wordjelly-auth 1.2.1 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 20bc9b5081d66477ee0989ac143f8a60f478ce80
|
|
4
|
+
data.tar.gz: 26ec2c00029ee39d59fdc93fc13e5282a254b27b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1a7120152153b13ef4f10b7b4db6fc518877aa21ab8614c2b70f578d59e2a90da204e822a6ceb73782fef3bd6c2d2752a3e3b9bfbc271504bdf4d8443f2c653f
|
|
7
|
+
data.tar.gz: adbc0907a82f757b9b4cc225ab4789a40a2f9090b37d49684c15ad37a03a067780758055d551b71e73600d578b3555a7f22bc9423e5e9c50ec653665006f2d0e
|
|
@@ -3,12 +3,16 @@ module Auth::Concerns::DeviseConcern
|
|
|
3
3
|
extend ActiveSupport::Concern
|
|
4
4
|
|
|
5
5
|
included do
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
6
|
+
protect_from_forgery with: :null_session, if: Proc.new { |c|
|
|
7
|
+
c.request.format == 'application/json'
|
|
8
|
+
}
|
|
9
9
|
attr_accessor :m_client
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
+
## so how to implement this ?
|
|
13
|
+
## just include the devise concern.
|
|
14
|
+
## and let it all through.
|
|
15
|
+
|
|
12
16
|
##returns true if the recaptcha is not specified in the configuration
|
|
13
17
|
##returns true if the recaptcha is valid.
|
|
14
18
|
##expects the parameter 'g-recaptcha-response' in the params hash
|
|
@@ -101,7 +105,6 @@ module Auth::Concerns::DeviseConcern
|
|
|
101
105
|
|
|
102
106
|
else
|
|
103
107
|
|
|
104
|
-
|
|
105
108
|
if session[:client] = Auth::Client.find_valid_api_key_and_app_id(api_key, current_app_id)
|
|
106
109
|
|
|
107
110
|
#puts "found valid clinet."
|
|
@@ -124,8 +127,9 @@ module Auth::Concerns::DeviseConcern
|
|
|
124
127
|
def protect_json_request
|
|
125
128
|
##should block any put action on the user
|
|
126
129
|
##and should render an error saying please do this on the server.
|
|
130
|
+
## if its an html or js request, then authentication token verification should be checked.
|
|
131
|
+
## if its a json request, then that doesnt need to be done
|
|
127
132
|
if is_json_request?
|
|
128
|
-
|
|
129
133
|
if action_name == "otp_verification_result"
|
|
130
134
|
##we let this action pass because, we make json ajax requests
|
|
131
135
|
##from the web ui to this endpoint, and anyway it does
|
|
@@ -140,7 +144,12 @@ module Auth::Concerns::DeviseConcern
|
|
|
140
144
|
|
|
141
145
|
end
|
|
142
146
|
end
|
|
143
|
-
|
|
147
|
+
else
|
|
148
|
+
|
|
149
|
+
if verify_authenticity_token == false
|
|
150
|
+
render :nothing => true, :status => :unauthorized
|
|
151
|
+
end
|
|
152
|
+
end
|
|
144
153
|
end
|
|
145
154
|
|
|
146
155
|
def set_redirect_url
|
|
@@ -178,7 +187,8 @@ module Auth::Concerns::DeviseConcern
|
|
|
178
187
|
set_redirect_url
|
|
179
188
|
|
|
180
189
|
protect_json_request
|
|
181
|
-
|
|
190
|
+
|
|
191
|
+
|
|
182
192
|
end
|
|
183
193
|
|
|
184
194
|
##used only in render, redirect in DeviseController.class_eval
|
data/lib/auth/version.rb
CHANGED