Merge pull request #1 from lynndylanhurley/master

updating to latest master

.travis.yml

@@ -3,7 +3,9 @@ cache: bundler
 sudo: false
 
 rvm:
+  - 2.2.8
   - 2.3.1
+  - 2.4.2
 
 env:
   global:

Gemfile.lock

@@ -33,7 +33,7 @@ GIT
 PATH
   remote: .
   specs:
-    devise_token_auth (0.1.42)
+    devise_token_auth (0.1.43.beta1)
       devise (> 3.5.2, < 4.4)
       rails (< 6)
 

app/controllers/devise_token_auth/application_controller.rb

@@ -5,7 +5,7 @@ class ApplicationController < DeviseController
 
     def resource_data(opts={})
       response_data = opts[:resource_json] || @resource.as_json
-      if is_json_api
+      if json_api?
         response_data['type'] = @resource.class.name.parameterize
       end
       response_data
@@ -48,13 +48,29 @@ def resource_class(m=nil)
       mapping.to
     end
 
-    def is_json_api
+    def json_api?
       return false unless defined?(ActiveModel::Serializer)
       return ActiveModel::Serializer.setup do |config|
         config.adapter == :json_api
       end if ActiveModel::Serializer.respond_to?(:setup)
       return ActiveModelSerializers.config.adapter == :json_api
     end
 
+    def recoverable_enabled?
+      resource_class.devise_modules.include?(:recoverable)
+    end
+
+    def confirmable_enabled?
+      resource_class.devise_modules.include?(:confirmable)
+    end
+
+    def render_error(status, message, data = nil)
+      response = {
+        success: false,
+        errors: [message]
+      }
+      response = response.merge(data) if data
+      render json: response, status: status
+    end
   end
 end

app/controllers/devise_token_auth/concerns/set_user_by_token.rb

@@ -1,7 +1,6 @@
 module DeviseTokenAuth::Concerns::SetUserByToken
   extend ActiveSupport::Concern
   include DeviseTokenAuth::Concerns::ResourceFinder
-  include DeviseTokenAuth::Controllers::Helpers
 
   included do
     before_action :set_request_start

app/controllers/devise_token_auth/omniauth_callbacks_controller.rb

@@ -31,7 +31,7 @@ def omniauth_success
       set_token_on_resource
       create_auth_params
 
-      if resource_class.devise_modules.include?(:confirmable)
+      if confirmable_enabled?
         # don't send confirmation email!!!
         @resource.skip_confirmation!
       end

app/controllers/devise_token_auth/passwords_controller.rb

@@ -30,9 +30,6 @@ def create
       @email = get_case_insensitive_field_from_resource_params(:email)
       @resource = find_resource(:uid, @email)
 
-      @errors = nil
-      @error_status = 400
-
       if @resource
         yield @resource if block_given?
         @resource.send_reset_password_instructions({
@@ -45,26 +42,19 @@ def create
         if @resource.errors.empty?
           return render_create_success
         else
-          @errors = @resource.errors
+          render_create_error @resource.errors
         end
       else
-        @errors = [I18n.t("devise_token_auth.passwords.user_not_found", email: @email)]
-        @error_status = 404
-      end
-
-      if @errors
-        return render_create_error
+        render_not_found_error
       end
     end
 
     # this is where users arrive after visiting the password reset confirmation link
     def edit
       # if a user is not found, return nil
-      @resource = resource_class.with_reset_password_token(
-        resource_params[:reset_password_token]
-      )
+      @resource = with_reset_password_token(resource_params[:reset_password_token])
 
-      if @resource
+      if @resource && @resource.reset_password_period_valid?
         client_id  = SecureRandom.urlsafe_base64(nil, false)
         token      = SecureRandom.urlsafe_base64(nil, false)
         token_hash = BCrypt::Password.create(token)
@@ -76,10 +66,10 @@ def edit
         }
 
         # ensure that user is confirmed
-        @resource.skip_confirmation! if @resource.devise_modules.include?(:confirmable) && !@resource.confirmed_at
+        @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at
 
         # allow user to change password once without current_password
-        @resource.allow_password_change = true;
+        @resource.allow_password_change = true if recoverable_enabled?
 
