Update 4 2

Gemfile.lock

@@ -1,32 +1,34 @@
 GIT
   remote: git://github.com/intridea/omniauth-github.git
-  revision: 21fa5e1a7295a11eae42846690b1eee88e57c23a
+  revision: 45f2fc73d6d06f30863adac0e6aa112bcaaadf67
   specs:
     omniauth-github (1.1.2)
       omniauth (~> 1.0)
-      omniauth-oauth2 (~> 1.1)
+      omniauth-oauth2 (>= 1.1.1, < 2.0)
 
 GIT
   remote: git://github.com/laserlemon/figaro.git
-  revision: 9f54872dfc1a972b4a971211706272f0f38495f4
+  revision: 78669f710494937f473b003e707ed3f081d10be3
   specs:
-    figaro (1.0.0.rc1)
+    figaro (1.1.1)
       thor (~> 0.14)
 
 GIT
   remote: git://github.com/mkdynamic/omniauth-facebook.git
-  revision: ee4fb4dd6f664b3223974c229fda36169309e9ec
+  revision: b127c35135b16b7d5cdc746a718192acfe1da21c
   specs:
-    omniauth-facebook (2.0.0)
+    omniauth-facebook (2.1.0)
       omniauth-oauth2 (~> 1.2)
 
 GIT
   remote: git://github.com/zquestz/omniauth-google-oauth2.git
-  revision: a40a748be080cd3a83808ef98afcbf590d7ffbba
+  revision: 814732cb0761f2b4a26375049ccd42da5655eccb
   specs:
-    omniauth-google-oauth2 (0.2.5)
-      omniauth (> 1.0)
-      omniauth-oauth2 (~> 1.1)
+    omniauth-google-oauth2 (0.2.6)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      omniauth (>= 1.1.1)
+      omniauth-oauth2 (>= 1.1.1)
 
