From 63cc1be039925615b6d1adb4d41bddf613b03e30 Mon Sep 17 00:00:00 2001 From: muratiger Date: Sun, 2 May 2021 09:59:39 +0900 Subject: [PATCH 01/65] Add new param FAQ (#1481) --- docs/faq.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/docs/faq.md b/docs/faq.md index a197ece31..01cc233bc 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -153,3 +153,26 @@ You may be interested in [solidus_devise_token_auth](https://github.com/skycocke end ``` + +### I want to add a new param for sign up and account update + +[Override the controller](https://devise-token-auth.gitbook.io/devise-token-auth/usage/overrides#custom-controller-overrides) and describe the new parameters you want to add in the configure_permitted_parameters method. + +When creating an account, add params under `sign_up`. + +When updating your account, add params under `account_update`. + +For example: + +```ruby +class RegistrationsController < DeviseTokenAuth::RegistrationsController + before_action :configure_permitted_parameters + + protected + + def configure_permitted_parameters + devise_parameter_sanitizer.permit(:sign_up, keys: %i(name)) + devise_parameter_sanitizer.permit(:account_update, keys: %i(name)]) + end +end +``` From 7d21928324aa5275039f13fa15fc20a759c6838a Mon Sep 17 00:00:00 2001 From: yin Date: Wed, 12 May 2021 22:17:23 +0900 Subject: [PATCH 02/65] fix mongoid detecting bug (#1478) * fix mongoid detecting bug * fix bug on rails 6 On rails 6, if change password, in `before_save` callback - `saved_change_to_attribute?(:encrypted_password)` return false - `encrypted_password_changed?` return true --- app/models/devise_token_auth/concerns/user.rb | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb index 1a87524b3..17485f2a9 100644 --- a/app/models/devise_token_auth/concerns/user.rb +++ b/app/models/devise_token_auth/concerns/user.rb @@ -218,13 +218,8 @@ def destroy_expired_tokens end def should_remove_tokens_after_password_reset? - if Rails::VERSION::MAJOR <= 5 ||defined?('Mongoid') - encrypted_password_changed? && + encrypted_password_changed? && DeviseTokenAuth.remove_tokens_after_password_reset - else - saved_change_to_attribute?(:encrypted_password) && - DeviseTokenAuth.remove_tokens_after_password_reset - end end def remove_tokens_after_password_reset From b1ceb54f33841eafffc31f1e47de378296fa990b Mon Sep 17 00:00:00 2001 From: yin Date: Mon, 24 May 2021 22:24:10 +0900 Subject: [PATCH 03/65] check password changed only when using password authentication (#1486) --- app/models/devise_token_auth/concerns/user.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb index 17485f2a9..5012545c2 100644 --- a/app/models/devise_token_auth/concerns/user.rb +++ b/app/models/devise_token_auth/concerns/user.rb @@ -218,8 +218,8 @@ def destroy_expired_tokens end def should_remove_tokens_after_password_reset? - encrypted_password_changed? && - DeviseTokenAuth.remove_tokens_after_password_reset + DeviseTokenAuth.remove_tokens_after_password_reset && + (respond_to?(:encrypted_password_changed?) && encrypted_password_changed?) end def remove_tokens_after_password_reset From ea2b04f2d9395eb45d669429194b4a5cb72441ef Mon Sep 17 00:00:00 2001 From: muratiger Date: Tue, 15 Jun 2021 21:48:05 +0900 Subject: [PATCH 04/65] Fix unescape and keyword parameters warning (#1490) * Fix URI.unescape warning * Fix Using the last argument as keyword parameters warning --- .../devise_token_auth/omniauth_callbacks_controller_test.rb | 2 +- test/controllers/overrides/confirmations_controller_test.rb | 2 +- test/test_helper.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb b/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb index f3b805b5c..0959d4872 100644 --- a/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +++ b/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb @@ -18,7 +18,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest def get_parsed_data_json encoded_json_data = @response.body.match(/var data \= JSON.parse\(decodeURIComponent\(\'(.+)\'\)\)\;/)[1] - JSON.parse(URI.unescape(encoded_json_data)) + JSON.parse(CGI.unescape(encoded_json_data)) end describe 'success callback' do diff --git a/test/controllers/overrides/confirmations_controller_test.rb b/test/controllers/overrides/confirmations_controller_test.rb index bad501347..8d843c680 100644 --- a/test/controllers/overrides/confirmations_controller_test.rb +++ b/test/controllers/overrides/confirmations_controller_test.rb @@ -38,7 +38,7 @@ class Overrides::ConfirmationsControllerTest < ActionDispatch::IntegrationTest override_proof_str = '(^^,)' # ensure present in redirect URL - override_proof_param = URI.unescape(response.headers['Location'] + override_proof_param = CGI.unescape(response.headers['Location'] .match(/override_proof=([^&]*)&/)[1]) assert_equal override_proof_str, override_proof_param diff --git a/test/test_helper.rb b/test/test_helper.rb index d76cb8181..ef019e2fa 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -116,7 +116,7 @@ module Integration %w[get post patch put head delete get_via_redirect post_via_redirect].each do |method| define_method(method) do |path_or_action, **args| if Rails::VERSION::MAJOR >= 5 - super path_or_action, args + super path_or_action, **args else super path_or_action, args[:params], args[:headers] end From 4c5245b88b39c1bb305e0cbdbfc2513eebdeda93 Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Mon, 19 Jul 2021 19:50:58 -0300 Subject: [PATCH 05/65] Bump version to 1.2.0 (#1492) --- lib/devise_token_auth/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise_token_auth/version.rb b/lib/devise_token_auth/version.rb index cfe7158d8..5f1c2295d 100644 --- a/lib/devise_token_auth/version.rb +++ b/lib/devise_token_auth/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module DeviseTokenAuth - VERSION = '1.1.4'.freeze + VERSION = '1.2.0'.freeze end From 8b94e43394bcd93080e19266d350fde084024ccc Mon Sep 17 00:00:00 2001 From: Mario Celi Date: Wed, 11 Aug 2021 07:44:46 -0500 Subject: [PATCH 06/65] Increase required ruby version to 2.3 (#1495) Usage of the safe operator was introduced in ruby 2.3 and new code uses that --- devise_token_auth.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devise_token_auth.gemspec b/devise_token_auth.gemspec index f61264f92..1eb8b13ab 100644 --- a/devise_token_auth.gemspec +++ b/devise_token_auth.gemspec @@ -20,7 +20,7 @@ Gem::Specification.new do |s| s.test_files = Dir['test/**/*'] s.test_files.reject! { |file| file.match(/[.log|.sqlite3]$/) } - s.required_ruby_version = ">= 2.2.0" + s.required_ruby_version = ">= 2.3.0" s.add_dependency 'rails', '>= 4.2.0', '< 6.2' s.add_dependency 'devise', '> 3.5.2', '< 5' From 0ff372e2547547e5d51df7d153f33c92de13a09c Mon Sep 17 00:00:00 2001 From: Sajjad Umar Date: Wed, 11 Aug 2021 17:45:06 +0500 Subject: [PATCH 07/65] Update faq.md (#1493) Removed an extra bracket `]` from "configure_permitted_parameters" method. --- docs/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/faq.md b/docs/faq.md index 01cc233bc..0f9b2f657 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -172,7 +172,7 @@ class RegistrationsController < DeviseTokenAuth::RegistrationsController def configure_permitted_parameters devise_parameter_sanitizer.permit(:sign_up, keys: %i(name)) - devise_parameter_sanitizer.permit(:account_update, keys: %i(name)]) + devise_parameter_sanitizer.permit(:account_update, keys: %i(name)) end end ``` From 7806104dc7c956dca2859e95077890b7a3f5fc87 Mon Sep 17 00:00:00 2001 From: muratiger Date: Wed, 11 Aug 2021 21:46:06 +0900 Subject: [PATCH 08/65] Turn email validation process into class method (#1494) --- app/validators/devise_token_auth_email_validator.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/app/validators/devise_token_auth_email_validator.rb b/app/validators/devise_token_auth_email_validator.rb index c5e1db846..4e9509fba 100644 --- a/app/validators/devise_token_auth_email_validator.rb +++ b/app/validators/devise_token_auth_email_validator.rb @@ -1,8 +1,16 @@ # frozen_string_literal: true class DeviseTokenAuthEmailValidator < ActiveModel::EachValidator + EMAIL_REGEXP = /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i + + class << self + def validate?(email) + email =~ EMAIL_REGEXP + end + end + def validate_each(record, attribute, value) - unless value =~ /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i + unless DeviseTokenAuthEmailValidator.validate?(value) record.errors.add(attribute, email_invalid_message) end end From 2fed895eb181c1cbe7a05cfb802a034d2ac8181f Mon Sep 17 00:00:00 2001 From: Thomas HUMMEL Date: Sun, 7 Nov 2021 00:18:53 +0100 Subject: [PATCH 09/65] Fix callback if migrations fails (#1502) --- .../concerns/user_omniauth_callbacks.rb | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb b/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb index b1614ad8f..d45ebc502 100644 --- a/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb +++ b/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb @@ -4,12 +4,12 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks extend ActiveSupport::Concern included do - validates :email, presence: true,if: :email_provider? - validates :email, :devise_token_auth_email => true, allow_nil: true, allow_blank: true, if: :email_provider? - validates_presence_of :uid, unless: :email_provider? + validates :email, presence: true, if: lambda { uid_and_provider_defined? && email_provider? } + validates :email, :devise_token_auth_email => true, allow_nil: true, allow_blank: true, if: lambda { uid_and_provider_defined? && email_provider? } + validates_presence_of :uid, if: lambda { uid_and_provider_defined? && !email_provider? } # only validate unique emails among email registration users - validates :email, uniqueness: { case_sensitive: false, scope: :provider }, on: :create, if: :email_provider? + validates :email, uniqueness: { case_sensitive: false, scope: :provider }, on: :create, if: lambda { uid_and_provider_defined? && email_provider? } # keep uid in sync with email before_save :sync_uid @@ -18,6 +18,10 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks protected + def uid_and_provider_defined? + defined?(provider) && defined?(uid) + end + def email_provider? provider == 'email' end @@ -26,6 +30,6 @@ def sync_uid unless self.new_record? return if devise_modules.include?(:confirmable) && !@bypass_confirmation_postpone && postpone_email_change? end - self.uid = email if email_provider? + self.uid = email if uid_and_provider_defined? && email_provider? end end From 82f25968edda73a98a8cbc33c92af8d335965ea4 Mon Sep 17 00:00:00 2001 From: Son Thach <53422188+hsonthach@users.noreply.github.com> Date: Sun, 7 Nov 2021 06:19:18 +0700 Subject: [PATCH 10/65] Fix the doc missing configure devise mail sender (#1504) * Fix the doc missing configure devise I had to add ```ruby # config/initializers/devise.rb Devise.setup do |config| config.mailer_sender = "example@example.com" end ``` In order to make my app send emails successfully * Fix too much newline --- docs/config/email_auth.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/config/email_auth.md b/docs/config/email_auth.md index 043dc3e0a..6d97aef02 100644 --- a/docs/config/email_auth.md +++ b/docs/config/email_auth.md @@ -12,5 +12,13 @@ Rails.application.configure do config.action_mailer.smtp_settings = { address: 'your-dev-host.dev', port: 1025 } end ~~~ +You also may want to configure `mail_sender` at devise initializer if you don't use your own mailer class +##### devise configuration: +~~~ruby +# config/initializers/devise.rb +Devise.setup do |config| + config.mailer_sender = "example@example.com" +end +~~~ If you wish to send custom e-mails instead of using the default devise templates, you can [do that too](/docs/usage/overrides.md#email-template-overrides). From 6d7780ee0b9750687e7e2871b9a1c6368f2085a9 Mon Sep 17 00:00:00 2001 From: Pascal Betz Date: Sun, 7 Nov 2021 00:21:30 +0100 Subject: [PATCH 11/65] wrap creation and save of token in a transaction (#1498) * wrap creation and save of token in a transaction this will reload the record and lock the row in the DB so we only ever have one request accessing the record at one time. this prevents multiple requests overwriting the tokens. * extract to method and check if #with_lock is available Co-authored-by: Pascal Betz --- .../devise_token_auth/sessions_controller.rb | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise_token_auth/sessions_controller.rb b/app/controllers/devise_token_auth/sessions_controller.rb index 96dc295cd..e86247343 100644 --- a/app/controllers/devise_token_auth/sessions_controller.rb +++ b/app/controllers/devise_token_auth/sessions_controller.rb @@ -26,8 +26,8 @@ def create if (@resource.respond_to?(:valid_for_authentication?) && !@resource.valid_for_authentication? { valid_password }) || !valid_password return render_create_error_bad_credentials end - @token = @resource.create_token - @resource.save + + create_and_assign_token sign_in(:user, @resource, store: false, bypass: false) @@ -133,5 +133,17 @@ def render_destroy_error def resource_params params.permit(*params_for_resource(:sign_in)) end + + def create_and_assign_token + if @resource.respond_to?(:with_lock) + @resource.with_lock do + @token = @resource.create_token + @resource.save! + end + else + @token = @resource.create_token + @resource.save! + end + end end end From 5b1a5e19450f3755ce5ebe2f631b40c876ffc22d Mon Sep 17 00:00:00 2001 From: enomotodev Date: Wed, 29 Dec 2021 10:21:06 +0900 Subject: [PATCH 12/65] Support Rails 7.0 (#1517) --- .travis.yml | 5 +++ devise_token_auth.gemspec | 2 +- gemfiles/rails_7_0.gemfile | 46 ++++++++++++++++++++++++++++ gemfiles/rails_7_0_mongoid_7.gemfile | 45 +++++++++++++++++++++++++++ 4 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 gemfiles/rails_7_0.gemfile create mode 100644 gemfiles/rails_7_0_mongoid_7.gemfile diff --git a/.travis.yml b/.travis.yml index 30db4c1e0..df79fec4e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -51,6 +51,11 @@ matrix: - rvm: 2.7.0 gemfile: gemfiles/rails_6_0_mongoid_7.gemfile env: DEVISE_TOKEN_AUTH_ORM=mongoid + - rvm: 3.0.0 + gemfile: gemfiles/rails_7_0.gemfile + - rvm: 3.0.0 + gemfile: gemfiles/rails_7_0_mongoid_7.gemfile + env: DEVISE_TOKEN_AUTH_ORM=mongoid - name: Code Climate Test Coverage rvm: 2.5.6 env: diff --git a/devise_token_auth.gemspec b/devise_token_auth.gemspec index 1eb8b13ab..84652fccf 100644 --- a/devise_token_auth.gemspec +++ b/devise_token_auth.gemspec @@ -22,7 +22,7 @@ Gem::Specification.new do |s| s.required_ruby_version = ">= 2.3.0" - s.add_dependency 'rails', '>= 4.2.0', '< 6.2' + s.add_dependency 'rails', '>= 4.2.0', '< 7.1' s.add_dependency 'devise', '> 3.5.2', '< 5' s.add_dependency 'bcrypt', '~> 3.0' diff --git a/gemfiles/rails_7_0.gemfile b/gemfiles/rails_7_0.gemfile new file mode 100644 index 000000000..7e38d2b4a --- /dev/null +++ b/gemfiles/rails_7_0.gemfile @@ -0,0 +1,46 @@ +# This file was generated by Appraisal + +source "https://rubygems.org" + +gem "omniauth", "~> 1.9" +gem "rails", "~> 7.0" +gem "sqlite3", "~> 1.4.1" +gem "mysql2" +gem "pg" + +group :development, :test do + gem "attr_encrypted" + gem "figaro" + gem "omniauth-facebook" + gem "omniauth-github" + gem "omniauth-google-oauth2" + gem 'omniauth-apple' + gem "rack-cors", require: "rack/cors" + gem "thor" + gem "database_cleaner" + gem "factory_bot_rails" + gem "faker" + gem "fuzz_ball" + gem "guard" + gem "guard-minitest" + gem "minitest" + gem "minitest-focus" + gem "minitest-rails" + gem "minitest-reporters" + gem "mocha", ">= 1.5" + gem "pry", "< 0.13" + gem "pry-byebug" + gem "pry-remote" + gem "rubocop", require: false +end + +group :test do + gem "rails-controller-testing" + gem "simplecov", "~> 0.10", "< 0.18", require: false +end + +group :development do + gem "github_changelog_generator" +end + +gemspec path: "../" diff --git a/gemfiles/rails_7_0_mongoid_7.gemfile b/gemfiles/rails_7_0_mongoid_7.gemfile new file mode 100644 index 000000000..18559563d --- /dev/null +++ b/gemfiles/rails_7_0_mongoid_7.gemfile @@ -0,0 +1,45 @@ +# This file was generated by Appraisal + +source "https://rubygems.org" + +gem "omniauth", "~> 1.9" +gem "rails", "~> 7.0" +gem "mongoid", "~> 7.0" +gem "mongoid-locker", "~> 1.0" + +group :development, :test do + gem "attr_encrypted" + gem "figaro" + gem "omniauth-facebook" + gem "omniauth-github" + gem "omniauth-google-oauth2" + gem "omniauth-apple" + gem "rack-cors" + gem "thor" + gem "database_cleaner-mongoid" + gem "factory_bot_rails" + gem "faker" + gem "fuzz_ball" + gem "guard" + gem "guard-minitest" + gem "minitest" + gem "minitest-focus" + gem "minitest-rails" + gem "minitest-reporters" + gem "mocha", ">= 1.5" + gem "pry" + gem "pry-byebug" + gem "pry-remote" + gem "rubocop", require: false +end + +group :test do + gem "rails-controller-testing" + gem "simplecov", "~> 0.10", "< 0.18", require: false +end + +group :development do + gem "github_changelog_generator" +end + +gemspec path: "../" From 0bc575a49d7d69b4b32f5ce783f7d3e05adadd20 Mon Sep 17 00:00:00 2001 From: enomotodev Date: Fri, 31 Dec 2021 00:42:48 +0900 Subject: [PATCH 13/65] Migrate to GitHub Actions --- .github/workflows/test.yml | 104 +++++++++++++++++++++++++++ gemfiles/rails_7_0.gemfile | 2 +- gemfiles/rails_7_0_mongoid_7.gemfile | 2 +- test/dummy/config/database.yml | 4 +- 4 files changed, 108 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 000000000..25ffdea57 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,104 @@ +name: Test + +on: + push: + pull_request: + +jobs: + test: + strategy: + fail-fast: false + matrix: + ruby: + - 2.4 + - 2.5 + - 2.6 + - 2.7 + gemfile: + - gemfiles/rails_4_2.gemfile + - gemfiles/rails_5_0.gemfile + - gemfiles/rails_5_1.gemfile + - gemfiles/rails_5_2.gemfile + - gemfiles/rails_6_0.gemfile + db: + - sqlite + - mysql + - postgresql + devise-token-auth-orm: + - active_record + include: + - ruby: 2.4 + gemfile: gemfiles/rails_5_1_mongoid_7.gemfile + devise-token-auth-orm: mongoid + - ruby: 2.5 + gemfile: gemfiles/rails_5_2_mongoid_6.gemfile + devise-token-auth-orm: mongoid + - ruby: 2.5 + gemfile: gemfiles/rails_5_2_mongoid_7.gemfile + devise-token-auth-orm: mongoid + - ruby: 2.6 + gemfile: gemfiles/rails_5_2_mongoid_7.gemfile + devise-token-auth-orm: mongoid + - ruby: 2.7 + gemfile: gemfiles/rails_6_0_mongoid_7.gemfile + devise-token-auth-orm: mongoid + # Waiting for mongoid to support Rails 7.0 + # - ruby: '3.0' + # gemfile: gemfiles/rails_7_0.gemfile + # - ruby: '3.0' + # gemfile: gemfiles/rails_7_0_mongoid_7.gemfile + # devise-token-auth-orm: mongoid + exclude: + - ruby: 2.6 + gemfile: gemfiles/rails_4_2.gemfile + - ruby: 2.7 + gemfile: gemfiles/rails_4_2.gemfile + - ruby: 2.4 + gemfile: gemfiles/rails_6_0.gemfile + + services: + mysql: + image: mysql:8 + env: + MYSQL_ALLOW_EMPTY_PASSWORD: yes + ports: + - 3306:3306 + options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 + postgresql: + image: postgres:14 + env: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + ports: + - 5432:5432 + options: --health-cmd=pg_isready --health-interval=10s --health-timeout=5s --health-retries=3 + + runs-on: ubuntu-latest + env: + BUNDLE_GEMFILE: ${{ matrix.gemfile }} + steps: + - uses: actions/checkout@v2 + - name: Setup Bundler 1.x for Rails 4.x + if: ${{ matrix.gemfile == 'gemfiles/rails_4_2.gemfile' || matrix.gemfile == 'gemfiles/rails_4_2_mongoid_5.gemfile' }} + run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV + - uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + bundler-cache: true + bundler: ${{ env.BUNDLER_VERSION || 'latest' }} + - uses: supercharge/mongodb-github-action@1.3.0 + if: ${{ matrix.devise-token-auth-orm == 'mongoid' }} + - name: Setup Database + run: | + bundle exec rake db:create + bundle exec rake --trace db:migrate + env: + RAILS_ENV: test + DB: ${{ matrix.db }} + DEVISE_TOKEN_AUTH_ORM: ${{ matrix.devise-token-auth-orm }} + if: ${{ matrix.devise-token-auth-orm == 'active_record' }} + - run: bundle exec rake + env: + RAILS_ENV: test + DB: ${{ matrix.db }} + DEVISE_TOKEN_AUTH_ORM: ${{ matrix.devise-token-auth-orm }} diff --git a/gemfiles/rails_7_0.gemfile b/gemfiles/rails_7_0.gemfile index 7e38d2b4a..22dda0d0d 100644 --- a/gemfiles/rails_7_0.gemfile +++ b/gemfiles/rails_7_0.gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" -gem "omniauth", "~> 1.9" +gem "omniauth", "~> 2.0" gem "rails", "~> 7.0" gem "sqlite3", "~> 1.4.1" gem "mysql2" diff --git a/gemfiles/rails_7_0_mongoid_7.gemfile b/gemfiles/rails_7_0_mongoid_7.gemfile index 18559563d..32561e4e7 100644 --- a/gemfiles/rails_7_0_mongoid_7.gemfile +++ b/gemfiles/rails_7_0_mongoid_7.gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" -gem "omniauth", "~> 1.9" +gem "omniauth", "~> 2.0" gem "rails", "~> 7.0" gem "mongoid", "~> 7.0" gem "mongoid-locker", "~> 1.0" diff --git a/test/dummy/config/database.yml b/test/dummy/config/database.yml index 0aeeae860..5f1838979 100644 --- a/test/dummy/config/database.yml +++ b/test/dummy/config/database.yml @@ -11,14 +11,14 @@ mysql: &mysql postgresql: &postgresql adapter: postgresql username: postgres - password: + password: postgres database: "devise_token_auth_<%= Rails.env %>" min_messages: ERROR defaults: &defaults pool: 5 timeout: 5000 - host: localhost + host: 127.0.0.1 <<: *<%= ENV['DB'] || "sqlite" %> development: From 079d569668613f93001ff56d2c24429396d76440 Mon Sep 17 00:00:00 2001 From: Sudhanshu Gautam Date: Tue, 4 Jan 2022 06:28:14 +0530 Subject: [PATCH 14/65] add `previous_token` (#1520) * add previous_token and update tests * update comment in test/controllers/demo_mang_controller_test.rb --- app/models/devise_token_auth/concerns/user.rb | 23 ++++++++-- test/controllers/demo_mang_controller_test.rb | 45 +++++++++++++++---- test/controllers/demo_user_controller_test.rb | 45 +++++++++++++++---- test/dummy/db/schema.rb | 10 ++--- test/models/user_test.rb | 22 +++++++++ 5 files changed, 120 insertions(+), 25 deletions(-) diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb index 5012545c2..cfa01ce7d 100644 --- a/app/models/devise_token_auth/concerns/user.rb +++ b/app/models/devise_token_auth/concerns/user.rb @@ -120,6 +120,7 @@ def token_is_current?(token, client) # ghetto HashWithIndifferentAccess expiry = tokens[client]['expiry'] || tokens[client][:expiry] token_hash = tokens[client]['token'] || tokens[client][:token] + previous_token_hash = tokens[client]['previous_token'] || tokens[client][:previous_token] return true if ( # ensure that expiry and token are set @@ -129,11 +130,24 @@ def token_is_current?(token, client) DateTime.strptime(expiry.to_s, '%s') > Time.zone.now && # ensure that the token is valid - DeviseTokenAuth::Concerns::User.tokens_match?(token_hash, token) + ( + # check if the latest token matches + does_token_match?(token_hash, token) || + + # check if the previous token matches + does_token_match?(previous_token_hash, token) + ) ) end - # allow batch requests to use the previous token + # check if the hash of received token matches the stored token + def does_token_match?(token_hash, token) + return false if token_hash.nil? + + DeviseTokenAuth::Concerns::User.tokens_match?(token_hash, token) + end + + # allow batch requests to use the last token def token_can_be_reused?(token, client) # ghetto HashWithIndifferentAccess updated_at = tokens[client]['updated_at'] || tokens[client][:updated_at] @@ -143,7 +157,7 @@ def token_can_be_reused?(token, client) # ensure that the last token and its creation time exist updated_at && last_token_hash && - # ensure that previous token falls within the batch buffer throttle time of the last request + # ensure that last token falls within the batch buffer throttle time of the last request updated_at.to_time > Time.zone.now - DeviseTokenAuth.batch_request_buffer_throttle && # ensure that the token is valid @@ -157,7 +171,8 @@ def create_new_auth_token(client = nil) token = create_token( client: client, - last_token: tokens.fetch(client, {})['token'], + previous_token: tokens.fetch(client, {})['token'], + last_token: tokens.fetch(client, {})['previous_token'], updated_at: now ) diff --git a/test/controllers/demo_mang_controller_test.rb b/test/controllers/demo_mang_controller_test.rb index 887f510a2..476460301 100644 --- a/test/controllers/demo_mang_controller_test.rb +++ b/test/controllers/demo_mang_controller_test.rb @@ -235,7 +235,7 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest @resource.reload age_token(@resource, @client_id) - # use expired auth header + # use previous auth header get '/demo/members_only_mang', params: {}, headers: @auth_headers @@ -244,38 +244,67 @@ class DemoMangControllerTest < ActionDispatch::IntegrationTest @second_user = assigns(:resource) @second_access_token = response.headers['access-token'] @second_response_status = response.status + + @resource.reload + age_token(@resource, @client_id) + + # use expired auth headers + get '/demo/members_only_mang', + params: {}, + headers: @auth_headers + + @third_is_batch_request = assigns(:is_batch_request) + @third_user = assigns(:resource) + @third_access_token = response.headers['access-token'] + @third_response_status = response.status end it 'should allow the first request through' do assert_equal 200, @first_response_status end + it 'should allow the second request through' do + assert_equal 200, @second_response_status + end + it 'should not allow the second request through' do - assert_equal 401, @second_response_status + assert_equal 401, @third_response_status end it 'should not treat first request as batch request' do + refute @first_is_batch_request + end + + it 'should not treat second request as batch request' do refute @second_is_batch_request end + it 'should not treat third request as batch request' do + refute @third_is_batch_request + end + it 'should return auth headers from the first request' do assert @first_access_token end - it 'should not treat second request as batch request' do - refute @second_is_batch_request + it 'should return auth headers from the second request' do + assert @second_access_token end - it 'should not return auth headers from the second request' do - refute @second_access_token + it 'should not return auth headers from the third request' do + refute @third_access_token end it 'should define user during first request' do assert @first_user end - it 'should not define user during second request' do - refute @second_user + it 'should define user during second request' do + assert @second_user + end + + it 'should not define user during third request' do + refute @third_user end end end diff --git a/test/controllers/demo_user_controller_test.rb b/test/controllers/demo_user_controller_test.rb index 9f301ae99..c27e5d809 100644 --- a/test/controllers/demo_user_controller_test.rb +++ b/test/controllers/demo_user_controller_test.rb @@ -265,7 +265,7 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest @resource.reload age_token(@resource, @client_id) - # use expired auth header + # use previous auth header get '/demo/members_only', params: {}, headers: @auth_headers @@ -274,38 +274,67 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest @second_user = assigns(:resource) @second_access_token = response.headers['access-token'] @second_response_status = response.status + + @resource.reload + age_token(@resource, @client_id) + + # use expired auth headers + get '/demo/members_only_mang', + params: {}, + headers: @auth_headers + + @third_is_batch_request = assigns(:is_batch_request) + @third_user = assigns(:resource) + @third_access_token = response.headers['access-token'] + @third_response_status = response.status end it 'should allow the first request through' do assert_equal 200, @first_response_status end + it 'should allow the second request through' do + assert_equal 200, @second_response_status + end + it 'should not allow the second request through' do - assert_equal 401, @second_response_status + assert_equal 401, @third_response_status end it 'should not treat first request as batch request' do + refute @first_is_batch_request + end + + it 'should not treat second request as batch request' do refute @second_is_batch_request end + it 'should not treat third request as batch request' do + refute @third_is_batch_request + end + it 'should return auth headers from the first request' do assert @first_access_token end - it 'should not treat second request as batch request' do - refute @second_is_batch_request + it 'should return auth headers from the second request' do + assert @second_access_token end - it 'should not return auth headers from the second request' do - refute @second_access_token + it 'should not return auth headers from the third request' do + refute @third_access_token end it 'should define user during first request' do assert @first_user end - it 'should not define user during second request' do - refute @second_user + it 'should define user during second request' do + assert @second_user + end + + it 'should not define user during third request' do + refute @third_user end end end diff --git a/test/dummy/db/schema.rb b/test/dummy/db/schema.rb index 90cb66f8f..3b6a651be 100644 --- a/test/dummy/db/schema.rb +++ b/test/dummy/db/schema.rb @@ -2,11 +2,11 @@ # of editing this file, please use the migrations feature of Active Record to # incrementally modify your database, and then regenerate this schema definition. # -# Note that this schema.rb definition is the authoritative source for your -# database schema. If you need to create the application database on another -# system, you should be using db:schema:load, not running all the migrations -# from scratch. The latter is a flawed and unsustainable approach (the more migrations -# you'll amass, the slower it'll run and the greater likelihood for issues). +# This file is the source Rails uses to define your schema when running `bin/rails +# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to +# be faster and is potentially less error prone than running all of your +# migrations from scratch. Old migrations may fail to apply correctly if those +# migrations use external dependencies or application code. # # It's strongly recommended that you check this file into your version control system. diff --git a/test/models/user_test.rb b/test/models/user_test.rb index eb267764d..17746b2a6 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -76,6 +76,28 @@ class UserTest < ActiveSupport::TestCase end end + describe 'previous token' do + before do + @resource = create(:user, :confirmed) + + @auth_headers1 = @resource.create_new_auth_token + end + + test 'should properly indicate whether previous token is current' do + assert @resource.token_is_current?(@auth_headers1['access-token'], @auth_headers1['client']) + # create another token, emulating a new request + @auth_headers2 = @resource.create_new_auth_token + + # should work for previous token + assert @resource.token_is_current?(@auth_headers1['access-token'], @auth_headers1['client']) + # should work for latest token as well + assert @resource.token_is_current?(@auth_headers2['access-token'], @auth_headers2['client']) + + # after using latest token, previous token should not work + assert @resource.token_is_current?(@auth_headers1['access-token'], @auth_headers1['client']) + end + end + describe 'expired tokens are destroyed on save' do before do @resource = create(:user, :confirmed) From 23d6b81b14fe39b5e4ce2b0dde897e4abcd850e8 Mon Sep 17 00:00:00 2001 From: Lynn Dylan Hurley Date: Sat, 22 Jan 2022 08:51:46 -0600 Subject: [PATCH 15/65] [bugfix] omniauth: handle POST action redirects (#1509) --- Gemfile | 2 +- .../devise_token_auth/omniauth_callbacks_controller.rb | 8 ++++---- lib/devise_token_auth/rails/routes.rb | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Gemfile b/Gemfile index 27b6695d0..ef7828026 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ source 'https://rubygems.org' # Bundler will treat runtime dependencies like base dependencies, and # development dependencies will be added by default to the :development group. gemspec -gem 'omniauth', '~> 1.9' +gem 'omniauth', '~> 2.0' # Declare any dependencies that are still in development here instead of in # your gemspec. These might include edge Rails or gems from your path or diff --git a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb index 85add605e..801f0e38c 100644 --- a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +++ b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb @@ -23,7 +23,7 @@ def redirect_callbacks session['dta.omniauth.auth'] = request.env['omniauth.auth'].except('extra') session['dta.omniauth.params'] = request.env['omniauth.params'] - redirect_to redirect_route + redirect_to redirect_route, status: 307 end def get_redirect_route(devise_mapping) @@ -45,7 +45,7 @@ def get_devise_mapping # find the mapping in `omniauth.params`. # # One example use-case here is for IDP-initiated SAML login. In that - # case, there will have been no initial request in which to save + # case, there will have been no initial request in which to save # the devise mapping. If you are in a situation like that, and # your app allows for you to determine somehow what the devise # mapping should be (because, for example, it is always the same), @@ -78,10 +78,10 @@ def omniauth_failure render_data_or_redirect('authFailure', error: @error) end - def validate_auth_origin_url_param + def validate_auth_origin_url_param return render_error_not_allowed_auth_origin_url if auth_origin_url && blacklisted_redirect_url?(auth_origin_url) end - + protected diff --git a/lib/devise_token_auth/rails/routes.rb b/lib/devise_token_auth/rails/routes.rb index aaccf0028..960f8b040 100644 --- a/lib/devise_token_auth/rails/routes.rb +++ b/lib/devise_token_auth/rails/routes.rb @@ -73,7 +73,7 @@ def mount_devise_token_auth_for(resource, opts) # preserve the resource class thru oauth authentication by setting name of # resource as "resource_class" param - match "#{full_path}/:provider", to: redirect{ |params, request| + match "#{full_path}/:provider", to: redirect(status: 307) { |params, request| # get the current querystring qs = CGI::parse(request.env['QUERY_STRING']) @@ -99,7 +99,7 @@ def mount_devise_token_auth_for(resource, opts) # re-construct the path for omniauth "#{::OmniAuth.config.path_prefix}/#{params[:provider]}?