.add(RailsJwtAuth.auth_field_name, :registered)
+        return false
       end
-      # users that have already accepted an invitation are not reinvitable
-      if !new_record? && invited? && invitation_accepted_at.present?
-        errors.add(RailsJwtAuth.auth_field_name!, :taken)
-      end
-      return self unless errors.empty?
-      generate_invitation_token if invitation_token.nil?
+      @inviting = true
+      self.invitation_token = RailsJwtAuth.friendly_token
       self.invitation_sent_at = Time.current
-      send_invitation_mail if save(validate: false)
-      self
-    end
+      return false unless save_without_password
-    def invited?
-      (persisted? && invitation_token.present?)
+      RailsJwtAuth.send_email(:invitation_instructions, self)
+      true
+    ensure
+      @inviting = false
     end
-    def generate_invitation_token!
-      generate_invitation_token && save(validate: false)
-    end
+    # Finishes invitation process setting user password
+    def accept_invitation(params)
+      return false unless invitation_token.present?
-    def valid_invitation?
-      invited? && invitation_period_valid?
-    end
+      self.assign_attributes(params)
-    def accepted_invitation?
-      invitation_token.nil? && invitation_accepted_at.present?
-    end
+      valid?
+      errors.add(:password, :blank) if params[:password].blank?
+      errors.add(:invitation_token, :expired) if expired_invitation_token?
+      return false unless errors.empty?
-    protected
+      self.invitation_accepted_at = Time.current
+      self.invitation_token = nil
+      self.invitation_sent_at = nil
+      self.confirmed_at = Time.current if respond_to?(:confirmed_at) && confirmed_at.nil?
+      save
+    end
-    def generate_invitation_token
-      self.invitation_token = SecureRandom.base58(128)
+    def inviting?
+      @inviting || false
     end
-    def send_invitation_mail
-      RailsJwtAuth.email_field_name! # ensure email field es valid
-      mailer = Mailer.send_invitation(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+    def valid_for_invite?
+      @inviting = true
+      valid_without_password?
+    ensure
+      @inviting = false
     end
-    def invitation_period_valid?
-      time = invitation_sent_at || invitation_created_at
+    def expired_invitation_token?
       expiration_time = RailsJwtAuth.invitation_expiration_time
-      time && (expiration_time.to_i.zero? || time >= expiration_time.ago)
+      return false if expiration_time.to_i.zero?
+      invitation_sent_at && invitation_sent_at < expiration_time.ago
     end
   end
 end

data/app/models/concerns/rails_jwt_auth/lockable.rb CHANGED

@@ -13,52 +13,41 @@ module RailsJwtAuth
       end
     end
-    def lock_access!
-      self.locked_at = Time.now.utc
+    def lock_access
+      self.locked_at = Time.current
       save(validate: false).tap do |result|
         send_unlock_instructions if result && unlock_strategy_enabled?(:email)
       end
     end
-    def unlock_access!
+    def clean_lock
       self.locked_at = nil
-      self.failed_attempts = 0
-      self.first_failed_attempt_at = nil
       self.unlock_token = nil
-      save(validate: false)
+      reset_attempts
     end
-    def reset_attempts!
-      self.failed_attempts = 0
-      self.first_failed_attempt_at = nil
-      save(validate: false)
+    def unlock_access
+      clean_lock
+      save(validate: false) if changed?
     end
-    def authentication?(pass)
-      return super(pass) unless lock_strategy_enabled?(:failed_attempts)
+    def access_locked?
+      locked_at && !lock_expired?
+    end
-      reset_attempts! if !access_locked? && attempts_expired?
-      unlock_access! if lock_expired?
+    def failed_attempt
+      return if access_locked?
-      if access_locked?
-        false
-      elsif super(pass)
-        unlock_access!
-        self
-      else
-        failed_attempt!
-        lock_access! if attempts_exceeded?
-        false
-      end
-    end
+      reset_attempts if attempts_expired?
-    def unauthenticated_error
-      return super unless lock_strategy_enabled?(:failed_attempts)
+      self.failed_attempts ||= 0
+      self.failed_attempts += 1
+      self.first_failed_attempt_at = Time.current if failed_attempts == 1
-      if access_locked?
-        {error: :locked}
-      else
-        {error: :invalid_session, remaining_attempts: remaining_attempts}
+      save(validate: false).tap do |result|
+        lock_access if result && attempts_exceeded?
       end
     end
@@ -68,12 +57,7 @@ module RailsJwtAuth
       self.unlock_token = SecureRandom.base58(24)
       save(validate: false)
-      mailer = Mailer.send_unlock_instructions(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
-    end
-    def access_locked?
-      locked_at && !lock_expired?
+      RailsJwtAuth.send_email(:unlock_instructions, self)
     end
     def lock_expired?
@@ -84,21 +68,19 @@ module RailsJwtAuth
       end
     end
-    def failed_attempt!
-      self.failed_attempts ||= 0
-      self.failed_attempts += 1
-      self.first_failed_attempt_at = Time.now.utc if failed_attempts == 1
-      save(validate: false)
-    end
-    def attempts_exceeded?
-      failed_attempts && failed_attempts >= RailsJwtAuth.maximum_attempts
+    def reset_attempts
+      self.failed_attempts = 0
+      self.first_failed_attempt_at = nil
     end
     def remaining_attempts
       RailsJwtAuth.maximum_attempts - failed_attempts.to_i
     end
+    def attempts_exceeded?
+      !remaining_attempts.positive?
+    end
     def attempts_expired?
       first_failed_attempt_at && first_failed_attempt_at < RailsJwtAuth.reset_attempts_in.ago
     end

