token_authenticate_me 0.4.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 229ecb84a5060e5d18c67bfe11ded27a73771e7a
|
4
|
+
data.tar.gz: 75f47933a25a6b961f277b7856d956527e23fa9a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 020f1fbaa8a83ff17be432305293880ae0de0d4089d70434e04c07d9cc4c7a0c08dd623eb7a98239123b7e5ecfcec968c88f92da5edeab4f6428d546dea540dd
|
7
|
+
data.tar.gz: b2e713b0a2817b615bbecefc9b291025bb41f9d46dc09918d7100ac43fae982be05d40b88164514a6a2e7d143ffbacfa97f257c472132fd78fd7cab692cf8416
|
@@ -80,8 +80,13 @@ module TokenAuthenticateMe
|
|
80
80
|
end
|
81
81
|
|
82
82
|
def valid_reset_token?
|
83
|
-
|
83
|
+
# Check for
|
84
|
+
# https://github.com/rails/rails/commit/e8572cf2f94872d81e7145da31d55c6e1b074247
|
85
|
+
# security issue when config.action_dispatch.perform_deep_munge = false is set
|
86
|
+
# which is common for JSON APIs
|
87
|
+
return false if params[:id].class == Array || params[:id].nil?
|
84
88
|
|
89
|
+
@user = User.find_by_reset_password_token(params[:id])
|
85
90
|
@user && @user.reset_password_token_exp > DateTime.now
|
86
91
|
end
|
87
92
|
end
|
@@ -15,7 +15,7 @@ module TokenAuthenticateMe
|
|
15
15
|
uniqueness: { case_sensitive: false },
|
16
16
|
format: {
|
17
17
|
with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i,
|
18
|
-
message:
|
18
|
+
message: 'invalid e-mail address'
|
19
19
|
}
|
20
20
|
)
|
21
21
|
|
@@ -68,12 +68,12 @@ module TokenAuthenticateMe
|
|
68
68
|
end
|
69
69
|
|
70
70
|
def current_password_correct
|
71
|
-
errors.add(:current_password, 'is required to change email and/or password') if current_password.blank?
|
71
|
+
errors.add(:current_password, 'is required to change email and/or password') if current_password.blank? # rubocop:disable Metrics/LineLength
|
72
72
|
errors.add(:current_password, 'is incorrect') unless authenticate(current_password)
|
73
73
|
end
|
74
74
|
|
75
75
|
def current_password_required?
|
76
|
-
email_changed? || attempting_to_change_password?
|
76
|
+
!new_record? && (email_changed? || attempting_to_change_password?)
|
77
77
|
end
|
78
78
|
|
79
79
|
def password_required?
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: token_authenticate_me
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Clopton
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2015-02-
|
12
|
+
date: 2015-02-09 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activerecord
|
@@ -239,7 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
239
239
|
version: '0'
|
240
240
|
requirements: []
|
241
241
|
rubyforge_project:
|
242
|
-
rubygems_version: 2.
|
242
|
+
rubygems_version: 2.4.3
|
243
243
|
signing_key:
|
244
244
|
specification_version: 4
|
245
245
|
summary: This gem adds simple token authentication to users.
|