         @resource.save!
 
@@ -113,7 +103,7 @@ def update
       end
 
       if @resource.send(resource_update_method, password_resource_params)
-        @resource.allow_password_change = false
+        @resource.allow_password_change = false if recoverable_enabled?
         @resource.save!
 
         yield @resource if block_given?
@@ -126,33 +116,29 @@ def update
     protected
 
     def resource_update_method
-      if DeviseTokenAuth.check_current_password_before_update == false or @resource.allow_password_change == true
+      allow_password_change = recoverable_enabled? && @resource.allow_password_change == true
+      if DeviseTokenAuth.check_current_password_before_update == false || allow_password_change
         "update_attributes"
       else
         "update_with_password"
       end
     end
 
     def render_create_error_missing_email
-      render json: {
-        success: false,
-        errors: [I18n.t("devise_token_auth.passwords.missing_email")]
-      }, status: 401
+      render_error(401, I18n.t("devise_token_auth.passwords.missing_email"))
     end
 
     def render_create_error_missing_redirect_url
-      render json: {
-        success: false,
-        errors: [I18n.t("devise_token_auth.passwords.missing_redirect_url")]
-      }, status: 401
+      render_error(401, I18n.t("devise_token_auth.passwords.missing_redirect_url"))
     end
 
     def render_create_error_not_allowed_redirect_url
-      render json: {
+      response = {
         status: 'error',
-        data:   resource_data,
-        errors: [I18n.t("devise_token_auth.passwords.not_allowed_redirect_url", redirect_url: @redirect_url)]
-      }, status: 422
+        data:   resource_data
+      }
+      message = I18n.t("devise_token_auth.passwords.not_allowed_redirect_url", redirect_url: @redirect_url)
+      render_error(422, message, response)
     end
 
     def render_create_success
@@ -162,36 +148,27 @@ def render_create_success
       }
     end
 
-    def render_create_error
+    def render_create_error(errors)
       render json: {
         success: false,
-        errors: @errors,
-      }, status: @error_status
+        errors: errors,
+      }, status: 400
     end
 
     def render_edit_error
       raise ActionController::RoutingError.new('Not Found')
     end
 
     def render_update_error_unauthorized
-      render json: {
-        success: false,
-        errors: ['Unauthorized']
-      }, status: 401
+      render_error(401, 'Unauthorized')
     end
 
     def render_update_error_password_not_required
-      render json: {
-        success: false,
-        errors: [I18n.t("devise_token_auth.passwords.password_not_required", provider: @resource.provider.humanize)]
-      }, status: 422
+      render_error(422, I18n.t("devise_token_auth.passwords.password_not_required", provider: @resource.provider.humanize))
     end
 
     def render_update_error_missing_password
-      render json: {
-        success: false,
-        errors: [I18n.t("devise_token_auth.passwords.missing_passwords")]
-      }, status: 422
+      render_error(422, I18n.t("devise_token_auth.passwords.missing_passwords"))
     end
 
     def render_update_success
@@ -219,5 +196,16 @@ def password_resource_params
       params.permit(*params_for_resource(:account_update))
     end
 
+
+    def with_reset_password_token token
+      recoverable = resource_class.with_reset_password_token(token)
+
+      recoverable.reset_password_token = token if recoverable && recoverable.reset_password_token.present?
+      recoverable
+    end
+
+    def render_not_found_error
+      render_error(404, I18n.t("devise_token_auth.passwords.user_not_found", email: @email))
+    end
   end
 end

app/controllers/devise_token_auth/registrations_controller.rb

@@ -23,7 +23,7 @@ def create
       @redirect_url ||= DeviseTokenAuth.default_confirm_success_url
 
       # success redirect url is required
-      if resource_class.devise_modules.include?(:confirmable) && !@redirect_url
+      if confirmable_enabled? && !@redirect_url
         return render_create_error_missing_confirm_success_url
       end
 
