wordjelly-auth 1.2.1 → 1.2.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 998b4b6ae8498893000130fff555afcfbfc1a7f2
4
- data.tar.gz: dbeca1a615b51d298572a4ef696230c0a1fd08a7
3
+ metadata.gz: 20bc9b5081d66477ee0989ac143f8a60f478ce80
4
+ data.tar.gz: 26ec2c00029ee39d59fdc93fc13e5282a254b27b
5
5
  SHA512:
6
- metadata.gz: c6be7258a114b841b96c867bae18551ddf7100e69707c2166f954e8c884a9613898d28f2b9fb9df8be35d1d3c6b04375742123932d3d70d49c9703a33bd06a63
7
- data.tar.gz: 9a089cdd3b60dd2bc778cd1fe1d50356a1d7e7ab813701fa0cb29f50295715688387e1d210e9e0f5723a90fd0f3cabfbe124fa925b7ab1a3be1dce0dbb200958
6
+ metadata.gz: 1a7120152153b13ef4f10b7b4db6fc518877aa21ab8614c2b70f578d59e2a90da204e822a6ceb73782fef3bd6c2d2752a3e3b9bfbc271504bdf4d8443f2c653f
7
+ data.tar.gz: adbc0907a82f757b9b4cc225ab4789a40a2f9090b37d49684c15ad37a03a067780758055d551b71e73600d578b3555a7f22bc9423e5e9c50ec653665006f2d0e
@@ -3,12 +3,16 @@ module Auth::Concerns::DeviseConcern
3
3
  extend ActiveSupport::Concern
4
4
 
5
5
  included do
6
-
7
- #skip_before_action :verify_authenticity_token, if: :is_json_request?
8
- protect_from_forgery with: :null_session
6
+ protect_from_forgery with: :null_session, if: Proc.new { |c|
7
+ c.request.format == 'application/json'
8
+ }
9
9
  attr_accessor :m_client
10
10
  end
11
11
 
12
+ ## so how to implement this ?
13
+ ## just include the devise concern.
14
+ ## and let it all through.
15
+
12
16
  ##returns true if the recaptcha is not specified in the configuration
13
17
  ##returns true if the recaptcha is valid.
14
18
  ##expects the parameter 'g-recaptcha-response' in the params hash
@@ -101,7 +105,6 @@ module Auth::Concerns::DeviseConcern
101
105
 
102
106
  else
103
107
 
104
-
105
108
  if session[:client] = Auth::Client.find_valid_api_key_and_app_id(api_key, current_app_id)
106
109
 
107
110
  #puts "found valid clinet."
@@ -124,8 +127,9 @@ module Auth::Concerns::DeviseConcern
124
127
  def protect_json_request
125
128
  ##should block any put action on the user
126
129
  ##and should render an error saying please do this on the server.
130
+ ## if its an html or js request, then authentication token verification should be checked.
131
+ ## if its a json request, then that doesnt need to be done
127
132
  if is_json_request?
128
-
129
133
  if action_name == "otp_verification_result"
130
134
  ##we let this action pass because, we make json ajax requests
131
135
  ##from the web ui to this endpoint, and anyway it does
@@ -140,7 +144,12 @@ module Auth::Concerns::DeviseConcern
140
144
 
141
145
  end
142
146
  end
143
- end
147
+ else
148
+
149
+ if verify_authenticity_token == false
150
+ render :nothing => true, :status => :unauthorized
151
+ end
152
+ end
144
153
  end
145
154
 
146
155
  def set_redirect_url
@@ -178,7 +187,8 @@ module Auth::Concerns::DeviseConcern
178
187
  set_redirect_url
179
188
 
180
189
  protect_json_request
181
-
190
+
191
+
182
192
  end
183
193
 
184
194
  ##used only in render, redirect in DeviseController.class_eval
@@ -8,6 +8,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
8
8
 
9
9
 
10
10
  def create
11
+ puts "CAME TO CREATE."
11
12
  check_recaptcha
12
13
  build_resource(sign_up_params)
13
14
  resource.m_client = self.m_client
data/lib/auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Auth
2
- VERSION = "1.2.1"
2
+ VERSION = "1.2.2"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wordjelly-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.1
4
+ version: 1.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - bhargav