From 7d84b0e87bc7c978abcc66ab710e4280c0773a0b Mon Sep 17 00:00:00 2001 From: Hannah Howard Date: Fri, 12 Jun 2015 12:37:20 -0700 Subject: [PATCH 1/4] bundle update --- Gemfile.lock | 212 ++++++++++-------- .../models/token_authenticatable.rb | 16 +- test/models/user_test.rb | 1 - 3 files changed, 128 insertions(+), 101 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 36fbae954..7e55116be 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,32 +1,34 @@ GIT remote: git://github.com/intridea/omniauth-github.git - revision: 21fa5e1a7295a11eae42846690b1eee88e57c23a + revision: 45f2fc73d6d06f30863adac0e6aa112bcaaadf67 specs: omniauth-github (1.1.2) omniauth (~> 1.0) - omniauth-oauth2 (~> 1.1) + omniauth-oauth2 (>= 1.1.1, < 2.0) GIT remote: git://github.com/laserlemon/figaro.git - revision: 9f54872dfc1a972b4a971211706272f0f38495f4 + revision: 78669f710494937f473b003e707ed3f081d10be3 specs: - figaro (1.0.0.rc1) + figaro (1.1.1) thor (~> 0.14) GIT remote: git://github.com/mkdynamic/omniauth-facebook.git - revision: ee4fb4dd6f664b3223974c229fda36169309e9ec + revision: b127c35135b16b7d5cdc746a718192acfe1da21c specs: - omniauth-facebook (2.0.0) + omniauth-facebook (2.1.0) omniauth-oauth2 (~> 1.2) GIT remote: git://github.com/zquestz/omniauth-google-oauth2.git - revision: a40a748be080cd3a83808ef98afcbf590d7ffbba + revision: 814732cb0761f2b4a26375049ccd42da5655eccb specs: - omniauth-google-oauth2 (0.2.5) - omniauth (> 1.0) - omniauth-oauth2 (~> 1.1) + omniauth-google-oauth2 (0.2.6) + jwt (~> 1.0) + multi_json (~> 1.3) + omniauth (>= 1.1.1) + omniauth-oauth2 (>= 1.1.1) PATH remote: . @@ -38,50 +40,56 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.1.6) - actionpack (= 4.1.6) - actionview (= 4.1.6) + actionmailer (4.2.1) + actionpack (= 4.2.1) + actionview (= 4.2.1) + activejob (= 4.2.1) mail (~> 2.5, >= 2.5.4) - actionpack (4.1.6) - actionview (= 4.1.6) - activesupport (= 4.1.6) - rack (~> 1.5.2) + rails-dom-testing (~> 1.0, >= 1.0.5) + actionpack (4.2.1) + actionview (= 4.2.1) + activesupport (= 4.2.1) + rack (~> 1.6) rack-test (~> 0.6.2) - actionview (4.1.6) - activesupport (= 4.1.6) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.1) + actionview (4.2.1) + activesupport (= 4.2.1) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.6) - activesupport (= 4.1.6) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.1) + activejob (4.2.1) + activesupport (= 4.2.1) + globalid (>= 0.3.0) + activemodel (4.2.1) + activesupport (= 4.2.1) builder (~> 3.1) - activerecord (4.1.6) - activemodel (= 4.1.6) - activesupport (= 4.1.6) - arel (~> 5.0.0) - activesupport (4.1.6) - i18n (~> 0.6, >= 0.6.9) + activerecord (4.2.1) + activemodel (= 4.2.1) + activesupport (= 4.2.1) + arel (~> 6.0) + activesupport (4.2.1) + i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) - thread_safe (~> 0.1) + thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - ansi (1.4.3) - arel (5.0.1.20140414130214) - attr_encrypted (1.3.2) + ansi (1.5.0) + arel (6.0.0) + attr_encrypted (1.3.4) encryptor (>= 1.3.0) - bcrypt (3.1.9) + bcrypt (3.1.10) builder (3.2.2) - byebug (3.4.0) - columnize (~> 0.8) - debugger-linecache (~> 1.2) - slop (~> 3.6) - celluloid (0.15.2) - timers (~> 1.1.0) - codeclimate-test-reporter (0.4.0) + byebug (5.0.0) + columnize (= 0.9.0) + celluloid (0.16.0) + timers (~> 4.0.0) + codeclimate-test-reporter (0.4.7) simplecov (>= 0.7.1, < 1.0.0) coderay (1.1.0) - columnize (0.8.9) - debugger-linecache (1.2.0) - devise (3.4.1) + columnize (0.9.0) + devise (3.5.