@@ -112,19 +112,21 @@ def account_update_params
     protected
 
     def render_create_error_missing_confirm_success_url
-      render json: {
+      response = {
         status: 'error',
-        data:   resource_data,
-        errors: [I18n.t("devise_token_auth.registrations.missing_confirm_success_url")]
-      }, status: 422
+        data:   resource_data
+      }
+      message = I18n.t("devise_token_auth.registrations.missing_confirm_success_url")
+      render_error(422, message, response)
     end
 
     def render_create_error_redirect_url_not_allowed
-      render json: {
+      response = {
         status: 'error',
-        data:   resource_data,
-        errors: [I18n.t("devise_token_auth.registrations.redirect_url_not_allowed", redirect_url: @redirect_url)]
-      }, status: 422
+        data:   resource_data
+      }
+      message = I18n.t("devise_token_auth.registrations.redirect_url_not_allowed", redirect_url: @redirect_url)
+      render_error(422, message, response)
     end
 
     def render_create_success
@@ -143,11 +145,12 @@ def render_create_error
     end
 
     def render_create_error_email_already_exists
-      render json: {
+      response = {
         status: 'error',
-        data:   resource_data,
-        errors: [I18n.t("devise_token_auth.registrations.email_already_exists", email: @resource.email)]
-      }, status: 422
+        data:   resource_data
+      }
+      message = I18n.t("devise_token_auth.registrations.email_already_exists", email: @resource.email)
+      render_error(422, message, response)
     end
 
     def render_update_success
@@ -165,10 +168,7 @@ def render_update_error
     end
 
     def render_update_error_user_not_found
-      render json: {
-        status: 'error',
-        errors: [I18n.t("devise_token_auth.registrations.user_not_found")]
-      }, status: 404
+      render_error(404, I18n.t("devise_token_auth.registrations.user_not_found"), { status: 'error' })
     end
 
     def render_destroy_success
@@ -179,10 +179,7 @@ def render_destroy_success
     end
 
     def render_destroy_error
-      render json: {
-        status: 'error',
-        errors: [I18n.t("devise_token_auth.registrations.account_to_destroy_not_found")]
-      }, status: 404
+      render_error(404, I18n.t("devise_token_auth.registrations.account_to_destroy_not_found"), { status: 'error' })
     end
 
     private
@@ -208,10 +205,7 @@ def validate_account_update_params
     end
 
     def validate_post_data which, message
-      render json: {
-         status: 'error',
-         errors: [message]
-      }, status: :unprocessable_entity if which.empty?
+      render_error(:unprocessable_entity, message, { status: 'error' }) if which.empty?
     end
   end
 end

app/controllers/devise_token_auth/sessions_controller.rb

@@ -96,9 +96,7 @@ def get_auth_params
     end
 
     def render_new_error
-      render json: {
-        errors: [ I18n.t("devise_token_auth.sessions.not_supported")]
-      }, status: 405
+      render_error(405, I18n.t("devise_token_auth.sessions.not_supported"))
     end
 
     def render_create_success
@@ -108,16 +106,11 @@ def render_create_success
     end
 
     def render_create_error_not_confirmed
-      render json: {
-        success: false,
-        errors: [ I18n.t("devise_token_auth.sessions.not_confirmed", email: @resource.email) ]
-      }, status: 401
+      render_error(401, I18n.t("devise_token_auth.sessions.not_confirmed", email: @resource.email))
     end
 
     def render_create_error_bad_credentials
-      render json: {
-        errors: [I18n.t("devise_token_auth.sessions.bad_credentials")]
-      }, status: 401
+      render_error(401, I18n.t("devise_token_auth.sessions.bad_credentials"))
     end
 
     def render_destroy_success
@@ -127,9 +120,7 @@ def render_destroy_success
     end
 
     def render_destroy_error
-      render json: {
-        errors: [I18n.t("devise_token_auth.sessions.user_not_found")]
-      }, status: 404
+      render_error(404, I18n.t("devise_token_auth.sessions.user_not_found"))
     end
 
     private

app/controllers/devise_token_auth/token_validations_controller.rb

@@ -23,10 +23,7 @@ def render_validate_token_success
     end
 
     def render_validate_token_error
-      render json: {
-        success: false,
-        errors: [I18n.t("devise_token_auth.token_validations.invalid")]
-      }, status: 401
+      render_error(401, I18n.t("devise_token_auth.token_validations.invalid"))
     end
   end
 end