#{redirect_params.to_param}" - }, via: [:get] + }, via: [:get, :post] end end end From 798255ee7e3fee5cfa2fdc519fd90e281bd9b6f5 Mon Sep 17 00:00:00 2001 From: Keith Doggett Date: Tue, 15 Mar 2022 20:22:55 -0400 Subject: [PATCH 16/65] Make paranoid option return success status code and message regardless of result (#1524) --- .../confirmations_controller.rb | 2 +- .../devise_token_auth/passwords_controller.rb | 2 +- .../devise_token_auth/unlocks_controller.rb | 2 +- .../confirmations_controller_test.rb | 15 ++++++-- .../passwords_controller_test.rb | 12 +++---- .../unlocks_controller_test.rb | 34 +++++++++++++++---- 6 files changed, 49 insertions(+), 18 deletions(-) diff --git a/app/controllers/devise_token_auth/confirmations_controller.rb b/app/controllers/devise_token_auth/confirmations_controller.rb index 6bb11aecb..0acc02b29 100644 --- a/app/controllers/devise_token_auth/confirmations_controller.rb +++ b/app/controllers/devise_token_auth/confirmations_controller.rb @@ -62,7 +62,7 @@ def render_create_success def render_not_found_error if Devise.paranoid - render_error(404, I18n.t('devise_token_auth.confirmations.sended_paranoid')) + render_create_success else render_error(404, I18n.t('devise_token_auth.confirmations.user_not_found', email: @email)) end diff --git a/app/controllers/devise_token_auth/passwords_controller.rb b/app/controllers/devise_token_auth/passwords_controller.rb index b7e62a345..27c42d421 100644 --- a/app/controllers/devise_token_auth/passwords_controller.rb +++ b/app/controllers/devise_token_auth/passwords_controller.rb @@ -182,7 +182,7 @@ def password_resource_params def render_not_found_error if Devise.paranoid - render_error(404, I18n.t('devise_token_auth.passwords.sended_paranoid')) + render_create_success else render_error(404, I18n.t('devise_token_auth.passwords.user_not_found', email: @email)) end diff --git a/app/controllers/devise_token_auth/unlocks_controller.rb b/app/controllers/devise_token_auth/unlocks_controller.rb index bc71defaf..5105af22d 100644 --- a/app/controllers/devise_token_auth/unlocks_controller.rb +++ b/app/controllers/devise_token_auth/unlocks_controller.rb @@ -80,7 +80,7 @@ def render_show_error def render_not_found_error if Devise.paranoid - render_error(404, I18n.t('devise_token_auth.unlocks.sended_paranoid')) + render_create_success else render_error(404, I18n.t('devise_token_auth.unlocks.user_not_found', email: @email)) end diff --git a/test/controllers/devise_token_auth/confirmations_controller_test.rb b/test/controllers/devise_token_auth/confirmations_controller_test.rb index 3560fb618..f346beb2f 100644 --- a/test/controllers/devise_token_auth/confirmations_controller_test.rb +++ b/test/controllers/devise_token_auth/confirmations_controller_test.rb @@ -171,21 +171,30 @@ def token_and_client_config_from(body) test 'response should contain message' do assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended_paranoid', email: @resource.email) end + + test 'response should return success status' do + assert_equal 200, response.status + end end describe 'on failure' do before do swap Devise, paranoid: true do + @email = 'chester@cheet.ah' post :create, - params: { email: 'chester@cheet.ah', + params: { email: @email, redirect_url: @redirect_url }, xhr: true @data = JSON.parse(response.body) end end - test 'response should contain errors' do - assert_equal @data['errors'], [I18n.t('devise_token_auth.confirmations.sended_paranoid')] + test 'response should not contain errors' do + assert_equal @data['message'], I18n.t('devise_token_auth.confirmations.sended_paranoid', email: @email) + end + + test 'response should return success status' do + assert_equal 200, response.status end end end diff --git a/test/controllers/devise_token_auth/passwords_controller_test.rb b/test/controllers/devise_token_auth/passwords_controller_test.rb index 7fe35c56e..6077725b4 100644 --- a/test/controllers/devise_token_auth/passwords_controller_test.rb +++ b/test/controllers/devise_token_auth/passwords_controller_test.rb @@ -116,14 +116,14 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase end end - test 'unknown user should return 404' do - assert_equal 404, response.status + test 'response should return success status' do + assert_equal 200, response.status end - test 'errors should be returned' do - assert @data['errors'] - assert_equal @data['errors'], - [I18n.t('devise_token_auth.passwords.sended_paranoid')] + test 'response should contain message' do + assert_equal \ + @data['message'], + I18n.t('devise_token_auth.passwords.sended_paranoid') end end end diff --git a/test/controllers/devise_token_auth/unlocks_controller_test.rb b/test/controllers/devise_token_auth/unlocks_controller_test.rb index c239cfe30..b00bc6d75 100644 --- a/test/controllers/devise_token_auth/unlocks_controller_test.rb +++ b/test/controllers/devise_token_auth/unlocks_controller_test.rb @@ -81,17 +81,19 @@ class DeviseTokenAuth::UnlocksControllerTest < ActionController::TestCase end end - test 'unknown user should return 404' do - assert_equal 404, response.status + test 'should always return success' do + assert_equal 200, response.status end - test 'errors should be returned' do - assert @data['errors'] - assert_equal @data['errors'], [I18n.t('devise_token_auth.unlocks.sended_paranoid')] + test 'errors should not be returned' do + assert @data['success'] + assert_equal \ + @data['message'], + I18n.t('devise_token_auth.unlocks.sended_paranoid') end end - describe 'successfully requested unlock' do + describe 'successfully requested unlock without paranoid mode' do before do post :create, params: { email: @resource.email } @@ -103,6 +105,26 @@ class DeviseTokenAuth::UnlocksControllerTest < ActionController::TestCase end end + describe 'successfully requested unlock with paranoid mode' do + before do + swap Devise, paranoid: true do + post :create, params: { email: @resource.email } + @data = JSON.parse(response.body) + end + end + + test 'should always return success' do + assert_equal 200, response.status + end + + test 'errors should not be returned' do + assert @data['success'] + assert_equal \ + @data['message'], + I18n.t('devise_token_auth.unlocks.sended_paranoid') + end + end + describe 'case-sensitive email' do before do post :create, params: { email: @resource.email } From 8f44a8c66fd772b2d33be4ba187c0b1a47caba2a Mon Sep 17 00:00:00 2001 From: "Rafael H.F.S" Date: Fri, 24 Jun 2022 14:48:26 -0300 Subject: [PATCH 17/65] Added 'Authorization' header with bearer token (#1534) * Sets authorization header name * Writes and reads Authorization token * On decoding bearer token, if it is an invalid base64, rescues to empty hash * Added controller tests for Authorization header --- .../concerns/set_user_by_token.rb | 17 ++++++-- app/models/devise_token_auth/concerns/user.rb | 10 ++++- lib/devise_token_auth/engine.rb | 3 +- .../token_validations_controller_test.rb | 42 ++++++++++++++++++- 4 files changed, 65 insertions(+), 7 deletions(-) diff --git a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb index a2221b010..8160e59ed 100644 --- a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +++ b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb @@ -34,6 +34,10 @@ def set_user_by_token(mapping = nil) uid_name = DeviseTokenAuth.headers_names[:'uid'] access_token_name = DeviseTokenAuth.headers_names[:'access-token'] client_name = DeviseTokenAuth.headers_names[:'client'] + authorization_name = DeviseTokenAuth.headers_names[:"authorization"] + + # Read Authorization token and decode it if present + decoded_authorization_token = decode_bearer_token(request.headers[authorization_name]) # gets values from cookie if configured and present parsed_auth_cookie = {} @@ -45,10 +49,10 @@ def set_user_by_token(mapping = nil) end # parse header for values necessary for authentication - uid = request.headers[uid_name] || params[uid_name] || parsed_auth_cookie[uid_name] + uid = request.headers[uid_name] || params[uid_name] || parsed_auth_cookie[uid_name] || decoded_authorization_token[uid_name] @token = DeviseTokenAuth::TokenFactory.new unless @token - @token.token ||= request.headers[access_token_name] || params[access_token_name] || parsed_auth_cookie[access_token_name] - @token.client ||= request.headers[client_name] || params[client_name] || parsed_auth_cookie[client_name] + @token.token ||= request.headers[access_token_name] || params[access_token_name] || parsed_auth_cookie[access_token_name] || decoded_authorization_token[access_token_name] + @token.client ||= request.headers[client_name] || params[client_name] || parsed_auth_cookie[client_name] || decoded_authorization_token[client_name] # client isn't required, set to 'default' if absent @token.client ||= 'default' @@ -128,6 +132,13 @@ def update_auth_header private + def decode_bearer_token(bearer_token) + return {} if bearer_token.blank? + + encoded_token = bearer_token.split.last # Removes the 'Bearer' from the string + JSON.parse(Base64.strict_decode64(encoded_token)) rescue {} + end + def refresh_headers # Lock the user record during any auth_header updates to ensure # we don't have write contention from multiple threads diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb index cfa01ce7d..723ca4ce0 100644 --- a/app/models/devise_token_auth/concerns/user.rb +++ b/app/models/devise_token_auth/concerns/user.rb @@ -183,14 +183,20 @@ def build_auth_header(token, client = 'default') # client may use expiry to prevent validation request if expired # must be cast as string or headers will break expiry = tokens[client]['expiry'] || tokens[client][:expiry] - - { + headers = { DeviseTokenAuth.headers_names[:"access-token"] => token, DeviseTokenAuth.headers_names[:"token-type"] => 'Bearer', DeviseTokenAuth.headers_names[:"client"] => client, DeviseTokenAuth.headers_names[:"expiry"] => expiry.to_s, DeviseTokenAuth.headers_names[:"uid"] => uid } + headers.merge!(build_bearer_token(headers)) + end + + def build_bearer_token(auth) + encoded_token = Base64.strict_encode64(auth.to_json) + bearer_token = "Bearer #{encoded_token}" + {DeviseTokenAuth.headers_names[:"authorization"] => bearer_token} end def update_auth_header(token, client = 'default') diff --git a/lib/devise_token_auth/engine.rb b/lib/devise_token_auth/engine.rb index e6a921aa9..8fdbb02df 100644 --- a/lib/devise_token_auth/engine.rb +++ b/lib/devise_token_auth/engine.rb @@ -45,7 +45,8 @@ class Engine < ::Rails::Engine self.enable_standard_devise_support = false self.remove_tokens_after_password_reset = false self.default_callbacks = true - self.headers_names = { 'access-token': 'access-token', + self.headers_names = { 'authorization': 'Authorization', + 'access-token': 'access-token', 'client': 'client', 'expiry': 'expiry', 'uid': 'uid', diff --git a/test/controllers/devise_token_auth/token_validations_controller_test.rb b/test/controllers/devise_token_auth/token_validations_controller_test.rb index 2346afac5..ad1361fd0 100644 --- a/test/controllers/devise_token_auth/token_validations_controller_test.rb +++ b/test/controllers/devise_token_auth/token_validations_controller_test.rb @@ -18,11 +18,51 @@ class DeviseTokenAuth::TokenValidationsControllerTest < ActionDispatch::Integrat @token = @auth_headers['access-token'] @client_id = @auth_headers['client'] @expiry = @auth_headers['expiry'] - + @authorization_header = @auth_headers.slice('Authorization') # ensure that request is not treated as batch request age_token(@resource, @client_id) end + describe 'using only Authorization header' do + describe 'using valid Authorization header' do + before do + get '/auth/validate_token', params: {}, headers: @authorization_header + end + + test 'token valid' do + assert_equal 200, response.status + end + end + + describe 'using invalid Authorization header' do + describe 'with invalid base64' do + before do + get '/auth/validate_token', params: {}, headers: {'Authorization': 'Bearer invalidtoken=='} + end + + test 'returns access denied' do + assert_equal 401, response.status + end + end + + describe 'with valid base64' do + before do + valid_base64 = Base64.strict_encode64({ + "access-token": 'invalidtoken', + "token-type": 'Bearer', + "client": 'client', + "expiry": '1234567' + }.to_json) + get '/auth/validate_token', params: {}, headers: {'Authorization': "Bearer #{valid_base64}"} + end + + test 'returns access denied' do + assert_equal 401, response.status + end + end + end + end + describe 'vanilla user' do before do get '/auth/validate_token', params: {}, headers: @auth_headers From 1a0483fbd12583810f21eb320abfa8b768724774 Mon Sep 17 00:00:00 2001 From: hatsu Date: Tue, 2 Aug 2022 20:02:06 +0900 Subject: [PATCH 18/65] feat(ja.yml): Translate the unlocks, confirmations message into Japanese (#1544) --- config/locales/ja.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/config/locales/ja.yml b/config/locales/ja.yml index 04447a156..07a98b3de 100644 --- a/config/locales/ja.yml +++ b/config/locales/ja.yml @@ -21,10 +21,22 @@ ja: missing_redirect_url: "リダイレクト URL が与えられていません。" not_allowed_redirect_url: "'%{redirect_url}' へのリダイレクトは許可されていません。" sended: "'%{email}' にパスワードリセットの案内が送信されました。" + sended_paranoid: ""すでにメールアドレスがデータベースに登録されている場合、 数分後にパスワード再発行用のリンクを記載したメールをお送りします。" user_not_found: "メールアドレス '%{email}' のユーザーが見つかりません。" password_not_required: "このアカウントはパスワードを要求していません。'%{provider}' を利用してログインしてください。" missing_passwords: "'Password', 'Password confirmation' パラメータが与えられていません。" successfully_updated: "パスワードの更新に成功しました。" + unlocks: + missing_email: "メールアドレスが与えられていません。" + sended: "%{email}' にアカウントのロックを解除する方法を記載したメールが送信されました。" + sended_paranoid: "アカウントが存在する場合、数分後にロックを解除する方法を記載したメールをお送りします。" + user_not_found: "メールアドレス '%{email}' を持つユーザーが見つかりません。" + confirmations: + sended: "'%{email}' にアカウントの確認方法を記載したメールが送信されました。" + sended_paranoid: "すでにメールアドレスがデータベースに登録されている場合、数分後にメールアドレスの確認方法を記載したメールをお送りします。" + user_not_found: "メールアドレス '%{email}' を持つユーザーが見つかりません。" + missing_email: "メールアドレスが与えられていません。" + errors: messages: validate_sign_up_params: "リクエストボディに適切なアカウント新規登録データを送信してください。" From fe94d426308445605bd1a7009a4f6f5266a97205 Mon Sep 17 00:00:00 2001 From: RaziAhmad123 <109334225+RaziAhmad123@users.noreply.github.com> Date: Fri, 19 Aug 2022 21:32:26 +0500 Subject: [PATCH 19/65] Update ja.yml (#1550) --- config/locales/ja.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/locales/ja.yml b/config/locales/ja.yml index 07a98b3de..8f41c0bdf 100644 --- a/config/locales/ja.yml +++ b/config/locales/ja.yml @@ -21,7 +21,7 @@ ja: missing_redirect_url: "リダイレクト URL が与えられていません。" not_allowed_redirect_url: "'%{redirect_url}' へのリダイレクトは許可されていません。" sended: "'%{email}' にパスワードリセットの案内が送信されました。" - sended_paranoid: ""すでにメールアドレスがデータベースに登録されている場合、 数分後にパスワード再発行用のリンクを記載したメールをお送りします。" + sended_paranoid: "すでにメールアドレスがデータベースに登録されている場合、 数分後にパスワード再発行用のリンクを記載したメールをお送りします。" user_not_found: "メールアドレス '%{email}' のユーザーが見つかりません。" password_not_required: "このアカウントはパスワードを要求していません。'%{provider}' を利用してログインしてください。" missing_passwords: "'Password', 'Password confirmation' パラメータが与えられていません。" From 42c9e8e3e08bf319b445c871ed7853394becc037 Mon Sep 17 00:00:00 2001 From: Matt Langston Date: Sun, 21 Aug 2022 19:24:10 -0500 Subject: [PATCH 20/65] Set cookie token immediately in reset password and OmniAuth success flows (#1542) --- .../devise_token_auth/application_controller.rb | 9 +++++++++ .../devise_token_auth/omniauth_callbacks_controller.rb | 4 ++++ .../devise_token_auth/passwords_controller.rb | 4 ++++ 3 files changed, 17 insertions(+) diff --git a/app/controllers/devise_token_auth/application_controller.rb b/app/controllers/devise_token_auth/application_controller.rb index 0f5bd87ca..d0b2987c6 100644 --- a/app/controllers/devise_token_auth/application_controller.rb +++ b/app/controllers/devise_token_auth/application_controller.rb @@ -83,5 +83,14 @@ def success_message(name, email) I18n.t("devise_token_auth.#{name}.sended", email: email) end end + + # When using a cookie to transport the auth token we can set it immediately in flows such as + # reset password and OmniAuth success, rather than making the client scrape the token from + # query params (to then send in the initial validate_token request). + # TODO: We should be able to stop exposing the token in query params when this method is used + def set_token_in_cookie(resource, token) + auth_header = resource.build_auth_header(token.token, token.client) + cookies[DeviseTokenAuth.cookie_name] = DeviseTokenAuth.cookie_attributes.merge(value: auth_header.to_json) + end end end diff --git a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb index 801f0e38c..960c90afe 100644 --- a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +++ b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb @@ -70,6 +70,10 @@ def omniauth_success yield @resource if block_given? + if DeviseTokenAuth.cookie_enabled + set_token_in_cookie(@resource, @token) + end + render_data_or_redirect('deliverCredentials', @auth_params.as_json, @resource.as_json) end diff --git a/app/controllers/devise_token_auth/passwords_controller.rb b/app/controllers/devise_token_auth/passwords_controller.rb index 27c42d421..3aa44fc04 100644 --- a/app/controllers/devise_token_auth/passwords_controller.rb +++ b/app/controllers/devise_token_auth/passwords_controller.rb @@ -51,6 +51,10 @@ def edit if require_client_password_reset_token? redirect_to DeviseTokenAuth::Url.generate(@redirect_url, reset_password_token: resource_params[:reset_password_token]) else + if DeviseTokenAuth.cookie_enabled + set_token_in_cookie(@resource, token) + end + redirect_header_options = { reset_password: true } redirect_headers = build_redirect_headers(token.token, token.client, From 027022c07c95a39d10b9734f1f2755b77236ffea Mon Sep 17 00:00:00 2001 From: hatsu Date: Mon, 22 Aug 2022 09:26:19 +0900 Subject: [PATCH 21/65] fix(ja.yml): "" -> " in sended_paranoid (#1547) found two double quote From 702eab7e585503a51d32d28819edf7526e7394da Mon Sep 17 00:00:00 2001 From: Florin Diconescu Date: Sat, 10 Sep 2022 23:02:29 +0400 Subject: [PATCH 22/65] Add custom uid reference (#1554) --- .../devise_token_auth/concerns/set_user_by_token.rb | 4 +++- lib/devise_token_auth/engine.rb | 4 +++- .../devise_token_auth/templates/devise_token_auth.rb | 3 +++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb index 8160e59ed..5fc38ccb0 100644 --- a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +++ b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb @@ -32,6 +32,7 @@ def set_user_by_token(mapping = nil) # gets the headers names, which was set in the initialize file uid_name = DeviseTokenAuth.headers_names[:'uid'] + other_uid_name = DeviseTokenAuth.other_uid && DeviseTokenAuth.headers_names[DeviseTokenAuth.other_uid.to_sym] access_token_name = DeviseTokenAuth.headers_names[:'access-token'] client_name = DeviseTokenAuth.headers_names[:'client'] authorization_name = DeviseTokenAuth.headers_names[:"authorization"] @@ -50,6 +51,7 @@ def set_user_by_token(mapping = nil) # parse header for values necessary for authentication uid = request.headers[uid_name] || params[uid_name] || parsed_auth_cookie[uid_name] || decoded_authorization_token[uid_name] + other_uid = other_uid_name && request.headers[other_uid_name] || params[other_uid_name] || parsed_auth_cookie[other_uid_name] @token = DeviseTokenAuth::TokenFactory.new unless @token @token.token ||= request.headers[access_token_name] || params[access_token_name] || parsed_auth_cookie[access_token_name] || decoded_authorization_token[access_token_name] @token.client ||= request.headers[client_name] || params[client_name] || parsed_auth_cookie[client_name] || decoded_authorization_token[client_name] @@ -79,7 +81,7 @@ def set_user_by_token(mapping = nil) end # mitigate timing attacks by finding by uid instead of auth token - user = uid && rc.dta_find_by(uid: uid) + user = (uid && rc.dta_find_by(uid: uid)) || (other_uid && rc.dta_find_by("#{DeviseTokenAuth.other_uid}": other_uid)) scope = rc.to_s.underscore.to_sym if user && user.valid_token?(@token.token, @token.client) diff --git a/lib/devise_token_auth/engine.rb b/lib/devise_token_auth/engine.rb index 8fdbb02df..f7df1a767 100644 --- a/lib/devise_token_auth/engine.rb +++ b/lib/devise_token_auth/engine.rb @@ -30,7 +30,8 @@ class Engine < ::Rails::Engine :cookie_attributes, :bypass_sign_in, :send_confirmation_email, - :require_client_password_reset_token + :require_client_password_reset_token, + :other_uid self.change_headers_on_each_request = true self.max_number_of_devices = 10 @@ -57,6 +58,7 @@ class Engine < ::Rails::Engine self.bypass_sign_in = true self.send_confirmation_email = false self.require_client_password_reset_token = false + self.other_uid = nil def self.setup(&block) yield self diff --git a/lib/generators/devise_token_auth/templates/devise_token_auth.rb b/lib/generators/devise_token_auth/templates/devise_token_auth.rb index 7e3813100..9dc91be9e 100644 --- a/lib/generators/devise_token_auth/templates/devise_token_auth.rb +++ b/lib/generators/devise_token_auth/templates/devise_token_auth.rb @@ -48,6 +48,9 @@ # :'uid' => 'uid', # :'token-type' => 'token-type' } + # Makes it possible to use custom uid column + # config.other_uid = "foo" + # By default, only Bearer Token authentication is implemented out of the box. # If, however, you wish to integrate with legacy Devise authentication, you can # do so by enabling this flag. NOTE: This feature is highly experimental! From ec68e47f2a3e743bd51293369d059508974aed14 Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Sat, 10 Sep 2022 16:35:14 -0300 Subject: [PATCH 23/65] Update changelog (#1555) --- CHANGELOG.md | 195 +++++++++++++++++++++++++++++-- lib/devise_token_auth/version.rb | 2 +- 2 files changed, 185 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9a074e690..f4e311c36 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,187 @@ +# Change Log + +## [Unreleased](https://github.com/lynndylanhurley/devise_token_auth/tree/HEAD) + +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.0...HEAD) + +**Closed issues:** + +- registrations controller. tokens only for authenticated [\#1553](https://github.com/lynndylanhurley/devise_token_auth/issues/1553) +- Rails 7 support [\#1552](https://github.com/lynndylanhurley/devise_token_auth/issues/1552) +- Not working with any version of Rails 6 and 7 [\#1551](https://github.com/lynndylanhurley/devise_token_auth/issues/1551) +- Commit 1a0483fbd12583810f21eb320abfa8b768724774 makes \#\ [\#1538](https://github.com/lynndylanhurley/devise_token_auth/issues/1538) +- Request: [\#1526](https://github.com/lynndylanhurley/devise_token_auth/issues/1526) +- Rails 7 Issue [\#1523](https://github.com/lynndylanhurley/devise_token_auth/issues/1523) +- Bearer Token Usage [\#1522](https://github.com/lynndylanhurley/devise_token_auth/issues/1522) +- Got "ActionDispatch::Request::Session::DisabledSessionError" [\#1521](https://github.com/lynndylanhurley/devise_token_auth/issues/1521) +- Travis CI migration or alternatives [\#1518](https://github.com/lynndylanhurley/devise_token_auth/issues/1518) +- Update dependency to support Rails 7.0.0.rc1 [\#1515](https://github.com/lynndylanhurley/devise_token_auth/issues/1515) +- Devise, devise\_auth\_token and activeadmin with 2 different models - Controller error [\#1512](https://github.com/lynndylanhurley/devise_token_auth/issues/1512) +- Paranoid mode still returning a distinguishable 404 responses [\#1510](https://github.com/lynndylanhurley/devise_token_auth/issues/1510) +- Invalid client with google-oauth2 [\#1499](https://github.com/lynndylanhurley/devise_token_auth/issues/1499) +- Concurrency issue? [\#1497](https://github.com/lynndylanhurley/devise_token_auth/issues/1497) +- Doesn't seem to follow Bearer Token authorization spec...? [\#1487](https://github.com/lynndylanhurley/devise_token_auth/issues/1487) +- Can we have a new version released? [\#1483](https://github.com/lynndylanhurley/devise_token_auth/issues/1483) +- Token invalidation after canceled request by the frontend app [\#1232](https://github.com/lynndylanhurley/devise_token_auth/issues/1232) +- FrozenError \(can't modify frozen Hash\) [\#1151](https://github.com/lynndylanhurley/devise_token_auth/issues/1151) +- Password Reset Links Invalidated After Being Clicked [\#1141](https://github.com/lynndylanhurley/devise_token_auth/issues/1141) +- Authorization Request Header Field? [\#902](https://github.com/lynndylanhurley/devise_token_auth/issues/902) +- jsonb token [\#841](https://github.com/lynndylanhurley/devise_token_auth/issues/841) + +**Merged pull requests:** + +- Add custom uid reference [\#1554](https://github.com/lynndylanhurley/devise_token_auth/pull/1554) ([florindiconescu](https://github.com/florindiconescu)) +- Update ja.yml [\#1550](https://github.com/lynndylanhurley/devise_token_auth/pull/1550) ([RaziAhmad123](https://github.com/RaziAhmad123)) +- Fixed ja.yml because CI failed. [\#1547](https://github.com/lynndylanhurley/devise_token_auth/pull/1547) ([hatsu38](https://github.com/hatsu38)) +- Translate the unlocks, confirmations message into Japanese [\#1544](https://github.com/lynndylanhurley/devise_token_auth/pull/1544) ([hatsu38](https://github.com/hatsu38)) +- Set cookie token immediately in reset password and OmniAuth success flows [\#1542](https://github.com/lynndylanhurley/devise_token_auth/pull/1542) ([theblang](https://github.com/theblang)) +- Added 'Authorization' header with bearer token [\#1534](https://github.com/lynndylanhurley/devise_token_auth/pull/1534) ([rhiroshi](https://github.com/rhiroshi)) +- Fix Paranoid Status Codes [\#1524](https://github.com/lynndylanhurley/devise_token_auth/pull/1524) ([keithdoggett](https://github.com/keithdoggett)) +- add `previous\_token` [\#1520](https://github.com/lynndylanhurley/devise_token_auth/pull/1520) ([sudhanshu16](https://github.com/sudhanshu16)) +- Migrate to GitHub Actions [\#1519](https://github.com/lynndylanhurley/devise_token_auth/pull/1519) ([enomotodev](https://github.com/enomotodev)) +- Support Rails 7.0 [\#1517](https://github.com/lynndylanhurley/devise_token_auth/pull/1517) ([enomotodev](https://github.com/enomotodev)) +- \[bugfix\] omniauth: handle POST action redirects [\#1509](https://github.com/lynndylanhurley/devise_token_auth/pull/1509) ([lynndylanhurley](https://github.com/lynndylanhurley)) +- Fix the doc missing configure devise mail sender [\#1504](https://github.com/lynndylanhurley/devise_token_auth/pull/1504) ([hsonthach](https://github.com/hsonthach)) +- Fix callback if migrations fails [\#1502](https://github.com/lynndylanhurley/devise_token_auth/pull/1502) ([thooams](https://github.com/thooams)) +- wrap creation and save of token in a transaction [\#1498](https://github.com/lynndylanhurley/devise_token_auth/pull/1498) ([pascalbetz](https://github.com/pascalbetz)) +- Increase required ruby version to 2.3 [\#1495](https://github.com/lynndylanhurley/devise_token_auth/pull/1495) ([mcelicalderon](https://github.com/mcelicalderon)) +- Turn email validation process into class method [\#1494](https://github.com/lynndylanhurley/devise_token_auth/pull/1494) ([muratiger](https://github.com/muratiger)) +- Update faq.md [\#1493](https://github.com/lynndylanhurley/devise_token_auth/pull/1493) ([SUMAR7](https://github.com/SUMAR7)) + +## [v1.2.0](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.0) (2021-07-19) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.5...v1.2.0) + +**Implemented enhancements:** + +- Paranoid mode is non existent [\#1100](https://github.com/lynndylanhurley/devise_token_auth/issues/1100) +- Add paranoid mode [\#1378](https://github.com/lynndylanhurley/devise_token_auth/pull/1378) ([luisalima](https://github.com/luisalima)) + +**Closed issues:** + +- DeviseTokenAuth::Errors::InvalidModel [\#1485](https://github.com/lynndylanhurley/devise_token_auth/issues/1485) +- How not to update the headers when the api server returns a response with an error status [\#1476](https://github.com/lynndylanhurley/devise_token_auth/issues/1476) +- Does not install on Rails 6.1 and Ruby 2.7, fresh install [\#1475](https://github.com/lynndylanhurley/devise_token_auth/issues/1475) +- Devise::Models::Authenticatable::BLACKLIST\_FOR\_SERIALIZATION is deprecated [\#1474](https://github.com/lynndylanhurley/devise_token_auth/issues/1474) +- @token not assigned prior to delete/destory [\#1465](https://github.com/lynndylanhurley/devise_token_auth/issues/1465) +- Installing devise\_token\_auth on MacOS, rails conflict [\#1458](https://github.com/lynndylanhurley/devise_token_auth/issues/1458) +- Deprecation warning `connection\_config is deprecated and will be removed from Rails 6.2` when using Rails 6.1 [\#1451](https://github.com/lynndylanhurley/devise_token_auth/issues/1451) +- Trying to integrate with devise-multi\_email [\#1421](https://github.com/lynndylanhurley/devise_token_auth/issues/1421) +- Rails email change not send confirmation emaill [\#1338](https://github.com/lynndylanhurley/devise_token_auth/issues/1338) + +**Merged pull requests:** + +- Bump version to 1.2.0 [\#1492](https://github.com/lynndylanhurley/devise_token_auth/pull/1492) ([MaicolBen](https://github.com/MaicolBen)) +- Fix unescape and keyword parameters warning [\#1490](https://github.com/lynndylanhurley/devise_token_auth/pull/1490) ([muratiger](https://github.com/muratiger)) +- check password changed only when using password authentication [\#1486](https://github.com/lynndylanhurley/devise_token_auth/pull/1486) ([qiuyin](https://github.com/qiuyin)) +- Add new param FAQ [\#1481](https://github.com/lynndylanhurley/devise_token_auth/pull/1481) ([muratiger](https://github.com/muratiger)) +- fix mongoid detecting bug [\#1478](https://github.com/lynndylanhurley/devise_token_auth/pull/1478) ([qiuyin](https://github.com/qiuyin)) +- replace deprecated constant BLACKLIST\_FOR\_SERIALIZATION [\#1473](https://github.com/lynndylanhurley/devise_token_auth/pull/1473) ([prashant-kiwi](https://github.com/prashant-kiwi)) +- Workaround for cc-test-reporter with SimpleCov 0.18 [\#1472](https://github.com/lynndylanhurley/devise_token_auth/pull/1472) ([enomotodev](https://github.com/enomotodev)) +- Fix mongo setup in travis [\#1471](https://github.com/lynndylanhurley/devise_token_auth/pull/1471) ([MaicolBen](https://github.com/MaicolBen)) +- Use the same behavior than the deprecated URI.escape [\#1470](https://github.com/lynndylanhurley/devise_token_auth/pull/1470) ([MaicolBen](https://github.com/MaicolBen)) +- Replace URI::escape which was removed in Ruby 3 [\#1468](https://github.com/lynndylanhurley/devise_token_auth/pull/1468) ([alea12](https://github.com/alea12)) +- Update connection\_config to connection\_db\_config [\#1467](https://github.com/lynndylanhurley/devise_token_auth/pull/1467) ([melnik0v](https://github.com/melnik0v)) +- Fix docs/config/initialization.md [\#1464](https://github.com/lynndylanhurley/devise_token_auth/pull/1464) ([yoshitsugu](https://github.com/yoshitsugu)) +- Fix omniauth version until devise fixes omniauth requirement [\#1463](https://github.com/lynndylanhurley/devise_token_auth/pull/1463) ([MaicolBen](https://github.com/MaicolBen)) +- Add support for sending and receiving the auth token via a server cookie [\#1453](https://github.com/lynndylanhurley/devise_token_auth/pull/1453) ([theblang](https://github.com/theblang)) +- Fix critical error on registration with confirmation mode [\#1447](https://github.com/lynndylanhurley/devise_token_auth/pull/1447) ([pnghai](https://github.com/pnghai)) + +## [v1.1.5](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.5) (2020-12-08) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.4...v1.1.5) + +**Closed issues:** + +- Update dependency to support Rails 6.1/6.1.0.rc1 [\#1443](https://github.com/lynndylanhurley/devise_token_auth/issues/1443) +- undefined method `tokens' for \#\":String\) [\#1375](https://github.com/lynndylanhurley/devise_token_auth/issues/1375) +- mation\_instruction [\#1373](https://github.com/lynndylanhurley/devise_token_auth/issues/1373) +- Unpermitted parameter :session when signing in using javascript fetch [\#1361](https://github.com/lynndylanhurley/devise_token_auth/issues/1361) +- How do i authenticate with graphql-ruby? [\#1360](https://github.com/lynndylanhurley/devise_token_auth/issues/1360) +- Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable [\#1013](https://github.com/lynndylanhurley/devise_token_auth/issues/1013) + +**Merged pull requests:** + +- Update faq.md [\#1401](https://github.com/lynndylanhurley/devise_token_auth/pull/1401) ([mdjamal](https://github.com/mdjamal)) +- Update assign\_provider\_attrs to strip 'name' field [\#1398](https://github.com/lynndylanhurley/devise_token_auth/pull/1398) ([SpLouk](https://github.com/SpLouk)) +- Fix grammar [\#1396](https://github.com/lynndylanhurley/devise_token_auth/pull/1396) ([arku](https://github.com/arku)) +- \[Refactor\] fixed "not\_email" setting in ja.yml [\#1395](https://github.com/lynndylanhurley/devise_token_auth/pull/1395) ([eitches](https://github.com/eitches)) +- CI build fix: Pin to pry \< 0.13 for 2.3 support, workaround CodeClimate reporter issue [\#1393](https://github.com/lynndylanhurley/devise_token_auth/pull/1393) ([olleolleolle](https://github.com/olleolleolle)) +- Fix broken link [\#1392](https://github.com/lynndylanhurley/devise_token_auth/pull/1392) ([dlederle](https://github.com/dlederle)) +- Fix: Save user authentication token after email confirmation [\#1391](https://github.com/lynndylanhurley/devise_token_auth/pull/1391) ([gabrielbursztein2](https://github.com/gabrielbursztein2)) +- Fix token-type header key in testing example docs [\#1390](https://github.com/lynndylanhurley/devise_token_auth/pull/1390) ([goalaleo](https://github.com/goalaleo)) +- Issue - 1358 Argument error when converting token updated\_at using to… [\#1388](https://github.com/lynndylanhurley/devise_token_auth/pull/1388) ([saichander17](https://github.com/saichander17)) +- Validate that token is valid for patch request last token [\#1386](https://github.com/lynndylanhurley/devise_token_auth/pull/1386) ([ahmedmagdy711](https://github.com/ahmedmagdy711)) +- Fix docs/usage/reset\_password.md [\#1382](https://github.com/lynndylanhurley/devise_token_auth/pull/1382) ([K-Sato1995](https://github.com/K-Sato1995)) +- Fix missing polish and portugese missing translation errors [\#1377](https://github.com/lynndylanhurley/devise_token_auth/pull/1377) ([woochaq](https://github.com/woochaq)) +- \[Documentation\] write complete path for authentication\_test\_spec.rb [\#1376](https://github.com/lynndylanhurley/devise_token_auth/pull/1376) ([cprodhomme](https://github.com/cprodhomme)) +- Add case sensitive option required to prevent deprecation warning in … [\#1368](https://github.com/lynndylanhurley/devise_token_auth/pull/1368) ([niciliketo](https://github.com/niciliketo)) +- Add rails 6.0 config to travis [\#1366](https://github.com/lynndylanhurley/devise_token_auth/pull/1366) ([brateq](https://github.com/brateq)) +- Add docs for confirmation endpoint [\#1365](https://github.com/lynndylanhurley/devise_token_auth/pull/1365) ([brateq](https://github.com/brateq)) +- Remove Trackable option from generator [\#1362](https://github.com/lynndylanhurley/devise_token_auth/pull/1362) ([SugiKent](https://github.com/SugiKent)) +- Please merge again [\#1350](https://github.com/lynndylanhurley/devise_token_auth/pull/1350) ([exocode](https://github.com/exocode)) +- Fix dead link [\#1349](https://github.com/lynndylanhurley/devise_token_auth/pull/1349) ([tegandbiscuits](https://github.com/tegandbiscuits)) +- detect Mongoid \(till Mongoid will implement it\) [\#1348](https://github.com/lynndylanhurley/devise_token_auth/pull/1348) ([exocode](https://github.com/exocode)) +- feat\(oauth-apple\): support Sign in with Apple as a documented OmniAuth provider [\#1347](https://github.com/lynndylanhurley/devise_token_auth/pull/1347) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- Add Korean locale [\#1346](https://github.com/lynndylanhurley/devise_token_auth/pull/1346) ([ghost](https://github.com/ghost)) +- doc: remove duplicated test case on ./docs/usage/testing.md [\#1344](https://github.com/lynndylanhurley/devise_token_auth/pull/1344) ([miyataka](https://github.com/miyataka)) +- Fix to be able to use Devise::confirmable module [\#1343](https://github.com/lynndylanhurley/devise_token_auth/pull/1343) ([makicamel](https://github.com/makicamel)) +- repeat any query params after a fragment [\#1341](https://github.com/lynndylanhurley/devise_token_auth/pull/1341) ([colmben](https://github.com/colmben)) + # Changelog ## [v1.1.4](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.4) (2020-06-02) @@ -2959,14 +3143,3 @@ - guard against MissingAttributeError during common ActiveRecord operations [\#19](https://github.com/lynndylanhurley/devise_token_auth/pull/19) ([booleanbetrayal](https://github.com/booleanbetrayal)) - Fix expiry data type [\#11](https://github.com/lynndylanhurley/devise_token_auth/pull/11) ([lonre](https://github.com/lonre)) - README and travis config tweaks [\#7](https://github.com/lynndylanhurley/devise_token_auth/pull/7) ([guilhermesimoes](https://github.com/guilhermesimoes)) - - - -\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* - - -\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* - -\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/lib/devise_token_auth/version.rb b/lib/devise_token_auth/version.rb index 5f1c2295d..afb5116a8 100644 --- a/lib/devise_token_auth/version.rb +++ b/lib/devise_token_auth/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module DeviseTokenAuth - VERSION = '1.2.0'.freeze + VERSION = '1.2.1'.freeze end From 017fe047debbb170391f66b55b1181ee822184f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diefferson=20Koderer=20M=C3=B4ro?= Date: Tue, 15 Nov 2022 23:32:09 -0300 Subject: [PATCH 24/65] Update initializer template (#1564) --- .../templates/devise_token_auth.rb | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/generators/devise_token_auth/templates/devise_token_auth.rb b/lib/generators/devise_token_auth/templates/devise_token_auth.rb index 9dc91be9e..b6ed825e5 100644 --- a/lib/generators/devise_token_auth/templates/devise_token_auth.rb +++ b/lib/generators/devise_token_auth/templates/devise_token_auth.rb @@ -42,11 +42,14 @@ # config.default_callbacks = true # Makes it possible to change the headers names - # config.headers_names = {:'access-token' => 'access-token', - # :'client' => 'client', - # :'expiry' => 'expiry', - # :'uid' => 'uid', - # :'token-type' => 'token-type' } + # config.headers_names = { + # :'authorization' => 'Authorization', + # :'access-token' => 'access-token', + # :'client' => 'client', + # :'expiry' => 'expiry', + # :'uid' => 'uid', + # :'token-type' => 'token-type' + # } # Makes it possible to use custom uid column # config.other_uid = "foo" From 17619afacaafc30783e8d78471260085df123626 Mon Sep 17 00:00:00 2001 From: Florin Diconescu Date: Wed, 16 Nov 2022 06:32:50 +0400 Subject: [PATCH 25/65] Allow omniauth redirect post method (#1563) --- lib/devise_token_auth/rails/routes.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise_token_auth/rails/routes.rb b/lib/devise_token_auth/rails/routes.rb index 960f8b040..cce442740 100644 --- a/lib/devise_token_auth/rails/routes.rb +++ b/lib/devise_token_auth/rails/routes.rb @@ -65,8 +65,8 @@ def mount_devise_token_auth_for(resource, opts) # omniauth routes. only define if omniauth is installed and not skipped. if defined?(::OmniAuth) && !opts[:skip].include?