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -93,49 +101,64 @@ GEM erubis (2.7.0) faker (1.4.3) i18n (~> 0.5) - faraday (0.9.0) + faraday (0.9.1) multipart-post (>= 1.2, < 3) - ffi (1.9.3) + ffi (1.9.8) formatador (0.2.5) fuzz_ball (0.9.1) - guard (2.6.1) + globalid (0.3.5) + activesupport (>= 4.1.0) + guard (2.12.6) formatador (>= 0.2.4) listen (~> 2.7) lumberjack (~> 1.0) + nenv (~> 0.1) + notiffany (~> 0.0) pry (>= 0.9.12) + shellany (~> 0.0) thor (>= 0.18.1) - guard-minitest (2.3.1) - guard (~> 2.0) + guard-compat (1.2.1) + guard-minitest (2.4.4) + guard-compat (~> 1.2) minitest (>= 3.0) - hashie (3.2.0) - hike (1.2.3) + hashie (3.4.2) + hitimes (1.2.2) i18n (0.7.0) json (1.8.3) - jwt (1.0.0) - listen (2.7.9) - celluloid (>= 0.15.2) + jwt (1.5.0) + listen (2.10.0) + celluloid (~> 0.16.0) rb-fsevent (>= 0.9.3) rb-inotify (>= 0.9) + loofah (2.0.2) + nokogiri (>= 1.5.9) lumberjack (1.0.9) - mail (2.6.1) + mail (2.6.3) mime-types (>= 1.16, < 3) method_source (0.8.2) - mime-types (2.4.3) + mime-types (2.6.1) + mini_portile (0.6.2) minitest (5.7.0) - minitest-focus (1.1.0) + minitest-focus (1.1.1) minitest (>= 4, < 6) minitest-rails (2.2.0) minitest (~> 5.7) railties (~> 4.1) - minitest-reporters (1.0.5) + minitest-reporters (1.0.17) ansi builder minitest (>= 5.0) ruby-progressbar - multi_json (1.10.1) + multi_json (1.11.1) multi_xml (0.5.5) multipart-post (2.0.0) - mysql2 (0.3.16) + mysql2 (0.3.18) + nenv (0.2.0) + nokogiri (1.6.6.2) + mini_portile (~> 0.6.0) + notiffany (0.0.6) + nenv (~> 0.1) + shellany (~> 0.0) oauth2 (1.0.0) faraday (>= 0.8, < 0.10) jwt (~> 1.0) @@ -145,63 +168,68 @@ GEM omniauth (1.2.2) hashie (>= 1.2, < 4) rack (~> 1.0) - omniauth-oauth2 (1.2.0) - faraday (>= 0.8, < 0.10) - multi_json (~> 1.3) + omniauth-oauth2 (1.3.0) oauth2 (~> 1.0) omniauth (~> 1.2) orm_adapter (0.5.0) - pg (0.17.1) + pg (0.18.2) pry (0.10.1) coderay (~> 1.1.0) method_source (~> 0.8.1) slop (~> 3.4) - rack (1.5.3) - rack-cors (0.2.9) + rack (1.6.1) + rack-cors (0.4.0) rack-test (0.6.3) rack (>= 1.0) - rails (4.1.6) - actionmailer (= 4.1.6) - actionpack (= 4.1.6) - actionview (= 4.1.6) - activemodel (= 4.1.6) - activerecord (= 4.1.6) - activesupport (= 4.1.6) + rails (4.2.1) + actionmailer (= 4.2.1) + actionpack (= 4.2.1) + actionview (= 4.2.1) + activejob (= 4.2.1) + activemodel (= 4.2.1) + activerecord (= 4.2.1) + activesupport (= 4.2.1) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.6) - sprockets-rails (~> 2.0) - railties (4.1.6) - actionpack (= 4.1.6) - activesupport (= 4.1.6) + railties (= 4.2.1) + sprockets-rails + rails-deprecated_sanitizer (1.0.3) + activesupport (>= 4.2.0.alpha) + rails-dom-testing (1.0.6) + activesupport (>= 4.2.0.beta, < 5.0) + nokogiri (~> 1.6.0) + rails-deprecated_sanitizer (>= 1.0.1) + rails-html-sanitizer (1.0.2) + loofah (~> 2.0) + railties (4.2.1) + actionpack (= 4.2.1) + activesupport (= 4.2.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.4.2) - rb-fsevent (0.9.4) + rb-fsevent (0.9.5) rb-inotify (0.9.5) ffi (>= 0.5.0) - responders (1.1.1) - railties (>= 3.2, < 4.2) - ruby-progressbar (1.5.1) - simplecov (0.9.0) + responders (2.1.0) + railties (>= 4.2.0, < 5) + ruby-progressbar (1.7.5) + shellany (0.0.1) + simplecov (0.10.0) docile (~> 1.1.0) - multi_json - simplecov-html (~> 0.8.0) - simplecov-html (0.8.0) + json (~> 1.8) + simplecov-html (~> 0.10.0) + simplecov-html (0.10.0) slop (3.6.0) - sprockets (2.12.2) - hike (~> 1.2) - multi_json (~> 1.0) + sprockets (3.2.0) rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.0) + sprockets-rails (2.3.1) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) - sqlite3 (1.3.9) + sqlite3 (1.3.10) thor (0.19.1) thread_safe (0.3.5) - tilt (1.4.1) - timers (1.1.0) + timers (4.0.1) + hitimes tzinfo (1.2.2) thread_safe (~> 0.1) warden (1.2.3) diff --git a/lib/devise_token_auth/models/token_authenticatable.rb b/lib/devise_token_auth/models/token_authenticatable.rb index da4371c96..5669d91db 100644 --- a/lib/devise_token_auth/models/token_authenticatable.rb +++ b/lib/devise_token_auth/models/token_authenticatable.rb @@ -77,14 +77,14 @@ def valid_token?(token, client_id='default') def token_is_current?(token, client_id) return true if ( # ensure that expiry and token are set - self.tokens[client_id]['expiry'] and - self.tokens[client_id]['token'] and + self.tokens[client_id][:expiry] and + self.tokens[client_id][:token] and # ensure that the token was created within the last two weeks - DateTime.strptime(self.tokens[client_id]['expiry'].to_s, '%s') > Time.now and + DateTime.strptime(self.tokens[client_id][:expiry].to_s, '%s') > Time.now and # ensure that the token is valid - BCrypt::Password.new(self.tokens[client_id]['token']) == token + BCrypt::Password.new(self.tokens[client_id][:token]) == token ) end @@ -118,10 +118,10 @@ def create_new_auth_token(client_id=nil) end self.tokens[client_id] = { - token: token_hash, - expiry: expiry, - last_token: last_token, - updated_at: Time.now + 'token': token_hash, + 'expiry': expiry, + 'last_token': last_token, + 'updated_at': Time.now } self.save! diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 62cd75394..d21f49ae6 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -43,7 +43,6 @@ class UserTest < ActiveSupport::TestCase @user = users(:confirmed_email_user) @user.skip_confirmation! @user.save! - @auth_headers = @user.create_new_auth_token @token = @auth_headers['access-token'] From f9087979e569f815522bc74d54f02c96435bd40e Mon Sep 17 00:00:00 2001 From: Hannah Howard Date: Fri, 12 Jun 2015 14:40:00 -0700 Subject: [PATCH 2/4] Couple spec fixes --- .../models/token_authenticatable.rb | 13 ++++++++----- .../overrides/confirmations_controller_test.rb | 1 + test/models/user_test.rb | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/devise_token_auth/models/token_authenticatable.rb b/lib/devise_token_auth/models/token_authenticatable.rb index 5669d91db..8928f6b1a 100644 --- a/lib/devise_token_auth/models/token_authenticatable.rb +++ b/lib/devise_token_auth/models/token_authenticatable.rb @@ -75,16 +75,19 @@ def valid_token?(token, client_id='default') def token_is_current?(token, client_id) + # ghetto HashWithIndifferentAccess + expiry = self.tokens[client_id]['expiry'] || self.tokens[client_id][:expiry] + token_hash = self.tokens[client_id]['token'] || self.tokens[client_id][:token] + return true if ( # ensure that expiry and token are set - self.tokens[client_id][:expiry] and - self.tokens[client_id][:token] and + expiry and token and - # ensure that the token was created within the last two weeks - DateTime.strptime(self.tokens[client_id][:expiry].to_s, '%s') > Time.now and + # ensure that the token has not yet expired + DateTime.strptime(expiry.to_s, '%s') > Time.now and # ensure that the token is valid - BCrypt::Password.new(self.tokens[client_id][:token]) == token + BCrypt::Password.new(token_hash) == token ) end diff --git a/test/controllers/overrides/confirmations_controller_test.rb b/test/controllers/overrides/confirmations_controller_test.rb index 6f29be6f7..6a904a1cb 100644 --- a/test/controllers/overrides/confirmations_controller_test.rb +++ b/test/controllers/overrides/confirmations_controller_test.rb @@ -18,6 +18,7 @@ class Overrides::ConfirmationsControllerTest < ActionDispatch::IntegrationTest }) @mail = ActionMailer::Base.deliveries.last + debugger @confirmation_path = @mail.body.match(/localhost([^\"]*)\"/)[1] # visit confirmation link diff --git a/test/models/user_test.rb b/test/models/user_test.rb index d21f49ae6..d3604bb91 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -69,7 +69,7 @@ class UserTest < ActiveSupport::TestCase end test 'expired token was removed' do - refute @user.tokens[@old_auth_headers['client']] + refute @user.tokens[@old_auth_headers[:client]] end test 'current token was not removed' do From 7930d66276250b1fde4714434239056d3142a7be Mon Sep 17 00:00:00 2001 From: Hannah Howard Date: Fri, 12 Jun 2015 15:12:54 -0700 Subject: [PATCH 3/4] Fix mailer --- app/views/devise/mailer/confirmation_instructions.html.erb | 2 +- test/controllers/overrides/confirmations_controller_test.rb | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb index 13c70d036..c233a2165 100644 --- a/app/views/devise/mailer/confirmation_instructions.html.erb +++ b/app/views/devise/mailer/confirmation_instructions.html.erb @@ -2,4 +2,4 @@

You can confirm your account email through the link below:

-

<%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']) %>

+

<%= link_to 'Confirm my account', confirmation_url(@resource, {confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']}).html_safe %>

diff --git a/test/controllers/overrides/confirmations_controller_test.rb b/test/controllers/overrides/confirmations_controller_test.rb index 6a904a1cb..6f29be6f7 100644 --- a/test/controllers/overrides/confirmations_controller_test.rb +++ b/test/controllers/overrides/confirmations_controller_test.rb @@ -18,7 +18,6 @@ class Overrides::ConfirmationsControllerTest < ActionDispatch::IntegrationTest }) @mail = ActionMailer::Base.deliveries.last - debugger @confirmation_path = @mail.body.match(/localhost([^\"]*)\"/)[1] # visit confirmation link From a6155bf05265a7b199d989470a989d62ea37d9cf Mon Sep 17 00:00:00 2001 From: Hannah Howard Date: Fri, 12 Jun 2015 15:15:23 -0700 Subject: [PATCH 4/4] minor fixes --- devise_token_auth.gemspec | 4 ++-- lib/devise_token_auth/models/token_authenticatable.rb | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/devise_token_auth.gemspec b/devise_token_auth.gemspec index 5c288c69a..99088c684 100644 --- a/devise_token_auth.gemspec +++ b/devise_token_auth.gemspec @@ -17,8 +17,8 @@ Gem::Specification.new do |s| s.files = Dir["{app,config,db,lib}/**/*", "LICENSE", "Rakefile", "README.md"] s.test_files = Dir["test/**/*"] - s.add_dependency "rails", "~> 4.1" - s.add_dependency "devise", "~> 3.2" + s.add_dependency "rails", "~> 4.2" + s.add_dependency "devise", "~> 3.3" s.add_development_dependency "sqlite3", "~> 1.3" s.add_development_dependency 'pg' diff --git a/lib/devise_token_auth/models/token_authenticatable.rb b/lib/devise_token_auth/models/token_authenticatable.rb index 8928f6b1a..a6e24c76b 100644 --- a/lib/devise_token_auth/models/token_authenticatable.rb +++ b/lib/devise_token_auth/models/token_authenticatable.rb @@ -121,10 +121,10 @@ def create_new_auth_token(client_id=nil) end self.tokens[client_id] = { - 'token': token_hash, - 'expiry': expiry, - 'last_token': last_token, - 'updated_at': Time.now + token: token_hash, + expiry: expiry, + last_token: last_token, + updated_at: Time.now } self.save!