RubyGems - wordjelly-auth - Versions diffs - 1.2.1 → 1.2.2 - Mend

wordjelly-auth 1.2.1 → 1.2.2

Files changed (5) hide show

checksums.yaml +4 -4
data/app/controllers/auth/concerns/devise_concern.rb +17 -7
data/app/controllers/auth/registrations_controller.rb +1 -0
data/lib/auth/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 998b4b6ae8498893000130fff555afcfbfc1a7f2
-  data.tar.gz: dbeca1a615b51d298572a4ef696230c0a1fd08a7
+  metadata.gz: 20bc9b5081d66477ee0989ac143f8a60f478ce80
+  data.tar.gz: 26ec2c00029ee39d59fdc93fc13e5282a254b27b
 SHA512:
-  metadata.gz: c6be7258a114b841b96c867bae18551ddf7100e69707c2166f954e8c884a9613898d28f2b9fb9df8be35d1d3c6b04375742123932d3d70d49c9703a33bd06a63
-  data.tar.gz: 9a089cdd3b60dd2bc778cd1fe1d50356a1d7e7ab813701fa0cb29f50295715688387e1d210e9e0f5723a90fd0f3cabfbe124fa925b7ab1a3be1dce0dbb200958
+  metadata.gz: 1a7120152153b13ef4f10b7b4db6fc518877aa21ab8614c2b70f578d59e2a90da204e822a6ceb73782fef3bd6c2d2752a3e3b9bfbc271504bdf4d8443f2c653f
+  data.tar.gz: adbc0907a82f757b9b4cc225ab4789a40a2f9090b37d49684c15ad37a03a067780758055d551b71e73600d578b3555a7f22bc9423e5e9c50ec653665006f2d0e

data/app/controllers/auth/concerns/devise_concern.rb CHANGED Viewed

@@ -3,12 +3,16 @@ module Auth::Concerns::DeviseConcern
     extend ActiveSupport::Concern
     included do
-	    #skip_before_action :verify_authenticity_token, if: :is_json_request?
-        protect_from_forgery with: :null_session
+        protect_from_forgery with: :null_session, if: Proc.new { |c|
+            c.request.format == 'application/json'
+        }
         attr_accessor :m_client
     end
+    ## so how to implement this ?
+    ## just include the devise concern.
+    ## and let it all through.
     ##returns true if the recaptcha is not specified in the configuration
     ##returns true if the recaptcha is valid.
     ##expects the parameter 'g-recaptcha-response' in the params hash
@@ -101,7 +105,6 @@ module Auth::Concerns::DeviseConcern
 	      else
 	        if session[:client] = Auth::Client.find_valid_api_key_and_app_id(api_key, current_app_id)
                 #puts "found valid clinet."
@@ -124,8 +127,9 @@ module Auth::Concerns::DeviseConcern
 	def protect_json_request
 	   	##should block any put action on the user
 	   	##and should render an error saying please do this on the server.
+        ## if its an html or js request, then authentication token verification should be checked.
+        ## if its a json request, then that doesnt need to be done
 	    if is_json_request?
 	    	if action_name == "otp_verification_result"
 	    		##we let this action pass because, we make json ajax requests
 	    		##from the web ui to this endpoint, and anyway it does
@@ -140,7 +144,12 @@ module Auth::Concerns::DeviseConcern
                 end
 	      	end
-	    end
+        else
+            if verify_authenticity_token == false
+                render :nothing => true, :status => :unauthorized
+            end
+        end
 	end
     def set_redirect_url
@@ -178,7 +187,8 @@ module Auth::Concerns::DeviseConcern
        set_redirect_url
        protect_json_request
     end
     ##used only in render, redirect in DeviseController.class_eval

data/app/controllers/auth/registrations_controller.rb CHANGED Viewed

@@ -8,6 +8,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
 	def create
+		puts "CAME TO CREATE."
 		check_recaptcha
 		build_resource(sign_up_params)
 		resource.m_client = self.m_client

data/lib/auth/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Auth
-  VERSION = "1.2.1"
+  VERSION = "1.2.2"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: wordjelly-auth
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.2.2
 platform: ruby
 authors:
 - bhargav