 PATH
   remote: .
@@ -38,50 +40,56 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (4.1.6)
-      actionpack (= 4.1.6)
-      actionview (= 4.1.6)
+    actionmailer (4.2.1)
+      actionpack (= 4.2.1)
+      actionview (= 4.2.1)
+      activejob (= 4.2.1)
       mail (~> 2.5, >= 2.5.4)
-    actionpack (4.1.6)
-      actionview (= 4.1.6)
-      activesupport (= 4.1.6)
-      rack (~> 1.5.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.1)
+      actionview (= 4.2.1)
+      activesupport (= 4.2.1)
+      rack (~> 1.6)
       rack-test (~> 0.6.2)
-    actionview (4.1.6)
-      activesupport (= 4.1.6)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+    actionview (4.2.1)
+      activesupport (= 4.2.1)
       builder (~> 3.1)
       erubis (~> 2.7.0)
-    activemodel (4.1.6)
-      activesupport (= 4.1.6)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+    activejob (4.2.1)
+      activesupport (= 4.2.1)
+      globalid (>= 0.3.0)
+    activemodel (4.2.1)
+      activesupport (= 4.2.1)
       builder (~> 3.1)
-    activerecord (4.1.6)
-      activemodel (= 4.1.6)
-      activesupport (= 4.1.6)
-      arel (~> 5.0.0)
-    activesupport (4.1.6)
-      i18n (~> 0.6, >= 0.6.9)
+    activerecord (4.2.1)
+      activemodel (= 4.2.1)
+      activesupport (= 4.2.1)
+      arel (~> 6.0)
+    activesupport (4.2.1)
+      i18n (~> 0.7)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
-      thread_safe (~> 0.1)
+      thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
-    ansi (1.4.3)
-    arel (5.0.1.20140414130214)
-    attr_encrypted (1.3.2)
+    ansi (1.5.0)
+    arel (6.0.0)
+    attr_encrypted (1.3.4)
       encryptor (>= 1.3.0)
-    bcrypt (3.1.9)
+    bcrypt (3.1.10)
     builder (3.2.2)
-    byebug (3.4.0)
-      columnize (~> 0.8)
-      debugger-linecache (~> 1.2)
-      slop (~> 3.6)
-    celluloid (0.15.2)
-      timers (~> 1.1.0)
-    codeclimate-test-reporter (0.4.0)
+    byebug (5.0.0)
+      columnize (= 0.9.0)
+    celluloid (0.16.0)
+      timers (~> 4.0.0)
+    codeclimate-test-reporter (0.4.7)
       simplecov (>= 0.7.1, < 1.0.0)
     coderay (1.1.0)
-    columnize (0.8.9)
-    debugger-linecache (1.2.0)
-    devise (3.4.1)
+    columnize (0.9.0)
+    devise (3.5.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
@@ -93,49 +101,64 @@ GEM
     erubis (2.7.0)
     faker (1.4.3)
       i18n (~> 0.5)
-    faraday (0.9.0)
+    faraday (0.9.1)
       multipart-post (>= 1.2, < 3)
-    ffi (1.9.3)
+    ffi (1.9.8)
     formatador (0.2.5)
     fuzz_ball (0.9.1)
-    guard (2.6.1)
+    globalid (0.3.5)
+      activesupport (>= 4.1.0)
+    guard (2.12.6)
       formatador (>= 0.2.4)
       listen (~> 2.7)
       lumberjack (~> 1.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
       pry (>= 0.9.12)
+      shellany (~> 0.0)
       thor (>= 0.18.1)
-    guard-minitest (2.3.1)
-      guard (~> 2.0)
+    guard-compat (1.2.1)
+    guard-minitest (2.4.4)
+      guard-compat (~> 1.2)
       minitest (>= 3.0)
-    hashie (3.2.0)
-    hike (1.2.3)
+    hashie (3.4.2)
+    hitimes (1.2.2)
     i18n (0.7.0)
     json (1.8.3)
-    jwt (1.0.0)
-    listen (2.7.9)
-      celluloid (>= 0.15.2)
+    jwt (1.5.0)
+    listen (2.10.0)
+      celluloid (~> 0.16.0)
       rb-fsevent (>= 0.9.3)
       rb-inotify (>= 0.9)
+    loofah (2.0.2)
+      nokogiri (>= 1.5.9)
     lumberjack (1.0.9)
-    mail (2.6.1)
+    mail (2.6.3)
       mime-types (>= 1.16, < 3)
     method_source (0.8.2)
-    mime-types (2.4.3)
+    mime-types (2.6.1)
+    mini_portile (0.6.2)
     minitest (5.7.0)
-    minitest-focus (1.1.0)
+    minitest-focus (1.1.1)
       minitest (>= 4, < 6)
     minitest-rails (2.2.0)
       minitest (~> 5.7)
       railties (~> 4.1)
-    minitest-reporters (1.0.5)
+    minitest-reporters (1.0.17)
       ansi
       builder
       minitest (>= 5.0)
       ruby-progressbar
-    multi_json (1.10.1)
+    multi_json (1.11.1)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
-    mysql2 (0.3.16)
+    mysql2 (0.3.18)
+    nenv (0.2.0)
+    nokogiri (1.6.6.2)
+      mini_portile (~> 0.6.0)
+    notiffany (0.0.6)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
     oauth2 (1.0.0)
       faraday (>= 0.8, < 0.10)
       jwt (~> 1.0)
@@ -145,63 +168,68 @@ GEM
     omniauth (1.2.2)
       hashie (>= 1.2, < 4)
       rack (~> 1.0)
-    omniauth-oauth2 (1.2.0)
-      faraday (>= 0.8, < 0.10)
-      multi_json (~> 1.3)
+    omniauth-oauth2 (1.3.0)
       oauth2 (~> 1.0)
       omniauth (~> 1.2)
     orm_adapter (0.5.0)
-    pg (0.17.1)
+    pg (0.18.2)
     pry (0.10.1)
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
       slop (~> 3.4)
-    rack (1.5.3)
-    rack-cors (0.2.9)
+    rack (1.6.1)
+    rack-cors (0.4.0)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.1.6)
-      actionmailer (= 4.1.6)
-      actionpack (= 4.1.6)
-      actionview (= 4.1.6)
-      activemodel (= 4.1.6)
-      activerecord (= 4.1.6)
-      activesupport (= 4.1.6)
+    rails (4.2.1)
+      actionmailer (= 4.2.1)
+      actionpack (= 4.2.1)
+      actionview (= 4.2.1)
+      activejob (= 4.2.1)
+      activemodel (= 4.2.1)
+      activerecord (= 4.2.1)
+      activesupport (= 4.2.1)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.1.6)
-      sprockets-rails (~> 2.0)
-    railties (4.1.6)
-      actionpack (= 4.1.6)
-      activesupport (= 4.1.6)
+      railties (= 4.2.1)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.6)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.2)
+      loofah (~> 2.0)
+    railties (4.2.1)
+      actionpack (= 4.2.1)
+      activesupport (= 4.2.1)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rake (10.4.2)
-    rb-fsevent (0.9.4)
+    rb-fsevent (0.9.5)
     rb-inotify (0.9.5)
       ffi (>= 0.5.0)
-    responders (1.1.1)
-      railties (>= 3.2, < 4.2)
-    ruby-progressbar (1.5.1)
-    simplecov (0.9.0)
+    responders (2.1.0)
+      railties (>= 4.2.0, < 5)
+    ruby-progressbar (1.7.5)
+    shellany (0.0.1)
+    simplecov (0.10.0)
       docile (~> 1.1.0)
-      multi_json
-      simplecov-html (~> 0.8.0)
-    simplecov-html (0.8.0)
+      json (~> 1.8)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.0)
     slop (3.6.0)
-    sprockets (2.12.2)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
+    sprockets (3.2.0)
       rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.2.0)
+    sprockets-rails (2.3.1)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (>= 2.8, < 4.0)
-    sqlite3 (1.3.9)
+    sqlite3 (1.3.10)
     thor (0.19.1)
     thread_safe (0.3.5)
-    tilt (1.4.1)
-    timers (1.1.0)
+    timers (4.0.1)
+      hitimes
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
     warden (1.2.3)