(:omniauth_callbacks) - match "#{full_path}/failure", controller: omniauth_ctrl, action: 'omniauth_failure', via: [:get] - match "#{full_path}/:provider/callback", controller: omniauth_ctrl, action: 'omniauth_success', via: [:get] + match "#{full_path}/failure", controller: omniauth_ctrl, action: 'omniauth_failure', via: [:get, :post] + match "#{full_path}/:provider/callback", controller: omniauth_ctrl, action: 'omniauth_success', via: [:get, :post] match "#{DeviseTokenAuth.omniauth_prefix}/:provider/callback", controller: omniauth_ctrl, action: 'redirect_callbacks', via: [:get, :post] match "#{DeviseTokenAuth.omniauth_prefix}/failure", controller: omniauth_ctrl, action: 'omniauth_failure', via: [:get, :post] From 9d0896138a5913369526c859ecded7eb1fbae707 Mon Sep 17 00:00:00 2001 From: Remy Wang <69775411+remy727@users.noreply.github.com> Date: Tue, 27 Dec 2022 15:50:33 -0500 Subject: [PATCH 26/65] Fix: permit parameters (#1568) --- app/controllers/devise_token_auth/sessions_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_token_auth/sessions_controller.rb b/app/controllers/devise_token_auth/sessions_controller.rb index e86247343..8ef89f690 100644 --- a/app/controllers/devise_token_auth/sessions_controller.rb +++ b/app/controllers/devise_token_auth/sessions_controller.rb @@ -131,7 +131,7 @@ def render_destroy_error private def resource_params - params.permit(*params_for_resource(:sign_in)) + params.require(:session).permit(*params_for_resource(:sign_in)) end def create_and_assign_token From 041002ac263ee2cbf5e565f7bc79d46d06d27e20 Mon Sep 17 00:00:00 2001 From: micred Date: Tue, 27 Dec 2022 23:35:08 +0100 Subject: [PATCH 27/65] Avoid raising a RoutingError when confirming a user twice (#1557) --- app/controllers/devise_token_auth/confirmations_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_token_auth/confirmations_controller.rb b/app/controllers/devise_token_auth/confirmations_controller.rb index 0acc02b29..4093a4566 100644 --- a/app/controllers/devise_token_auth/confirmations_controller.rb +++ b/app/controllers/devise_token_auth/confirmations_controller.rb @@ -26,7 +26,7 @@ def show redirect_to(redirect_to_link) else - raise ActionController::RoutingError, 'Not Found' + redirect_to DeviseTokenAuth::Url.generate(redirect_url, account_confirmation_success: false) end end From 2264071a329596f887494d70db58e4b0428c155c Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Tue, 27 Dec 2022 19:38:51 -0300 Subject: [PATCH 28/65] Revert "Fix: permit parameters (#1568)" (#1571) This reverts commit 9d0896138a5913369526c859ecded7eb1fbae707. --- app/controllers/devise_token_auth/sessions_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_token_auth/sessions_controller.rb b/app/controllers/devise_token_auth/sessions_controller.rb index 8ef89f690..e86247343 100644 --- a/app/controllers/devise_token_auth/sessions_controller.rb +++ b/app/controllers/devise_token_auth/sessions_controller.rb @@ -131,7 +131,7 @@ def render_destroy_error private def resource_params - params.require(:session).permit(*params_for_resource(:sign_in)) + params.permit(*params_for_resource(:sign_in)) end def create_and_assign_token From 30b6d30037ea646646e58ba2ec5ff4682b654f2c Mon Sep 17 00:00:00 2001 From: Guillermo Guerrero Date: Tue, 27 Dec 2022 23:40:05 +0100 Subject: [PATCH 29/65] Fixed vulnerabilities (#1569) * Fixed vulnerabilities * Missing plural. --- .../devise_token_auth/application_controller.rb | 2 +- .../devise_token_auth/concerns/resource_finder.rb | 3 ++- .../concerns/set_user_by_token.rb | 2 +- .../omniauth_callbacks_controller.rb | 14 +++++++------- app/models/devise_token_auth/concerns/user.rb | 12 ++++++------ docs/usage/model_concerns.md | 2 +- docs/usage/testing.md | 2 +- 7 files changed, 19 insertions(+), 18 deletions(-) diff --git a/app/controllers/devise_token_auth/application_controller.rb b/app/controllers/devise_token_auth/application_controller.rb index d0b2987c6..b51ba1561 100644 --- a/app/controllers/devise_token_auth/application_controller.rb +++ b/app/controllers/devise_token_auth/application_controller.rb @@ -89,7 +89,7 @@ def success_message(name, email) # query params (to then send in the initial validate_token request). # TODO: We should be able to stop exposing the token in query params when this method is used def set_token_in_cookie(resource, token) - auth_header = resource.build_auth_header(token.token, token.client) + auth_header = resource.build_auth_headers(token.token, token.client) cookies[DeviseTokenAuth.cookie_name] = DeviseTokenAuth.cookie_attributes.merge(value: auth_header.to_json) end end diff --git a/app/controllers/devise_token_auth/concerns/resource_finder.rb b/app/controllers/devise_token_auth/concerns/resource_finder.rb index 8fe5fa96e..06009c3f1 100644 --- a/app/controllers/devise_token_auth/concerns/resource_finder.rb +++ b/app/controllers/devise_token_auth/concerns/resource_finder.rb @@ -22,7 +22,8 @@ def get_case_insensitive_field_from_resource_params(field) def find_resource(field, value) @resource = if database_adapter&.include?('mysql') # fix for mysql default case insensitivity - resource_class.where("BINARY #{field} = ? AND provider= ?", value, provider).first + field_sanitized = resource_class.connection.quote_column_name(field) + resource_class.where("BINARY #{field_sanitized} = ? AND provider= ?", value, provider).first else resource_class.dta_find_by(field => value, 'provider' => provider) end diff --git a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb index 5fc38ccb0..41c5c4b49 100644 --- a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +++ b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb @@ -111,7 +111,7 @@ def update_auth_header # cleared by sign out in the meantime return if @resource.reload.tokens[@token.client].nil? - auth_header = @resource.build_auth_header(@token.token, @token.client) + auth_header = @resource.build_auth_headers(@token.token, @token.client) # update the response header response.headers.merge!(auth_header) diff --git a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb index 960c90afe..69cfb29b6 100644 --- a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +++ b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb @@ -133,13 +133,13 @@ def whitelisted_params end def resource_class(mapping = nil) - if omniauth_params['resource_class'] - omniauth_params['resource_class'].constantize - elsif params['resource_class'] - params['resource_class'].constantize - else - raise 'No resource_class found' - end + return @resource_class if defined?(@resource_class) + + constant_name = omniauth_params['resource_class'] || params['resource_class'] + @resource_class = ObjectSpace.each_object(Class).detect { |cls| cls.name == constant_name } + raise 'No resource_class found' if @resource_class.nil? + + @resource_class end def resource_name diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb index 723ca4ce0..460cecca4 100644 --- a/app/models/devise_token_auth/concerns/user.rb +++ b/app/models/devise_token_auth/concerns/user.rb @@ -176,10 +176,10 @@ def create_new_auth_token(client = nil) updated_at: now ) - update_auth_header(token.token, token.client) + update_auth_headers(token.token, token.client) end - def build_auth_header(token, client = 'default') + def build_auth_headers(token, client = 'default') # client may use expiry to prevent validation request if expired # must be cast as string or headers will break expiry = tokens[client]['expiry'] || tokens[client][:expiry] @@ -190,7 +190,7 @@ def build_auth_header(token, client = 'default') DeviseTokenAuth.headers_names[:"expiry"] => expiry.to_s, DeviseTokenAuth.headers_names[:"uid"] => uid } - headers.merge!(build_bearer_token(headers)) + headers.merge(build_bearer_token(headers)) end def build_bearer_token(auth) @@ -199,8 +199,8 @@ def build_bearer_token(auth) {DeviseTokenAuth.headers_names[:"authorization"] => bearer_token} end - def update_auth_header(token, client = 'default') - headers = build_auth_header(token, client) + def update_auth_headers(token, client = 'default') + headers = build_auth_headers(token, client) clean_old_tokens save! @@ -216,7 +216,7 @@ def build_auth_url(base_url, args) def extend_batch_buffer(token, client) tokens[client]['updated_at'] = Time.zone.now - update_auth_header(token, client) + update_auth_headers(token, client) end def confirmed? diff --git a/docs/usage/model_concerns.md b/docs/usage/model_concerns.md index 66d433573..f78067c0b 100644 --- a/docs/usage/model_concerns.md +++ b/docs/usage/model_concerns.md @@ -45,7 +45,7 @@ Models that include the `DeviseTokenAuth::Concerns::User` concern will have acce } # generate auth headers for response - new_auth_header = @resource.build_auth_header(token.token, token.client) + new_auth_header = @resource.build_auth_headers(token.token, token.client) # update response with the header that will be required by the next request response.headers.merge!(new_auth_header) diff --git a/docs/usage/testing.md b/docs/usage/testing.md index 78bbfd85a..0f0737116 100644 --- a/docs/usage/testing.md +++ b/docs/usage/testing.md @@ -148,7 +148,7 @@ def create_auth_header_from_scratch # The following assumes that the user has received those headers # and that they are then using those headers to make a request - new_auth_header = @current_user.build_auth_header(token.token, token.client) + new_auth_header = @current_user.build_auth_headers(token.token, token.client) puts 'This is the new auth header' puts new_auth_header.to_s From 72d563a0eee5337391d04eec51ae441959394e71 Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Fri, 7 Apr 2023 10:43:34 -0300 Subject: [PATCH 30/65] Add support for ruby 3 & fix test suite (#1582) --- .github/workflows/test.yml | 11 +++++++ Appraisals | 4 ++- Gemfile | 14 ++++---- .../confirmations_controller.rb | 7 ++-- .../omniauth_callbacks_controller.rb | 19 ++++------- .../devise_token_auth/sessions_controller.rb | 1 - devise_token_auth.gemspec | 1 + lib/devise_token_auth/rails/routes.rb | 3 +- .../custom_confirmations_controller_test.rb | 2 +- ...stom_omniauth_callbacks_controller_test.rb | 2 +- .../confirmations_controller_test.rb | 2 +- .../omniauth_callbacks_controller_test.rb | 33 +++++++++---------- .../registrations_controller_test.rb | 4 +-- .../omniauth_callbacks_controller_test.rb | 2 +- .../app/controllers/application_controller.rb | 8 ++--- 15 files changed, 60 insertions(+), 53 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 25ffdea57..1f11c57a2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,6 +14,7 @@ jobs: - 2.5 - 2.6 - 2.7 + - 3.1 gemfile: - gemfiles/rails_4_2.gemfile - gemfiles/rails_5_0.gemfile @@ -55,6 +56,16 @@ jobs: gemfile: gemfiles/rails_4_2.gemfile - ruby: 2.4 gemfile: gemfiles/rails_6_0.gemfile + - ruby: 3.1 + gemfile: gemfiles/rails_4_2.gemfile + - ruby: 3.1 + gemfile: gemfiles/rails_5_0.gemfile + - ruby: 3.1 + gemfile: gemfiles/rails_5_1.gemfile + - ruby: 3.1 + gemfile: gemfiles/rails_5_2.gemfile + - ruby: 3.1 + gemfile: gemfiles/rails_6_0.gemfile services: mysql: diff --git a/Appraisals b/Appraisals index dfb2bb1e1..bd13707bf 100644 --- a/Appraisals +++ b/Appraisals @@ -33,7 +33,9 @@ end { name: '5-2', ruby: '2.5.5', rails: '5.2', mongoid: '6.4' }, { name: '5-2', ruby: '2.5.5', rails: '5.2', mongoid: '7.0' }, { name: '5-2', ruby: '2.6.2', rails: '5.2', mongoid: '7.0' }, - { name: '6-0', ruby: '2.7.0', rails: '6.0', mongoid: '7.0' } + { name: '6-0', ruby: '2.7.0', rails: '6.0', mongoid: '7.0' }, + { name: '6-0', ruby: '3.1.2', rails: '6.0', mongoid: '7.0' }, + { name: '7-0', ruby: '3.1.2', rails: '7.0', mongoid: '7.0' } ].each do |set| appraise "rails-#{set[:name]}-mongoid-#{set[:mongoid][0]}" do gem 'rails', "~> #{set[:rails]}" diff --git a/Gemfile b/Gemfile index ef7828026..d75f8ed25 100644 --- a/Gemfile +++ b/Gemfile @@ -7,6 +7,7 @@ source 'https://rubygems.org' # development dependencies will be added by default to the :development group. gemspec gem 'omniauth', '~> 2.0' +gem 'omniauth-rails_csrf_protection' # Declare any dependencies that are still in development here instead of in # your gemspec. These might include edge Rails or gems from your path or @@ -16,27 +17,26 @@ gem 'omniauth', '~> 2.0' # To use debugger # gem 'debugger' + group :development, :test do gem 'attr_encrypted' - gem 'figaro' + gem 'figaro', '~> 1.2' gem 'omniauth-facebook' gem 'omniauth-github' gem 'omniauth-google-oauth2' gem 'omniauth-apple' gem 'rack-cors' - gem 'thor' + gem 'thor', '~> 1.2' # testing # gem 'spring' gem 'database_cleaner' gem 'factory_bot_rails' - gem 'faker' + gem 'faker', '~> 2.16' gem 'fuzz_ball' - gem 'guard' - gem 'guard-minitest' gem 'minitest' gem 'minitest-focus' - gem 'minitest-rails' + gem 'minitest-rails', '~> 7' gem 'minitest-reporters' gem 'mocha', '>= 1.5' gem 'pry' @@ -70,3 +70,5 @@ if ENV['MONGOID_VERSION'] gem 'mongoid-locker', '~> 1.0' end + +gem "rails", "~> 7" diff --git a/app/controllers/devise_token_auth/confirmations_controller.rb b/app/controllers/devise_token_auth/confirmations_controller.rb index 4093a4566..953fee967 100644 --- a/app/controllers/devise_token_auth/confirmations_controller.rb +++ b/app/controllers/devise_token_auth/confirmations_controller.rb @@ -26,7 +26,11 @@ def show redirect_to(redirect_to_link) else - redirect_to DeviseTokenAuth::Url.generate(redirect_url, account_confirmation_success: false) + if redirect_url + redirect_to DeviseTokenAuth::Url.generate(redirect_url, account_confirmation_success: false) + else + raise ActionController::RoutingError, 'Not Found' + end end end @@ -81,6 +85,5 @@ def redirect_url DeviseTokenAuth.default_confirm_success_url ) end - end end diff --git a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb index 69cfb29b6..00298b23c 100644 --- a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +++ b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb @@ -111,7 +111,6 @@ def omniauth_params end end @_omniauth_params - end # break out provider attribute assignment for easy method extension @@ -133,23 +132,19 @@ def whitelisted_params end def resource_class(mapping = nil) - return @resource_class if defined?(@resource_class) - - constant_name = omniauth_params['resource_class'] || params['resource_class'] - @resource_class = ObjectSpace.each_object(Class).detect { |cls| cls.name == constant_name } - raise 'No resource_class found' if @resource_class.nil? - - @resource_class + if omniauth_params['resource_class'] + omniauth_params['resource_class'].constantize + elsif params['resource_class'] + params['resource_class'].constantize + else + raise 'No resource_class found' + end end def resource_name resource_class end - def omniauth_window_type - omniauth_params['omniauth_window_type'] - end - def unsafe_auth_origin_url omniauth_params['auth_origin_url'] || omniauth_params['origin'] end diff --git a/app/controllers/devise_token_auth/sessions_controller.rb b/app/controllers/devise_token_auth/sessions_controller.rb index e86247343..c201bd670 100644 --- a/app/controllers/devise_token_auth/sessions_controller.rb +++ b/app/controllers/devise_token_auth/sessions_controller.rb @@ -78,7 +78,6 @@ def valid_params?(key, val) def get_auth_params auth_key = nil auth_val = nil - # iterate thru allowed auth keys, use first found resource_class.authentication_keys.each do |k| if resource_params[k] diff --git a/devise_token_auth.gemspec b/devise_token_auth.gemspec index 84652fccf..910569e8a 100644 --- a/devise_token_auth.gemspec +++ b/devise_token_auth.gemspec @@ -23,6 +23,7 @@ Gem::Specification.new do |s| s.required_ruby_version = ">= 2.3.0" s.add_dependency 'rails', '>= 4.2.0', '< 7.1' + s.add_dependency 'sprockets', '3.7.2' s.add_dependency 'devise', '> 3.5.2', '< 5' s.add_dependency 'bcrypt', '~> 3.0' diff --git a/lib/devise_token_auth/rails/routes.rb b/lib/devise_token_auth/rails/routes.rb index cce442740..8c716759b 100644 --- a/lib/devise_token_auth/rails/routes.rb +++ b/lib/devise_token_auth/rails/routes.rb @@ -75,7 +75,8 @@ def mount_devise_token_auth_for(resource, opts) # resource as "resource_class" param match "#{full_path}/:provider", to: redirect(status: 307) { |params, request| # get the current querystring - qs = CGI::parse(request.env['QUERY_STRING']) + # TODO: deprecate in favor of using params + qs = CGI::parse(request.env['QUERY_STRING'].empty? ? request.body.read : request.env['QUERY_STRING'] ) # append name of current resource qs['resource_class'] = [resource] diff --git a/test/controllers/custom/custom_confirmations_controller_test.rb b/test/controllers/custom/custom_confirmations_controller_test.rb index a62a0c99a..f254286cc 100644 --- a/test/controllers/custom/custom_confirmations_controller_test.rb +++ b/test/controllers/custom/custom_confirmations_controller_test.rb @@ -11,7 +11,7 @@ class Custom::ConfirmationsControllerTest < ActionController::TestCase @new_user = create(:user) @new_user.send_confirmation_instructions(redirect_url: @redirect_url) @mail = ActionMailer::Base.deliveries.last - @token = @mail.body.match(/confirmation_token=([^&]*)&/)[1] + @token = @mail.body.match(/confirmation_token=([^&]*)[&"]/)[1] @client_config = @mail.body.match(/config=([^&]*)&/)[1] get :show, diff --git a/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb b/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb index 13564a541..de2dbd56f 100644 --- a/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb +++ b/test/controllers/custom/custom_omniauth_callbacks_controller_test.rb @@ -20,7 +20,7 @@ class Custom::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest test 'yield resource to block on omniauth_success success' do @redirect_url = 'http://ng-token-auth.dev/' - get '/nice_user_auth/facebook', + post '/nice_user_auth/facebook', params: { auth_origin_url: @redirect_url, omniauth_window_type: 'newWindow' } diff --git a/test/controllers/devise_token_auth/confirmations_controller_test.rb b/test/controllers/devise_token_auth/confirmations_controller_test.rb index f346beb2f..161e0e289 100644 --- a/test/controllers/devise_token_auth/confirmations_controller_test.rb +++ b/test/controllers/devise_token_auth/confirmations_controller_test.rb @@ -11,7 +11,7 @@ class DeviseTokenAuth::ConfirmationsControllerTest < ActionController::TestCase describe DeviseTokenAuth::ConfirmationsController do def token_and_client_config_from(body) - token = body.match(/confirmation_token=([^&]*)&/)[1] + token = body.match(/confirmation_token=([^&]*)[&"]/)[1] client_config = body.match(/config=([^&]*)&/)[1] [token, client_config] end diff --git a/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb b/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb index 0959d4872..0f31e1b7a 100644 --- a/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +++ b/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb @@ -98,7 +98,7 @@ def get_parsed_data_json describe 'with alternate user model' do before do - get '/mangs/facebook', + post '/mangs/facebook', params: { auth_origin_url: @redirect_url, omniauth_window_type: 'newWindow' @@ -123,7 +123,7 @@ def get_parsed_data_json before do @fav_color = 'alizarin crimson' @unpermitted_param = 'M. Bison' - get '/auth/facebook', + post '/auth/facebook', params: { auth_origin_url: @redirect_url, favorite_color: @fav_color, name: @unpermitted_param, @@ -160,7 +160,7 @@ def get_parsed_data_json end test 'response contains oauth_registration attr' do - get '/auth/facebook', + post '/auth/facebook', params: { auth_origin_url: @redirect_url, omniauth_window_type: 'newWindow' } @@ -176,7 +176,7 @@ def get_parsed_data_json end test 'response does not contain oauth_registration attr' do - get '/auth/facebook', + post '/auth/facebook', params: { auth_origin_url: @redirect_url, omniauth_window_type: 'newWindow' } @@ -189,7 +189,7 @@ def get_parsed_data_json describe 'using namespaces' do before do - get '/api/v1/auth/facebook', + post '/api/v1/auth/facebook', params: { auth_origin_url: @redirect_url, omniauth_window_type: 'newWindow' } @@ -234,7 +234,7 @@ def assert_expected_data_in_new_window describe 'with omniauth_window_type=sameWindow' do test 'redirects to auth_origin_url with all expected query params' do - get '/auth/facebook', + post '/auth/facebook', params: { auth_origin_url: '/auth_origin', omniauth_window_type: 'sameWindow' } @@ -258,7 +258,7 @@ def assert_expected_data_in_new_window end def get_success(params = {}) - get '/auth/facebook', + post '/auth/facebook', params: { auth_origin_url: @redirect_url, omniauth_window_type: 'newWindow' @@ -282,7 +282,7 @@ def get_success(params = {}) test 'renders expected data' do silence_omniauth do - get '/auth/facebook', + post '/auth/facebook', params: { auth_origin_url: @redirect_url, omniauth_window_type: 'newWindow' } @@ -298,7 +298,7 @@ def get_success(params = {}) test 'renders something with no auth_origin_url' do silence_omniauth do - get '/auth/facebook' + post '/auth/facebook' follow_all_redirects! end assert_equal 200, response.status @@ -339,7 +339,7 @@ def get_success(params = {}) end test 'request using non-whitelisted redirect fail' do - get '/auth/facebook', + post '/auth/facebook', params: { auth_origin_url: @bad_redirect_url, omniauth_window_type: 'newWindow' } @@ -351,7 +351,7 @@ def get_success(params = {}) end test 'request to whitelisted redirect should succeed' do - get '/auth/facebook', + post '/auth/facebook', params: { auth_origin_url: @good_redirect_url, omniauth_window_type: 'newWindow' @@ -365,7 +365,7 @@ def get_success(params = {}) test 'should support wildcards' do DeviseTokenAuth.redirect_whitelist = ["#{@good_redirect_url[0..8]}*"] - get '/auth/facebook', + post '/auth/facebook', params: { auth_origin_url: @good_redirect_url, omniauth_window_type: 'newWindow' } @@ -397,7 +397,7 @@ def get_success(params = {}) end test 'request using non-whitelisted redirect fail' do - get '/auth/facebook', + post '/auth/facebook', params: { auth_origin_url: @bad_redirect_url, omniauth_window_type: 'sameWindow' } @@ -408,7 +408,7 @@ def get_success(params = {}) end test 'request to whitelisted redirect should succeed' do - get '/auth/facebook', + post '/auth/facebook', params: { auth_origin_url: '/auth_origin', omniauth_window_type: 'sameWindow' @@ -422,7 +422,7 @@ def get_success(params = {}) test 'should support wildcards' do DeviseTokenAuth.redirect_whitelist = ["#{@good_redirect_url[0..8]}*"] - get '/auth/facebook', + post '/auth/facebook', params: { auth_origin_url: '/auth_origin', omniauth_window_type: 'sameWindow' @@ -433,9 +433,6 @@ def get_success(params = {}) assert_equal 200, response.status assert_equal false, response.body.include?("Redirect to '#{@good_redirect_url}' not allowed") end - - end - end end diff --git a/test/controllers/devise_token_auth/registrations_controller_test.rb b/test/controllers/devise_token_auth/registrations_controller_test.rb index 8a0eadf4e..d5abb3d26 100644 --- a/test/controllers/devise_token_auth/registrations_controller_test.rb +++ b/test/controllers/devise_token_auth/registrations_controller_test.rb @@ -306,7 +306,7 @@ def mock_registration_params @data = JSON.parse(response.body) @mail = ActionMailer::Base.deliveries.last - @mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)&/)[1] + @mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)[&"]/)[1] @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)\"/)[1]) @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) end @@ -826,7 +826,7 @@ def mock_registration_params @resource.reload - @mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)&/)[1] + @mail_reset_token = @mail.body.match(/confirmation_token=([^&]*)[&"]/)[1] @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=(.*)\"/)[1]) @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) end diff --git a/test/controllers/overrides/omniauth_callbacks_controller_test.rb b/test/controllers/overrides/omniauth_callbacks_controller_test.rb index 224e0294a..c5fd30b2c 100644 --- a/test/controllers/overrides/omniauth_callbacks_controller_test.rb +++ b/test/controllers/overrides/omniauth_callbacks_controller_test.rb @@ -25,7 +25,7 @@ class Overrides::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTe @favorite_color = 'gray' - get '/evil_user_auth/facebook', + post '/evil_user_auth/facebook', params: { auth_origin_url: Faker::Internet.url, favorite_color: @favorite_color, diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb index db3587745..e390af17b 100644 --- a/test/dummy/app/controllers/application_controller.rb +++ b/test/dummy/app/controllers/application_controller.rb @@ -8,11 +8,7 @@ class ApplicationController < ActionController::Base protected def configure_permitted_parameters - permitted_parameters = devise_parameter_sanitizer.instance_values['permitted'] - permitted_parameters[:sign_up] << :operating_thetan - permitted_parameters[:sign_up] << :favorite_color - permitted_parameters[:account_update] << :operating_thetan - permitted_parameters[:account_update] << :favorite_color - permitted_parameters[:account_update] << :current_password + devise_parameter_sanitizer.permit(:sign_up, keys: [:operating_thetan, :favorite_color]) + devise_parameter_sanitizer.permit(:account_update, keys: [:operating_thetan, :favorite_color, :current_password]) end end From 716b63a981615e8c6d5a3128631450d77b2c50c8 Mon Sep 17 00:00:00 2001 From: Matt Langston Date: Fri, 7 Apr 2023 08:44:19 -0500 Subject: [PATCH 31/65] chore: add vanilla-token-auth to client list (#1578) * chore: add vanilla-token-auth to client list * Tweak order --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b76d02851..59800f247 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,7 @@ Also, it maintains a session for each client/device, so you can have as many ses * [Angular-Token](https://github.com/neroniaky/angular-token) for [Angular](https://github.com/angular/angular) * [redux-token-auth](https://github.com/kylecorbelli/redux-token-auth) for [React with Redux](https://github.com/reactjs/react-redux) * [jToker](https://github.com/lynndylanhurley/j-toker) for [jQuery](https://jquery.com/) + * [vanilla-token-auth](https://github.com/theblang/vanilla-token-auth) for an unopinionated client * Oauth2 authentication using [OmniAuth](https://github.com/intridea/omniauth). * Email authentication using [Devise](https://github.com/plataformatec/devise), including: * User registration, update and deletion From 2f664ef3f24b9fd8f8999ab2e6ce67b75b9d04fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1zaro=20Nixon?= Date: Fri, 7 Apr 2023 15:52:00 -0300 Subject: [PATCH 32/65] Method sign_in with wrong parameters (#1586) https://github.com/heartcombo/devise/blob/main/lib/devise/controllers/sign_in_out.rb#L33 --- app/controllers/devise_token_auth/sessions_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_token_auth/sessions_controller.rb b/app/controllers/devise_token_auth/sessions_controller.rb index c201bd670..4f919203c 100644 --- a/app/controllers/devise_token_auth/sessions_controller.rb +++ b/app/controllers/devise_token_auth/sessions_controller.rb @@ -29,7 +29,7 @@ def create create_and_assign_token - sign_in(:user, @resource, store: false, bypass: false) + sign_in(@resource, scope: :user, store: false, bypass: false) yield @resource if block_given? From 7cd39f5ad2d55749abcf32fdaec087391f0221e3 Mon Sep 17 00:00:00 2001 From: Jorge Tomas Date: Fri, 14 Apr 2023 05:12:34 +0200 Subject: [PATCH 33/65] update/Ruby 3.x and Rails 7.0 (#1584) * Updating travis configuration file * Updating Github action configuration * Including gemfile for rails 7.1 * Removing gemfile for Rails 7.1 * Exluding incompatible versions * Adjusting configuration for Rails >= 5 * Removing travis configuration file * Fixing DEPRECATION WARNING from tests * Fixing some typos * updating gemfile for rails 7.0 * Trying actions/checkout@v3 --- .github/workflows/test.yml | 47 +++++++- .travis.yml | 104 ------------------ .../omniauth_callbacks_controller.rb | 6 +- devise_token_auth.gemspec | 2 +- gemfiles/rails_7_0.gemfile | 15 +-- .../omniauth_callbacks_controller_test.rb | 2 +- test/dummy/config/environments/test.rb | 8 +- 7 files changed, 63 insertions(+), 121 deletions(-) delete mode 100644 .travis.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1f11c57a2..d5286d5ef 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,13 +14,16 @@ jobs: - 2.5 - 2.6 - 2.7 + - '3.0' - 3.1 + - 3.2 gemfile: - gemfiles/rails_4_2.gemfile - gemfiles/rails_5_0.gemfile - gemfiles/rails_5_1.gemfile - gemfiles/rails_5_2.gemfile - gemfiles/rails_6_0.gemfile + - gemfiles/rails_7_0.gemfile db: - sqlite - mysql @@ -43,6 +46,14 @@ jobs: - ruby: 2.7 gemfile: gemfiles/rails_6_0_mongoid_7.gemfile devise-token-auth-orm: mongoid + - ruby: 2.7 + gemfile: gemfiles/rails_7_0.gemfile + - ruby: '3.0' + gemfile: gemfiles/rails_7_0.gemfile + - ruby: 3.1 + gemfile: gemfiles/rails_7_0.gemfile + - ruby: 3.2 + gemfile: gemfiles/rails_7_0.gemfile # Waiting for mongoid to support Rails 7.0 # - ruby: '3.0' # gemfile: gemfiles/rails_7_0.gemfile @@ -50,11 +61,33 @@ jobs: # gemfile: gemfiles/rails_7_0_mongoid_7.gemfile # devise-token-auth-orm: mongoid exclude: + - ruby: 2.4 + gemfile: gemfiles/rails_6_0.gemfile + - ruby: 2.4 + gemfile: gemfiles/rails_7_0.gemfile + - ruby: 2.5 + gemfile: gemfiles/rails_7_0.gemfile - ruby: 2.6 gemfile: gemfiles/rails_4_2.gemfile + - ruby: 2.6 + gemfile: gemfiles/rails_7_0.gemfile - ruby: 2.7 gemfile: gemfiles/rails_4_2.gemfile - - ruby: 2.4 + - ruby: 2.7 + gemfile: gemfiles/rails_5_0.gemfile + - ruby: 2.7 + gemfile: gemfiles/rails_5_1.gemfile + - ruby: 2.7 + gemfile: gemfiles/rails_5_2.gemfile + - ruby: '3.0' + gemfile: gemfiles/rails_4_2.gemfile + - ruby: '3.0' + gemfile: gemfiles/rails_5_0.gemfile + - ruby: '3.0' + gemfile: gemfiles/rails_5_1.gemfile + - ruby: '3.0' + gemfile: gemfiles/rails_5_2.gemfile + - ruby: '3.0' gemfile: gemfiles/rails_6_0.gemfile - ruby: 3.1 gemfile: gemfiles/rails_4_2.gemfile @@ -66,6 +99,16 @@ jobs: gemfile: gemfiles/rails_5_2.gemfile - ruby: 3.1 gemfile: gemfiles/rails_6_0.gemfile + - ruby: 3.2 + gemfile: gemfiles/rails_4_2.gemfile + - ruby: 3.2 + gemfile: gemfiles/rails_5_0.gemfile + - ruby: 3.2 + gemfile: gemfiles/rails_5_1.gemfile + - ruby: 3.2 + gemfile: gemfiles/rails_5_2.gemfile + - ruby: 3.2 + gemfile: gemfiles/rails_6_0.gemfile services: mysql: @@ -88,7 +131,7 @@ jobs: env: BUNDLE_GEMFILE: ${{ matrix.gemfile }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Setup Bundler 1.x for Rails 4.x if: ${{ matrix.gemfile == 'gemfiles/rails_4_2.gemfile' || matrix.gemfile == 'gemfiles/rails_4_2_mongoid_5.gemfile' }} run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index df79fec4e..000000000 --- a/.travis.yml +++ /dev/null @@ -1,104 +0,0 @@ -language: ruby -cache: bundler -services: - - mongodb - - mysql - - postgresql -bundler_args: --without development - -rvm: - - 2.3.8 - - 2.4.7 - - 2.5.6 - - 2.6.4 - - 2.7.0 - -gemfile: - - gemfiles/rails_4_2.gemfile - - gemfiles/rails_5_0.gemfile - - gemfiles/rails_5_1.gemfile - - gemfiles/rails_5_2.gemfile - - gemfiles/rails_6_0.gemfile - -env: - global: - - RAILS_ENV=test - matrix: - - DB=sqlite - - DB=mysql - - DB=postgresql - -matrix: - include: - - rvm: 2.3.8 - gemfile: gemfiles/rails_4_2_mongoid_5.gemfile - env: DEVISE_TOKEN_AUTH_ORM=mongoid - - rvm: 2.3.8 - gemfile: gemfiles/rails_5_1_mongoid_6.gemfile - env: DEVISE_TOKEN_AUTH_ORM=mongoid - - rvm: 2.4.7 - gemfile: gemfiles/rails_5_1_mongoid_7.gemfile - env: DEVISE_TOKEN_AUTH_ORM=mongoid - - rvm: 2.5.6 - gemfile: gemfiles/rails_5_2_mongoid_6.gemfile - env: DEVISE_TOKEN_AUTH_ORM=mongoid - - rvm: 2.5.6 - gemfile: gemfiles/rails_5_2_mongoid_7.gemfile - env: DEVISE_TOKEN_AUTH_ORM=mongoid - - rvm: 2.6.4 - gemfile: gemfiles/rails_5_2_mongoid_7.gemfile - env: DEVISE_TOKEN_AUTH_ORM=mongoid - - rvm: 2.7.0 - gemfile: gemfiles/rails_6_0_mongoid_7.gemfile - env: DEVISE_TOKEN_AUTH_ORM=mongoid - - rvm: 3.0.0 - gemfile: gemfiles/rails_7_0.gemfile - - rvm: 3.0.0 - gemfile: gemfiles/rails_7_0_mongoid_7.gemfile - env: DEVISE_TOKEN_AUTH_ORM=mongoid - - name: Code Climate Test Coverage - rvm: 2.5.6 - env: - - CC_TEST_REPORTER_ID=44d7688de8e1b567b4af25ec5083c2cc0a355ab911192a7cbefd1ea25b2ffd3d - - GEMFILE_AR=gemfiles/rails_5_1.gemfile - - GEMFILE_MONGOID=gemfiles/rails_5_1_mongoid_7.gemfile - script: - - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter - - chmod +x ./cc-test-reporter - - ./cc-test-reporter before-build - # with ActiveRecord - - bundle install --jobs=3 --retry=3 --gemfile $GEMFILE_AR - - BUNDLE_GEMFILE=$GEMFILE_AR bundle exec rake --trace db:migrate - - BUNDLE_GEMFILE=$GEMFILE_AR bundle exec rake - - ./cc-test-reporter format-coverage coverage/.resultset.json -t simplecov -o coverage/codeclimate.active_record.json - # with Mongoid - - bundle install --jobs=3 --retry=3 --gemfile $GEMFILE_MONGOID - - BUNDLE_GEMFILE=$GEMFILE_MONGOID DEVISE_TOKEN_AUTH_ORM=mongoid bundle exec rake - - ./cc-test-reporter format-coverage coverage/.resultset.json -t simplecov -o coverage/codeclimate.mongoid.json - # merge test results - - if [[ "$TRAVIS_TEST_RESULT" == 0 ]]; then - ./cc-test-reporter sum-coverage coverage/codeclimate.active_record.json coverage/codeclimate.mongoid.json; - ./cc-test-reporter upload-coverage; - fi - exclude: - - rvm: 2.6.4 - gemfile: gemfiles/rails_4_2.gemfile - - rvm: 2.7.0 - gemfile: gemfiles/rails_4_2.gemfile - - rvm: 2.3.8 - gemfile: gemfiles/rails_6_0.gemfile - - rvm: 2.4.7 - gemfile: gemfiles/rails_6_0.gemfile - fast_finish: true - -before_install: - - "[[ $BUNDLE_GEMFILE == *rails_4_2* ]] && gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true" - - "[[ $BUNDLE_GEMFILE == *rails_4_2* ]] && gem install bundler -v '< 2' || true" - -before_script: - - if [[ $DB == "mysql" ]]; then mysql -e 'create database devise_token_auth_test'; fi - - if [[ $DB == "postgresql" ]]; then psql -c 'create database devise_token_auth_test' -U postgres; fi - -script: - - if [[ $DEVISE_TOKEN_AUTH_ORM == "" ]]; then bundle exec rake --trace db:migrate; fi - - bundle exec rake diff --git a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb index 00298b23c..c6d98f124 100644 --- a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +++ b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb @@ -163,12 +163,11 @@ def omniauth_window_type omniauth_params.nil? ? params['omniauth_window_type'] : omniauth_params['omniauth_window_type'] end - # this sesison value is set by the redirect_callbacks method. its purpose + # this session value is set by the redirect_callbacks method. its purpose # is to persist the omniauth auth hash value thru a redirect. the value - # must be destroyed immediatly after it is accessed by omniauth_success + # must be destroyed immediately after it is accessed by omniauth_success def auth_hash @_auth_hash ||= session.delete('dta.omniauth.auth') - @_auth_hash end # ensure that this controller responds to :devise_controller? conditionals. @@ -282,5 +281,4 @@ def get_resource_from_auth_hash @resource end end - end diff --git a/devise_token_auth.gemspec b/devise_token_auth.gemspec index 910569e8a..c71432466 100644 --- a/devise_token_auth.gemspec +++ b/devise_token_auth.gemspec @@ -11,7 +11,7 @@ Gem::Specification.new do |s| s.version = DeviseTokenAuth::VERSION s.authors = ['Lynn Hurley'] s.email = ['lynn.dylan.hurley@gmail.com'] - s.homepage = 'http://github.com/lynndylanhurley/devise_token_auth' + s.homepage = 'https://github.com/lynndylanhurley/devise_token_auth' s.summary = 'Token based authentication for rails. Uses Devise + OmniAuth.' s.description = 'For use with client side single page apps such as the venerable https://github.com/lynndylanhurley/ng-token-auth.' s.license = 'WTFPL' diff --git a/gemfiles/rails_7_0.gemfile b/gemfiles/rails_7_0.gemfile index 22dda0d0d..b8e2d0875 100644 --- a/gemfiles/rails_7_0.gemfile +++ b/gemfiles/rails_7_0.gemfile @@ -3,6 +3,7 @@ source "https://rubygems.org" gem "omniauth", "~> 2.0" +gem "omniauth-rails_csrf_protection" gem "rails", "~> 7.0" gem "sqlite3", "~> 1.4.1" gem "mysql2" @@ -10,25 +11,25 @@ gem "pg" group :development, :test do gem "attr_encrypted" - gem "figaro" + gem "figaro", "~> 1.2" gem "omniauth-facebook" gem "omniauth-github" gem "omniauth-google-oauth2" gem 'omniauth-apple' - gem "rack-cors", require: "rack/cors" - gem "thor" + gem "rack-cors" + gem "thor", "~> 1.2" gem "database_cleaner" gem "factory_bot_rails" - gem "faker" + gem "faker", "~> 2.16" gem "fuzz_ball" gem "guard" gem "guard-minitest" gem "minitest" gem "minitest-focus" - gem "minitest-rails" + gem "minitest-rails", "~> 7" gem "minitest-reporters" gem "mocha", ">= 1.5" - gem "pry", "< 0.13" + gem "pry" gem "pry-byebug" gem "pry-remote" gem "rubocop", require: false @@ -36,7 +37,7 @@ end group :test do gem "rails-controller-testing" - gem "simplecov", "~> 0.10", "< 0.18", require: false + gem "simplecov", require: false end group :development do diff --git a/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb b/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb index 0f31e1b7a..e104f017e 100644 --- a/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb +++ b/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb @@ -13,7 +13,7 @@ class OmniauthTest < ActionDispatch::IntegrationTest end before do - @redirect_url = 'http://ng-token-auth.dev/' + @redirect_url = 'https://ng-token-auth.dev/' end def get_parsed_data_json diff --git a/test/dummy/config/environments/test.rb b/test/dummy/config/environments/test.rb index 7346cae85..522d49a97 100644 --- a/test/dummy/config/environments/test.rb +++ b/test/dummy/config/environments/test.rb @@ -15,14 +15,18 @@ config.eager_load = false # Configure static asset server for tests with Cache-Control for performance. - Rails::VERSION::MAJOR == 5 ? + Rails::VERSION::MAJOR >= 5 ? (config.public_file_server.enabled = true) : (config.serve_static_files = true) - Rails::VERSION::MAJOR == 5 ? + Rails::VERSION::MAJOR >= 5 ? (config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }) : (config.static_cache_control = 'public, max-age=3600') + if Rails::VERSION::MAJOR > 6 + config.active_record.legacy_connection_handling = false + end + # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false From a30603ffff83caaadbcda104d8e8f24d84a06a48 Mon Sep 17 00:00:00 2001 From: Guillermo Guerrero Date: Fri, 14 Apr 2023 05:15:38 +0200 Subject: [PATCH 34/65] brakeman vulnaribility UnsafeReflection. (#1587) * brakeman vulnaribility UnsafeReflection. * Using ObjectSpace. * Fixed tests. * Fixed plural. --- .../omniauth_callbacks_controller.rb | 14 +++++++------- docs/usage/model_concerns.md | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb index c6d98f124..e4d7738e1 100644 --- a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +++ b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb @@ -132,13 +132,13 @@ def whitelisted_params end def resource_class(mapping = nil) - if omniauth_params['resource_class'] - omniauth_params['resource_class'].constantize - elsif params['resource_class'] - params['resource_class'].constantize - else - raise 'No resource_class found' - end + return @resource_class if defined?(@resource_class) + + constant_name = omniauth_params['resource_class'].presence || params['resource_class'].presence + @resource_class = ObjectSpace.each_object(Class).detect { |cls| cls.to_s == constant_name && cls.pretty_print_inspect.starts_with?