token_authenticate_me 0.4.0 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 229ecb84a5060e5d18c67bfe11ded27a73771e7a
|
4
|
+
data.tar.gz: 75f47933a25a6b961f277b7856d956527e23fa9a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 020f1fbaa8a83ff17be432305293880ae0de0d4089d70434e04c07d9cc4c7a0c08dd623eb7a98239123b7e5ecfcec968c88f92da5edeab4f6428d546dea540dd
|
7
|
+
data.tar.gz: b2e713b0a2817b615bbecefc9b291025bb41f9d46dc09918d7100ac43fae982be05d40b88164514a6a2e7d143ffbacfa97f257c472132fd78fd7cab692cf8416
|
@@ -80,8 +80,13 @@ module TokenAuthenticateMe
|
|
80
80
|
end
|
81
81
|
|
82
82
|
def valid_reset_token?
|
83
|
-
|
83
|
+
# Check for
|
84
|
+
# https://github.com/rails/rails/commit/e8572cf2f94872d81e7145da31d55c6e1b074247
|
85
|
+
# security issue when config.action_dispatch.perform_deep_munge = false is set
|
86
|
+
# which is common for JSON APIs
|
87
|
+
return false if params[:id].class == Array || params[:id].nil?
|
84
88
|
|
89
|
+
@user = User.find_by_reset_password_token(params[:id])
|
85
90
|
@user && @user.reset_password_token_exp > DateTime.now
|
86
91
|
end
|
87
92
|
end
|
@@ -15,7 +15,7 @@ module TokenAuthenticateMe
|
|
15
15
|
uniqueness: { case_sensitive: false },
|
16
16
|
format: {
|
17
17
|
with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i,
|
18
|
-
message:
|
18
|
+
message: 'invalid e-mail address'
|
19
19
|
}
|
20
20
|
)
|
21
21
|
|
@@ -68,12 +68,12 @@ module TokenAuthenticateMe
|
|
68
68
|
end
|
69
69
|
|
70
70
|
def current_password_correct
|
71
|
-
errors.add(:current_password, 'is required to change email and/or password') if current_password.blank?
|
71
|
+
errors.add(:current_password, 'is required to change email and/or password') if current_password.blank? # rubocop:disable Metrics/LineLength
|
72
72
|
errors.add(:current_password, 'is incorrect') unless authenticate(current_password)
|
73
73
|
end
|
74
74
|
|
75
75
|
def current_password_required?
|
76
|
-
email_changed? || attempting_to_change_password?
|
76
|
+
!new_record? && (email_changed? || attempting_to_change_password?)
|
77
77
|
end
|
78
78
|
|
79
79
|
def password_required?
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: token_authenticate_me
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Clopton
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2015-02-
|
12
|
+
date: 2015-02-09 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activerecord
|
@@ -239,7 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
239
239
|
version: '0'
|
240
240
|
requirements: []
|
241
241
|
rubyforge_project:
|
242
|
-
rubygems_version: 2.
|
242
|
+
rubygems_version: 2.4.3
|
243
243
|
signing_key:
|
244
244
|
specification_version: 4
|
245
245
|
summary: This gem adds simple token authentication to users.
|