token_authenticate_me 0.4.0 → 0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 16b050299a5e83a371b6596731db8805b0169167
-  data.tar.gz: ab29a662e9370df7e734b6e7365572fdb1adc53f
+  metadata.gz: 229ecb84a5060e5d18c67bfe11ded27a73771e7a
+  data.tar.gz: 75f47933a25a6b961f277b7856d956527e23fa9a
 SHA512:
-  metadata.gz: 162b004dfbd0dd4e414d99ac0001e00a3be2abe8e21aed19c783dd28df441a7bc5630062aebd3f38a94ade911b1af2288331d2d465e6b1b5e65fcb9463dda95f
-  data.tar.gz: 1f378bd64f4576573e5cf8aea9986de4d5bf0af419a4945ea41aea0f2e5bd80c0b643432e5b20060bd58a0c5be94139fafc8014792f7dbd1edb65f134b820a2a
+  metadata.gz: 020f1fbaa8a83ff17be432305293880ae0de0d4089d70434e04c07d9cc4c7a0c08dd623eb7a98239123b7e5ecfcec968c88f92da5edeab4f6428d546dea540dd
+  data.tar.gz: b2e713b0a2817b615bbecefc9b291025bb41f9d46dc09918d7100ac43fae982be05d40b88164514a6a2e7d143ffbacfa97f257c472132fd78fd7cab692cf8416

data/lib/token_authenticate_me/controllers/password_resetable.rb

@@ -80,8 +80,13 @@ module TokenAuthenticateMe
         end
 
         def valid_reset_token?
-          @user = User.find_by_reset_password_token(params[:id])
+          # Check for
+          # https://github.com/rails/rails/commit/e8572cf2f94872d81e7145da31d55c6e1b074247
+          # security issue when config.action_dispatch.perform_deep_munge = false is set
+          # which is common for JSON APIs
+          return false if params[:id].class == Array || params[:id].nil?
 
+          @user = User.find_by_reset_password_token(params[:id])
           @user && @user.reset_password_token_exp > DateTime.now
         end
       end

data/lib/token_authenticate_me/models/authenticatable.rb

@@ -15,7 +15,7 @@ module TokenAuthenticateMe
           uniqueness: { case_sensitive: false },
           format: {
             with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i,
-            message: "invalid e-mail address"
+            message: 'invalid e-mail address'
           }
         )
 
@@ -68,12 +68,12 @@ module TokenAuthenticateMe
         end
 
         def current_password_correct
-          errors.add(:current_password, 'is required to change email and/or password') if current_password.blank?
+          errors.add(:current_password, 'is required to change email and/or password') if current_password.blank? # rubocop:disable Metrics/LineLength
           errors.add(:current_password, 'is incorrect') unless authenticate(current_password)
         end
 
         def current_password_required?
-          email_changed? || attempting_to_change_password?
+          !new_record? && (email_changed? || attempting_to_change_password?)
         end
 
         def password_required?

data/lib/token_authenticate_me/version.rb

@@ -1,3 +1,3 @@
 module TokenAuthenticateMe
-  VERSION = '0.4.0'
+  VERSION = '0.4.1'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: token_authenticate_me
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
 - Sam Clopton
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-03 00:00:00.000000000 Z
+date: 2015-02-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -239,7 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.3
 signing_key: 
 specification_version: 4
 summary: This gem adds simple token authentication to users.