(constant_name) } + raise 'No resource_class found' if @resource_class.nil? + + @resource_class end def resource_name diff --git a/docs/usage/model_concerns.md b/docs/usage/model_concerns.md index f78067c0b..e30f67f1d 100644 --- a/docs/usage/model_concerns.md +++ b/docs/usage/model_concerns.md @@ -31,7 +31,7 @@ Models that include the `DeviseTokenAuth::Concerns::User` concern will have acce response.headers.merge!(new_auth_header) ~~~ -* **`build_auth_header`**: generates the auth header that should be sent to the client with the next request. Accepts `token` and `client` as arguments. Returns a string. +* **`build_auth_headers`**: generates the auth header that should be sent to the client with the next request. Accepts `token` and `client` as arguments. Returns a string. **Example**: ~~~ruby From 066ad213e0d487a58677ad14f595dfbdc77c1d6e Mon Sep 17 00:00:00 2001 From: Jorge Tomas Date: Fri, 14 Apr 2023 15:21:13 +0200 Subject: [PATCH 35/65] update/test configuration Rails7 and mongoid7 (#1588) * Updating test configuration to run with rails7 and mongoid7 * Skipping active_record configuration for mongoid in test environment * Updating README status build badge --- .github/workflows/test.yml | 18 ++++++++++++------ README.md | 2 +- gemfiles/rails_7_0_mongoid_7.gemfile | 11 ++++++----- test/dummy/config/environments/test.rb | 2 +- 4 files changed, 20 insertions(+), 13 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d5286d5ef..111d9e101 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -46,20 +46,26 @@ jobs: - ruby: 2.7 gemfile: gemfiles/rails_6_0_mongoid_7.gemfile devise-token-auth-orm: mongoid + - ruby: 2.7 + gemfile: gemfiles/rails_7_0_mongoid_7.gemfile + devise-token-auth-orm: mongoid - ruby: 2.7 gemfile: gemfiles/rails_7_0.gemfile - ruby: '3.0' gemfile: gemfiles/rails_7_0.gemfile + - ruby: '3.0' + gemfile: gemfiles/rails_7_0_mongoid_7.gemfile + devise-token-auth-orm: mongoid - ruby: 3.1 gemfile: gemfiles/rails_7_0.gemfile + - ruby: 3.1 + gemfile: gemfiles/rails_7_0_mongoid_7.gemfile + devise-token-auth-orm: mongoid - ruby: 3.2 gemfile: gemfiles/rails_7_0.gemfile - # Waiting for mongoid to support Rails 7.0 - # - ruby: '3.0' - # gemfile: gemfiles/rails_7_0.gemfile - # - ruby: '3.0' - # gemfile: gemfiles/rails_7_0_mongoid_7.gemfile - # devise-token-auth-orm: mongoid + - ruby: 3.2 + gemfile: gemfiles/rails_7_0_mongoid_7.gemfile + devise-token-auth-orm: mongoid exclude: - ruby: 2.4 gemfile: gemfiles/rails_6_0.gemfile diff --git a/README.md b/README.md index 59800f247..4b32164c8 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Devise Token Auth [![Gem Version](https://badge.fury.io/rb/devise_token_auth.svg)](http://badge.fury.io/rb/devise_token_auth) -[![Build Status](https://travis-ci.org/lynndylanhurley/devise_token_auth.svg?branch=master)](https://travis-ci.org/lynndylanhurley/devise_token_auth) +[![Build Status](https://github.com/lynndylanhurley/devise_token_auth/actions/workflows/test.yml/badge.svg?branch=master)](https://github.com/lynndylanhurley/devise_token_auth/actions/workflows/test.yml) [![Code Climate](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/badges/gpa.svg)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth) [![Test Coverage](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/badges/coverage.svg)](https://codeclimate.com/github/lynndylanhurley/devise_token_auth/coverage) [![Downloads](https://img.shields.io/gem/dt/devise_token_auth.svg)](https://rubygems.org/gems/devise_token_auth) diff --git a/gemfiles/rails_7_0_mongoid_7.gemfile b/gemfiles/rails_7_0_mongoid_7.gemfile index 32561e4e7..c6653099f 100644 --- a/gemfiles/rails_7_0_mongoid_7.gemfile +++ b/gemfiles/rails_7_0_mongoid_7.gemfile @@ -4,27 +4,28 @@ source "https://rubygems.org" gem "omniauth", "~> 2.0" gem "rails", "~> 7.0" +gem "omniauth-rails_csrf_protection" gem "mongoid", "~> 7.0" gem "mongoid-locker", "~> 1.0" group :development, :test do gem "attr_encrypted" - gem "figaro" + gem "figaro", "~> 1.2" gem "omniauth-facebook" gem "omniauth-github" gem "omniauth-google-oauth2" gem "omniauth-apple" gem "rack-cors" - gem "thor" + gem "thor", "~> 1.2" gem "database_cleaner-mongoid" gem "factory_bot_rails" - gem "faker" + gem "faker", "~> 2.16" gem "fuzz_ball" gem "guard" gem "guard-minitest" gem "minitest" gem "minitest-focus" - gem "minitest-rails" + gem "minitest-rails", "~> 7" gem "minitest-reporters" gem "mocha", ">= 1.5" gem "pry" @@ -35,7 +36,7 @@ end group :test do gem "rails-controller-testing" - gem "simplecov", "~> 0.10", "< 0.18", require: false + gem "simplecov", require: false end group :development do diff --git a/test/dummy/config/environments/test.rb b/test/dummy/config/environments/test.rb index 522d49a97..0a31ff05c 100644 --- a/test/dummy/config/environments/test.rb +++ b/test/dummy/config/environments/test.rb @@ -23,7 +23,7 @@ (config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }) : (config.static_cache_control = 'public, max-age=3600') - if Rails::VERSION::MAJOR > 6 + if Rails::VERSION::MAJOR > 6 && ENV['DEVISE_TOKEN_AUTH_ORM'] != 'mongoid' config.active_record.legacy_connection_handling = false end From d03606c8e839b48dab608947a7fc99b73e3168b0 Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Sat, 15 Apr 2023 16:02:48 -0300 Subject: [PATCH 36/65] Remove sprockets (#1589) --- devise_token_auth.gemspec | 1 - 1 file changed, 1 deletion(-) diff --git a/devise_token_auth.gemspec b/devise_token_auth.gemspec index c71432466..3d35beb54 100644 --- a/devise_token_auth.gemspec +++ b/devise_token_auth.gemspec @@ -23,7 +23,6 @@ Gem::Specification.new do |s| s.required_ruby_version = ">= 2.3.0" s.add_dependency 'rails', '>= 4.2.0', '< 7.1' - s.add_dependency 'sprockets', '3.7.2' s.add_dependency 'devise', '> 3.5.2', '< 5' s.add_dependency 'bcrypt', '~> 3.0' From 644ce24e261b17e6fc0b89d727a2f80c0e281e41 Mon Sep 17 00:00:00 2001 From: Lynn Dylan Hurley Date: Mon, 24 Apr 2023 08:07:11 -0700 Subject: [PATCH 37/65] Create dependabot.yml --- .github/dependabot.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..ac6621f19 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" From 5c06a65e2deaed34d34e06242b895e3a77217424 Mon Sep 17 00:00:00 2001 From: Jorge Tomas Date: Mon, 24 Apr 2023 23:50:23 +0200 Subject: [PATCH 38/65] Setting up dependabot configuration file (#1590) --- .github/dependabot.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index ac6621f19..4eb1e26e2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,7 +5,9 @@ version: 2 updates: - - package-ecosystem: "" # See documentation for possible values - directory: "/" # Location of package manifests + - package-ecosystem: "bundler" + directory: "/" schedule: interval: "weekly" + open-pull-requests-limit: 5 + target-branch: "master" From 4d52a74f3d914056be6d9a178837533d9b3ab5ad Mon Sep 17 00:00:00 2001 From: "Rafael H.F.S" Date: Tue, 25 Apr 2023 08:42:58 -0300 Subject: [PATCH 39/65] Remove bearer token if cookie_enabled is true (#1567) * Sets authorization header name * Writes and reads Authorization token * On decoding bearer token, if it is an invalid base64, rescues to empty hash * Added controller tests for Authorization header * Removes bearer token if cookie_enabled is true * Style --- app/models/devise_token_auth/concerns/user.rb | 4 +++- .../devise_token_auth/sessions_controller_test.rb | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb index 460cecca4..5b6ceed89 100644 --- a/app/models/devise_token_auth/concerns/user.rb +++ b/app/models/devise_token_auth/concerns/user.rb @@ -194,9 +194,11 @@ def build_auth_headers(token, client = 'default') end def build_bearer_token(auth) + return {} if DeviseTokenAuth.cookie_enabled # There is no need for the bearer token if it is using cookies + encoded_token = Base64.strict_encode64(auth.to_json) bearer_token = "Bearer #{encoded_token}" - {DeviseTokenAuth.headers_names[:"authorization"] => bearer_token} + { DeviseTokenAuth.headers_names[:"authorization"] => bearer_token } end def update_auth_headers(token, client = 'default') diff --git a/test/controllers/devise_token_auth/sessions_controller_test.rb b/test/controllers/devise_token_auth/sessions_controller_test.rb index 8a2a45b61..470037dc9 100644 --- a/test/controllers/devise_token_auth/sessions_controller_test.rb +++ b/test/controllers/devise_token_auth/sessions_controller_test.rb @@ -39,13 +39,17 @@ class DeviseTokenAuth::SessionsControllerTest < ActionController::TestCase describe 'using auth cookie' do before do DeviseTokenAuth.cookie_enabled = true + post :create, params: @user_session_params end test 'request should return auth cookie' do - post :create, params: @user_session_params assert response.cookies[DeviseTokenAuth.cookie_name] end + test 'request should not include bearer token' do + assert_nil response.headers["Authorization"] + end + after do DeviseTokenAuth.cookie_enabled = false end From d73856df29ac9e30c86350a2e8bdcb8b017c509a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Apr 2023 08:47:08 -0300 Subject: [PATCH 40/65] Update faker requirement from ~> 2.16 to ~> 3.2 (#1593) Updates the requirements on [faker](https://github.com/faker-ruby/faker) to permit the latest version. - [Release notes](https://github.com/faker-ruby/faker/releases) - [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md) - [Commits](https://github.com/faker-ruby/faker/compare/v2.16.0...v3.2.0) --- updated-dependencies: - dependency-name: faker dependency-type: direct:development ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index d75f8ed25..312d53b80 100644 --- a/Gemfile +++ b/Gemfile @@ -32,7 +32,7 @@ group :development, :test do # gem 'spring' gem 'database_cleaner' gem 'factory_bot_rails' - gem 'faker', '~> 2.16' + gem 'faker', '~> 3.2' gem 'fuzz_ball' gem 'minitest' gem 'minitest-focus' From 6fa4deef496deb4bc0ba7c48e5cf57976d245e50 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Apr 2023 09:05:24 -0300 Subject: [PATCH 41/65] Update mongoid-locker requirement from ~> 1.0 to ~> 2.0 (#1592) Updates the requirements on [mongoid-locker](https://github.com/mongoid/mongoid-locker) to permit the latest version. - [Release notes](https://github.com/mongoid/mongoid-locker/releases) - [Changelog](https://github.com/mongoid/mongoid-locker/blob/master/CHANGELOG.md) - [Commits](https://github.com/mongoid/mongoid-locker/compare/v1.0.0...v2.0.2) --- updated-dependencies: - dependency-name: mongoid-locker dependency-type: direct:development ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- devise_token_auth.gemspec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 312d53b80..752d2da23 100644 --- a/Gemfile +++ b/Gemfile @@ -68,7 +68,7 @@ if ENV['MONGOID_VERSION'] gem 'mongoid', '>= 5' end - gem 'mongoid-locker', '~> 1.0' + gem 'mongoid-locker', '~> 2.0' end gem "rails", "~> 7" diff --git a/devise_token_auth.gemspec b/devise_token_auth.gemspec index 3d35beb54..1a3931de7 100644 --- a/devise_token_auth.gemspec +++ b/devise_token_auth.gemspec @@ -31,5 +31,5 @@ Gem::Specification.new do |s| s.add_development_dependency 'pg' s.add_development_dependency 'mysql2' s.add_development_dependency 'mongoid', '>= 4', '< 8' - s.add_development_dependency 'mongoid-locker', '~> 1.0' + s.add_development_dependency 'mongoid-locker', '~> 2.0' end From e394c12e929a17e891225df1998db8f269e4c9d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diefferson=20Koderer=20M=C3=B4ro?= Date: Thu, 1 Jun 2023 23:16:29 -0300 Subject: [PATCH 42/65] =?UTF-8?q?=F0=9F=90=9B=20Not=20update=20cookies=20w?= =?UTF-8?q?hen=20is=20a=20batch=20request=20(#1577)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 🐛 Not update cookies when is a batch request * ✅ Fix confirmations controller test --- .../devise_token_auth/concerns/set_user_by_token.rb | 4 ++-- .../devise_token_auth/confirmations_controller.rb | 2 +- .../devise_token_auth/confirmations_controller_test.rb | 9 ++++++--- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb index 41c5c4b49..d53de8edc 100644 --- a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb +++ b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb @@ -154,8 +154,8 @@ def refresh_headers # update the response header response.headers.merge!(_auth_header_from_batch_request) - # set a server cookie if configured - if DeviseTokenAuth.cookie_enabled + # set a server cookie if configured and is not a batch request + if DeviseTokenAuth.cookie_enabled && !@is_batch_request set_cookie(_auth_header_from_batch_request) end end # end lock diff --git a/app/controllers/devise_token_auth/confirmations_controller.rb b/app/controllers/devise_token_auth/confirmations_controller.rb index 953fee967..87389d4dc 100644 --- a/app/controllers/devise_token_auth/confirmations_controller.rb +++ b/app/controllers/devise_token_auth/confirmations_controller.rb @@ -22,7 +22,7 @@ def show redirect_to_link = signed_in_resource.build_auth_url(redirect_url, redirect_headers) else redirect_to_link = DeviseTokenAuth::Url.generate(redirect_url, redirect_header_options) - end + end redirect_to(redirect_to_link) else diff --git a/test/controllers/devise_token_auth/confirmations_controller_test.rb b/test/controllers/devise_token_auth/confirmations_controller_test.rb index 161e0e289..0d4990b1b 100644 --- a/test/controllers/devise_token_auth/confirmations_controller_test.rb +++ b/test/controllers/devise_token_auth/confirmations_controller_test.rb @@ -202,9 +202,12 @@ def token_and_client_config_from(body) describe 'failure' do test 'user should not be confirmed' do - assert_raises(ActionController::RoutingError) do - get :show, params: { confirmation_token: 'bogus' } - end + get :show, + params: { confirmation_token: 'bogus', + redirect_url: @redirect_url } + + assert_redirected_to(/^#{@redirect_url}/) + @resource = assigns(:resource) refute @resource.confirmed? end From f2a85202741e1d9cd85ad344f069e08d0b3ff077 Mon Sep 17 00:00:00 2001 From: Tomoya Yoshida Date: Fri, 2 Jun 2023 11:29:23 +0900 Subject: [PATCH 43/65] add redirect_to options for rails7 allow_other_host (#1599) --- app/controllers/devise_token_auth/application_controller.rb | 4 ++++ .../devise_token_auth/confirmations_controller.rb | 2 +- .../devise_token_auth/omniauth_callbacks_controller.rb | 4 ++-- app/controllers/devise_token_auth/passwords_controller.rb | 6 ++++-- app/controllers/devise_token_auth/unlocks_controller.rb | 3 ++- .../app/controllers/overrides/confirmations_controller.rb | 3 ++- .../dummy/app/controllers/overrides/passwords_controller.rb | 3 ++- 7 files changed, 17 insertions(+), 8 deletions(-) diff --git a/app/controllers/devise_token_auth/application_controller.rb b/app/controllers/devise_token_auth/application_controller.rb index b51ba1561..6c6b85e7e 100644 --- a/app/controllers/devise_token_auth/application_controller.rb +++ b/app/controllers/devise_token_auth/application_controller.rb @@ -84,6 +84,10 @@ def success_message(name, email) end end + def redirect_options + {} + end + # When using a cookie to transport the auth token we can set it immediately in flows such as # reset password and OmniAuth success, rather than making the client scrape the token from # query params (to then send in the initial validate_token request). diff --git a/app/controllers/devise_token_auth/confirmations_controller.rb b/app/controllers/devise_token_auth/confirmations_controller.rb index 87389d4dc..abb703b59 100644 --- a/app/controllers/devise_token_auth/confirmations_controller.rb +++ b/app/controllers/devise_token_auth/confirmations_controller.rb @@ -24,7 +24,7 @@ def show redirect_to_link = DeviseTokenAuth::Url.generate(redirect_url, redirect_header_options) end - redirect_to(redirect_to_link) + redirect_to(redirect_to_link, redirect_options) else if redirect_url redirect_to DeviseTokenAuth::Url.generate(redirect_url, account_confirmation_success: false) diff --git a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb index e4d7738e1..bc06c36d1 100644 --- a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb +++ b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb @@ -23,7 +23,7 @@ def redirect_callbacks session['dta.omniauth.auth'] = request.env['omniauth.auth'].except('extra') session['dta.omniauth.params'] = request.env['omniauth.params'] - redirect_to redirect_route, status: 307 + redirect_to redirect_route, {status: 307}.merge(redirect_options) end def get_redirect_route(devise_mapping) @@ -227,7 +227,7 @@ def render_data_or_redirect(message, data, user_data = {}) elsif auth_origin_url # default to same-window implementation, which forwards back to auth_origin_url # build and redirect to destination url - redirect_to DeviseTokenAuth::Url.generate(auth_origin_url, data.merge(blank: true)) + redirect_to DeviseTokenAuth::Url.generate(auth_origin_url, data.merge(blank: true).merge(redirect_options)) else # there SHOULD always be an auth_origin_url, but if someone does something silly diff --git a/app/controllers/devise_token_auth/passwords_controller.rb b/app/controllers/devise_token_auth/passwords_controller.rb index 3aa44fc04..e930ee3ed 100644 --- a/app/controllers/devise_token_auth/passwords_controller.rb +++ b/app/controllers/devise_token_auth/passwords_controller.rb @@ -49,7 +49,8 @@ def edit yield @resource if block_given? if require_client_password_reset_token? - redirect_to DeviseTokenAuth::Url.generate(@redirect_url, reset_password_token: resource_params[:reset_password_token]) + redirect_to DeviseTokenAuth::Url.generate(@redirect_url, reset_password_token: resource_params[:reset_password_token]), + redirect_options else if DeviseTokenAuth.cookie_enabled set_token_in_cookie(@resource, token) @@ -60,7 +61,8 @@ def edit token.client, redirect_header_options) redirect_to(@resource.build_auth_url(@redirect_url, - redirect_headers)) + redirect_headers), + redirect_options) end else render_edit_error diff --git a/app/controllers/devise_token_auth/unlocks_controller.rb b/app/controllers/devise_token_auth/unlocks_controller.rb index 5105af22d..c5f8ef69f 100644 --- a/app/controllers/devise_token_auth/unlocks_controller.rb +++ b/app/controllers/devise_token_auth/unlocks_controller.rb @@ -44,7 +44,8 @@ def show token.client, redirect_header_options) redirect_to(@resource.build_auth_url(after_unlock_path_for(@resource), - redirect_headers)) + redirect_headers), + redirect_options) else render_show_error end diff --git a/test/dummy/app/controllers/overrides/confirmations_controller.rb b/test/dummy/app/controllers/overrides/confirmations_controller.rb index b64e72279..68e5ae646 100644 --- a/test/dummy/app/controllers/overrides/confirmations_controller.rb +++ b/test/dummy/app/controllers/overrides/confirmations_controller.rb @@ -19,7 +19,8 @@ def show redirect_header_options) redirect_to(@resource.build_auth_url(params[:redirect_url], - redirect_headers)) + redirect_headers), + redirect_options) else raise ActionController::RoutingError, 'Not Found' end diff --git a/test/dummy/app/controllers/overrides/passwords_controller.rb b/test/dummy/app/controllers/overrides/passwords_controller.rb index 8be963e12..6afecef3d 100644 --- a/test/dummy/app/controllers/overrides/passwords_controller.rb +++ b/test/dummy/app/controllers/overrides/passwords_controller.rb @@ -26,7 +26,8 @@ def edit token.client, redirect_header_options) redirect_to(@resource.build_auth_url(params[:redirect_url], - redirect_headers)) + redirect_headers), + redirect_options) else raise ActionController::RoutingError, 'Not Found' end From 207a246856494a371abac7e0316bd9264f92b8ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20H=C3=B6ppner?= <88321881+moritzhoeppner@users.noreply.github.com> Date: Tue, 6 Jun 2023 14:24:08 +0200 Subject: [PATCH 44/65] Don't leak information about the existence of accounts in SessionsController (#1600) * Don't leak information about the existence of accounts in DeivseTokenAuth::SessionsController * Refactor SessionsController --- .../devise_token_auth/sessions_controller.rb | 17 ++- .../sessions_controller_test.rb | 143 +++++++++++++----- 2 files changed, 117 insertions(+), 43 deletions(-) diff --git a/app/controllers/devise_token_auth/sessions_controller.rb b/app/controllers/devise_token_auth/sessions_controller.rb index 4f919203c..31286412d 100644 --- a/app/controllers/devise_token_auth/sessions_controller.rb +++ b/app/controllers/devise_token_auth/sessions_controller.rb @@ -11,11 +11,7 @@ def new end def create - # Check - field = (resource_params.keys.map(&:to_sym) & resource_class.authentication_keys).first - - @resource = nil - if field + if field = (resource_params.keys.map(&:to_sym) & resource_class.authentication_keys).first q_value = get_case_insensitive_field_from_resource_params(field) @resource = find_resource(field, q_value) @@ -34,13 +30,14 @@ def create yield @resource if block_given? render_create_success - elsif @resource && !(!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?) + elsif @resource && !Devise.paranoid && !(!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?) if @resource.respond_to?(:locked_at) && @resource.locked_at render_create_error_account_locked else render_create_error_not_confirmed end else + hash_password_in_paranoid_mode render_create_error_bad_credentials end end @@ -144,5 +141,13 @@ def create_and_assign_token @resource.save! end end + + def hash_password_in_paranoid_mode + # In order to avoid timing attacks in paranoid mode, we want the password hash to be + # calculated even if no resource has been found. Devise's DatabaseAuthenticatable warden + # strategy handles this case similarly: + # https://github.com/heartcombo/devise/blob/main/lib/devise/strategies/database_authenticatable.rb + resource_class.new.password = resource_params[:password] if Devise.paranoid + end end end diff --git a/test/controllers/devise_token_auth/sessions_controller_test.rb b/test/controllers/devise_token_auth/sessions_controller_test.rb index 470037dc9..7df323707 100644 --- a/test/controllers/devise_token_auth/sessions_controller_test.rb +++ b/test/controllers/devise_token_auth/sessions_controller_test.rb @@ -310,23 +310,47 @@ def @controller.reset_session end describe 'Unconfirmed user' do - before do - @unconfirmed_user = create(:user) - post :create, params: { email: @unconfirmed_user.email, - password: @unconfirmed_user.password } - @resource = assigns(:resource) - @data = JSON.parse(response.body) - end + describe 'Without paranoid mode' do + before do + @unconfirmed_user = create(:user) + post :create, params: { email: @unconfirmed_user.email, + password: @unconfirmed_user.password } + @resource = assigns(:resource) + @data = JSON.parse(response.body) + end - test 'request should fail' do - assert_equal 401, response.status + test 'request should fail' do + assert_equal 401, response.status + end + + test 'response should contain errors' do + assert @data['errors'] + assert_equal @data['errors'], + [I18n.t('devise_token_auth.sessions.not_confirmed', + email: @unconfirmed_user.email)] + end end + + describe 'With paranoid mode' do + before do + @unconfirmed_user = create(:user) + swap Devise, paranoid: true do + post :create, params: { email: @unconfirmed_user.email, + password: @unconfirmed_user.password } + end + @resource = assigns(:resource) + @data = JSON.parse(response.body) + end - test 'response should contain errors' do - assert @data['errors'] - assert_equal @data['errors'], - [I18n.t('devise_token_auth.sessions.not_confirmed', - email: @unconfirmed_user.email)] + test 'request should fail' do + assert_equal 401, response.status + end + + test 'response should contain errors that do not leak the existence of the account' do + assert @data['errors'] + assert_equal @data['errors'], + [I18n.t('devise_token_auth.sessions.bad_credentials')] + end end end @@ -375,20 +399,42 @@ def @controller.reset_session end describe 'Non-existing user' do - before do - post :create, - params: { email: -> { Faker::Internet.email }, - password: -> { Faker::Number.number(10) } } - @resource = assigns(:resource) - @data = JSON.parse(response.body) - end + describe 'Without paranoid mode' do + before do + post :create, + params: { email: -> { Faker::Internet.email }, + password: -> { Faker::Number.number(10) } } + @resource = assigns(:resource) + @data = JSON.parse(response.body) + end - test 'request should fail' do - assert_equal 401, response.status + test 'request should fail' do + assert_equal 401, response.status + end + + test 'response should contain errors' do + assert @data['errors'] + end end - test 'response should contain errors' do - assert @data['errors'] + describe 'With paranoid mode' do + before do + mock_hash = '$2a$04$MUWADkfA6MHXDdWHoep6QOvX1o0Y56pNqt3NMWQ9zCRwKSp1HZJba' + @bcrypt_mock = MiniTest::Mock.new + @bcrypt_mock.expect(:call, mock_hash, [Object, String]) + + swap Devise, paranoid: true do + BCrypt::Engine.stub :hash_secret, @bcrypt_mock do + post :create, + params: { email: -> { Faker::Internet.email }, + password: -> { Faker::Number.number(10) } } + end + end + end + + test 'password should be hashed' do + @bcrypt_mock.verify + end end end @@ -472,21 +518,44 @@ def @controller.reset_session end describe 'locked user' do - before do - @locked_user = create(:lockable_user, :locked) - post :create, - params: { email: @locked_user.email, - password: @locked_user.password } - @data = JSON.parse(response.body) - end + describe 'Without paranoid mode' do + before do + @locked_user = create(:lockable_user, :locked) + post :create, + params: { email: @locked_user.email, + password: @locked_user.password } + @data = JSON.parse(response.body) + end - test 'request should fail' do - assert_equal 401, response.status + test 'request should fail' do + assert_equal 401, response.status + end + + test 'response should contain errors' do + assert @data['errors'] + assert_equal @data['errors'], [I18n.t('devise.mailer.unlock_instructions.account_lock_msg')] + end end - test 'response should contain errors' do - assert @data['errors'] - assert_equal @data['errors'], [I18n.t('devise.mailer.unlock_instructions.account_lock_msg')] + describe 'With paranoid mode' do + before do + @locked_user = create(:lockable_user, :locked) + swap Devise, paranoid: true do + post :create, + params: { email: @locked_user.email, + password: @locked_user.password } + end + @data = JSON.parse(response.body) + end + + test 'request should fail' do + assert_equal 401, response.status + end + + test 'response should contain errors that do not leak the existence of the account' do + assert @data['errors'] + assert_equal @data['errors'], [I18n.t('devise_token_auth.sessions.bad_credentials')] + end end end From c15c5f0724b5bc181c95d679621a173c949c0cf8 Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Sun, 11 Jun 2023 18:32:53 -0300 Subject: [PATCH 45/65] Drop support for ruby 2.4 (#1601) --- .github/workflows/test.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 111d9e101..30028b6aa 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,7 +10,6 @@ jobs: fail-fast: false matrix: ruby: - - 2.4 - 2.5 - 2.6 - 2.7 @@ -31,9 +30,6 @@ jobs: devise-token-auth-orm: - active_record include: - - ruby: 2.4 - gemfile: gemfiles/rails_5_1_mongoid_7.gemfile - devise-token-auth-orm: mongoid - ruby: 2.5 gemfile: gemfiles/rails_5_2_mongoid_6.gemfile devise-token-auth-orm: mongoid @@ -67,10 +63,6 @@ jobs: gemfile: gemfiles/rails_7_0_mongoid_7.gemfile devise-token-auth-orm: mongoid exclude: - - ruby: 2.4 - gemfile: gemfiles/rails_6_0.gemfile - - ruby: 2.4 - gemfile: gemfiles/rails_7_0.gemfile - ruby: 2.5 gemfile: gemfiles/rails_7_0.gemfile - ruby: 2.6 From eeed6422a025813010ac1dcb922661d05266e36e Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Mon, 12 Jun 2023 09:35:04 -0300 Subject: [PATCH 46/65] Bump to 1.2.2 (#1602) --- CHANGELOG.md | 223 +++++++++++++++++++++++++++++++ lib/devise_token_auth/version.rb | 2 +- 2 files changed, 224 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f4e311c36..c0b4a1c37 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,225 @@ # Change Log +## [v1.2.2](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.2) (2023-06-11) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.1...v1.2.2) + +**Closed issues:** + +- keep getting a 401 on overriden create devise [\#1598](https://github.com/lynndylanhurley/devise_token_auth/issues/1598) +- Method sign\_in called with incorrect paramenters [\#1585](https://github.com/lynndylanhurley/devise_token_auth/issues/1585) +- Release latest version, there are too many fixes in the master waiting to be released [\#1560](https://github.com/lynndylanhurley/devise_token_auth/issues/1560) +- NoMethodError: undefined method `downcase' for nil:NilClass [\#1540](https://github.com/lynndylanhurley/devise_token_auth/issues/1540) +- Confirming an already confirmed user -- still not quite working. [\#1123](https://github.com/lynndylanhurley/devise_token_auth/issues/1123) +- Email confirmation route [\#1110](https://github.com/lynndylanhurley/devise_token_auth/issues/1110) + +**Merged pull requests:** + +- Drop support for ruby 2.4 [\#1601](https://github.com/lynndylanhurley/devise_token_auth/pull/1601) ([MaicolBen](https://github.com/MaicolBen)) +- Don't leak information about the existence of accounts in SessionsController [\#1600](https://github.com/lynndylanhurley/devise_token_auth/pull/1600) ([moritzhoeppner](https://github.com/moritzhoeppner)) +- add redirect\_to options for rails7 allow\_other\_host [\#1599](https://github.com/lynndylanhurley/devise_token_auth/pull/1599) ([ihatov08](https://github.com/ihatov08)) +- Update faker requirement from ~\> 2.16 to ~\> 3.2 [\#1593](https://github.com/lynndylanhurley/devise_token_auth/pull/1593) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Update mongoid-locker requirement from ~\> 1.0 to ~\> 2.0 [\#1592](https://github.com/lynndylanhurley/devise_token_auth/pull/1592) ([dependabot[bot]](https://github.com/apps/dependabot)) +- dependencies/dependabot configuration [\#1590](https://github.com/lynndylanhurley/devise_token_auth/pull/1590) ([jotolo](https://github.com/jotolo)) +- Remove sprockets [\#1589](https://github.com/lynndylanhurley/devise_token_auth/pull/1589) ([MaicolBen](https://github.com/MaicolBen)) +- update/test configuration Rails7 and mongoid7 [\#1588](https://github.com/lynndylanhurley/devise_token_auth/pull/1588) ([jotolo](https://github.com/jotolo)) +- brakeman vulnaribility UnsafeReflection. [\#1587](https://github.com/lynndylanhurley/devise_token_auth/pull/1587) ([ryanfox1985](https://github.com/ryanfox1985)) +- Method sign\_in with wrong parameters [\#1586](https://github.com/lynndylanhurley/devise_token_auth/pull/1586) ([lazaronixon](https://github.com/lazaronixon)) +- update/Ruby 3.x and Rails 7.0 [\#1584](https://github.com/lynndylanhurley/devise_token_auth/pull/1584) ([jotolo](https://github.com/jotolo)) +- Add support for ruby 3 & fix test suite [\#1582](https://github.com/lynndylanhurley/devise_token_auth/pull/1582) ([MaicolBen](https://github.com/MaicolBen)) +- chore: add vanilla-token-auth to client list [\#1578](https://github.com/lynndylanhurley/devise_token_auth/pull/1578) ([theblang](https://github.com/theblang)) +- 🐛 Not update cookies when is a batch request [\#1577](https://github.com/lynndylanhurley/devise_token_auth/pull/1577) ([djpremier](https://github.com/djpremier)) +- Revert "Fix unpermitted parameters warning" [\#1571](https://github.com/lynndylanhurley/devise_token_auth/pull/1571) ([MaicolBen](https://github.com/MaicolBen)) +- Fixed vulnerabilities [\#1569](https://github.com/lynndylanhurley/devise_token_auth/pull/1569) ([ryanfox1985](https://github.com/ryanfox1985)) +- Remove bearer token if cookie\_enabled is true [\#1567](https://github.com/lynndylanhurley/devise_token_auth/pull/1567) ([rhiroshi](https://github.com/rhiroshi)) +- Update initializer template [\#1564](https://github.com/lynndylanhurley/devise_token_auth/pull/1564) ([djpremier](https://github.com/djpremier)) +- Allow omniauth redirect post method [\#1563](https://github.com/lynndylanhurley/devise_token_auth/pull/1563) ([florindiconescu](https://github.com/florindiconescu)) +- Avoid raising a RoutingError when confirming a user twice [\#1557](https://github.com/lynndylanhurley/devise_token_auth/pull/1557) ([micred](https://github.com/micred)) +- Added 'Authorization' header with bearer token [\#1534](https://github.com/lynndylanhurley/devise_token_auth/pull/1534) ([rhiroshi](https://github.com/rhiroshi)) + +## [v1.2.1](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.1) (2022-09-10) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.0...v1.2.1) + +**Closed issues:** + +- registrations controller. tokens only for authenticated [\#1553](https://github.com/lynndylanhurley/devise_token_auth/issues/1553) +- Rails 7 support [\#1552](https://github.com/lynndylanhurley/devise_token_auth/issues/1552) +- Not working with any version of Rails 6 and 7 [\#1551](https://github.com/lynndylanhurley/devise_token_auth/issues/1551) +- Commit 1a0483fbd12583810f21eb320abfa8b768724774 makes \#\ [\#1538](https://github.com/lynndylanhurley/devise_token_auth/issues/1538) +- Rails 7 support? [\#1533](https://github.com/lynndylanhurley/devise_token_auth/issues/1533) +- Request: [\#1526](https://github.com/lynndylanhurley/devise_token_auth/issues/1526) +- Rails 7 Issue [\#1523](https://github.com/lynndylanhurley/devise_token_auth/issues/1523) +- Bearer Token Usage [\#1522](https://github.com/lynndylanhurley/devise_token_auth/issues/1522) +- Got "ActionDispatch::Request::Session::DisabledSessionError" [\#1521](https://github.com/lynndylanhurley/devise_token_auth/issues/1521) +- Travis CI migration or alternatives [\#1518](https://github.com/lynndylanhurley/devise_token_auth/issues/1518) +- Update dependency to support Rails 7.0.0.rc1 [\#1515](https://github.com/lynndylanhurley/devise_token_auth/issues/1515) +- Devise, devise\_auth\_token and activeadmin with 2 different models - Controller error [\#1512](https://github.com/lynndylanhurley/devise_token_auth/issues/1512) +- Paranoid mode still returning a distinguishable 404 responses [\#1510](https://github.com/lynndylanhurley/devise_token_auth/issues/1510) +- Invalid client with google-oauth2 [\#1499](https://github.com/lynndylanhurley/devise_token_auth/issues/1499) +- Concurrency issue? [\#1497](https://github.com/lynndylanhurley/devise_token_auth/issues/1497) +- Doesn't seem to follow Bearer Token authorization spec...? [\#1487](https://github.com/lynndylanhurley/devise_token_auth/issues/1487) +- Can we have a new version released? [\#1483](https://github.com/lynndylanhurley/devise_token_auth/issues/1483) +- Token invalidation after canceled request by the frontend app [\#1232](https://github.com/lynndylanhurley/devise_token_auth/issues/1232) +- FrozenError \(can't modify frozen Hash\) [\#1151](https://github.com/lynndylanhurley/devise_token_auth/issues/1151) +- Password Reset Links Invalidated After Being Clicked [\#1141](https://github.com/lynndylanhurley/devise_token_auth/issues/1141) +- Authorization Request Header Field? [\#902](https://github.com/lynndylanhurley/devise_token_auth/issues/902) +- jsonb token [\#841](https://github.com/lynndylanhurley/devise_token_auth/issues/841) + +**Merged pull requests:** + +- Fix unpermitted parameters warning [\#1568](https://github.com/lynndylanhurley/devise_token_auth/pull/1568) ([remy727](https://github.com/remy727)) +- Update changelog [\#1555](https://github.com/lynndylanhurley/devise_token_auth/pull/1555) ([MaicolBen](https://github.com/MaicolBen)) +- Add custom uid reference [\#1554](https://github.com/lynndylanhurley/devise_token_auth/pull/1554) ([florindiconescu](https://github.com/florindiconescu)) +- Update ja.yml [\#1550](https://github.com/lynndylanhurley/devise_token_auth/pull/1550) ([RaziAhmad123](https://github.com/RaziAhmad123)) +- Fixed ja.yml because CI failed. [\#1547](https://github.com/lynndylanhurley/devise_token_auth/pull/1547) ([hatsu38](https://github.com/hatsu38)) +- Translate the unlocks, confirmations message into Japanese [\#1544](https://github.com/lynndylanhurley/devise_token_auth/pull/1544) ([hatsu38](https://github.com/hatsu38)) +- Set cookie token immediately in reset password and OmniAuth success flows [\#1542](https://github.com/lynndylanhurley/devise_token_auth/pull/1542) ([theblang](https://github.com/theblang)) +- Fix Paranoid Status Codes [\#1524](https://github.com/lynndylanhurley/devise_token_auth/pull/1524) ([keithdoggett](https://github.com/keithdoggett)) +- add `previous\_token` [\#1520](https://github.com/lynndylanhurley/devise_token_auth/pull/1520) ([sudhanshu16](https://github.com/sudhanshu16)) +- Migrate to GitHub Actions [\#1519](https://github.com/lynndylanhurley/devise_token_auth/pull/1519) ([enomotodev](https://github.com/enomotodev)) +- Support Rails 7.0 [\#1517](https://github.com/lynndylanhurley/devise_token_auth/pull/1517) ([enomotodev](https://github.com/enomotodev)) +- \[bugfix\] omniauth: handle POST action redirects [\#1509](https://github.com/lynndylanhurley/devise_token_auth/pull/1509) ([lynndylanhurley](https://github.com/lynndylanhurley)) +- Fix the doc missing configure devise mail sender [\#1504](https://github.com/lynndylanhurley/devise_token_auth/pull/1504) ([hsonthach](https://github.com/hsonthach)) +- Fix callback if migrations fails [\#1502](https://github.com/lynndylanhurley/devise_token_auth/pull/1502) ([thooams](https://github.com/thooams)) +- wrap creation and save of token in a transaction [\#1498](https://github.com/lynndylanhurley/devise_token_auth/pull/1498) ([pascalbetz](https://github.com/pascalbetz)) +- Increase required ruby version to 2.3 [\#1495](https://github.com/lynndylanhurley/devise_token_auth/pull/1495) ([mcelicalderon](https://github.com/mcelicalderon)) +- Turn