app/views/devise/mailer/confirmation_instructions.html.erb

@@ -2,4 +2,4 @@
 
 <p>You can confirm your account email through the link below:</p>
 
-<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']) %></p>
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, {confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']}).html_safe %></p>

devise_token_auth.gemspec

@@ -17,8 +17,8 @@ Gem::Specification.new do |s|
   s.files      = Dir["{app,config,db,lib}/**/*", "LICENSE", "Rakefile", "README.md"]
   s.test_files = Dir["test/**/*"]
 
-  s.add_dependency "rails", "~> 4.1"
-  s.add_dependency "devise", "~> 3.2"
+  s.add_dependency "rails", "~> 4.2"
+  s.add_dependency "devise", "~> 3.3"
 
   s.add_development_dependency "sqlite3", "~> 1.3"
   s.add_development_dependency 'pg'

lib/devise_token_auth/models/token_authenticatable.rb

@@ -75,16 +75,19 @@ def valid_token?(token, client_id='default')
 
 
       def token_is_current?(token, client_id)
+        # ghetto HashWithIndifferentAccess
+        expiry     = self.tokens[client_id]['expiry'] || self.tokens[client_id][:expiry]
+        token_hash = self.tokens[client_id]['token'] || self.tokens[client_id][:token]
+
         return true if (
           # ensure that expiry and token are set
-          self.tokens[client_id]['expiry'] and
-          self.tokens[client_id]['token'] and
+          expiry and token and
 
-          # ensure that the token was created within the last two weeks
-          DateTime.strptime(self.tokens[client_id]['expiry'].to_s, '%s') > Time.now and
+          # ensure that the token has not yet expired
+          DateTime.strptime(expiry.to_s, '%s') > Time.now and
 
           # ensure that the token is valid
-          BCrypt::Password.new(self.tokens[client_id]['token']) == token
+          BCrypt::Password.new(token_hash) == token
         )
       end
 

test/models/user_test.rb

@@ -43,7 +43,6 @@ class UserTest < ActiveSupport::TestCase
         @user = users(:confirmed_email_user)
         @user.skip_confirmation!
         @user.save!
-
         @auth_headers = @user.create_new_auth_token
 
         @token     = @auth_headers['access-token']
@@ -70,7 +69,7 @@ class UserTest < ActiveSupport::TestCase
       end
 
       test 'expired token was removed' do
-        refute @user.tokens[@old_auth_headers['client']]
+        refute @user.tokens[@old_auth_headers[:client]]
       end
 
       test 'current token was not removed' do