data/app/models/concerns/rails_jwt_auth/recoverable.rb CHANGED

@@ -10,20 +10,11 @@ module RailsJwtAuth
           field :reset_password_token,   type: String
           field :reset_password_sent_at, type: Time
         end
-        validate :validate_reset_password_token, if: :password_digest_changed?
-        before_update do
-          if password_digest_changed? && reset_password_token
-            self.reset_password_token = nil
-            self.auth_tokens = []
-          end
-        end
       end
     end
     def send_reset_password_instructions
-      email_field = RailsJwtAuth.email_field_name! # ensure email field es valid
+      email_field = RailsJwtAuth.email_field_name # ensure email field es valid
       if self.class.ancestors.include?(RailsJwtAuth::Confirmable) && !confirmed?
         errors.add(email_field, :unconfirmed)
@@ -36,38 +27,37 @@ module RailsJwtAuth
         return false
       end
-      self.reset_password_token = SecureRandom.base58(24)
+      self.reset_password_token = RailsJwtAuth.friendly_token
       self.reset_password_sent_at = Time.current
       return false unless save
-      mailer = Mailer.reset_password_instructions(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
+      RailsJwtAuth.send_email(:reset_password_instructions, self)
     end
-    def set_and_send_password_instructions
-      RailsJwtAuth.email_field_name! # ensure email field es valid
-      return if password.present?
+    def set_reset_password(params)
+      self.assign_attributes(params)
-      self.password = SecureRandom.base58(48)
-      self.password_confirmation = self.password
-      self.skip_confirmation! if self.class.ancestors.include?(RailsJwtAuth::Confirmable)
+      valid?
+      errors.add(:password, :blank) if params[:password].blank?
+      errors.add(:reset_password_token, :expired) if expired_reset_password_token?
-      self.reset_password_token = SecureRandom.base58(24)
-      self.reset_password_sent_at = Time.current
-      return false unless save
+      return false unless errors.empty?
-      mailer = Mailer.set_password_instructions(self)
-      RailsJwtAuth.deliver_later ? mailer.deliver_later : mailer.deliver
-      true
+      clean_reset_password
+      self.auth_tokens = [] # reset all sessions
+      save
     end
-    protected
+    def expired_reset_password_token?
+      expiration_time = RailsJwtAuth.reset_password_expiration_time
+      return false if expiration_time.to_i.zero?
-    def validate_reset_password_token
-      if reset_password_sent_at &&
-         (reset_password_sent_at < (Time.current - RailsJwtAuth.reset_password_expiration_time))
-        errors.add(:reset_password_token, :expired)
-      end
+      reset_password_sent_at && reset_password_sent_at < expiration_time.ago
+    end
+    def clean_reset_password
+      self.reset_password_sent_at = nil
+      self.reset_password_token = nil
     end
   end
 end