email validation process into class method [\#1494](https://github.com/lynndylanhurley/devise_token_auth/pull/1494) ([muratiger](https://github.com/muratiger)) +- Update faq.md [\#1493](https://github.com/lynndylanhurley/devise_token_auth/pull/1493) ([SUMAR7](https://github.com/SUMAR7)) + +## [v1.2.0](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.0) (2021-07-19) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.5...v1.2.0) + +**Implemented enhancements:** + +- Paranoid mode is non existent [\#1100](https://github.com/lynndylanhurley/devise_token_auth/issues/1100) +- Add paranoid mode [\#1378](https://github.com/lynndylanhurley/devise_token_auth/pull/1378) ([luisalima](https://github.com/luisalima)) + +**Closed issues:** + +- DeviseTokenAuth::Errors::InvalidModel [\#1485](https://github.com/lynndylanhurley/devise_token_auth/issues/1485) +- How not to update the headers when the api server returns a response with an error status [\#1476](https://github.com/lynndylanhurley/devise_token_auth/issues/1476) +- Does not install on Rails 6.1 and Ruby 2.7, fresh install [\#1475](https://github.com/lynndylanhurley/devise_token_auth/issues/1475) +- Devise::Models::Authenticatable::BLACKLIST\_FOR\_SERIALIZATION is deprecated [\#1474](https://github.com/lynndylanhurley/devise_token_auth/issues/1474) +- @token not assigned prior to delete/destory [\#1465](https://github.com/lynndylanhurley/devise_token_auth/issues/1465) +- Installing devise\_token\_auth on MacOS, rails conflict [\#1458](https://github.com/lynndylanhurley/devise_token_auth/issues/1458) +- Deprecation warning `connection\_config is deprecated and will be removed from Rails 6.2` when using Rails 6.1 [\#1451](https://github.com/lynndylanhurley/devise_token_auth/issues/1451) +- Trying to integrate with devise-multi\_email [\#1421](https://github.com/lynndylanhurley/devise_token_auth/issues/1421) +- Rails email change not send confirmation emaill [\#1338](https://github.com/lynndylanhurley/devise_token_auth/issues/1338) + +**Merged pull requests:** + +- Bump version to 1.2.0 [\#1492](https://github.com/lynndylanhurley/devise_token_auth/pull/1492) ([MaicolBen](https://github.com/MaicolBen)) +- Fix unescape and keyword parameters warning [\#1490](https://github.com/lynndylanhurley/devise_token_auth/pull/1490) ([muratiger](https://github.com/muratiger)) +- check password changed only when using password authentication [\#1486](https://github.com/lynndylanhurley/devise_token_auth/pull/1486) ([qiuyin](https://github.com/qiuyin)) +- Add new param FAQ [\#1481](https://github.com/lynndylanhurley/devise_token_auth/pull/1481) ([muratiger](https://github.com/muratiger)) +- fix mongoid detecting bug [\#1478](https://github.com/lynndylanhurley/devise_token_auth/pull/1478) ([qiuyin](https://github.com/qiuyin)) +- replace deprecated constant BLACKLIST\_FOR\_SERIALIZATION [\#1473](https://github.com/lynndylanhurley/devise_token_auth/pull/1473) ([prashant-kiwi](https://github.com/prashant-kiwi)) +- Workaround for cc-test-reporter with SimpleCov 0.18 [\#1472](https://github.com/lynndylanhurley/devise_token_auth/pull/1472) ([enomotodev](https://github.com/enomotodev)) +- Fix mongo setup in travis [\#1471](https://github.com/lynndylanhurley/devise_token_auth/pull/1471) ([MaicolBen](https://github.com/MaicolBen)) +- Use the same behavior than the deprecated URI.escape [\#1470](https://github.com/lynndylanhurley/devise_token_auth/pull/1470) ([MaicolBen](https://github.com/MaicolBen)) +- Replace URI::escape which was removed in Ruby 3 [\#1468](https://github.com/lynndylanhurley/devise_token_auth/pull/1468) ([alea12](https://github.com/alea12)) +- Update connection\_config to connection\_db\_config [\#1467](https://github.com/lynndylanhurley/devise_token_auth/pull/1467) ([melnik0v](https://github.com/melnik0v)) +- Fix docs/config/initialization.md [\#1464](https://github.com/lynndylanhurley/devise_token_auth/pull/1464) ([yoshitsugu](https://github.com/yoshitsugu)) +- Fix omniauth version until devise fixes omniauth requirement [\#1463](https://github.com/lynndylanhurley/devise_token_auth/pull/1463) ([MaicolBen](https://github.com/MaicolBen)) +- Add support for sending and receiving the auth token via a server cookie [\#1453](https://github.com/lynndylanhurley/devise_token_auth/pull/1453) ([theblang](https://github.com/theblang)) +- Fix critical error on registration with confirmation mode [\#1447](https://github.com/lynndylanhurley/devise_token_auth/pull/1447) ([pnghai](https://github.com/pnghai)) + +## [v1.1.5](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.5) (2020-12-08) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.4...v1.1.5) + +**Closed issues:** + +- Update dependency to support Rails 6.1/6.1.0.rc1 [\#1443](https://github.com/lynndylanhurley/devise_token_auth/issues/1443) +- undefined method `tokens' for \#\":String\) [\#1375](https://github.com/lynndylanhurley/devise_token_auth/issues/1375) +- mation\_instruction [\#1373](https://github.com/lynndylanhurley/devise_token_auth/issues/1373) +- Unpermitted parameter :session when signing in using javascript fetch [\#1361](https://github.com/lynndylanhurley/devise_token_auth/issues/1361) +- How do i authenticate with graphql-ruby? [\#1360](https://github.com/lynndylanhurley/devise_token_auth/issues/1360) +- Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable [\#1013](https://github.com/lynndylanhurley/devise_token_auth/issues/1013) + +**Merged pull requests:** + +- Update faq.md [\#1401](https://github.com/lynndylanhurley/devise_token_auth/pull/1401) ([mdjamal](https://github.com/mdjamal)) +- Update assign\_provider\_attrs to strip 'name' field [\#1398](https://github.com/lynndylanhurley/devise_token_auth/pull/1398) ([SpLouk](https://github.com/SpLouk)) +- Fix grammar [\#1396](https://github.com/lynndylanhurley/devise_token_auth/pull/1396) ([arku](https://github.com/arku)) +- \[Refactor\] fixed "not\_email" setting in ja.yml [\#1395](https://github.com/lynndylanhurley/devise_token_auth/pull/1395) ([eitches](https://github.com/eitches)) +- CI build fix: Pin to pry \< 0.13 for 2.3 support, workaround CodeClimate reporter issue [\#1393](https://github.com/lynndylanhurley/devise_token_auth/pull/1393) ([olleolleolle](https://github.com/olleolleolle)) +- Fix broken link [\#1392](https://github.com/lynndylanhurley/devise_token_auth/pull/1392) ([dlederle](https://github.com/dlederle)) +- Fix: Save user authentication token after email confirmation [\#1391](https://github.com/lynndylanhurley/devise_token_auth/pull/1391) ([gabrielbursztein2](https://github.com/gabrielbursztein2)) +- Fix token-type header key in testing example docs [\#1390](https://github.com/lynndylanhurley/devise_token_auth/pull/1390) ([goalaleo](https://github.com/goalaleo)) +- Issue - 1358 Argument error when converting token updated\_at using to… [\#1388](https://github.com/lynndylanhurley/devise_token_auth/pull/1388) ([saichander17](https://github.com/saichander17)) +- Validate that token is valid for patch request last token [\#1386](https://github.com/lynndylanhurley/devise_token_auth/pull/1386) ([ahmedmagdy711](https://github.com/ahmedmagdy711)) +- Fix docs/usage/reset\_password.md [\#1382](https://github.com/lynndylanhurley/devise_token_auth/pull/1382) ([K-Sato1995](https://github.com/K-Sato1995)) +- Fix missing polish and portugese missing translation errors [\#1377](https://github.com/lynndylanhurley/devise_token_auth/pull/1377) ([woochaq](https://github.com/woochaq)) +- \[Documentation\] write complete path for authentication\_test\_spec.rb [\#1376](https://github.com/lynndylanhurley/devise_token_auth/pull/1376) ([cprodhomme](https://github.com/cprodhomme)) +- Add case sensitive option required to prevent deprecation warning in … [\#1368](https://github.com/lynndylanhurley/devise_token_auth/pull/1368) ([niciliketo](https://github.com/niciliketo)) +- Add rails 6.0 config to travis [\#1366](https://github.com/lynndylanhurley/devise_token_auth/pull/1366) ([brateq](https://github.com/brateq)) +- Add docs for confirmation endpoint [\#1365](https://github.com/lynndylanhurley/devise_token_auth/pull/1365) ([brateq](https://github.com/brateq)) +- Remove Trackable option from generator [\#1362](https://github.com/lynndylanhurley/devise_token_auth/pull/1362) ([SugiKent](https://github.com/SugiKent)) +- Please merge again [\#1350](https://github.com/lynndylanhurley/devise_token_auth/pull/1350) ([exocode](https://github.com/exocode)) +- detect Mongoid \(till Mongoid will implement it\) [\#1348](https://github.com/lynndylanhurley/devise_token_auth/pull/1348) ([exocode](https://github.com/exocode)) +- feat\(oauth-apple\): support Sign in with Apple as a documented OmniAuth provider [\#1347](https://github.com/lynndylanhurley/devise_token_auth/pull/1347) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- Add Korean locale [\#1346](https://github.com/lynndylanhurley/devise_token_auth/pull/1346) ([ghost](https://github.com/ghost)) +- doc: remove duplicated test case on ./docs/usage/testing.md [\#1344](https://github.com/lynndylanhurley/devise_token_auth/pull/1344) ([miyataka](https://github.com/miyataka)) +- Fix to be able to use Devise::confirmable module [\#1343](https://github.com/lynndylanhurley/devise_token_auth/pull/1343) ([makicamel](https://github.com/makicamel)) +- repeat any query params after a fragment [\#1341](https://github.com/lynndylanhurley/devise_token_auth/pull/1341) ([colmben](https://github.com/colmben)) + +# Change Log + ## [Unreleased](https://github.com/lynndylanhurley/devise_token_auth/tree/HEAD) [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.0...HEAD) @@ -3143,3 +3363,6 @@ - guard against MissingAttributeError during common ActiveRecord operations [\#19](https://github.com/lynndylanhurley/devise_token_auth/pull/19) ([booleanbetrayal](https://github.com/booleanbetrayal)) - Fix expiry data type [\#11](https://github.com/lynndylanhurley/devise_token_auth/pull/11) ([lonre](https://github.com/lonre)) - README and travis config tweaks [\#7](https://github.com/lynndylanhurley/devise_token_auth/pull/7) ([guilhermesimoes](https://github.com/guilhermesimoes)) + + +\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* \ No newline at end of file diff --git a/lib/devise_token_auth/version.rb b/lib/devise_token_auth/version.rb index afb5116a8..eba723898 100644 --- a/lib/devise_token_auth/version.rb +++ b/lib/devise_token_auth/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module DeviseTokenAuth - VERSION = '1.2.1'.freeze + VERSION = '1.2.2'.freeze end From d9a91bc61be54177f91a04f582a72ab793c04db6 Mon Sep 17 00:00:00 2001 From: hatsu Date: Fri, 3 Nov 2023 03:48:42 +0900 Subject: [PATCH 47/65] Support for writing style deprecated in 7.1 and removed in 7.2 (#1606) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Support for writing style deprecated in 7.1 and removed in 7.2 * test: 💍 MiniTest->Minitest * 7.1 -> 7.2 --- .../devise_token_auth/concerns/active_record_support.rb | 6 +++++- devise_token_auth.gemspec | 2 +- .../devise_token_auth/sessions_controller_test.rb | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/app/models/devise_token_auth/concerns/active_record_support.rb b/app/models/devise_token_auth/concerns/active_record_support.rb index e86d2c17f..69d203205 100644 --- a/app/models/devise_token_auth/concerns/active_record_support.rb +++ b/app/models/devise_token_auth/concerns/active_record_support.rb @@ -2,7 +2,11 @@ module DeviseTokenAuth::Concerns::ActiveRecordSupport extend ActiveSupport::Concern included do - serialize :tokens, DeviseTokenAuth::Concerns::TokensSerialization + if Rails::VERSION::MAJOR >= 7 && Rails::VERSION::MINOR >= 1 + serialize :tokens, coder: DeviseTokenAuth::Concerns::TokensSerialization + else + serialize :tokens, DeviseTokenAuth::Concerns::TokensSerialization + end end class_methods do diff --git a/devise_token_auth.gemspec b/devise_token_auth.gemspec index 1a3931de7..ea1e24b0d 100644 --- a/devise_token_auth.gemspec +++ b/devise_token_auth.gemspec @@ -22,7 +22,7 @@ Gem::Specification.new do |s| s.required_ruby_version = ">= 2.3.0" - s.add_dependency 'rails', '>= 4.2.0', '< 7.1' + s.add_dependency 'rails', '>= 4.2.0', '< 7.2' s.add_dependency 'devise', '> 3.5.2', '< 5' s.add_dependency 'bcrypt', '~> 3.0' diff --git a/test/controllers/devise_token_auth/sessions_controller_test.rb b/test/controllers/devise_token_auth/sessions_controller_test.rb index 7df323707..343cdba7f 100644 --- a/test/controllers/devise_token_auth/sessions_controller_test.rb +++ b/test/controllers/devise_token_auth/sessions_controller_test.rb @@ -420,7 +420,7 @@ def @controller.reset_session describe 'With paranoid mode' do before do mock_hash = '$2a$04$MUWADkfA6MHXDdWHoep6QOvX1o0Y56pNqt3NMWQ9zCRwKSp1HZJba' - @bcrypt_mock = MiniTest::Mock.new + @bcrypt_mock = Minitest::Mock.new @bcrypt_mock.expect(:call, mock_hash, [Object, String]) swap Devise, paranoid: true do From 03b9f7aa4572afc3704297c034eca5f9ddefe9f6 Mon Sep 17 00:00:00 2001 From: hatsu Date: Mon, 6 Nov 2023 07:48:37 +0900 Subject: [PATCH 48/65] Faker safe_email -> email (#1607) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * refactor: 💡 safe_email -> email NOTE: Faker::Internet.safe_email is deprecated; use email instead. It will be removed on or after 2023-10. * test: 💍 MiniTest->Minitest --- .../devise_token_auth/registrations_controller_test.rb | 6 +++--- test/factories/users.rb | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/controllers/devise_token_auth/registrations_controller_test.rb b/test/controllers/devise_token_auth/registrations_controller_test.rb index d5abb3d26..45b6c6d3c 100644 --- a/test/controllers/devise_token_auth/registrations_controller_test.rb +++ b/test/controllers/devise_token_auth/registrations_controller_test.rb @@ -505,7 +505,7 @@ def mock_registration_params # test valid update param @resource_class = User @new_operating_thetan = 1_000_000 - @email = Faker::Internet.safe_email + @email = Faker::Internet.email @request_params = { operating_thetan: @new_operating_thetan, email: @email @@ -612,7 +612,7 @@ def mock_registration_params # test valid update param @resource_class = User @new_operating_thetan = 1_000_000 - @email = Faker::Internet.safe_email + @email = Faker::Internet.email @request_params = { operating_thetan: @new_operating_thetan, email: @email @@ -663,7 +663,7 @@ def mock_registration_params before do DeviseTokenAuth.check_current_password_before_update = :password @new_operating_thetan = 1_000_000 - @email = Faker::Internet.safe_email + @email = Faker::Internet.email end after do diff --git a/test/factories/users.rb b/test/factories/users.rb index d3a933959..edebd85b2 100644 --- a/test/factories/users.rb +++ b/test/factories/users.rb @@ -1,6 +1,6 @@ FactoryBot.define do factory :user do - email { Faker::Internet.unique.safe_email } + email { Faker::Internet.unique.email } password { Faker::Internet.password } provider { 'email' } From dd27c7fd58d4a07d2f982e138563533cdb68e36d Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Mon, 6 Nov 2023 10:19:17 -0300 Subject: [PATCH 49/65] Fix registration spec failure (#1613) --- .../registrations_controller_test.rb | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/test/controllers/devise_token_auth/registrations_controller_test.rb b/test/controllers/devise_token_auth/registrations_controller_test.rb index 45b6c6d3c..fbf732c94 100644 --- a/test/controllers/devise_token_auth/registrations_controller_test.rb +++ b/test/controllers/devise_token_auth/registrations_controller_test.rb @@ -13,7 +13,7 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration def mock_registration_params { - email: Faker::Internet.email, + email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'secret123', confirm_success_url: Faker::Internet.url, @@ -152,7 +152,7 @@ def mock_registration_params test 'request to whitelisted redirect should be successful' do post '/auth', - params: { email: Faker::Internet.email, + params: { email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'secret123', confirm_success_url: @good_redirect_url, @@ -163,7 +163,7 @@ def mock_registration_params test 'request to non-whitelisted redirect should fail' do post '/auth', - params: { email: Faker::Internet.email, + params: { email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'secret123', confirm_success_url: @bad_redirect_url, @@ -181,7 +181,7 @@ def mock_registration_params describe 'failure if not redirecturl' do test 'request should fail if not redirect_url' do post '/auth', - params: { email: Faker::Internet.email, + params: { email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'secret123', unpermitted_param: '(x_x)' } @@ -191,7 +191,7 @@ def mock_registration_params test 'request to non-whitelisted redirect should fail' do post '/auth', - params: { email: Faker::Internet.email, + params: { email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'secret123', unpermitted_param: '(x_x)' } @@ -210,7 +210,7 @@ def mock_registration_params DeviseTokenAuth.default_confirm_success_url = @redirect_url assert_difference 'ActionMailer::Base.deliveries.size', 1 do - post '/auth', params: { email: Faker::Internet.email, + post '/auth', params: { email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'secret123', unpermitted_param: '(x_x)' } @@ -240,7 +240,7 @@ def mock_registration_params @mails_sent = ActionMailer::Base.deliveries.count post '/api/v1/auth', params: { - email: Faker::Internet.email, + email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'secret123', confirm_success_url: Faker::Internet.url, @@ -295,7 +295,7 @@ def mock_registration_params @operating_thetan = 2 post '/auth', - params: { email: Faker::Internet.email, + params: { email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'secret123', confirm_success_url: @redirect_url, @@ -388,7 +388,7 @@ def mock_registration_params describe 'Mismatched passwords' do before do post '/auth', - params: { email: Faker::Internet.email, + params: { email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'bogus', confirm_success_url: Faker::Internet.url } @@ -505,7 +505,7 @@ def mock_registration_params # test valid update param @resource_class = User @new_operating_thetan = 1_000_000 - @email = Faker::Internet.email + @email = Faker::Internet.unique.email @request_params = { operating_thetan: @new_operating_thetan, email: @email @@ -612,7 +612,7 @@ def mock_registration_params # test valid update param @resource_class = User @new_operating_thetan = 1_000_000 - @email = Faker::Internet.email + @email = Faker::Internet.unique.email @request_params = { operating_thetan: @new_operating_thetan, email: @email @@ -663,7 +663,7 @@ def mock_registration_params before do DeviseTokenAuth.check_current_password_before_update = :password @new_operating_thetan = 1_000_000 - @email = Faker::Internet.email + @email = Faker::Internet.unique.email end after do @@ -773,7 +773,7 @@ def mock_registration_params describe 'Alternate user class' do before do post '/mangs', - params: { email: Faker::Internet.email, + params: { email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'secret123', confirm_success_url: Faker::Internet.url } @@ -814,7 +814,7 @@ def mock_registration_params @config_name = 'altUser' post '/mangs', - params: { email: Faker::Internet.email, + params: { email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'secret123', confirm_success_url: Faker::Internet.url, @@ -840,7 +840,7 @@ def mock_registration_params test 'UnregisterableUser should not be able to access registration routes' do assert_raises(ActionController::RoutingError) do post '/unregisterable_user_auth', - params: { email: Faker::Internet.email, + params: { email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'secret123', confirm_success_url: Faker::Internet.url } @@ -853,7 +853,7 @@ def mock_registration_params User.set_callback(:create, :before, :skip_confirmation!) post '/auth', - params: { email: Faker::Internet.email, + params: { email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'secret123', confirm_success_url: Faker::Internet.url } @@ -893,7 +893,7 @@ def mock_registration_params @mails_sent = ActionMailer::Base.deliveries.count post '/only_email_auth', - params: { email: Faker::Internet.email, + params: { email: Faker::Internet.unique.email, password: 'secret123', password_confirmation: 'secret123', confirm_success_url: Faker::Internet.url, From d4deea1b6ef2e742a74a2b1f0c676e513cc3f443 Mon Sep 17 00:00:00 2001 From: mkojima Date: Sat, 11 Nov 2023 01:41:07 +0900 Subject: [PATCH 50/65] Add redirect_options for redirect_url of the confirmation success failure (#1612) --- app/controllers/devise_token_auth/confirmations_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_token_auth/confirmations_controller.rb b/app/controllers/devise_token_auth/confirmations_controller.rb index abb703b59..ef100ae95 100644 --- a/app/controllers/devise_token_auth/confirmations_controller.rb +++ b/app/controllers/devise_token_auth/confirmations_controller.rb @@ -27,7 +27,7 @@ def show redirect_to(redirect_to_link, redirect_options) else if redirect_url - redirect_to DeviseTokenAuth::Url.generate(redirect_url, account_confirmation_success: false) + redirect_to DeviseTokenAuth::Url.generate(redirect_url, account_confirmation_success: false), redirect_options else raise ActionController::RoutingError, 'Not Found' end From 6b0659f18c678b319913d0fb053e96aa555857aa Mon Sep 17 00:00:00 2001 From: Santiago Bartesaghi Date: Mon, 13 Nov 2023 09:33:58 -0300 Subject: [PATCH 51/65] Fix Rails version comparison (#1614) --- app/models/devise_token_auth/concerns/active_record_support.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/devise_token_auth/concerns/active_record_support.rb b/app/models/devise_token_auth/concerns/active_record_support.rb index 69d203205..380658a3d 100644 --- a/app/models/devise_token_auth/concerns/active_record_support.rb +++ b/app/models/devise_token_auth/concerns/active_record_support.rb @@ -2,7 +2,7 @@ module DeviseTokenAuth::Concerns::ActiveRecordSupport extend ActiveSupport::Concern included do - if Rails::VERSION::MAJOR >= 7 && Rails::VERSION::MINOR >= 1 + if Rails.gem_version >= Gem::Version.new("7.1.0.a") serialize :tokens, coder: DeviseTokenAuth::Concerns::TokensSerialization else serialize :tokens, DeviseTokenAuth::Concerns::TokensSerialization From 76b95ad7e6006d62fc075ddeca6c8673c843692a Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Tue, 14 May 2024 18:57:58 -0300 Subject: [PATCH 52/65] Drop support for ruby 2.5-6 (#1624) Since factory bot doesn't support it anymore https://github.com/thoughtbot/factory_bot/issues/1614 --- .github/workflows/test.yml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 30028b6aa..14ec6ec67 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,8 +10,6 @@ jobs: fail-fast: false matrix: ruby: - - 2.5 - - 2.6 - 2.7 - '3.0' - 3.1 @@ -30,15 +28,6 @@ jobs: devise-token-auth-orm: - active_record include: - - ruby: 2.5 - gemfile: gemfiles/rails_5_2_mongoid_6.gemfile - devise-token-auth-orm: mongoid - - ruby: 2.5 - gemfile: gemfiles/rails_5_2_mongoid_7.gemfile - devise-token-auth-orm: mongoid - - ruby: 2.6 - gemfile: gemfiles/rails_5_2_mongoid_7.gemfile - devise-token-auth-orm: mongoid - ruby: 2.7 gemfile: gemfiles/rails_6_0_mongoid_7.gemfile devise-token-auth-orm: mongoid @@ -63,12 +52,6 @@ jobs: gemfile: gemfiles/rails_7_0_mongoid_7.gemfile devise-token-auth-orm: mongoid exclude: - - ruby: 2.5 - gemfile: gemfiles/rails_7_0.gemfile - - ruby: 2.6 - gemfile: gemfiles/rails_4_2.gemfile - - ruby: 2.6 - gemfile: gemfiles/rails_7_0.gemfile - ruby: 2.7 gemfile: gemfiles/rails_4_2.gemfile - ruby: 2.7 From e9ff5e61bf0f23b71bd04eb4593afd328dcf5733 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 May 2024 18:58:41 -0300 Subject: [PATCH 53/65] Update sqlite3 requirement from ~> 1.4 to ~> 2.0 (#1620) Updates the requirements on [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) to permit the latest version. - [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases) - [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/sqlite3-ruby/compare/v1.4.0...v2.0.1) --- updated-dependencies: - dependency-name: sqlite3 dependency-type: direct:development ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- devise_token_auth.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devise_token_auth.gemspec b/devise_token_auth.gemspec index ea1e24b0d..8715a483c 100644 --- a/devise_token_auth.gemspec +++ b/devise_token_auth.gemspec @@ -27,7 +27,7 @@ Gem::Specification.new do |s| s.add_dependency 'bcrypt', '~> 3.0' s.add_development_dependency 'appraisal' - s.add_development_dependency 'sqlite3', '~> 1.4' + s.add_development_dependency 'sqlite3', '~> 2.0' s.add_development_dependency 'pg' s.add_development_dependency 'mysql2' s.add_development_dependency 'mongoid', '>= 4', '< 8' From f47ba936f2b086d50ffa6e68365cfc7a158ee819 Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Tue, 14 May 2024 19:04:01 -0300 Subject: [PATCH 54/65] Bump 1.2.3 (#1623) --- CHANGELOG.md | 474 +++++++++++++++++++++++++++++++ lib/devise_token_auth/version.rb | 2 +- 2 files changed, 475 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0b4a1c37..26b0364b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,475 @@ # Change Log +## [v1.2.3](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.3) (2023-11-13) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.2...v1.2.3) + +**Merged pull requests:** + +- Fix Rails version comparison [\#1614](https://github.com/lynndylanhurley/devise_token_auth/pull/1614) ([santib](https://github.com/santib)) +- Fix registration spec failure [\#1613](https://github.com/lynndylanhurley/devise_token_auth/pull/1613) ([MaicolBen](https://github.com/MaicolBen)) +- Fixes 'redirect\_options' addition for 'redirect\_to' in confirmations [\#1612](https://github.com/lynndylanhurley/devise_token_auth/pull/1612) ([kaekasui](https://github.com/kaekasui)) +- Faker safe\_email -\> email [\#1607](https://github.com/lynndylanhurley/devise_token_auth/pull/1607) ([hatsu38](https://github.com/hatsu38)) +- Support for writing style deprecated in 7.1 and removed in 7.2 [\#1606](https://github.com/lynndylanhurley/devise_token_auth/pull/1606) ([hatsu38](https://github.com/hatsu38)) +- Bump to 1.2.2 [\#1602](https://github.com/lynndylanhurley/devise_token_auth/pull/1602) ([MaicolBen](https://github.com/MaicolBen)) + +## [v1.2.2](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.2) (2023-06-11) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.1...v1.2.2) + +**Closed issues:** + +- keep getting a 401 on overriden create devise [\#1598](https://github.com/lynndylanhurley/devise_token_auth/issues/1598) +- Method sign\_in called with incorrect paramenters [\#1585](https://github.com/lynndylanhurley/devise_token_auth/issues/1585) +- Release latest version, there are too many fixes in the master waiting to be released [\#1560](https://github.com/lynndylanhurley/devise_token_auth/issues/1560) +- NoMethodError: undefined method `downcase' for nil:NilClass [\#1540](https://github.com/lynndylanhurley/devise_token_auth/issues/1540) +- Confirming an already confirmed user -- still not quite working. [\#1123](https://github.com/lynndylanhurley/devise_token_auth/issues/1123) +- Email confirmation route [\#1110](https://github.com/lynndylanhurley/devise_token_auth/issues/1110) + +**Merged pull requests:** + +- Don't leak information about the existence of accounts in SessionsController [\#1600](https://github.com/lynndylanhurley/devise_token_auth/pull/1600) ([moritzhoeppner](https://github.com/moritzhoeppner)) +- Update faker requirement from ~\> 2.16 to ~\> 3.2 [\#1593](https://github.com/lynndylanhurley/devise_token_auth/pull/1593) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Update mongoid-locker requirement from ~\> 1.0 to ~\> 2.0 [\#1592](https://github.com/lynndylanhurley/devise_token_auth/pull/1592) ([dependabot[bot]](https://github.com/apps/dependabot)) +- dependencies/dependabot configuration [\#1590](https://github.com/lynndylanhurley/devise_token_auth/pull/1590) ([jotolo](https://github.com/jotolo)) +- Remove sprockets [\#1589](https://github.com/lynndylanhurley/devise_token_auth/pull/1589) ([MaicolBen](https://github.com/MaicolBen)) +- update/test configuration Rails7 and mongoid7 [\#1588](https://github.com/lynndylanhurley/devise_token_auth/pull/1588) ([jotolo](https://github.com/jotolo)) +- brakeman vulnaribility UnsafeReflection. [\#1587](https://github.com/lynndylanhurley/devise_token_auth/pull/1587) ([ryanfox1985](https://github.com/ryanfox1985)) +- Method sign\_in with wrong parameters [\#1586](https://github.com/lynndylanhurley/devise_token_auth/pull/1586) ([lazaronixon](https://github.com/lazaronixon)) +- update/Ruby 3.x and Rails 7.0 [\#1584](https://github.com/lynndylanhurley/devise_token_auth/pull/1584) ([jotolo](https://github.com/jotolo)) +- Add support for ruby 3 & fix test suite [\#1582](https://github.com/lynndylanhurley/devise_token_auth/pull/1582) ([MaicolBen](https://github.com/MaicolBen)) +- chore: add vanilla-token-auth to client list [\#1578](https://github.com/lynndylanhurley/devise_token_auth/pull/1578) ([theblang](https://github.com/theblang)) +- 🐛 Not update cookies when is a batch request [\#1577](https://github.com/lynndylanhurley/devise_token_auth/pull/1577) ([djpremier](https://github.com/djpremier)) +- Revert "Fix unpermitted parameters warning" [\#1571](https://github.com/lynndylanhurley/devise_token_auth/pull/1571) ([MaicolBen](https://github.com/MaicolBen)) +- Fixed vulnerabilities [\#1569](https://github.com/lynndylanhurley/devise_token_auth/pull/1569) ([ryanfox1985](https://github.com/ryanfox1985)) +- Fix unpermitted parameters warning [\#1568](https://github.com/lynndylanhurley/devise_token_auth/pull/1568) ([remy727](https://github.com/remy727)) +- Remove bearer token if cookie\_enabled is true [\#1567](https://github.com/lynndylanhurley/devise_token_auth/pull/1567) ([rhiroshi](https://github.com/rhiroshi)) +- Update initializer template [\#1564](https://github.com/lynndylanhurley/devise_token_auth/pull/1564) ([djpremier](https://github.com/djpremier)) +- Allow omniauth redirect post method [\#1563](https://github.com/lynndylanhurley/devise_token_auth/pull/1563) ([florindiconescu](https://github.com/florindiconescu)) +- Avoid raising a RoutingError when confirming a user twice [\#1557](https://github.com/lynndylanhurley/devise_token_auth/pull/1557) ([micred](https://github.com/micred)) + +## [v1.2.1](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.1) (2022-09-10) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.0...v1.2.1) + +**Closed issues:** + +- registrations controller. tokens only for authenticated [\#1553](https://github.com/lynndylanhurley/devise_token_auth/issues/1553) +- Rails 7 support [\#1552](https://github.com/lynndylanhurley/devise_token_auth/issues/1552) +- Not working with any version of Rails 6 and 7 [\#1551](https://github.com/lynndylanhurley/devise_token_auth/issues/1551) +- Commit 1a0483fbd12583810f21eb320abfa8b768724774 makes \#\ [\#1538](https://github.com/lynndylanhurley/devise_token_auth/issues/1538) +- Rails 7 support? [\#1533](https://github.com/lynndylanhurley/devise_token_auth/issues/1533) +- Request: [\#1526](https://github.com/lynndylanhurley/devise_token_auth/issues/1526) +- Rails 7 Issue [\#1523](https://github.com/lynndylanhurley/devise_token_auth/issues/1523) +- Bearer Token Usage [\#1522](https://github.com/lynndylanhurley/devise_token_auth/issues/1522) +- Got "ActionDispatch::Request::Session::DisabledSessionError" [\#1521](https://github.com/lynndylanhurley/devise_token_auth/issues/1521) +- Travis CI migration or alternatives [\#1518](https://github.com/lynndylanhurley/devise_token_auth/issues/1518) +- Update dependency to support Rails 7.0.0.rc1 [\#1515](https://github.com/lynndylanhurley/devise_token_auth/issues/1515) +- Devise, devise\_auth\_token and activeadmin with 2 different models - Controller error [\#1512](https://github.com/lynndylanhurley/devise_token_auth/issues/1512) +- Paranoid mode still returning a distinguishable 404 responses [\#1510](https://github.com/lynndylanhurley/devise_token_auth/issues/1510) +- Invalid client with google-oauth2 [\#1499](https://github.com/lynndylanhurley/devise_token_auth/issues/1499) +- Concurrency issue? [\#1497](https://github.com/lynndylanhurley/devise_token_auth/issues/1497) +- Doesn't seem to follow Bearer Token authorization spec...? [\#1487](https://github.com/lynndylanhurley/devise_token_auth/issues/1487) +- Can we have a new version released? [\#1483](https://github.com/lynndylanhurley/devise_token_auth/issues/1483) +- Token invalidation after canceled request by the frontend app [\#1232](https://github.com/lynndylanhurley/devise_token_auth/issues/1232) +- FrozenError \(can't modify frozen Hash\) [\#1151](https://github.com/lynndylanhurley/devise_token_auth/issues/1151) +- Password Reset Links Invalidated After Being Clicked [\#1141](https://github.com/lynndylanhurley/devise_token_auth/issues/1141) +- Authorization Request Header Field? [\#902](https://github.com/lynndylanhurley/devise_token_auth/issues/902) +- jsonb token [\#841](https://github.com/lynndylanhurley/devise_token_auth/issues/841) + +**Merged pull requests:** + +- add redirect\_to options for rails7 allow\_other\_host [\#1599](https://github.com/lynndylanhurley/devise_token_auth/pull/1599) ([ihatov08](https://github.com/ihatov08)) +- Update changelog [\#1555](https://github.com/lynndylanhurley/devise_token_auth/pull/1555) ([MaicolBen](https://github.com/MaicolBen)) +- Add custom uid reference [\#1554](https://github.com/lynndylanhurley/devise_token_auth/pull/1554) ([florindiconescu](https://github.com/florindiconescu)) +- Update ja.yml [\#1550](https://github.com/lynndylanhurley/devise_token_auth/pull/1550) ([RaziAhmad123](https://github.com/RaziAhmad123)) +- Fixed ja.yml because CI failed. [\#1547](https://github.com/lynndylanhurley/devise_token_auth/pull/1547) ([hatsu38](https://github.com/hatsu38)) +- Translate the unlocks, confirmations message into Japanese [\#1544](https://github.com/lynndylanhurley/devise_token_auth/pull/1544) ([hatsu38](https://github.com/hatsu38)) +- Set cookie token immediately in reset password and OmniAuth success flows [\#1542](https://github.com/lynndylanhurley/devise_token_auth/pull/1542) ([theblang](https://github.com/theblang)) +- Added 'Authorization' header with bearer token [\#1534](https://github.com/lynndylanhurley/devise_token_auth/pull/1534) ([rhiroshi](https://github.com/rhiroshi)) +- add `previous\_token` [\#1520](https://github.com/lynndylanhurley/devise_token_auth/pull/1520) ([sudhanshug16](https://github.com/sudhanshug16)) +- Migrate to GitHub Actions [\#1519](https://github.com/lynndylanhurley/devise_token_auth/pull/1519) ([enomotodev](https://github.com/enomotodev)) +- Support Rails 7.0 [\#1517](https://github.com/lynndylanhurley/devise_token_auth/pull/1517) ([enomotodev](https://github.com/enomotodev)) +- \[bugfix\] omniauth: handle POST action redirects [\#1509](https://github.com/lynndylanhurley/devise_token_auth/pull/1509) ([lynndylanhurley](https://github.com/lynndylanhurley)) +- Fix the doc missing configure devise mail sender [\#1504](https://github.com/lynndylanhurley/devise_token_auth/pull/1504) ([hsonthach](https://github.com/hsonthach)) +- Fix callback if migrations fails [\#1502](https://github.com/lynndylanhurley/devise_token_auth/pull/1502) ([thooams](https://github.com/thooams)) +- wrap creation and save of token in a transaction [\#1498](https://github.com/lynndylanhurley/devise_token_auth/pull/1498) ([pascalbetz](https://github.com/pascalbetz)) +- Increase required ruby version to 2.3 [\#1495](https://github.com/lynndylanhurley/devise_token_auth/pull/1495) ([mcelicalderon](https://github.com/mcelicalderon)) +- Turn email validation process into class method [\#1494](https://github.com/lynndylanhurley/devise_token_auth/pull/1494) ([muratiger](https://github.com/muratiger)) +- Update faq.md [\#1493](https://github.com/lynndylanhurley/devise_token_auth/pull/1493) ([SUMAR7](https://github.com/SUMAR7)) + +## [v1.2.0](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.0) (2021-07-19) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.5...v1.2.0) + +**Implemented enhancements:** + +- Paranoid mode is non existent [\#1100](https://github.com/lynndylanhurley/devise_token_auth/issues/1100) +- Add paranoid mode [\#1378](https://github.com/lynndylanhurley/devise_token_auth/pull/1378) ([luisalima](https://github.com/luisalima)) + +**Closed issues:** + +- DeviseTokenAuth::Errors::InvalidModel [\#1485](https://github.com/lynndylanhurley/devise_token_auth/issues/1485) +- How not to update the headers when the api server returns a response with an error status [\#1476](https://github.com/lynndylanhurley/devise_token_auth/issues/1476) +- Does not install on Rails 6.1 and Ruby 2.7, fresh install [\#1475](https://github.com/lynndylanhurley/devise_token_auth/issues/1475) +- Devise::Models::Authenticatable::BLACKLIST\_FOR\_SERIALIZATION is deprecated [\#1474](https://github.com/lynndylanhurley/devise_token_auth/issues/1474) +- @token not assigned prior to delete/destory [\#1465](https://github.com/lynndylanhurley/devise_token_auth/issues/1465) +- Installing devise\_token\_auth on MacOS, rails conflict [\#1458](https://github.com/lynndylanhurley/devise_token_auth/issues/1458) +- Deprecation warning `connection\_config is deprecated and will be removed from Rails 6.2` when using Rails 6.1 [\#1451](https://github.com/lynndylanhurley/devise_token_auth/issues/1451) +- Trying to integrate with devise-multi\_email [\#1421](https://github.com/lynndylanhurley/devise_token_auth/issues/1421) +- Rails email change not send confirmation emaill [\#1338](https://github.com/lynndylanhurley/devise_token_auth/issues/1338) + +**Merged pull requests:** + +- Fix Paranoid Status Codes [\#1524](https://github.com/lynndylanhurley/devise_token_auth/pull/1524) ([keithdoggett](https://github.com/keithdoggett)) +- Bump version to 1.2.0 [\#1492](https://github.com/lynndylanhurley/devise_token_auth/pull/1492) ([MaicolBen](https://github.com/MaicolBen)) +- Fix unescape and keyword parameters warning [\#1490](https://github.com/lynndylanhurley/devise_token_auth/pull/1490) ([muratiger](https://github.com/muratiger)) +- check password changed only when using password authentication [\#1486](https://github.com/lynndylanhurley/devise_token_auth/pull/1486) ([qiuyin](https://github.com/qiuyin)) +- Add new param FAQ [\#1481](https://github.com/lynndylanhurley/devise_token_auth/pull/1481) ([muratiger](https://github.com/muratiger)) +- fix mongoid detecting bug [\#1478](https://github.com/lynndylanhurley/devise_token_auth/pull/1478) ([qiuyin](https://github.com/qiuyin)) +- replace deprecated constant BLACKLIST\_FOR\_SERIALIZATION [\#1473](https://github.com/lynndylanhurley/devise_token_auth/pull/1473) ([prashant-kiwi](https://github.com/prashant-kiwi)) +- Workaround for cc-test-reporter with SimpleCov 0.18 [\#1472](https://github.com/lynndylanhurley/devise_token_auth/pull/1472) ([enomotodev](https://github.com/enomotodev)) +- Fix mongo setup in travis [\#1471](https://github.com/lynndylanhurley/devise_token_auth/pull/1471) ([MaicolBen](https://github.com/MaicolBen)) +- Use the same behavior than the deprecated URI.escape [\#1470](https://github.com/lynndylanhurley/devise_token_auth/pull/1470) ([MaicolBen](https://github.com/MaicolBen)) +- Replace URI::escape which was removed in Ruby 3 [\#1468](https://github.com/lynndylanhurley/devise_token_auth/pull/1468) ([alea12](https://github.com/alea12)) +- Update connection\_config to connection\_db\_config [\#1467](https://github.com/lynndylanhurley/devise_token_auth/pull/1467) ([melnik0v](https://github.com/melnik0v)) +- Fix docs/config/initialization.md [\#1464](https://github.com/lynndylanhurley/devise_token_auth/pull/1464) ([yoshitsugu](https://github.com/yoshitsugu)) +- Fix omniauth version until devise fixes omniauth requirement [\#1463](https://github.com/lynndylanhurley/devise_token_auth/pull/1463) ([MaicolBen](https://github.com/MaicolBen)) +- Add support for sending and receiving the auth token via a server cookie [\#1453](https://github.com/lynndylanhurley/devise_token_auth/pull/1453) ([theblang](https://github.com/theblang)) +- Fix critical error on registration with confirmation mode [\#1447](https://github.com/lynndylanhurley/devise_token_auth/pull/1447) ([pnghai](https://github.com/pnghai)) + +## [v1.1.5](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.5) (2020-12-08) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.4...v1.1.5) + +**Closed issues:** + +- Update dependency to support Rails 6.1/6.1.0.rc1 [\#1443](https://github.com/lynndylanhurley/devise_token_auth/issues/1443) +- undefined method `tokens' for \#\":String\) [\#1375](https://github.com/lynndylanhurley/devise_token_auth/issues/1375) +- mation\_instruction [\#1373](https://github.com/lynndylanhurley/devise_token_auth/issues/1373) +- Unpermitted parameter :session when signing in using javascript fetch [\#1361](https://github.com/lynndylanhurley/devise_token_auth/issues/1361) +- How do i authenticate with graphql-ruby? [\#1360](https://github.com/lynndylanhurley/devise_token_auth/issues/1360) +- Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable [\#1013](https://github.com/lynndylanhurley/devise_token_auth/issues/1013) + +**Merged pull requests:** + +- Update faq.md [\#1439](https://github.com/lynndylanhurley/devise_token_auth/pull/1439) ([sizief](https://github.com/sizief)) +- Update faq.md [\#1401](https://github.com/lynndylanhurley/devise_token_auth/pull/1401) ([mdjamal](https://github.com/mdjamal)) +- Update assign\_provider\_attrs to strip 'name' field [\#1398](https://github.com/lynndylanhurley/devise_token_auth/pull/1398) ([SpLouk](https://github.com/SpLouk)) +- Fix grammar [\#1396](https://github.com/lynndylanhurley/devise_token_auth/pull/1396) ([arku](https://github.com/arku)) +- \[Refactor\] fixed "not\_email" setting in ja.yml [\#1395](https://github.com/lynndylanhurley/devise_token_auth/pull/1395) ([eitches](https://github.com/eitches)) +- CI build fix: Pin to pry \< 0.13 for 2.3 support, workaround CodeClimate reporter issue [\#1393](https://github.com/lynndylanhurley/devise_token_auth/pull/1393) ([olleolleolle](https://github.com/olleolleolle)) +- Fix broken link [\#1392](https://github.com/lynndylanhurley/devise_token_auth/pull/1392) ([dlederle](https://github.com/dlederle)) +- Fix: Save user authentication token after email confirmation [\#1391](https://github.com/lynndylanhurley/devise_token_auth/pull/1391) ([gabrielbursztein2](https://github.com/gabrielbursztein2)) +- Fix token-type header key in testing example docs [\#1390](https://github.com/lynndylanhurley/devise_token_auth/pull/1390) ([goalaleo](https://github.com/goalaleo)) +- Issue - 1358 Argument error when converting token updated\_at using to… [\#1388](https://github.com/lynndylanhurley/devise_token_auth/pull/1388) ([saichander17](https://github.com/saichander17)) +- Validate that token is valid for patch request last token [\#1386](https://github.com/lynndylanhurley/devise_token_auth/pull/1386) ([ahmedmagdy711](https://github.com/ahmedmagdy711)) +- Fix docs/usage/reset\_password.md [\#1382](https://github.com/lynndylanhurley/devise_token_auth/pull/1382) ([K-Sato1995](https://github.com/K-Sato1995)) +- Fix missing polish and portugese missing translation errors [\#1377](https://github.com/lynndylanhurley/devise_token_auth/pull/1377) ([woochaq](https://github.com/woochaq)) +- \[Documentation\] write complete path for authentication\_test\_spec.rb [\#1376](https://github.com/lynndylanhurley/devise_token_auth/pull/1376) ([cprodhomme](https://github.com/cprodhomme)) +- Add case sensitive option required to prevent deprecation warning in … [\#1368](https://github.com/lynndylanhurley/devise_token_auth/pull/1368) ([niciliketo](https://github.com/niciliketo)) +- Add rails 6.0 config to travis [\#1366](https://github.com/lynndylanhurley/devise_token_auth/pull/1366) ([brateq](https://github.com/brateq)) +- Add docs for confirmation endpoint [\#1365](https://github.com/lynndylanhurley/devise_token_auth/pull/1365) ([brateq](https://github.com/brateq)) +- Remove Trackable option from generator [\#1362](https://github.com/lynndylanhurley/devise_token_auth/pull/1362) ([SugiKent](https://github.com/SugiKent)) +- Please merge again [\#1350](https://github.com/lynndylanhurley/devise_token_auth/pull/1350) ([exocode](https://github.com/exocode)) +- Fix dead link [\#1349](https://github.com/lynndylanhurley/devise_token_auth/pull/1349) ([tegandbiscuits](https://github.com/tegandbiscuits)) +- detect Mongoid \(till Mongoid will implement it\) [\#1348](https://github.com/lynndylanhurley/devise_token_auth/pull/1348) ([exocode](https://github.com/exocode)) +- feat\(oauth-apple\): support Sign in with Apple as a documented OmniAuth provider [\#1347](https://github.com/lynndylanhurley/devise_token_auth/pull/1347) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- Add Korean locale [\#1346](https://github.com/lynndylanhurley/devise_token_auth/pull/1346) ([ghost](https://github.com/ghost)) +- doc: remove duplicated test case on ./docs/usage/testing.md [\#1344](https://github.com/lynndylanhurley/devise_token_auth/pull/1344) ([miyataka](https://github.com/miyataka)) +- Fix to be able to use Devise::confirmable module [\#1343](https://github.com/lynndylanhurley/devise_token_auth/pull/1343) ([makicamel](https://github.com/makicamel)) +- repeat any query params after a fragment [\#1341](https://github.com/lynndylanhurley/devise_token_auth/pull/1341) ([colmben](https://github.com/colmben)) + +# Change Log + +## [Unreleased](https://github.com/lynndylanhurley/devise_token_auth/tree/HEAD) + +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.2...HEAD) + +**Merged pull requests:** + +- Fix Rails version comparison [\#1614](https://github.com/lynndylanhurley/devise_token_auth/pull/1614) ([santib](https://github.com/santib)) +- Fix registration spec failure [\#1613](https://github.com/lynndylanhurley/devise_token_auth/pull/1613) ([MaicolBen](https://github.com/MaicolBen)) +- Fixes 'redirect\_options' addition for 'redirect\_to' in confirmations [\#1612](https://github.com/lynndylanhurley/devise_token_auth/pull/1612) ([kaekasui](https://github.com/kaekasui)) +- Faker safe\_email -\> email [\#1607](https://github.com/lynndylanhurley/devise_token_auth/pull/1607) ([hatsu38](https://github.com/hatsu38)) +- Support for writing style deprecated in 7.1 and removed in 7.2 [\#1606](https://github.com/lynndylanhurley/devise_token_auth/pull/1606) ([hatsu38](https://github.com/hatsu38)) +- Bump to 1.2.2 [\#1602](https://github.com/lynndylanhurley/devise_token_auth/pull/1602) ([MaicolBen](https://github.com/MaicolBen)) + +## [v1.2.2](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.2) (2023-06-11) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.1...v1.2.2) + +**Closed issues:** + +- keep getting a 401 on overriden create devise [\#1598](https://github.com/lynndylanhurley/devise_token_auth/issues/1598) +- Method sign\_in called with incorrect paramenters [\#1585](https://github.com/lynndylanhurley/devise_token_auth/issues/1585) +- Release latest version, there are too many fixes in the master waiting to be released [\#1560](https://github.com/lynndylanhurley/devise_token_auth/issues/1560) +- NoMethodError: undefined method `downcase' for nil:NilClass [\#1540](https://github.com/lynndylanhurley/devise_token_auth/issues/1540) +- Confirming an already confirmed user -- still not quite working. [\#1123](https://github.com/lynndylanhurley/devise_token_auth/issues/1123) +- Email confirmation route [\#1110](https://github.com/lynndylanhurley/devise_token_auth/issues/1110) + +**Merged pull requests:** + +- Drop support for ruby 2.4 [\#1601](https://github.com/lynndylanhurley/devise_token_auth/pull/1601) ([MaicolBen](https://github.com/MaicolBen)) +- Don't leak information about the existence of accounts in SessionsController [\#1600](https://github.com/lynndylanhurley/devise_token_auth/pull/1600) ([moritzhoeppner](https://github.com/moritzhoeppner)) +- add redirect\_to options for rails7 allow\_other\_host [\#1599](https://github.com/lynndylanhurley/devise_token_auth/pull/1599) ([ihatov08](https://github.com/ihatov08)) +- Update faker requirement from ~\> 2.16 to ~\> 3.2 [\#1593](https://github.com/lynndylanhurley/devise_token_auth/pull/1593) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Update mongoid-locker requirement from ~\> 1.0 to ~\> 2.0 [\#1592](https://github.com/lynndylanhurley/devise_token_auth/pull/1592) ([dependabot[bot]](https://github.com/apps/dependabot)) +- dependencies/dependabot configuration [\#1590](https://github.com/lynndylanhurley/devise_token_auth/pull/1590) ([jotolo](https://github.com/jotolo)) +- Remove sprockets [\#1589](https://github.com/lynndylanhurley/devise_token_auth/pull/1589) ([MaicolBen](https://github.com/MaicolBen)) +- update/test configuration Rails7 and mongoid7 [\#1588](https://github.com/lynndylanhurley/devise_token_auth/pull/1588) ([jotolo](https://github.com/jotolo)) +- brakeman vulnaribility UnsafeReflection. [\#1587](https://github.com/lynndylanhurley/devise_token_auth/pull/1587) ([ryanfox1985](https://github.com/ryanfox1985)) +- Method sign\_in with wrong parameters [\#1586](https://github.com/lynndylanhurley/devise_token_auth/pull/1586) ([lazaronixon](https://github.com/lazaronixon)) +- update/Ruby 3.x and Rails 7.0 [\#1584](https://github.com/lynndylanhurley/devise_token_auth/pull/1584) ([jotolo](https://github.com/jotolo)) +- Add support for ruby 3 & fix test suite [\#1582](https://github.com/lynndylanhurley/devise_token_auth/pull/1582) ([MaicolBen](https://github.com/MaicolBen)) +- chore: add vanilla-token-auth to client list [\#1578](https://github.com/lynndylanhurley/devise_token_auth/pull/1578) ([theblang](https://github.com/theblang)) +- 🐛 Not update cookies when is a batch request [\#1577](https://github.com/lynndylanhurley/devise_token_auth/pull/1577) ([djpremier](https://github.com/djpremier)) +- Revert "Fix unpermitted parameters warning" [\#1571](https://github.com/lynndylanhurley/devise_token_auth/pull/1571) ([MaicolBen](https://github.com/MaicolBen)) +- Fixed vulnerabilities [\#1569](https://github.com/lynndylanhurley/devise_token_auth/pull/1569) ([ryanfox1985](https://github.com/ryanfox1985)) +- Fix unpermitted parameters warning [\#1568](https://github.com/lynndylanhurley/devise_token_auth/pull/1568) ([remy727](https://github.com/remy727)) +- Update initializer template [\#1564](https://github.com/lynndylanhurley/devise_token_auth/pull/1564) ([djpremier](https://github.com/djpremier)) +- Allow omniauth redirect post method [\#1563](https://github.com/lynndylanhurley/devise_token_auth/pull/1563) ([florindiconescu](https://github.com/florindiconescu)) +- Avoid raising a RoutingError when confirming a user twice [\#1557](https://github.com/lynndylanhurley/devise_token_auth/pull/1557) ([micred](https://github.com/micred)) +- Add custom uid reference [\#1554](https://github.com/lynndylanhurley/devise_token_auth/pull/1554) ([florindiconescu](https://github.com/florindiconescu)) + +## [v1.2.1](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.1) (2022-09-10) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.0...v1.2.1) + +**Closed issues:** + +- registrations controller. tokens only for authenticated [\#1553](https://github.com/lynndylanhurley/devise_token_auth/issues/1553) +- Rails 7 support [\#1552](https://github.com/lynndylanhurley/devise_token_auth/issues/1552) +- Not working with any version of Rails 6 and 7 [\#1551](https://github.com/lynndylanhurley/devise_token_auth/issues/1551) +- Commit 1a0483fbd12583810f21eb320abfa8b768724774 makes \#\ [\#1538](https://github.com/lynndylanhurley/devise_token_auth/issues/1538) +- Rails 7 support? [\#1533](https://github.com/lynndylanhurley/devise_token_auth/issues/1533) +- Request: [\#1526](https://github.com/lynndylanhurley/devise_token_auth/issues/1526) +- Rails 7 Issue [\#1523](https://github.com/lynndylanhurley/devise_token_auth/issues/1523) +- Bearer Token Usage [\#1522](https://github.com/lynndylanhurley/devise_token_auth/issues/1522) +- Got "ActionDispatch::Request::Session::DisabledSessionError" [\#1521](https://github.com/lynndylanhurley/devise_token_auth/issues/1521) +- Travis CI migration or alternatives [\#1518](https://github.com/lynndylanhurley/devise_token_auth/issues/1518) +- Update dependency to support Rails 7.0.0.rc1 [\#1515](https://github.com/lynndylanhurley/devise_token_auth/issues/1515) +- Devise, devise\_auth\_token and activeadmin with 2 different models - Controller error [\#1512](https://github.com/lynndylanhurley/devise_token_auth/issues/1512) +- Paranoid mode still returning a distinguishable 404 responses [\#1510](https://github.com/lynndylanhurley/devise_token_auth/issues/1510) +- Invalid client with google-oauth2 [\#1499](https://github.com/lynndylanhurley/devise_token_auth/issues/1499) +- Concurrency issue? [\#1497](https://github.com/lynndylanhurley/devise_token_auth/issues/1497) +- Doesn't seem to follow Bearer Token authorization spec...? [\#1487](https://github.com/lynndylanhurley/devise_token_auth/issues/1487) +- Can we have a new version released? [\#1483](https://github.com/lynndylanhurley/devise_token_auth/issues/1483) +- Token invalidation after canceled request by the frontend app [\#1232](https://github.com/lynndylanhurley/devise_token_auth/issues/1232) +- FrozenError \(can't modify frozen Hash\) [\#1151](https://github.com/lynndylanhurley/devise_token_auth/issues/1151) +- Password Reset Links Invalidated After Being Clicked [\#1141](https://github.com/lynndylanhurley/devise_token_auth/issues/1141) +- Authorization Request Header Field? [\#902](https://github.com/lynndylanhurley/devise_token_auth/issues/902) +- jsonb token [\#841](https://github.com/lynndylanhurley/devise_token_auth/issues/841) + +**Merged pull requests:** + +- Remove bearer token if cookie\_enabled is true [\#1567](https://github.com/lynndylanhurley/devise_token_auth/pull/1567) ([rhiroshi](https://github.com/rhiroshi)) +- Update changelog [\#1555](https://github.com/lynndylanhurley/devise_token_auth/pull/1555) ([MaicolBen](https://github.com/MaicolBen)) +- Update ja.yml [\#1550](https://github.com/lynndylanhurley/devise_token_auth/pull/1550) ([RaziAhmad123](https://github.com/RaziAhmad123)) +- Fixed ja.yml because CI failed. [\#1547](https://github.com/lynndylanhurley/devise_token_auth/pull/1547) ([hatsu38](https://github.com/hatsu38)) +- Translate the unlocks, confirmations message into Japanese [\#1544](https://github.com/lynndylanhurley/devise_token_auth/pull/1544) ([hatsu38](https://github.com/hatsu38)) +- Set cookie token immediately in reset password and OmniAuth success flows [\#1542](https://github.com/lynndylanhurley/devise_token_auth/pull/1542) ([theblang](https://github.com/theblang)) +- Added 'Authorization' header with bearer token [\#1534](https://github.com/lynndylanhurley/devise_token_auth/pull/1534) ([rhiroshi](https://github.com/rhiroshi)) +- Fix Paranoid Status Codes [\#1524](https://github.com/lynndylanhurley/devise_token_auth/pull/1524) ([keithdoggett](https://github.com/keithdoggett)) +- add `previous\_token` [\#1520](https://github.com/lynndylanhurley/devise_token_auth/pull/1520) ([sudhanshug16](https://github.com/sudhanshug16)) +- Migrate to GitHub Actions [\#1519](https://github.com/lynndylanhurley/devise_token_auth/pull/1519) ([enomotodev](https://github.com/enomotodev)) +- Support Rails 7.0 [\#1517](https://github.com/lynndylanhurley/devise_token_auth/pull/1517) ([enomotodev](https://github.com/enomotodev)) +- \[bugfix\] omniauth: handle POST action redirects [\#1509](https://github.com/lynndylanhurley/devise_token_auth/pull/1509) ([lynndylanhurley](https://github.com/lynndylanhurley)) +- Fix the doc missing configure devise mail sender [\#1504](https://github.com/lynndylanhurley/devise_token_auth/pull/1504) ([hsonthach](https://github.com/hsonthach)) +- Fix callback if migrations fails [\#1502](https://github.com/lynndylanhurley/devise_token_auth/pull/1502) ([thooams](https://github.com/thooams)) +- wrap creation and save of token in a transaction [\#1498](https://github.com/lynndylanhurley/devise_token_auth/pull/1498) ([pascalbetz](https://github.com/pascalbetz)) +- Increase required ruby version to 2.3 [\#1495](https://github.com/lynndylanhurley/devise_token_auth/pull/1495) ([mcelicalderon](https://github.com/mcelicalderon)) +- Turn email validation process into class method [\#1494](https://github.com/lynndylanhurley/devise_token_auth/pull/1494) ([muratiger](https://github.com/muratiger)) +- Update faq.md [\#1493](https://github.com/lynndylanhurley/devise_token_auth/pull/1493) ([SUMAR7](https://github.com/SUMAR7)) + +## [v1.2.0](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.0) (2021-07-19) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.5...v1.2.0) + +**Implemented enhancements:** + +- Paranoid mode is non existent [\#1100](https://github.com/lynndylanhurley/devise_token_auth/issues/1100) + +**Closed issues:** + +- DeviseTokenAuth::Errors::InvalidModel [\#1485](https://github.com/lynndylanhurley/devise_token_auth/issues/1485) +- How not to update the headers when the api server returns a response with an error status [\#1476](https://github.com/lynndylanhurley/devise_token_auth/issues/1476) +- Does not install on Rails 6.1 and Ruby 2.7, fresh install [\#1475](https://github.com/lynndylanhurley/devise_token_auth/issues/1475) +- Devise::Models::Authenticatable::BLACKLIST\_FOR\_SERIALIZATION is deprecated [\#1474](https://github.com/lynndylanhurley/devise_token_auth/issues/1474) +- @token not assigned prior to delete/destory [\#1465](https://github.com/lynndylanhurley/devise_token_auth/issues/1465) +- Installing devise\_token\_auth on MacOS, rails conflict [\#1458](https://github.com/lynndylanhurley/devise_token_auth/issues/1458) +- Deprecation warning `connection\_config is deprecated and will be removed from Rails 6.2` when using Rails 6.1 [\#1451](https://github.com/lynndylanhurley/devise_token_auth/issues/1451) +- Trying to integrate with devise-multi\_email [\#1421](https://github.com/lynndylanhurley/devise_token_auth/issues/1421) +- Rails email change not send confirmation emaill [\#1338](https://github.com/lynndylanhurley/devise_token_auth/issues/1338) + +**Merged pull requests:** + +- Bump version to 1.2.0 [\#1492](https://github.com/lynndylanhurley/devise_token_auth/pull/1492) ([MaicolBen](https://github.com/MaicolBen)) +- Fix unescape and keyword parameters warning [\#1490](https://github.com/lynndylanhurley/devise_token_auth/pull/1490) ([muratiger](https://github.com/muratiger)) +- check password changed only when using password authentication [\#1486](https://github.com/lynndylanhurley/devise_token_auth/pull/1486) ([qiuyin](https://github.com/qiuyin)) +- Add new param FAQ [\#1481](https://github.com/lynndylanhurley/devise_token_auth/pull/1481) ([muratiger](https://github.com/muratiger)) +- fix mongoid detecting bug [\#1478](https://github.com/lynndylanhurley/devise_token_auth/pull/1478) ([qiuyin](https://github.com/qiuyin)) +- replace deprecated constant BLACKLIST\_FOR\_SERIALIZATION [\#1473](https://github.com/lynndylanhurley/devise_token_auth/pull/1473) ([prashant-kiwi](https://github.com/prashant-kiwi)) +- Workaround for cc-test-reporter with SimpleCov 0.18 [\#1472](https://github.com/lynndylanhurley/devise_token_auth/pull/1472) ([enomotodev](https://github.com/enomotodev)) +- Fix mongo setup in travis [\#1471](https://github.com/lynndylanhurley/devise_token_auth/pull/1471) ([MaicolBen](https://github.com/MaicolBen)) +- Use the same behavior than the deprecated URI.escape [\#1470](https://github.com/lynndylanhurley/devise_token_auth/pull/1470) ([MaicolBen](https://github.com/MaicolBen)) +- Replace URI::escape which was removed in Ruby 3 [\#1468](https://github.com/lynndylanhurley/devise_token_auth/pull/1468) ([alea12](https://github.com/alea12)) +- Update connection\_config to connection\_db\_config [\#1467](https://github.com/lynndylanhurley/devise_token_auth/pull/1467) ([melnik0v](https://github.com/melnik0v)) +- Fix docs/config/initialization.md [\#1464](https://github.com/lynndylanhurley/devise_token_auth/pull/1464) ([yoshitsugu](https://github.com/yoshitsugu)) +- Fix omniauth version until devise fixes omniauth requirement [\#1463](https://github.com/lynndylanhurley/devise_token_auth/pull/1463) ([MaicolBen](https://github.com/MaicolBen)) +- Add support for sending and receiving the auth token via a server cookie [\#1453](https://github.com/lynndylanhurley/devise_token_auth/pull/1453) ([theblang](https://github.com/theblang)) +- Ignore sync uid in case confirmable mail changed [\#1407](https://github.com/lynndylanhurley/devise_token_auth/pull/1407) ([pnghai](https://github.com/pnghai)) + +## [v1.1.5](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.5) (2020-12-08) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.4...v1.1.5) + +**Closed issues:** + +- Update dependency to support Rails 6.1/6.1.0.rc1 [\#1443](https://github.com/lynndylanhurley/devise_token_auth/issues/1443) +- undefined method `tokens' for \#\":String\) [\#1375](https://github.com/lynndylanhurley/devise_token_auth/issues/1375) +- mation\_instruction [\#1373](https://github.com/lynndylanhurley/devise_token_auth/issues/1373) +- Unpermitted parameter :session when signing in using javascript fetch [\#1361](https://github.com/lynndylanhurley/devise_token_auth/issues/1361) +- How do i authenticate with graphql-ruby? [\#1360](https://github.com/lynndylanhurley/devise_token_auth/issues/1360) +- Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable [\#1013](https://github.com/lynndylanhurley/devise_token_auth/issues/1013) + +**Merged pull requests:** + +- Enhancement: remove unnecessary statement in destroy session [\#1431](https://github.com/lynndylanhurley/devise_token_auth/pull/1431) ([martinjaimem](https://github.com/martinjaimem)) +- Update faq.md [\#1401](https://github.com/lynndylanhurley/devise_token_auth/pull/1401) ([mdjamal](https://github.com/mdjamal)) +- Update assign\_provider\_attrs to strip 'name' field [\#1398](https://github.com/lynndylanhurley/devise_token_auth/pull/1398) ([SpLouk](https://github.com/SpLouk)) +- Fix grammar [\#1396](https://github.com/lynndylanhurley/devise_token_auth/pull/1396) ([arku](https://github.com/arku)) +- \[Refactor\] fixed "not\_email" setting in ja.yml [\#1395](https://github.com/lynndylanhurley/devise_token_auth/pull/1395) ([eitches](https://github.com/eitches)) +- CI build fix: Pin to pry \< 0.13 for 2.3 support, workaround CodeClimate reporter issue [\#1393](https://github.com/lynndylanhurley/devise_token_auth/pull/1393) ([olleolleolle](https://github.com/olleolleolle)) +- Fix broken link [\#1392](https://github.com/lynndylanhurley/devise_token_auth/pull/1392) ([dlederle](https://github.com/dlederle)) +- Fix: Save user authentication token after email confirmation [\#1391](https://github.com/lynndylanhurley/devise_token_auth/pull/1391) ([gabrielbursztein2](https://github.com/gabrielbursztein2)) +- Fix token-type header key in testing example docs [\#1390](https://github.com/lynndylanhurley/devise_token_auth/pull/1390) ([goalaleo](https://github.com/goalaleo)) +- Issue - 1358 Argument error when converting token updated\_at using to… [\#1388](https://github.com/lynndylanhurley/devise_token_auth/pull/1388) ([saichander17](https://github.com/saichander17)) +- Validate that token is valid for patch request last token [\#1386](https://github.com/lynndylanhurley/devise_token_auth/pull/1386) ([ahmedmagdy711](https://github.com/ahmedmagdy711)) +- Fix docs/usage/reset\_password.md [\#1382](https://github.com/lynndylanhurley/devise_token_auth/pull/1382) ([K-Sato1995](https://github.com/K-Sato1995)) +- Fix missing polish and portugese missing translation errors [\#1377](https://github.com/lynndylanhurley/devise_token_auth/pull/1377) ([woochaq](https://github.com/woochaq)) +- \[Documentation\] write complete path for authentication\_test\_spec.rb [\#1376](https://github.com/lynndylanhurley/devise_token_auth/pull/1376) ([cprodhomme](https://github.com/cprodhomme)) +- Add case sensitive option required to prevent deprecation warning in … [\#1368](https://github.com/lynndylanhurley/devise_token_auth/pull/1368) ([niciliketo](https://github.com/niciliketo)) +- Add rails 6.0 config to travis [\#1366](https://github.com/lynndylanhurley/devise_token_auth/pull/1366) ([brateq](https://github.com/brateq)) +- Add docs for confirmation endpoint [\#1365](https://github.com/lynndylanhurley/devise_token_auth/pull/1365) ([brateq](https://github.com/brateq)) +- Remove Trackable option from generator [\#1362](https://github.com/lynndylanhurley/devise_token_auth/pull/1362) ([SugiKent](https://github.com/SugiKent)) +- Please merge again [\#1350](https://github.com/lynndylanhurley/devise_token_auth/pull/1350) ([exocode](https://github.com/exocode)) +- Fix dead link [\#1349](https://github.com/lynndylanhurley/devise_token_auth/pull/1349) ([tegandbiscuits](https://github.com/tegandbiscuits)) +- detect Mongoid \(till Mongoid will implement it\) [\#1348](https://github.com/lynndylanhurley/devise_token_auth/pull/1348) ([exocode](https://github.com/exocode)) +- feat\(oauth-apple\): support Sign in with Apple as a documented OmniAuth provider [\#1347](https://github.com/lynndylanhurley/devise_token_auth/pull/1347) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- Add Korean locale [\#1346](https://github.com/lynndylanhurley/devise_token_auth/pull/1346) ([ghost](https://github.com/ghost)) +- doc: remove duplicated test case on ./docs/usage/testing.md [\#1344](https://github.com/lynndylanhurley/devise_token_auth/pull/1344) ([miyataka](https://github.com/miyataka)) +- Fix to be able to use Devise::confirmable module [\#1343](https://github.com/lynndylanhurley/devise_token_auth/pull/1343) ([makicamel](https://github.com/makicamel)) +- repeat any query params after a fragment [\#1341](https://github.com/lynndylanhurley/devise_token_auth/pull/1341) ([colmben](https://github.com/colmben)) +- CI: Use ruby 2.4.7 [\#1337](https://github.com/lynndylanhurley/devise_token_auth/pull/1337) ([olleolleolle](https://github.com/olleolleolle)) + +# Change Log + ## [v1.2.2](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.2) (2023-06-11) [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.1...v1.2.2) @@ -3365,4 +3835,8 @@ - README and travis config tweaks [\#7](https://github.com/lynndylanhurley/devise_token_auth/pull/7) ([guilhermesimoes](https://github.com/guilhermesimoes)) +\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* + +\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* + \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* \ No newline at end of file diff --git a/lib/devise_token_auth/version.rb b/lib/devise_token_auth/version.rb index eba723898..1ef3b988b 100644 --- a/lib/devise_token_auth/version.rb +++ b/lib/devise_token_auth/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module DeviseTokenAuth - VERSION = '1.2.2'.freeze + VERSION = '1.2.3'.freeze end From 1d1f689a418292ba5cbe8dd13ccf13996b36d67c Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Wed, 15 May 2024 11:48:59 -0300 Subject: [PATCH 55/65] Revert "Update sqlite3 requirement from ~> 1.4 to ~> 2.0 (#1620)" (#1626) This reverts commit e9ff5e61bf0f23b71bd04eb4593afd328dcf5733. --- devise_token_auth.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devise_token_auth.gemspec b/devise_token_auth.gemspec index 8715a483c..ea1e24b0d 100644 --- a/devise_token_auth.gemspec +++ b/devise_token_auth.gemspec @@ -27,7 +27,7 @@ Gem::Specification.new do |s| s.add_dependency 'bcrypt', '~> 3.0' s.add_development_dependency 'appraisal' - s.add_development_dependency 'sqlite3', '~> 2.0' + s.add_development_dependency 'sqlite3', '~> 1.4' s.add_development_dependency 'pg' s.add_development_dependency 'mysql2' s.add_development_dependency 'mongoid', '>= 4', '< 8' From 95b7b91beddc6bff09ffc0d4e3a143e8f73cf606 Mon Sep 17 00:00:00 2001 From: Ali Behnamfard Date: Fri, 24 May 2024 00:58:52 +0330 Subject: [PATCH 56/65] Add Persian locale (#1627) --- config/locales/fa.yml | 60 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 config/locales/fa.yml diff --git a/config/locales/fa.yml b/config/locales/fa.yml new file mode 100644 index 000000000..a49ed726d --- /dev/null +++ b/config/locales/fa.yml @@ -0,0 +1,60 @@ +fa: + devise_token_auth: + sessions: + not_confirmed: "یک ایمیل تأیید به حساب شما در '%{email}' ارسال شده است. شما باید دستورالعمل‌های موجود در ایمیل را دنبال کنید تا حساب شما فعال شود." + bad_credentials: "اطلاعات ورود نامعتبر است. لطفاً دوباره تلاش کنید." + not_supported: "برای ورود از POST /sign_in استفاده کنید. GET پشتیبانی نمی‌شود." + user_not_found: "کاربر پیدا نشد یا وارد نشده است." + token_validations: + invalid: "اطلاعات ورود نامعتبر است." + registrations: + missing_confirm_success_url: "پارامتر 'confirm_success_url' موجود نیست." + redirect_url_not_allowed: "انتقال به '%{redirect_url}' مجاز نیست." + email_already_exists: "یک حساب برای '%{email}' قبلاً وجود دارد." + account_with_uid_destroyed: "حساب با UID '%{uid}' حذف شده است." + account_to_destroy_not_found: "نمی‌توان حساب را برای حذف پیدا کرد." + user_not_found: "کاربر پیدا نشد." + omniauth: + not_allowed_redirect_url: "انتقال به '%{redirect_url}' مجاز نیست." + passwords: + missing_email: "شما باید یک آدرس ایمیل ارائه دهید." + missing_redirect_url: "آدرس انتقال موجود نیست." + not_allowed_redirect_url: "انتقال به '%{redirect_url}' مجاز نیست." + sended: "یک ایمیل به '%{email}' ارسال شده است که شامل دستورالعمل‌های بازنشانی رمز عبور شما است." + sended_paranoid: "اگر آدرس ایمیل شما در پایگاه داده ما وجود داشته باشد، در چند دقیقه یک لینک بازیابی رمز عبور به آدرس ایمیل شما ارسال خواهد شد." + user_not_found: "نمی‌توان کاربری با ایمیل '%{email}' پیدا کرد." + password_not_required: "این حساب نیازی به رمز عبور ندارد. به جای آن با حساب '%{provider}' خود وارد شوید." + missing_passwords: "شما باید فیلدهای 'رمز عبور' و 'تأیید رمز عبور' را پر کنید." + successfully_updated: "رمز عبور شما با موفقیت به‌روزرسانی شد." + unlocks: + missing_email: "شما باید یک آدرس ایمیل ارائه دهید." + sended: "یک ایمیل به '%{email}' ارسال شده است که شامل دستورالعمل‌های باز کردن حساب شما است." + sended_paranoid: "اگر حساب شما وجود داشته باشد، در چند دقیقه یک ایمیل با دستورالعمل‌های باز کردن حساب شما ارسال خواهد شد." + user_not_found: "نمی‌توان کاربری با ایمیل '%{email}' پیدا کرد." + confirmations: + sended: "یک ایمیل به '%{email}' ارسال شده است که شامل دستورالعمل‌های تأیید حساب شما است." + sended_paranoid: "اگر آدرس ایمیل شما در پایگاه داده ما وجود داشته باشد، در چند دقیقه یک ایمیل با دستورالعمل‌های تأیید آدرس ایمیل شما ارسال خواهد شد." + user_not_found: "نمی‌توان کاربری با ایمیل '%{email}' پیدا کرد." + missing_email: "شما باید یک آدرس ایمیل ارائه دهید." + + errors: + messages: + validate_sign_up_params: "لطفاً داده‌های صحیح ثبت نام را در بدنه درخواست ارسال کنید." + validate_account_update_params: "لطفاً داده‌های صحیح به‌روزرسانی حساب را در بدنه درخواست ارسال کنید." + not_email: "یک ایمیل نیست" + devise: + mailer: + confirmation_instructions: + confirm_link_msg: "شما می‌توانید ایمیل حساب خود را از طریق لینک زیر تأیید کنید:" + confirm_account_link: "تأیید حساب من" + reset_password_instructions: + request_reset_link_msg: "شخصی درخواست یک لینک برای تغییر رمز عبور شما کرده است. شما می‌توانید این کار را از طریق لینک زیر انجام دهید." + password_change_link: "تغییر رمز عبور من" + ignore_mail_msg: "اگر شما این درخواست را نکرده‌اید، لطفاً این ایمیل را نادیده بگیرید." + no_changes_msg: "رمز عبور شما تغییر نخواهد کرد تا زمانی که به لینک بالا دسترسی پیدا کنید و یک رمز عبور جدید ایجاد کنید." + unlock_instructions: + account_lock_msg: "حساب شما به دلیل تعداد زیادی تلاش ناموفق برای ورود قفل شده است." + unlock_link_msg: "برای باز کردن حساب خود، روی لینک زیر کلیک کنید:" + unlock_link: "باز کردن حساب من" + hello: "سلام" + welcome: "خوش آمدید" From fe8dd5523a956da740efb371c2a3ae7964995146 Mon Sep 17 00:00:00 2001 From: K-Sato Date: Tue, 4 Jun 2024 11:55:48 +0900 Subject: [PATCH 57/65] Delete dead links in the documentation (#1353) Deleted dead links --- docs/config/initialization.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/config/initialization.md b/docs/config/initialization.md index bc7380ee1..f8fcc4ea4 100644 --- a/docs/config/initialization.md +++ b/docs/config/initialization.md @@ -2,13 +2,14 @@ The following settings are available for configuration in `config/initializers/devise_token_auth.rb`: + | Name (default) | Description| |---|---| -| **`change_headers_on_each_request`** (`true`) | By default the access-token header will change after each request. The client is responsible for keeping track of the changing tokens. Both [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) and [jToker](https://github.com/lynndylanhurley/j-toker) do this out of the box. While this implementation is more secure, it can be difficult to manage. Set this to false to prevent the `access-token` header from changing after each request. [Read more](/conceptual#about-token-management). | +| **`change_headers_on_each_request`** (`true`) | By default the access-token header will change after each request. The client is responsible for keeping track of the changing tokens. Both [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) and [jToker](https://github.com/lynndylanhurley/j-toker) do this out of the box. While this implementation is more secure, it can be difficult to manage. Set this to false to prevent the `access-token` header from changing after each request. | | **`token_lifespan`** (`2.weeks`) | Set the length of your tokens' lifespans. Users will need to re-authenticate after this duration of time has passed since their last login. | | **`token_cost`** (`10`) | Set the cost of your tokens' cost. The possible cost value is within range from 4 to 31. It is recommended to not use a value more than 10. For details see [BCrypt Cost Factors](https://github.com/codahale/bcrypt-ruby#cost-factors). | -| **`batch_request_buffer_throttle`** (`5.seconds`) | Sometimes it's necessary to make several requests to the API at the same time. In this case, each request in the batch will need to share the same auth token. This setting determines how far apart the requests can be while still using the same auth token. [Read more](conceptual#about-batch-requests). | -| **`omniauth_prefix`** (`"/omniauth"`) | This route will be the prefix for all oauth2 redirect callbacks. For example, using the default '/omniauth' setting, the github oauth2 provider will redirect successful authentications to '/omniauth/github/callback'. [Read more](#omniauth-provider-settings). | +| **`batch_request_buffer_throttle`** (`5.seconds`) | Sometimes it's necessary to make several requests to the API at the same time. In this case, each request in the batch will need to share the same auth token. This setting determines how far apart the requests can be while still using the same auth token.| +| **`omniauth_prefix`** (`"/omniauth"`) | This route will be the prefix for all oauth2 redirect callbacks. For example, using the default '/omniauth' setting, the github oauth2 provider will redirect successful authentications to '/omniauth/github/callback'. | | **`default_confirm_success_url`** (`nil`) | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful email confirmation. If this param is set, the API will redirect to this value when no value is provided by the client. | | **`default_password_reset_url`** (`nil`) | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful password resets. If this param is set, the API will redirect to this value when no value is provided by the client. | | **`redirect_whitelist`** (`nil`) | As an added security measure, you can limit the URLs to which the API will redirect after email token validation (password reset, email confirmation, etc.). This value should be an array containing matches to the client URLs to be visited after validation. Wildcards are supported. | From 21929ef916e13803986aa65e29bb6bc82d92b85e Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Fri, 5 Jul 2024 14:55:31 -0700 Subject: [PATCH 58/65] Support rails 7.2 (#1632) --- devise_token_auth.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devise_token_auth.gemspec b/devise_token_auth.gemspec index ea1e24b0d..531ef2788 100644 --- a/devise_token_auth.gemspec +++ b/devise_token_auth.gemspec @@ -22,7 +22,7 @@ Gem::Specification.new do |s| s.required_ruby_version = ">= 2.3.0" - s.add_dependency 'rails', '>= 4.2.0', '< 7.2' + s.add_dependency 'rails', '>= 4.2.0', '< 7.3' s.add_dependency 'devise', '> 3.5.2', '< 5' s.add_dependency 'bcrypt', '~> 3.0' From 812711e4776f2eab2de8a057bd5befc023fb666b Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Sat, 13 Jul 2024 05:50:57 -0700 Subject: [PATCH 59/65] Remove broken demos (#1633) --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 4b32164c8..ce0133c9e 100644 --- a/README.md +++ b/README.md @@ -70,12 +70,8 @@ We have some bounties for some issues, [check them out](https://github.com/lynnd ## Live Demos -[Here is a demo](http://ng-token-auth-demo.herokuapp.com/) of this app running with the [ng-token-auth](https://github.com/lynndylanhurley/ng-token-auth) module and [AngularJS](https://github.com/angular/angular.js). - [Here is a demo](https://stackblitz.com/github/neroniaky/angular-token) of this app running with the [Angular-Token](https://github.com/neroniaky/angular-token) service and [Angular](https://github.com/angular/angular). -[Here is a demo](https://j-toker-demo.herokuapp.com/) of this app using the [jToker](https://github.com/lynndylanhurley/j-toker) plugin and [React](http://facebook.github.io/react/). - The fully configured api used in these demos can be found [here](https://github.com/lynndylanhurley/devise_token_auth_demo). From 49d8a84e4c19a18889c59ed92302d838c8421741 Mon Sep 17 00:00:00 2001 From: Nikita Skalkin Date: Mon, 21 Oct 2024 13:19:49 +0200 Subject: [PATCH 60/65] fix: point to the correct documentation page (#1634) --- docs/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/security.md b/docs/security.md index c10d3dddf..20b0a8f84 100644 --- a/docs/security.md +++ b/docs/security.md @@ -3,7 +3,7 @@ This gem takes the following steps to ensure security. This gem uses auth tokens that are: -* [changed after every request](/docs/conceptual.md#about-token-management) (can be [turned off](https://github.com/lynndylanhurley/devise_token_auth/#initializer-settings)), +* [changed after every request](/docs/conceptual.md#about-token-management) (can be [turned off](https://devise-token-auth.gitbook.io/devise-token-auth/config/initialization)), * [of cryptographic strength](https://ruby-doc.org/stdlib-2.1.0/libdoc/securerandom/rdoc/SecureRandom.html), * hashed using [BCrypt](https://github.com/codahale/bcrypt-ruby) (not stored in plain-text), * securely compared (to protect against timing attacks), From 146773a62a7a94c9d233825023c8982749f11114 Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Mon, 21 Oct 2024 08:31:54 -0300 Subject: [PATCH 61/65] Bump version to 1.2.4 (#1638) --- CHANGELOG.md | 692 ++----------------------------- lib/devise_token_auth/version.rb | 2 +- 2 files changed, 42 insertions(+), 652 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 26b0364b9..600331530 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,476 +1,46 @@ -# Change Log - -## [v1.2.3](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.3) (2023-11-13) -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.2...v1.2.3) - -**Merged pull requests:** - -- Fix Rails version comparison [\#1614](https://github.com/lynndylanhurley/devise_token_auth/pull/1614) ([santib](https://github.com/santib)) -- Fix registration spec failure [\#1613](https://github.com/lynndylanhurley/devise_token_auth/pull/1613) ([MaicolBen](https://github.com/MaicolBen)) -- Fixes 'redirect\_options' addition for 'redirect\_to' in confirmations [\#1612](https://github.com/lynndylanhurley/devise_token_auth/pull/1612) ([kaekasui](https://github.com/kaekasui)) -- Faker safe\_email -\> email [\#1607](https://github.com/lynndylanhurley/devise_token_auth/pull/1607) ([hatsu38](https://github.com/hatsu38)) -- Support for writing style deprecated in 7.1 and removed in 7.2 [\#1606](https://github.com/lynndylanhurley/devise_token_auth/pull/1606) ([hatsu38](https://github.com/hatsu38)) -- Bump to 1.2.2 [\#1602](https://github.com/lynndylanhurley/devise_token_auth/pull/1602) ([MaicolBen](https://github.com/MaicolBen)) - -## [v1.2.2](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.2) (2023-06-11) -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.1...v1.2.2) - -**Closed issues:** - -- keep getting a 401 on overriden create devise [\#1598](https://github.com/lynndylanhurley/devise_token_auth/issues/1598) -- Method sign\_in called with incorrect paramenters [\#1585](https://github.com/lynndylanhurley/devise_token_auth/issues/1585) -- Release latest version, there are too many fixes in the master waiting to be released [\#1560](https://github.com/lynndylanhurley/devise_token_auth/issues/1560) -- NoMethodError: undefined method `downcase' for nil:NilClass [\#1540](https://github.com/lynndylanhurley/devise_token_auth/issues/1540) -- Confirming an already confirmed user -- still not quite working. [\#1123](https://github.com/lynndylanhurley/devise_token_auth/issues/1123) -- Email confirmation route [\#1110](https://github.com/lynndylanhurley/devise_token_auth/issues/1110) - -**Merged pull requests:** - -- Don't leak information about the existence of accounts in SessionsController [\#1600](https://github.com/lynndylanhurley/devise_token_auth/pull/1600) ([moritzhoeppner](https://github.com/moritzhoeppner)) -- Update faker requirement from ~\> 2.16 to ~\> 3.2 [\#1593](https://github.com/lynndylanhurley/devise_token_auth/pull/1593) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Update mongoid-locker requirement from ~\> 1.0 to ~\> 2.0 [\#1592](https://github.com/lynndylanhurley/devise_token_auth/pull/1592) ([dependabot[bot]](https://github.com/apps/dependabot)) -- dependencies/dependabot configuration [\#1590](https://github.com/lynndylanhurley/devise_token_auth/pull/1590) ([jotolo](https://github.com/jotolo)) -- Remove sprockets [\#1589](https://github.com/lynndylanhurley/devise_token_auth/pull/1589) ([MaicolBen](https://github.com/MaicolBen)) -- update/test configuration Rails7 and mongoid7 [\#1588](https://github.com/lynndylanhurley/devise_token_auth/pull/1588) ([jotolo](https://github.com/jotolo)) -- brakeman vulnaribility UnsafeReflection. [\#1587](https://github.com/lynndylanhurley/devise_token_auth/pull/1587) ([ryanfox1985](https://github.com/ryanfox1985)) -- Method sign\_in with wrong parameters [\#1586](https://github.com/lynndylanhurley/devise_token_auth/pull/1586) ([lazaronixon](https://github.com/lazaronixon)) -- update/Ruby 3.x and Rails 7.0 [\#1584](https://github.com/lynndylanhurley/devise_token_auth/pull/1584) ([jotolo](https://github.com/jotolo)) -- Add support for ruby 3 & fix test suite [\#1582](https://github.com/lynndylanhurley/devise_token_auth/pull/1582) ([MaicolBen](https://github.com/MaicolBen)) -- chore: add vanilla-token-auth to client list [\#1578](https://github.com/lynndylanhurley/devise_token_auth/pull/1578) ([theblang](https://github.com/theblang)) -- 🐛 Not update cookies when is a batch request [\#1577](https://github.com/lynndylanhurley/devise_token_auth/pull/1577) ([djpremier](https://github.com/djpremier)) -- Revert "Fix unpermitted parameters warning" [\#1571](https://github.com/lynndylanhurley/devise_token_auth/pull/1571) ([MaicolBen](https://github.com/MaicolBen)) -- Fixed vulnerabilities [\#1569](https://github.com/lynndylanhurley/devise_token_auth/pull/1569) ([ryanfox1985](https://github.com/ryanfox1985)) -- Fix unpermitted parameters warning [\#1568](https://github.com/lynndylanhurley/devise_token_auth/pull/1568) ([remy727](https://github.com/remy727)) -- Remove bearer token if cookie\_enabled is true [\#1567](https://github.com/lynndylanhurley/devise_token_auth/pull/1567) ([rhiroshi](https://github.com/rhiroshi)) -- Update initializer template [\#1564](https://github.com/lynndylanhurley/devise_token_auth/pull/1564) ([djpremier](https://github.com/djpremier)) -- Allow omniauth redirect post method [\#1563](https://github.com/lynndylanhurley/devise_token_auth/pull/1563) ([florindiconescu](https://github.com/florindiconescu)) -- Avoid raising a RoutingError when confirming a user twice [\#1557](https://github.com/lynndylanhurley/devise_token_auth/pull/1557) ([micred](https://github.com/micred)) - -## [v1.2.1](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.1) (2022-09-10) -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.0...v1.2.1) - -**Closed issues:** - -- registrations controller. tokens only for authenticated [\#1553](https://github.com/lynndylanhurley/devise_token_auth/issues/1553) -- Rails 7 support [\#1552](https://github.com/lynndylanhurley/devise_token_auth/issues/1552) -- Not working with any version of Rails 6 and 7 [\#1551](https://github.com/lynndylanhurley/devise_token_auth/issues/1551) -- Commit 1a0483fbd12583810f21eb320abfa8b768724774 makes \#\ [\#1538](https://github.com/lynndylanhurley/devise_token_auth/issues/1538) -- Rails 7 support? [\#1533](https://github.com/lynndylanhurley/devise_token_auth/issues/1533) -- Request: [\#1526](https://github.com/lynndylanhurley/devise_token_auth/issues/1526) -- Rails 7 Issue [\#1523](https://github.com/lynndylanhurley/devise_token_auth/issues/1523) -- Bearer Token Usage [\#1522](https://github.com/lynndylanhurley/devise_token_auth/issues/1522) -- Got "ActionDispatch::Request::Session::DisabledSessionError" [\#1521](https://github.com/lynndylanhurley/devise_token_auth/issues/1521) -- Travis CI migration or alternatives [\#1518](https://github.com/lynndylanhurley/devise_token_auth/issues/1518) -- Update dependency to support Rails 7.0.0.rc1 [\#1515](https://github.com/lynndylanhurley/devise_token_auth/issues/1515) -- Devise, devise\_auth\_token and activeadmin with 2 different models - Controller error [\#1512](https://github.com/lynndylanhurley/devise_token_auth/issues/1512) -- Paranoid mode still returning a distinguishable 404 responses [\#1510](https://github.com/lynndylanhurley/devise_token_auth/issues/1510) -- Invalid client with google-oauth2 [\#1499](https://github.com/lynndylanhurley/devise_token_auth/issues/1499) -- Concurrency issue? [\#1497](https://github.com/lynndylanhurley/devise_token_auth/issues/1497) -- Doesn't seem to follow Bearer Token authorization spec...? [\#1487](https://github.com/lynndylanhurley/devise_token_auth/issues/1487) -- Can we have a new version released? [\#1483](https://github.com/lynndylanhurley/devise_token_auth/issues/1483) -- Token invalidation after canceled request by the frontend app [\#1232](https://github.com/lynndylanhurley/devise_token_auth/issues/1232) -- FrozenError \(can't modify frozen Hash\) [\#1151](https://github.com/lynndylanhurley/devise_token_auth/issues/1151) -- Password Reset Links Invalidated After Being Clicked [\#1141](https://github.com/lynndylanhurley/devise_token_auth/issues/1141) -- Authorization Request Header Field? [\#902](https://github.com/lynndylanhurley/devise_token_auth/issues/902) -- jsonb token [\#841](https://github.com/lynndylanhurley/devise_token_auth/issues/841) - -**Merged pull requests:** - -- add redirect\_to options for rails7 allow\_other\_host [\#1599](https://github.com/lynndylanhurley/devise_token_auth/pull/1599) ([ihatov08](https://github.com/ihatov08)) -- Update changelog [\#1555](https://github.com/lynndylanhurley/devise_token_auth/pull/1555) ([MaicolBen](https://github.com/MaicolBen)) -- Add custom uid reference [\#1554](https://github.com/lynndylanhurley/devise_token_auth/pull/1554) ([florindiconescu](https://github.com/florindiconescu)) -- Update ja.yml [\#1550](https://github.com/lynndylanhurley/devise_token_auth/pull/1550) ([RaziAhmad123](https://github.com/RaziAhmad123)) -- Fixed ja.yml because CI failed. [\#1547](https://github.com/lynndylanhurley/devise_token_auth/pull/1547) ([hatsu38](https://github.com/hatsu38)) -- Translate the unlocks, confirmations message into Japanese [\#1544](https://github.com/lynndylanhurley/devise_token_auth/pull/1544) ([hatsu38](https://github.com/hatsu38)) -- Set cookie token immediately in reset password and OmniAuth success flows [\#1542](https://github.com/lynndylanhurley/devise_token_auth/pull/1542) ([theblang](https://github.com/theblang)) -- Added 'Authorization' header with bearer token [\#1534](https://github.com/lynndylanhurley/devise_token_auth/pull/1534) ([rhiroshi](https://github.com/rhiroshi)) -- add `previous\_token` [\#1520](https://github.com/lynndylanhurley/devise_token_auth/pull/1520) ([sudhanshug16](https://github.com/sudhanshug16)) -- Migrate to GitHub Actions [\#1519](https://github.com/lynndylanhurley/devise_token_auth/pull/1519) ([enomotodev](https://github.com/enomotodev)) -- Support Rails 7.0 [\#1517](https://github.com/lynndylanhurley/devise_token_auth/pull/1517) ([enomotodev](https://github.com/enomotodev)) -- \[bugfix\] omniauth: handle POST action redirects [\#1509](https://github.com/lynndylanhurley/devise_token_auth/pull/1509) ([lynndylanhurley](https://github.com/lynndylanhurley)) -- Fix the doc missing configure devise mail sender [\#1504](https://github.com/lynndylanhurley/devise_token_auth/pull/1504) ([hsonthach](https://github.com/hsonthach)) -- Fix callback if migrations fails [\#1502](https://github.com/lynndylanhurley/devise_token_auth/pull/1502) ([thooams](https://github.com/thooams)) -- wrap creation and save of token in a transaction [\#1498](https://github.com/lynndylanhurley/devise_token_auth/pull/1498) ([pascalbetz](https://github.com/pascalbetz)) -- Increase required ruby version to 2.3 [\#1495](https://github.com/lynndylanhurley/devise_token_auth/pull/1495) ([mcelicalderon](https://github.com/mcelicalderon)) -- Turn email validation process into class method [\#1494](https://github.com/lynndylanhurley/devise_token_auth/pull/1494) ([muratiger](https://github.com/muratiger)) -- Update faq.md [\#1493](https://github.com/lynndylanhurley/devise_token_auth/pull/1493) ([SUMAR7](https://github.com/SUMAR7)) - -## [v1.2.0](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.0) (2021-07-19) -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.5...v1.2.0) - -**Implemented enhancements:** - -- Paranoid mode is non existent [\#1100](https://github.com/lynndylanhurley/devise_token_auth/issues/1100) -- Add paranoid mode [\#1378](https://github.com/lynndylanhurley/devise_token_auth/pull/1378) ([luisalima](https://github.com/luisalima)) - -**Closed issues:** - -- DeviseTokenAuth::Errors::InvalidModel [\#1485](https://github.com/lynndylanhurley/devise_token_auth/issues/1485) -- How not to update the headers when the api server returns a response with an error status [\#1476](https://github.com/lynndylanhurley/devise_token_auth/issues/1476) -- Does not install on Rails 6.1 and Ruby 2.7, fresh install [\#1475](https://github.com/lynndylanhurley/devise_token_auth/issues/1475) -- Devise::Models::Authenticatable::BLACKLIST\_FOR\_SERIALIZATION is deprecated [\#1474](https://github.com/lynndylanhurley/devise_token_auth/issues/1474) -- @token not assigned prior to delete/destory [\#1465](https://github.com/lynndylanhurley/devise_token_auth/issues/1465) -- Installing devise\_token\_auth on MacOS, rails conflict [\#1458](https://github.com/lynndylanhurley/devise_token_auth/issues/1458) -- Deprecation warning `connection\_config is deprecated and will be removed from Rails 6.2` when using Rails 6.1 [\#1451](https://github.com/lynndylanhurley/devise_token_auth/issues/1451) -- Trying to integrate with devise-multi\_email [\#1421](https://github.com/lynndylanhurley/devise_token_auth/issues/1421) -- Rails email change not send confirmation emaill [\#1338](https://github.com/lynndylanhurley/devise_token_auth/issues/1338) - -**Merged pull requests:** - -- Fix Paranoid Status Codes [\#1524](https://github.com/lynndylanhurley/devise_token_auth/pull/1524) ([keithdoggett](https://github.com/keithdoggett)) -- Bump version to 1.2.0 [\#1492](https://github.com/lynndylanhurley/devise_token_auth/pull/1492) ([MaicolBen](https://github.com/MaicolBen)) -- Fix unescape and keyword parameters warning [\#1490](https://github.com/lynndylanhurley/devise_token_auth/pull/1490) ([muratiger](https://github.com/muratiger)) -- check password changed only when using password authentication [\#1486](https://github.com/lynndylanhurley/devise_token_auth/pull/1486) ([qiuyin](https://github.com/qiuyin)) -- Add new param FAQ [\#1481](https://github.com/lynndylanhurley/devise_token_auth/pull/1481) ([muratiger](https://github.com/muratiger)) -- fix mongoid detecting bug [\#1478](https://github.com/lynndylanhurley/devise_token_auth/pull/1478) ([qiuyin](https://github.com/qiuyin)) -- replace deprecated constant BLACKLIST\_FOR\_SERIALIZATION [\#1473](https://github.com/lynndylanhurley/devise_token_auth/pull/1473) ([prashant-kiwi](https://github.com/prashant-kiwi)) -- Workaround for cc-test-reporter with SimpleCov 0.18 [\#1472](https://github.com/lynndylanhurley/devise_token_auth/pull/1472) ([enomotodev](https://github.com/enomotodev)) -- Fix mongo setup in travis [\#1471](https://github.com/lynndylanhurley/devise_token_auth/pull/1471) ([MaicolBen](https://github.com/MaicolBen)) -- Use the same behavior than the deprecated URI.escape [\#1470](https://github.com/lynndylanhurley/devise_token_auth/pull/1470) ([MaicolBen](https://github.com/MaicolBen)) -- Replace URI::escape which was removed in Ruby 3 [\#1468](https://github.com/lynndylanhurley/devise_token_auth/pull/1468) ([alea12](https://github.com/alea12)) -- Update connection\_config to connection\_db\_config [\#1467](https://github.com/lynndylanhurley/devise_token_auth/pull/1467) ([melnik0v](https://github.com/melnik0v)) -- Fix docs/config/initialization.md [\#1464](https://github.com/lynndylanhurley/devise_token_auth/pull/1464) ([yoshitsugu](https://github.com/yoshitsugu)) -- Fix omniauth version until devise fixes omniauth requirement [\#1463](https://github.com/lynndylanhurley/devise_token_auth/pull/1463) ([MaicolBen](https://github.com/MaicolBen)) -- Add support for sending and receiving the auth token via a server cookie [\#1453](https://github.com/lynndylanhurley/devise_token_auth/pull/1453) ([theblang](https://github.com/theblang)) -- Fix critical error on registration with confirmation mode [\#1447](https://github.com/lynndylanhurley/devise_token_auth/pull/1447) ([pnghai](https://github.com/pnghai)) - -## [v1.1.5](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.5) (2020-12-08) -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.4...v1.1.5) - -**Closed issues:** - -- Update dependency to support Rails 6.1/6.1.0.rc1 [\#1443](https://github.com/lynndylanhurley/devise_token_auth/issues/1443) -- undefined method `tokens' for \#\":String\) [\#1375](https://github.com/lynndylanhurley/devise_token_auth/issues/1375) -- mation\_instruction [\#1373](https://github.com/lynndylanhurley/devise_token_auth/issues/1373) -- Unpermitted parameter :session when signing in using javascript fetch [\#1361](https://github.com/lynndylanhurley/devise_token_auth/issues/1361) -- How do i authenticate with graphql-ruby? [\#1360](https://github.com/lynndylanhurley/devise_token_auth/issues/1360) -- Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable [\#1013](https://github.com/lynndylanhurley/devise_token_auth/issues/1013) - -**Merged pull requests:** - -- Update faq.md [\#1439](https://github.com/lynndylanhurley/devise_token_auth/pull/1439) ([sizief](https://github.com/sizief)) -- Update faq.md [\#1401](https://github.com/lynndylanhurley/devise_token_auth/pull/1401) ([mdjamal](https://github.com/mdjamal)) -- Update assign\_provider\_attrs to strip 'name' field [\#1398](https://github.com/lynndylanhurley/devise_token_auth/pull/1398) ([SpLouk](https://github.com/SpLouk)) -- Fix grammar [\#1396](https://github.com/lynndylanhurley/devise_token_auth/pull/1396) ([arku](https://github.com/arku)) -- \[Refactor\] fixed "not\_email" setting in ja.yml [\#1395](https://github.com/lynndylanhurley/devise_token_auth/pull/1395) ([eitches](https://github.com/eitches)) -- CI build fix: Pin to pry \< 0.13 for 2.3 support, workaround CodeClimate reporter issue [\#1393](https://github.com/lynndylanhurley/devise_token_auth/pull/1393) ([olleolleolle](https://github.com/olleolleolle)) -- Fix broken link [\#1392](https://github.com/lynndylanhurley/devise_token_auth/pull/1392) ([dlederle](https://github.com/dlederle)) -- Fix: Save user authentication token after email confirmation [\#1391](https://github.com/lynndylanhurley/devise_token_auth/pull/1391) ([gabrielbursztein2](https://github.com/gabrielbursztein2)) -- Fix token-type header key in testing example docs [\#1390](https://github.com/lynndylanhurley/devise_token_auth/pull/1390) ([goalaleo](https://github.com/goalaleo)) -- Issue - 1358 Argument error when converting token updated\_at using to… [\#1388](https://github.com/lynndylanhurley/devise_token_auth/pull/1388) ([saichander17](https://github.com/saichander17)) -- Validate that token is valid for patch request last token [\#1386](https://github.com/lynndylanhurley/devise_token_auth/pull/1386) ([ahmedmagdy711](https://github.com/ahmedmagdy711)) -- Fix docs/usage/reset\_password.md [\#1382](https://github.com/lynndylanhurley/devise_token_auth/pull/1382) ([K-Sato1995](https://github.com/K-Sato1995)) -- Fix missing polish and portugese missing translation errors [\#1377](https://github.com/lynndylanhurley/devise_token_auth/pull/1377) ([woochaq](https://github.com/woochaq)) -- \[Documentation\] write complete path for authentication\_test\_spec.rb [\#1376](https://github.com/lynndylanhurley/devise_token_auth/pull/1376) ([cprodhomme](https://github.com/cprodhomme)) -- Add case sensitive option required to prevent deprecation warning in … [\#1368](https://github.com/lynndylanhurley/devise_token_auth/pull/1368) ([niciliketo](https://github.com/niciliketo)) -- Add rails 6.0 config to travis [\#1366](https://github.com/lynndylanhurley/devise_token_auth/pull/1366) ([brateq](https://github.com/brateq)) -- Add docs for confirmation endpoint [\#1365](https://github.com/lynndylanhurley/devise_token_auth/pull/1365) ([brateq](https://github.com/brateq)) -- Remove Trackable option from generator [\#1362](https://github.com/lynndylanhurley/devise_token_auth/pull/1362) ([SugiKent](https://github.com/SugiKent)) -- Please merge again [\#1350](https://github.com/lynndylanhurley/devise_token_auth/pull/1350) ([exocode](https://github.com/exocode)) -- Fix dead link [\#1349](https://github.com/lynndylanhurley/devise_token_auth/pull/1349) ([tegandbiscuits](https://github.com/tegandbiscuits)) -- detect Mongoid \(till Mongoid will implement it\) [\#1348](https://github.com/lynndylanhurley/devise_token_auth/pull/1348) ([exocode](https://github.com/exocode)) -- feat\(oauth-apple\): support Sign in with Apple as a documented OmniAuth provider [\#1347](https://github.com/lynndylanhurley/devise_token_auth/pull/1347) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Add Korean locale [\#1346](https://github.com/lynndylanhurley/devise_token_auth/pull/1346) ([ghost](https://github.com/ghost)) -- doc: remove duplicated test case on ./docs/usage/testing.md [\#1344](https://github.com/lynndylanhurley/devise_token_auth/pull/1344) ([miyataka](https://github.com/miyataka)) -- Fix to be able to use Devise::confirmable module [\#1343](https://github.com/lynndylanhurley/devise_token_auth/pull/1343) ([makicamel](https://github.com/makicamel)) -- repeat any query params after a fragment [\#1341](https://github.com/lynndylanhurley/devise_token_auth/pull/1341) ([colmben](https://github.com/colmben)) - -# Change Log - -## [Unreleased](https://github.com/lynndylanhurley/devise_token_auth/tree/HEAD) - -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.2...HEAD) - -**Merged pull requests:** - -- Fix Rails version comparison [\#1614](https://github.com/lynndylanhurley/devise_token_auth/pull/1614) ([santib](https://github.com/santib)) -- Fix registration spec failure [\#1613](https://github.com/lynndylanhurley/devise_token_auth/pull/1613) ([MaicolBen](https://github.com/MaicolBen)) -- Fixes 'redirect\_options' addition for 'redirect\_to' in confirmations [\#1612](https://github.com/lynndylanhurley/devise_token_auth/pull/1612) ([kaekasui](https://github.com/kaekasui)) -- Faker safe\_email -\> email [\#1607](https://github.com/lynndylanhurley/devise_token_auth/pull/1607) ([hatsu38](https://github.com/hatsu38)) -- Support for writing style deprecated in 7.1 and removed in 7.2 [\#1606](https://github.com/lynndylanhurley/devise_token_auth/pull/1606) ([hatsu38](https://github.com/hatsu38)) -- Bump to 1.2.2 [\#1602](https://github.com/lynndylanhurley/devise_token_auth/pull/1602) ([MaicolBen](https://github.com/MaicolBen)) - -## [v1.2.2](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.2) (2023-06-11) -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.1...v1.2.2) - -**Closed issues:** - -- keep getting a 401 on overriden create devise [\#1598](https://github.com/lynndylanhurley/devise_token_auth/issues/1598) -- Method sign\_in called with incorrect paramenters [\#1585](https://github.com/lynndylanhurley/devise_token_auth/issues/1585) -- Release latest version, there are too many fixes in the master waiting to be released [\#1560](https://github.com/lynndylanhurley/devise_token_auth/issues/1560) -- NoMethodError: undefined method `downcase' for nil:NilClass [\#1540](https://github.com/lynndylanhurley/devise_token_auth/issues/1540) -- Confirming an already confirmed user -- still not quite working. [\#1123](https://github.com/lynndylanhurley/devise_token_auth/issues/1123) -- Email confirmation route [\#1110](https://github.com/lynndylanhurley/devise_token_auth/issues/1110) - -**Merged pull requests:** - -- Drop support for ruby 2.4 [\#1601](https://github.com/lynndylanhurley/devise_token_auth/pull/1601) ([MaicolBen](https://github.com/MaicolBen)) -- Don't leak information about the existence of accounts in SessionsController [\#1600](https://github.com/lynndylanhurley/devise_token_auth/pull/1600) ([moritzhoeppner](https://github.com/moritzhoeppner)) -- add redirect\_to options for rails7 allow\_other\_host [\#1599](https://github.com/lynndylanhurley/devise_token_auth/pull/1599) ([ihatov08](https://github.com/ihatov08)) -- Update faker requirement from ~\> 2.16 to ~\> 3.2 [\#1593](https://github.com/lynndylanhurley/devise_token_auth/pull/1593) ([dependabot[bot]](https://github.com/apps/dependabot)) -- Update mongoid-locker requirement from ~\> 1.0 to ~\> 2.0 [\#1592](https://github.com/lynndylanhurley/devise_token_auth/pull/1592) ([dependabot[bot]](https://github.com/apps/dependabot)) -- dependencies/dependabot configuration [\#1590](https://github.com/lynndylanhurley/devise_token_auth/pull/1590) ([jotolo](https://github.com/jotolo)) -- Remove sprockets [\#1589](https://github.com/lynndylanhurley/devise_token_auth/pull/1589) ([MaicolBen](https://github.com/MaicolBen)) -- update/test configuration Rails7 and mongoid7 [\#1588](https://github.com/lynndylanhurley/devise_token_auth/pull/1588) ([jotolo](https://github.com/jotolo)) -- brakeman vulnaribility UnsafeReflection. [\#1587](https://github.com/lynndylanhurley/devise_token_auth/pull/1587) ([ryanfox1985](https://github.com/ryanfox1985)) -- Method sign\_in with wrong parameters [\#1586](https://github.com/lynndylanhurley/devise_token_auth/pull/1586) ([lazaronixon](https://github.com/lazaronixon)) -- update/Ruby 3.x and Rails 7.0 [\#1584](https://github.com/lynndylanhurley/devise_token_auth/pull/1584) ([jotolo](https://github.com/jotolo)) -- Add support for ruby 3 & fix test suite [\#1582](https://github.com/lynndylanhurley/devise_token_auth/pull/1582) ([MaicolBen](https://github.com/MaicolBen)) -- chore: add vanilla-token-auth to client list [\#1578](https://github.com/lynndylanhurley/devise_token_auth/pull/1578) ([theblang](https://github.com/theblang)) -- 🐛 Not update cookies when is a batch request [\#1577](https://github.com/lynndylanhurley/devise_token_auth/pull/1577) ([djpremier](https://github.com/djpremier)) -- Revert "Fix unpermitted parameters warning" [\#1571](https://github.com/lynndylanhurley/devise_token_auth/pull/1571) ([MaicolBen](https://github.com/MaicolBen)) -- Fixed vulnerabilities [\#1569](https://github.com/lynndylanhurley/devise_token_auth/pull/1569) ([ryanfox1985](https://github.com/ryanfox1985)) -- Fix unpermitted parameters warning [\#1568](https://github.com/lynndylanhurley/devise_token_auth/pull/1568) ([remy727](https://github.com/remy727)) -- Update initializer template [\#1564](https://github.com/lynndylanhurley/devise_token_auth/pull/1564) ([djpremier](https://github.com/djpremier)) -- Allow omniauth redirect post method [\#1563](https://github.com/lynndylanhurley/devise_token_auth/pull/1563) ([florindiconescu](https://github.com/florindiconescu)) -- Avoid raising a RoutingError when confirming a user twice [\#1557](https://github.com/lynndylanhurley/devise_token_auth/pull/1557) ([micred](https://github.com/micred)) -- Add custom uid reference [\#1554](https://github.com/lynndylanhurley/devise_token_auth/pull/1554) ([florindiconescu](https://github.com/florindiconescu)) - -## [v1.2.1](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.1) (2022-09-10) -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.0...v1.2.1) - -**Closed issues:** - -- registrations controller. tokens only for authenticated [\#1553](https://github.com/lynndylanhurley/devise_token_auth/issues/1553) -- Rails 7 support [\#1552](https://github.com/lynndylanhurley/devise_token_auth/issues/1552) -- Not working with any version of Rails 6 and 7 [\#1551](https://github.com/lynndylanhurley/devise_token_auth/issues/1551) -- Commit 1a0483fbd12583810f21eb320abfa8b768724774 makes \#\ [\#1538](https://github.com/lynndylanhurley/devise_token_auth/issues/1538) -- Rails 7 support? [\#1533](https://github.com/lynndylanhurley/devise_token_auth/issues/1533) -- Request: [\#1526](https://github.com/lynndylanhurley/devise_token_auth/issues/1526) -- Rails 7 Issue [\#1523](https://github.com/lynndylanhurley/devise_token_auth/issues/1523) -- Bearer Token Usage [\#1522](https://github.com/lynndylanhurley/devise_token_auth/issues/1522) -- Got "ActionDispatch::Request::Session::DisabledSessionError" [\#1521](https://github.com/lynndylanhurley/devise_token_auth/issues/1521) -- Travis CI migration or alternatives [\#1518](https://github.com/lynndylanhurley/devise_token_auth/issues/1518) -- Update dependency to support Rails 7.0.0.rc1 [\#1515](https://github.com/lynndylanhurley/devise_token_auth/issues/1515) -- Devise, devise\_auth\_token and activeadmin with 2 different models - Controller error [\#1512](https://github.com/lynndylanhurley/devise_token_auth/issues/1512) -- Paranoid mode still returning a distinguishable 404 responses [\#1510](https://github.com/lynndylanhurley/devise_token_auth/issues/1510) -- Invalid client with google-oauth2 [\#1499](https://github.com/lynndylanhurley/devise_token_auth/issues/1499) -- Concurrency issue? [\#1497](https://github.com/lynndylanhurley/devise_token_auth/issues/1497) -- Doesn't seem to follow Bearer Token authorization spec...? [\#1487](https://github.com/lynndylanhurley/devise_token_auth/issues/1487) -- Can we have a new version released? [\#1483](https://github.com/lynndylanhurley/devise_token_auth/issues/1483) -- Token invalidation after canceled request by the frontend app [\#1232](https://github.com/lynndylanhurley/devise_token_auth/issues/1232) -- FrozenError \(can't modify frozen Hash\) [\#1151](https://github.com/lynndylanhurley/devise_token_auth/issues/1151) -- Password Reset Links Invalidated After Being Clicked [\#1141](https://github.com/lynndylanhurley/devise_token_auth/issues/1141) -- Authorization Request Header Field? [\#902](https://github.com/lynndylanhurley/devise_token_auth/issues/902) -- jsonb token [\#841](https://github.com/lynndylanhurley/devise_token_auth/issues/841) - -**Merged pull requests:** - -- Remove bearer token if cookie\_enabled is true [\#1567](https://github.com/lynndylanhurley/devise_token_auth/pull/1567) ([rhiroshi](https://github.com/rhiroshi)) -- Update changelog [\#1555](https://github.com/lynndylanhurley/devise_token_auth/pull/1555) ([MaicolBen](https://github.com/MaicolBen)) -- Update ja.yml [\#1550](https://github.com/lynndylanhurley/devise_token_auth/pull/1550) ([RaziAhmad123](https://github.com/RaziAhmad123)) -- Fixed ja.yml because CI failed. [\#1547](https://github.com/lynndylanhurley/devise_token_auth/pull/1547) ([hatsu38](https://github.com/hatsu38)) -- Translate the unlocks, confirmations message into Japanese [\#1544](https://github.com/lynndylanhurley/devise_token_auth/pull/1544) ([hatsu38](https://github.com/hatsu38)) -- Set cookie token immediately in reset password and OmniAuth success flows [\#1542](https://github.com/lynndylanhurley/devise_token_auth/pull/1542) ([theblang](https://github.com/theblang)) -- Added 'Authorization' header with bearer token [\#1534](https://github.com/lynndylanhurley/devise_token_auth/pull/1534) ([rhiroshi](https://github.com/rhiroshi)) -- Fix Paranoid Status Codes [\#1524](https://github.com/lynndylanhurley/devise_token_auth/pull/1524) ([keithdoggett](https://github.com/keithdoggett)) -- add `previous\_token` [\#1520](https://github.com/lynndylanhurley/devise_token_auth/pull/1520) ([sudhanshug16](https://github.com/sudhanshug16)) -- Migrate to GitHub Actions [\#1519](https://github.com/lynndylanhurley/devise_token_auth/pull/1519) ([enomotodev](https://github.com/enomotodev)) -- Support Rails 7.0 [\#1517](https://github.com/lynndylanhurley/devise_token_auth/pull/1517) ([enomotodev](https://github.com/enomotodev)) -- \[bugfix\] omniauth: handle POST action redirects [\#1509](https://github.com/lynndylanhurley/devise_token_auth/pull/1509) ([lynndylanhurley](https://github.com/lynndylanhurley)) -- Fix the doc missing configure devise mail sender [\#1504](https://github.com/lynndylanhurley/devise_token_auth/pull/1504) ([hsonthach](https://github.com/hsonthach)) -- Fix callback if migrations fails [\#1502](https://github.com/lynndylanhurley/devise_token_auth/pull/1502) ([thooams](https://github.com/thooams)) -- wrap creation and save of token in a transaction [\#1498](https://github.com/lynndylanhurley/devise_token_auth/pull/1498) ([pascalbetz](https://github.com/pascalbetz)) -- Increase required ruby version to 2.3 [\#1495](https://github.com/lynndylanhurley/devise_token_auth/pull/1495) ([mcelicalderon](https://github.com/mcelicalderon)) -- Turn email validation process into class method [\#1494](https://github.com/lynndylanhurley/devise_token_auth/pull/1494) ([muratiger](https://github.com/muratiger)) -- Update faq.md [\#1493](https://github.com/lynndylanhurley/devise_token_auth/pull/1493) ([SUMAR7](https://github.com/SUMAR7)) - -## [v1.2.0](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.0) (2021-07-19) -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.5...v1.2.0) - -**Implemented enhancements:** - -- Paranoid mode is non existent [\#1100](https://github.com/lynndylanhurley/devise_token_auth/issues/1100) - -**Closed issues:** - -- DeviseTokenAuth::Errors::InvalidModel [\#1485](https://github.com/lynndylanhurley/devise_token_auth/issues/1485) -- How not to update the headers when the api server returns a response with an error status [\#1476](https://github.com/lynndylanhurley/devise_token_auth/issues/1476) -- Does not install on Rails 6.1 and Ruby 2.7, fresh install [\#1475](https://github.com/lynndylanhurley/devise_token_auth/issues/1475) -- Devise::Models::Authenticatable::BLACKLIST\_FOR\_SERIALIZATION is deprecated [\#1474](https://github.com/lynndylanhurley/devise_token_auth/issues/1474) -- @token not assigned prior to delete/destory [\#1465](https://github.com/lynndylanhurley/devise_token_auth/issues/1465) -- Installing devise\_token\_auth on MacOS, rails conflict [\#1458](https://github.com/lynndylanhurley/devise_token_auth/issues/1458) -- Deprecation warning `connection\_config is deprecated and will be removed from Rails 6.2` when using Rails 6.1 [\#1451](https://github.com/lynndylanhurley/devise_token_auth/issues/1451) -- Trying to integrate with devise-multi\_email [\#1421](https://github.com/lynndylanhurley/devise_token_auth/issues/1421) -- Rails email change not send confirmation emaill [\#1338](https://github.com/lynndylanhurley/devise_token_auth/issues/1338) - -**Merged pull requests:** - -- Bump version to 1.2.0 [\#1492](https://github.com/lynndylanhurley/devise_token_auth/pull/1492) ([MaicolBen](https://github.com/MaicolBen)) -- Fix unescape and keyword parameters warning [\#1490](https://github.com/lynndylanhurley/devise_token_auth/pull/1490) ([muratiger](https://github.com/muratiger)) -- check password changed only when using password authentication [\#1486](https://github.com/lynndylanhurley/devise_token_auth/pull/1486) ([qiuyin](https://github.com/qiuyin)) -- Add new param FAQ [\#1481](https://github.com/lynndylanhurley/devise_token_auth/pull/1481) ([muratiger](https://github.com/muratiger)) -- fix mongoid detecting bug [\#1478](https://github.com/lynndylanhurley/devise_token_auth/pull/1478) ([qiuyin](https://github.com/qiuyin)) -- replace deprecated constant BLACKLIST\_FOR\_SERIALIZATION [\#1473](https://github.com/lynndylanhurley/devise_token_auth/pull/1473) ([prashant-kiwi](https://github.com/prashant-kiwi)) -- Workaround for cc-test-reporter with SimpleCov 0.18 [\#1472](https://github.com/lynndylanhurley/devise_token_auth/pull/1472) ([enomotodev](https://github.com/enomotodev)) -- Fix mongo setup in travis [\#1471](https://github.com/lynndylanhurley/devise_token_auth/pull/1471) ([MaicolBen](https://github.com/MaicolBen)) -- Use the same behavior than the deprecated URI.escape [\#1470](https://github.com/lynndylanhurley/devise_token_auth/pull/1470) ([MaicolBen](https://github.com/MaicolBen)) -- Replace URI::escape which was removed in Ruby 3 [\#1468](https://github.com/lynndylanhurley/devise_token_auth/pull/1468) ([alea12](https://github.com/alea12)) -- Update connection\_config to connection\_db\_config [\#1467](https://github.com/lynndylanhurley/devise_token_auth/pull/1467) ([melnik0v](https://github.com/melnik0v)) -- Fix docs/config/initialization.md [\#1464](https://github.com/lynndylanhurley/devise_token_auth/pull/1464) ([yoshitsugu](https://github.com/yoshitsugu)) -- Fix omniauth version until devise fixes omniauth requirement [\#1463](https://github.com/lynndylanhurley/devise_token_auth/pull/1463) ([MaicolBen](https://github.com/MaicolBen)) -- Add support for sending and receiving the auth token via a server cookie [\#1453](https://github.com/lynndylanhurley/devise_token_auth/pull/1453) ([theblang](https://github.com/theblang)) -- Ignore sync uid in case confirmable mail changed [\#1407](https://github.com/lynndylanhurley/devise_token_auth/pull/1407) ([pnghai](https://github.com/pnghai)) - -## [v1.1.5](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.5) (2020-12-08) -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.4...v1.1.5) - -**Closed issues:** - -- Update dependency to support Rails 6.1/6.1.0.rc1 [\#1443](https://github.com/lynndylanhurley/devise_token_auth/issues/1443) -- undefined method `tokens' for \#\":String\) [\#1375](https://github.com/lynndylanhurley/devise_token_auth/issues/1375) -- mation\_instruction [\#1373](https://github.com/lynndylanhurley/devise_token_auth/issues/1373) -- Unpermitted parameter :session when signing in using javascript fetch [\#1361](https://github.com/lynndylanhurley/devise_token_auth/issues/1361) -- How do i authenticate with graphql-ruby? [\#1360](https://github.com/lynndylanhurley/devise_token_auth/issues/1360) -- Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable [\#1013](https://github.com/lynndylanhurley/devise_token_auth/issues/1013) +- Different rails versions supported [\#1622](https://github.com/lynndylanhurley/devise_token_auth/issues/1622) +- Your application has sessions disabled. To write to the session you must first configure a session store [\#1616](https://github.com/lynndylanhurley/devise_token_auth/issues/1616) +- Support Rails 7.1 [\#1608](https://github.com/lynndylanhurley/devise_token_auth/issues/1608) +- Demo crash [\#1410](https://github.com/lynndylanhurley/devise_token_auth/issues/1410) +- Does DTA support HTTP Only Cookie Refresh tokens along site access tokens? [\#1371](https://github.com/lynndylanhurley/devise_token_auth/issues/1371) +- resource\_class wrong number of arguments \(1 for 0\) [\#268](https://github.com/lynndylanhurley/devise_token_auth/issues/268) +- Having both devise and devise\_token\_auth [\#120](https://github.com/lynndylanhurley/devise_token_auth/issues/120) **Merged pull requests:** -- Enhancement: remove unnecessary statement in destroy session [\#1431](https://github.com/lynndylanhurley/devise_token_auth/pull/1431) ([martinjaimem](https://github.com/martinjaimem)) -- Update faq.md [\#1401](https://github.com/lynndylanhurley/devise_token_auth/pull/1401) ([mdjamal](https://github.com/mdjamal)) -- Update assign\_provider\_attrs to strip 'name' field [\#1398](https://github.com/lynndylanhurley/devise_token_auth/pull/1398) ([SpLouk](https://github.com/SpLouk)) -- Fix grammar [\#1396](https://github.com/lynndylanhurley/devise_token_auth/pull/1396) ([arku](https://github.com/arku)) -- \[Refactor\] fixed "not\_email" setting in ja.yml [\#1395](https://github.com/lynndylanhurley/devise_token_auth/pull/1395) ([eitches](https://github.com/eitches)) -- CI build fix: Pin to pry \< 0.13 for 2.3 support, workaround CodeClimate reporter issue [\#1393](https://github.com/lynndylanhurley/devise_token_auth/pull/1393) ([olleolleolle](https://github.com/olleolleolle)) -- Fix broken link [\#1392](https://github.com/lynndylanhurley/devise_token_auth/pull/1392) ([dlederle](https://github.com/dlederle)) -- Fix: Save user authentication token after email confirmation [\#1391](https://github.com/lynndylanhurley/devise_token_auth/pull/1391) ([gabrielbursztein2](https://github.com/gabrielbursztein2)) -- Fix token-type header key in testing example docs [\#1390](https://github.com/lynndylanhurley/devise_token_auth/pull/1390) ([goalaleo](https://github.com/goalaleo)) -- Issue - 1358 Argument error when converting token updated\_at using to… [\#1388](https://github.com/lynndylanhurley/devise_token_auth/pull/1388) ([saichander17](https://github.com/saichander17)) -- Validate that token is valid for patch request last token [\#1386](https://github.com/lynndylanhurley/devise_token_auth/pull/1386) ([ahmedmagdy711](https://github.com/ahmedmagdy711)) -- Fix docs/usage/reset\_password.md [\#1382](https://github.com/lynndylanhurley/devise_token_auth/pull/1382) ([K-Sato1995](https://github.com/K-Sato1995)) -- Fix missing polish and portugese missing translation errors [\#1377](https://github.com/lynndylanhurley/devise_token_auth/pull/1377) ([woochaq](https://github.com/woochaq)) -- \[Documentation\] write complete path for authentication\_test\_spec.rb [\#1376](https://github.com/lynndylanhurley/devise_token_auth/pull/1376) ([cprodhomme](https://github.com/cprodhomme)) -- Add case sensitive option required to prevent deprecation warning in … [\#1368](https://github.com/lynndylanhurley/devise_token_auth/pull/1368) ([niciliketo](https://github.com/niciliketo)) -- Add rails 6.0 config to travis [\#1366](https://github.com/lynndylanhurley/devise_token_auth/pull/1366) ([brateq](https://github.com/brateq)) -- Add docs for confirmation endpoint [\#1365](https://github.com/lynndylanhurley/devise_token_auth/pull/1365) ([brateq](https://github.com/brateq)) -- Remove Trackable option from generator [\#1362](https://github.com/lynndylanhurley/devise_token_auth/pull/1362) ([SugiKent](https://github.com/SugiKent)) -- Please merge again [\#1350](https://github.com/lynndylanhurley/devise_token_auth/pull/1350) ([exocode](https://github.com/exocode)) -- Fix dead link [\#1349](https://github.com/lynndylanhurley/devise_token_auth/pull/1349) ([tegandbiscuits](https://github.com/tegandbiscuits)) -- detect Mongoid \(till Mongoid will implement it\) [\#1348](https://github.com/lynndylanhurley/devise_token_auth/pull/1348) ([exocode](https://github.com/exocode)) -- feat\(oauth-apple\): support Sign in with Apple as a documented OmniAuth provider [\#1347](https://github.com/lynndylanhurley/devise_token_auth/pull/1347) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Add Korean locale [\#1346](https://github.com/lynndylanhurley/devise_token_auth/pull/1346) ([ghost](https://github.com/ghost)) -- doc: remove duplicated test case on ./docs/usage/testing.md [\#1344](https://github.com/lynndylanhurley/devise_token_auth/pull/1344) ([miyataka](https://github.com/miyataka)) -- Fix to be able to use Devise::confirmable module [\#1343](https://github.com/lynndylanhurley/devise_token_auth/pull/1343) ([makicamel](https://github.com/makicamel)) -- repeat any query params after a fragment [\#1341](https://github.com/lynndylanhurley/devise_token_auth/pull/1341) ([colmben](https://github.com/colmben)) -- CI: Use ruby 2.4.7 [\#1337](https://github.com/lynndylanhurley/devise_token_auth/pull/1337) ([olleolleolle](https://github.com/olleolleolle)) +- fix: point to the correct documentation page [\#1634](https://github.com/lynndylanhurley/devise_token_auth/pull/1634) ([nickskalkin](https://github.com/nickskalkin)) +- Remove broken demos [\#1633](https://github.com/lynndylanhurley/devise_token_auth/pull/1633) ([MaicolBen](https://github.com/MaicolBen)) +- Support rails 7.2 [\#1632](https://github.com/lynndylanhurley/devise_token_auth/pull/1632) ([MaicolBen](https://github.com/MaicolBen)) +- Add Persian locale [\#1627](https://github.com/lynndylanhurley/devise_token_auth/pull/1627) ([abehnamfard](https://github.com/abehnamfard)) +- Revert "Update sqlite3 requirement from ~\> 1.4 to ~\> 2.0" [\#1626](https://github.com/lynndylanhurley/devise_token_auth/pull/1626) ([MaicolBen](https://github.com/MaicolBen)) +- Drop support for ruby 2.5-6 [\#1624](https://github.com/lynndylanhurley/devise_token_auth/pull/1624) ([MaicolBen](https://github.com/MaicolBen)) +- Bump 1.2.3 [\#1623](https://github.com/lynndylanhurley/devise_token_auth/pull/1623) ([MaicolBen](https://github.com/MaicolBen)) +- Update sqlite3 requirement from ~\> 1.4 to ~\> 2.0 [\#1620](https://github.com/lynndylanhurley/devise_token_auth/pull/1620) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Delete dead links in the documentation [\#1353](https://github.com/lynndylanhurley/devise_token_auth/pull/1353) ([K-Sato1995](https://github.com/K-Sato1995)) -# Change Log +## [v1.2.3](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.3) (2023-11-13) + +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.2...v1.2.3) + +**Merged pull requests:** + +- Fix Rails version comparison [\#1614](https://github.com/lynndylanhurley/devise_token_auth/pull/1614) ([santib](https://github.com/santib)) +- Fix registration spec failure [\#1613](https://github.com/lynndylanhurley/devise_token_auth/pull/1613) ([MaicolBen](https://github.com/MaicolBen)) +- Fixes 'redirect\_options' addition for 'redirect\_to' in confirmations [\#1612](https://github.com/lynndylanhurley/devise_token_auth/pull/1612) ([kaekasui](https://github.com/kaekasui)) +- Faker safe\_email -\> email [\#1607](https://github.com/lynndylanhurley/devise_token_auth/pull/1607) ([hatsu38](https://github.com/hatsu38)) +- Support for writing style deprecated in 7.1 and removed in 7.2 [\#1606](https://github.com/lynndylanhurley/devise_token_auth/pull/1606) ([hatsu38](https://github.com/hatsu38)) +- Bump to 1.2.2 [\#1602](https://github.com/lynndylanhurley/devise_token_auth/pull/1602) ([MaicolBen](https://github.com/MaicolBen)) ## [v1.2.2](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.2) (2023-06-11) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.1...v1.2.2) **Closed issues:** @@ -500,13 +70,14 @@ - 🐛 Not update cookies when is a batch request [\#1577](https://github.com/lynndylanhurley/devise_token_auth/pull/1577) ([djpremier](https://github.com/djpremier)) - Revert "Fix unpermitted parameters warning" [\#1571](https://github.com/lynndylanhurley/devise_token_auth/pull/1571) ([MaicolBen](https://github.com/MaicolBen)) - Fixed vulnerabilities [\#1569](https://github.com/lynndylanhurley/devise_token_auth/pull/1569) ([ryanfox1985](https://github.com/ryanfox1985)) +- Fix unpermitted parameters warning [\#1568](https://github.com/lynndylanhurley/devise_token_auth/pull/1568) ([remy727](https://github.com/remy727)) - Remove bearer token if cookie\_enabled is true [\#1567](https://github.com/lynndylanhurley/devise_token_auth/pull/1567) ([rhiroshi](https://github.com/rhiroshi)) - Update initializer template [\#1564](https://github.com/lynndylanhurley/devise_token_auth/pull/1564) ([djpremier](https://github.com/djpremier)) - Allow omniauth redirect post method [\#1563](https://github.com/lynndylanhurley/devise_token_auth/pull/1563) ([florindiconescu](https://github.com/florindiconescu)) - Avoid raising a RoutingError when confirming a user twice [\#1557](https://github.com/lynndylanhurley/devise_token_auth/pull/1557) ([micred](https://github.com/micred)) -- Added 'Authorization' header with bearer token [\#1534](https://github.com/lynndylanhurley/devise_token_auth/pull/1534) ([rhiroshi](https://github.com/rhiroshi)) ## [v1.2.1](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.1) (2022-09-10) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.0...v1.2.1) **Closed issues:** @@ -537,190 +108,7 @@ **Merged pull requests:** -- Fix unpermitted parameters warning [\#1568](https://github.com/lynndylanhurley/devise_token_auth/pull/1568) ([remy727](https://github.com/remy727)) - Update changelog [\#1555](https://github.com/lynndylanhurley/devise_token_auth/pull/1555) ([MaicolBen](https://github.com/MaicolBen)) -- Add custom uid reference [\#1554](https://github.com/lynndylanhurley/devise_token_auth/pull/1554) ([florindiconescu](https://github.com/florindiconescu)) -- Update ja.yml [\#1550](https://github.com/lynndylanhurley/devise_token_auth/pull/1550) ([RaziAhmad123](https://github.com/RaziAhmad123)) -- Fixed ja.yml because CI failed. [\#1547](https://github.com/lynndylanhurley/devise_token_auth/pull/1547) ([hatsu38](https://github.com/hatsu38)) -- Translate the unlocks, confirmations message into Japanese [\#1544](https://github.com/lynndylanhurley/devise_token_auth/pull/1544) ([hatsu38](https://github.com/hatsu38)) -- Set cookie token immediately in reset password and OmniAuth success flows [\#1542](https://github.com/lynndylanhurley/devise_token_auth/pull/1542) ([theblang](https://github.com/theblang)) -- Fix Paranoid Status Codes [\#1524](https://github.com/lynndylanhurley/devise_token_auth/pull/1524) ([keithdoggett](https://github.com/keithdoggett)) -- add `previous\_token` [\#1520](https://github.com/lynndylanhurley/devise_token_auth/pull/1520) ([sudhanshu16](https://github.com/sudhanshu16)) -- Migrate to GitHub Actions [\#1519](https://github.com/lynndylanhurley/devise_token_auth/pull/1519) ([enomotodev](https://github.com/enomotodev)) -- Support Rails 7.0 [\#1517](https://github.com/lynndylanhurley/devise_token_auth/pull/1517) ([enomotodev](https://github.com/enomotodev)) -- \[bugfix\] omniauth: handle POST action redirects [\#1509](https://github.com/lynndylanhurley/devise_token_auth/pull/1509) ([lynndylanhurley](https://github.com/lynndylanhurley)) -- Fix the doc missing configure devise mail sender [\#1504](https://github.com/lynndylanhurley/devise_token_auth/pull/1504) ([hsonthach](https://github.com/hsonthach)) -- Fix callback if migrations fails [\#1502](https://github.com/lynndylanhurley/devise_token_auth/pull/1502) ([thooams](https://github.com/thooams)) -- wrap creation and save of token in a transaction [\#1498](https://github.com/lynndylanhurley/devise_token_auth/pull/1498) ([pascalbetz](https://github.com/pascalbetz)) -- Increase required ruby version to 2.3 [\#1495](https://github.com/lynndylanhurley/devise_token_auth/pull/1495) ([mcelicalderon](https://github.com/mcelicalderon)) -- Turn email validation process into class method [\#1494](https://github.com/lynndylanhurley/devise_token_auth/pull/1494) ([muratiger](https://github.com/muratiger)) -- Update faq.md [\#1493](https://github.com/lynndylanhurley/devise_token_auth/pull/1493) ([SUMAR7](https://github.com/SUMAR7)) - -## [v1.2.0](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.0) (2021-07-19) -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.5...v1.2.0) - -**Implemented enhancements:** - -- Paranoid mode is non existent [\#1100](https://github.com/lynndylanhurley/devise_token_auth/issues/1100) -- Add paranoid mode [\#1378](https://github.com/lynndylanhurley/devise_token_auth/pull/1378) ([luisalima](https://github.com/luisalima)) - -**Closed issues:** - -- DeviseTokenAuth::Errors::InvalidModel [\#1485](https://github.com/lynndylanhurley/devise_token_auth/issues/1485) -- How not to update the headers when the api server returns a response with an error status [\#1476](https://github.com/lynndylanhurley/devise_token_auth/issues/1476) -- Does not install on Rails 6.1 and Ruby 2.7, fresh install [\#1475](https://github.com/lynndylanhurley/devise_token_auth/issues/1475) -- Devise::Models::Authenticatable::BLACKLIST\_FOR\_SERIALIZATION is deprecated [\#1474](https://github.com/lynndylanhurley/devise_token_auth/issues/1474) -- @token not assigned prior to delete/destory [\#1465](https://github.com/lynndylanhurley/devise_token_auth/issues/1465) -- Installing devise\_token\_auth on MacOS, rails conflict [\#1458](https://github.com/lynndylanhurley/devise_token_auth/issues/1458) -- Deprecation warning `connection\_config is deprecated and will be removed from Rails 6.2` when using Rails 6.1 [\#1451](https://github.com/lynndylanhurley/devise_token_auth/issues/1451) -- Trying to integrate with devise-multi\_email [\#1421](https://github.com/lynndylanhurley/devise_token_auth/issues/1421) -- Rails email change not send confirmation emaill [\#1338](https://github.com/lynndylanhurley/devise_token_auth/issues/1338) - -**Merged pull requests:** - -- Bump version to 1.2.0 [\#1492](https://github.com/lynndylanhurley/devise_token_auth/pull/1492) ([MaicolBen](https://github.com/MaicolBen)) -- Fix unescape and keyword parameters warning [\#1490](https://github.com/lynndylanhurley/devise_token_auth/pull/1490) ([muratiger](https://github.com/muratiger)) -- check password changed only when using password authentication [\#1486](https://github.com/lynndylanhurley/devise_token_auth/pull/1486) ([qiuyin](https://github.com/qiuyin)) -- Add new param FAQ [\#1481](https://github.com/lynndylanhurley/devise_token_auth/pull/1481) ([muratiger](https://github.com/muratiger)) -- fix mongoid detecting bug [\#1478](https://github.com/lynndylanhurley/devise_token_auth/pull/1478) ([qiuyin](https://github.com/qiuyin)) -- replace deprecated constant BLACKLIST\_FOR\_SERIALIZATION [\#1473](https://github.com/lynndylanhurley/devise_token_auth/pull/1473) ([prashant-kiwi](https://github.com/prashant-kiwi)) -- Workaround for cc-test-reporter with SimpleCov 0.18 [\#1472](https://github.com/lynndylanhurley/devise_token_auth/pull/1472) ([enomotodev](https://github.com/enomotodev)) -- Fix mongo setup in travis [\#1471](https://github.com/lynndylanhurley/devise_token_auth/pull/1471) ([MaicolBen](https://github.com/MaicolBen)) -- Use the same behavior than the deprecated URI.escape [\#1470](https://github.com/lynndylanhurley/devise_token_auth/pull/1470) ([MaicolBen](https://github.com/MaicolBen)) -- Replace URI::escape which was removed in Ruby 3 [\#1468](https://github.com/lynndylanhurley/devise_token_auth/pull/1468) ([alea12](https://github.com/alea12)) -- Update connection\_config to connection\_db\_config [\#1467](https://github.com/lynndylanhurley/devise_token_auth/pull/1467) ([melnik0v](https://github.com/melnik0v)) -- Fix docs/config/initialization.md [\#1464](https://github.com/lynndylanhurley/devise_token_auth/pull/1464) ([yoshitsugu](https://github.com/yoshitsugu)) -- Fix omniauth version until devise fixes omniauth requirement [\#1463](https://github.com/lynndylanhurley/devise_token_auth/pull/1463) ([MaicolBen](https://github.com/MaicolBen)) -- Add support for sending and receiving the auth token via a server cookie [\#1453](https://github.com/lynndylanhurley/devise_token_auth/pull/1453) ([theblang](https://github.com/theblang)) -- Fix critical error on registration with confirmation mode [\#1447](https://github.com/lynndylanhurley/devise_token_auth/pull/1447) ([pnghai](https://github.com/pnghai)) - -## [v1.1.5](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.5) (2020-12-08) -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.4...v1.1.5) - -**Closed issues:** - -- Update dependency to support Rails 6.1/6.1.0.rc1 [\#1443](https://github.com/lynndylanhurley/devise_token_auth/issues/1443) -- undefined method `tokens' for \#\":String\) [\#1375](https://github.com/lynndylanhurley/devise_token_auth/issues/1375) -- mation\_instruction [\#1373](https://github.com/lynndylanhurley/devise_token_auth/issues/1373) -- Unpermitted parameter :session when signing in using javascript fetch [\#1361](https://github.com/lynndylanhurley/devise_token_auth/issues/1361) -- How do i authenticate with graphql-ruby? [\#1360](https://github.com/lynndylanhurley/devise_token_auth/issues/1360) -- Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable [\#1013](https://github.com/lynndylanhurley/devise_token_auth/issues/1013) - -**Merged pull requests:** - -- Update faq.md [\#1401](https://github.com/lynndylanhurley/devise_token_auth/pull/1401) ([mdjamal](https://github.com/mdjamal)) -- Update assign\_provider\_attrs to strip 'name' field [\#1398](https://github.com/lynndylanhurley/devise_token_auth/pull/1398) ([SpLouk](https://github.com/SpLouk)) -- Fix grammar [\#1396](https://github.com/lynndylanhurley/devise_token_auth/pull/1396) ([arku](https://github.com/arku)) -- \[Refactor\] fixed "not\_email" setting in ja.yml [\#1395](https://github.com/lynndylanhurley/devise_token_auth/pull/1395) ([eitches](https://github.com/eitches)) -- CI build fix: Pin to pry \< 0.13 for 2.3 support, workaround CodeClimate reporter issue [\#1393](https://github.com/lynndylanhurley/devise_token_auth/pull/1393) ([olleolleolle](https://github.com/olleolleolle)) -- Fix broken link [\#1392](https://github.com/lynndylanhurley/devise_token_auth/pull/1392) ([dlederle](https://github.com/dlederle)) -- Fix: Save user authentication token after email confirmation [\#1391](https://github.com/lynndylanhurley/devise_token_auth/pull/1391) ([gabrielbursztein2](https://github.com/gabrielbursztein2)) -- Fix token-type header key in testing example docs [\#1390](https://github.com/lynndylanhurley/devise_token_auth/pull/1390) ([goalaleo](https://github.com/goalaleo)) -- Issue - 1358 Argument error when converting token updated\_at using to… [\#1388](https://github.com/lynndylanhurley/devise_token_auth/pull/1388) ([saichander17](https://github.com/saichander17)) -- Validate that token is valid for patch request last token [\#1386](https://github.com/lynndylanhurley/devise_token_auth/pull/1386) ([ahmedmagdy711](https://github.com/ahmedmagdy711)) -- Fix docs/usage/reset\_password.md [\#1382](https://github.com/lynndylanhurley/devise_token_auth/pull/1382) ([K-Sato1995](https://github.com/K-Sato1995)) -- Fix missing polish and portugese missing translation errors [\#1377](https://github.com/lynndylanhurley/devise_token_auth/pull/1377) ([woochaq](https://github.com/woochaq)) -- \[Documentation\] write complete path for authentication\_test\_spec.rb [\#1376](https://github.com/lynndylanhurley/devise_token_auth/pull/1376) ([cprodhomme](https://github.com/cprodhomme)) -- Add case sensitive option required to prevent deprecation warning in … [\#1368](https://github.com/lynndylanhurley/devise_token_auth/pull/1368) ([niciliketo](https://github.com/niciliketo)) -- Add rails 6.0 config to travis [\#1366](https://github.com/lynndylanhurley/devise_token_auth/pull/1366) ([brateq](https://github.com/brateq)) -- Add docs for confirmation endpoint [\#1365](https://github.com/lynndylanhurley/devise_token_auth/pull/1365) ([brateq](https://github.com/brateq)) -- Remove Trackable option from generator [\#1362](https://github.com/lynndylanhurley/devise_token_auth/pull/1362) ([SugiKent](https://github.com/SugiKent)) -- Please merge again [\#1350](https://github.com/lynndylanhurley/devise_token_auth/pull/1350) ([exocode](https://github.com/exocode)) -- detect Mongoid \(till Mongoid will implement it\) [\#1348](https://github.com/lynndylanhurley/devise_token_auth/pull/1348) ([exocode](https://github.com/exocode)) -- feat\(oauth-apple\): support Sign in with Apple as a documented OmniAuth provider [\#1347](https://github.com/lynndylanhurley/devise_token_auth/pull/1347) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Add Korean locale [\#1346](https://github.com/lynndylanhurley/devise_token_auth/pull/1346) ([ghost](https://github.com/ghost)) -- doc: remove duplicated test case on ./docs/usage/testing.md [\#1344](https://github.com/lynndylanhurley/devise_token_auth/pull/1344) ([miyataka](https://github.com/miyataka)) -- Fix to be able to use Devise::confirmable module [\#1343](https://github.com/lynndylanhurley/devise_token_auth/pull/1343) ([makicamel](https://github.com/makicamel)) -- repeat any query params after a fragment [\#1341](https://github.com/lynndylanhurley/devise_token_auth/pull/1341) ([colmben](https://github.com/colmben)) - -# Change Log - -## [Unreleased](https://github.com/lynndylanhurley/devise_token_auth/tree/HEAD) - -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.0...HEAD) - -**Closed issues:** - -- registrations controller. tokens only for authenticated [\#1553](https://github.com/lynndylanhurley/devise_token_auth/issues/1553) -- Rails 7 support [\#1552](https://github.com/lynndylanhurley/devise_token_auth/issues/1552) -- Not working with any version of Rails 6 and 7 [\#1551](https://github.com/lynndylanhurley/devise_token_auth/issues/1551) -- Commit 1a0483fbd12583810f21eb320abfa8b768724774 makes \#\ [\#1538](https://github.com/lynndylanhurley/devise_token_auth/issues/1538) -- Request: [\#1526](https://github.com/lynndylanhurley/devise_token_auth/issues/1526) -- Rails 7 Issue [\#1523](https://github.com/lynndylanhurley/devise_token_auth/issues/1523) -- Bearer Token Usage [\#1522](https://github.com/lynndylanhurley/devise_token_auth/issues/1522) -- Got "ActionDispatch::Request::Session::DisabledSessionError" [\#1521](https://github.com/lynndylanhurley/devise_token_auth/issues/1521) -- Travis CI migration or alternatives [\#1518](https://github.com/lynndylanhurley/devise_token_auth/issues/1518) -- Update dependency to support Rails 7.0.0.rc1 [\#1515](https://github.com/lynndylanhurley/devise_token_auth/issues/1515) -- Devise, devise\_auth\_token and activeadmin with 2 different models - Controller error [\#1512](https://github.com/lynndylanhurley/devise_token_auth/issues/1512) -- Paranoid mode still returning a distinguishable 404 responses [\#1510](https://github.com/lynndylanhurley/devise_token_auth/issues/1510) -- Invalid client with google-oauth2 [\#1499](https://github.com/lynndylanhurley/devise_token_auth/issues/1499) -- Concurrency issue? [\#1497](https://github.com/lynndylanhurley/devise_token_auth/issues/1497) -- Doesn't seem to follow Bearer Token authorization spec...? [\#1487](https://github.com/lynndylanhurley/devise_token_auth/issues/1487) -- Can we have a new version released? [\#1483](https://github.com/lynndylanhurley/devise_token_auth/issues/1483) -- Token invalidation after canceled request by the frontend app [\#1232](https://github.com/lynndylanhurley/devise_token_auth/issues/1232) -- FrozenError \(can't modify frozen Hash\) [\#1151](https://github.com/lynndylanhurley/devise_token_auth/issues/1151) -- Password Reset Links Invalidated After Being Clicked [\#1141](https://github.com/lynndylanhurley/devise_token_auth/issues/1141) -- Authorization Request Header Field? [\#902](https://github.com/lynndylanhurley/devise_token_auth/issues/902) -- jsonb token [\#841](https://github.com/lynndylanhurley/devise_token_auth/issues/841) - -**Merged pull requests:** - - Add custom uid reference [\#1554](https://github.com/lynndylanhurley/devise_token_auth/pull/1554) ([florindiconescu](https://github.com/florindiconescu)) - Update ja.yml [\#1550](https://github.com/lynndylanhurley/devise_token_auth/pull/1550) ([RaziAhmad123](https://github.com/RaziAhmad123)) - Fixed ja.yml because CI failed. [\#1547](https://github.com/lynndylanhurley/devise_token_auth/pull/1547) ([hatsu38](https://github.com/hatsu38)) @@ -728,7 +116,7 @@ - Set cookie token immediately in reset password and OmniAuth success flows [\#1542](https://github.com/lynndylanhurley/devise_token_auth/pull/1542) ([theblang](https://github.com/theblang)) - Added 'Authorization' header with bearer token [\#1534](https://github.com/lynndylanhurley/devise_token_auth/pull/1534) ([rhiroshi](https://github.com/rhiroshi)) - Fix Paranoid Status Codes [\#1524](https://github.com/lynndylanhurley/devise_token_auth/pull/1524) ([keithdoggett](https://github.com/keithdoggett)) -- add `previous\_token` [\#1520](https://github.com/lynndylanhurley/devise_token_auth/pull/1520) ([sudhanshu16](https://github.com/sudhanshu16)) +- add `previous_token` [\#1520](https://github.com/lynndylanhurley/devise_token_auth/pull/1520) ([sudhanshug16](https://github.com/sudhanshug16)) - Migrate to GitHub Actions [\#1519](https://github.com/lynndylanhurley/devise_token_auth/pull/1519) ([enomotodev](https://github.com/enomotodev)) - Support Rails 7.0 [\#1517](https://github.com/lynndylanhurley/devise_token_auth/pull/1517) ([enomotodev](https://github.com/enomotodev)) - \[bugfix\] omniauth: handle POST action redirects [\#1509](https://github.com/lynndylanhurley/devise_token_auth/pull/1509) ([lynndylanhurley](https://github.com/lynndylanhurley)) @@ -740,6 +128,7 @@ - Update faq.md [\#1493](https://github.com/lynndylanhurley/devise_token_auth/pull/1493) ([SUMAR7](https://github.com/SUMAR7)) ## [v1.2.0](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.0) (2021-07-19) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.5...v1.2.0) **Implemented enhancements:** @@ -755,7 +144,7 @@ - Devise::Models::Authenticatable::BLACKLIST\_FOR\_SERIALIZATION is deprecated [\#1474](https://github.com/lynndylanhurley/devise_token_auth/issues/1474) - @token not assigned prior to delete/destory [\#1465](https://github.com/lynndylanhurley/devise_token_auth/issues/1465) - Installing devise\_token\_auth on MacOS, rails conflict [\#1458](https://github.com/lynndylanhurley/devise_token_auth/issues/1458) -- Deprecation warning `connection\_config is deprecated and will be removed from Rails 6.2` when using Rails 6.1 [\#1451](https://github.com/lynndylanhurley/devise_token_auth/issues/1451) +- Deprecation warning `connection_config is deprecated and will be removed from Rails 6.2` when using Rails 6.1 [\#1451](https://github.com/lynndylanhurley/devise_token_auth/issues/1451) - Trying to integrate with devise-multi\_email [\#1421](https://github.com/lynndylanhurley/devise_token_auth/issues/1421) - Rails email change not send confirmation emaill [\#1338](https://github.com/lynndylanhurley/devise_token_auth/issues/1338) @@ -777,6 +166,7 @@ - Add support for sending and receiving the auth token via a server cookie [\#1453](https://github.com/lynndylanhurley/devise_token_auth/pull/1453) ([theblang](https://github.com/theblang)) - Fix critical error on registration with confirmation mode [\#1447](https://github.com/lynndylanhurley/devise_token_auth/pull/1447) ([pnghai](https://github.com/pnghai)) + ## [v1.1.5](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.5) (2020-12-08) [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.4...v1.1.5) @@ -872,8 +262,6 @@ - Fix to be able to use Devise::confirmable module [\#1343](https://github.com/lynndylanhurley/devise_token_auth/pull/1343) ([makicamel](https://github.com/makicamel)) - repeat any query params after a fragment [\#1341](https://github.com/lynndylanhurley/devise_token_auth/pull/1341) ([colmben](https://github.com/colmben)) -# Changelog - ## [v1.1.4](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.4) (2020-06-02) [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.3...v1.1.4) @@ -3839,4 +3227,6 @@ \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* -\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* \ No newline at end of file +\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/lib/devise_token_auth/version.rb b/lib/devise_token_auth/version.rb index 1ef3b988b..4bde5dfbc 100644 --- a/lib/devise_token_auth/version.rb +++ b/lib/devise_token_auth/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module DeviseTokenAuth - VERSION = '1.2.3'.freeze + VERSION = '1.2.4'.freeze end From b7fcfdf98a84a5d2ae22e005eaa372a668cc9c76 Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Tue, 22 Oct 2024 00:22:50 -0300 Subject: [PATCH 62/65] Support rails 8 (#1639) --- devise_token_auth.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devise_token_auth.gemspec b/devise_token_auth.gemspec index 531ef2788..15482381e 100644 --- a/devise_token_auth.gemspec +++ b/devise_token_auth.gemspec @@ -22,7 +22,7 @@ Gem::Specification.new do |s| s.required_ruby_version = ">= 2.3.0" - s.add_dependency 'rails', '>= 4.2.0', '< 7.3' + s.add_dependency 'rails', '>= 4.2.0', '< 8.1' s.add_dependency 'devise', '> 3.5.2', '< 5' s.add_dependency 'bcrypt', '~> 3.0' From 398df4cd3f1f4e41bc1ab44fac0705a1e8620c5c Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Mon, 6 Jan 2025 16:26:17 -0300 Subject: [PATCH 63/65] Bump version to 1.2.5 (#1645) --- CHANGELOG.md | 1657 +++++++++++++++--------------- lib/devise_token_auth/version.rb | 2 +- 2 files changed, 824 insertions(+), 835 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 600331530..9706c5f14 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,26 @@ # Changelog +## [Unreleased](https://github.com/lynndylanhurley/devise_token_auth/tree/HEAD) + +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.5...HEAD) + +**Closed issues:** + +- Rails 8 support [\#1636](https://github.com/lynndylanhurley/devise_token_auth/issues/1636) + +## [v1.2.5](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.5) (2024-10-22) + +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.4...v1.2.5) + +**Closed issues:** + +- Request for a RubyGems release with Rails 7.2 support [\#1637](https://github.com/lynndylanhurley/devise_token_auth/issues/1637) + +**Merged pull requests:** + +- Support rails 8 [\#1639](https://github.com/lynndylanhurley/devise_token_auth/pull/1639) ([MaicolBen](https://github.com/MaicolBen)) +- Bump version to 1.2.4 [\#1638](https://github.com/lynndylanhurley/devise_token_auth/pull/1638) ([MaicolBen](https://github.com/MaicolBen)) + ## [v1.2.4](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.2.4) (2024-10-21) [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.2.3...v1.2.4) @@ -11,8 +32,8 @@ - Support Rails 7.1 [\#1608](https://github.com/lynndylanhurley/devise_token_auth/issues/1608) - Demo crash [\#1410](https://github.com/lynndylanhurley/devise_token_auth/issues/1410) - Does DTA support HTTP Only Cookie Refresh tokens along site access tokens? [\#1371](https://github.com/lynndylanhurley/devise_token_auth/issues/1371) -- resource\_class wrong number of arguments \(1 for 0\) [\#268](https://github.com/lynndylanhurley/devise_token_auth/issues/268) -- Having both devise and devise\_token\_auth [\#120](https://github.com/lynndylanhurley/devise_token_auth/issues/120) +- resource_class wrong number of arguments \(1 for 0\) [\#268](https://github.com/lynndylanhurley/devise_token_auth/issues/268) +- Having both devise and devise_token_auth [\#120](https://github.com/lynndylanhurley/devise_token_auth/issues/120) **Merged pull requests:** @@ -34,8 +55,8 @@ - Fix Rails version comparison [\#1614](https://github.com/lynndylanhurley/devise_token_auth/pull/1614) ([santib](https://github.com/santib)) - Fix registration spec failure [\#1613](https://github.com/lynndylanhurley/devise_token_auth/pull/1613) ([MaicolBen](https://github.com/MaicolBen)) -- Fixes 'redirect\_options' addition for 'redirect\_to' in confirmations [\#1612](https://github.com/lynndylanhurley/devise_token_auth/pull/1612) ([kaekasui](https://github.com/kaekasui)) -- Faker safe\_email -\> email [\#1607](https://github.com/lynndylanhurley/devise_token_auth/pull/1607) ([hatsu38](https://github.com/hatsu38)) +- Fixes 'redirect_options' addition for 'redirect_to' in confirmations [\#1612](https://github.com/lynndylanhurley/devise_token_auth/pull/1612) ([kaekasui](https://github.com/kaekasui)) +- Faker safe_email -\> email [\#1607](https://github.com/lynndylanhurley/devise_token_auth/pull/1607) ([hatsu38](https://github.com/hatsu38)) - Support for writing style deprecated in 7.1 and removed in 7.2 [\#1606](https://github.com/lynndylanhurley/devise_token_auth/pull/1606) ([hatsu38](https://github.com/hatsu38)) - Bump to 1.2.2 [\#1602](https://github.com/lynndylanhurley/devise_token_auth/pull/1602) ([MaicolBen](https://github.com/MaicolBen)) @@ -46,7 +67,7 @@ **Closed issues:** - keep getting a 401 on overriden create devise [\#1598](https://github.com/lynndylanhurley/devise_token_auth/issues/1598) -- Method sign\_in called with incorrect paramenters [\#1585](https://github.com/lynndylanhurley/devise_token_auth/issues/1585) +- Method sign_in called with incorrect paramenters [\#1585](https://github.com/lynndylanhurley/devise_token_auth/issues/1585) - Release latest version, there are too many fixes in the master waiting to be released [\#1560](https://github.com/lynndylanhurley/devise_token_auth/issues/1560) - NoMethodError: undefined method `downcase' for nil:NilClass [\#1540](https://github.com/lynndylanhurley/devise_token_auth/issues/1540) - Confirming an already confirmed user -- still not quite working. [\#1123](https://github.com/lynndylanhurley/devise_token_auth/issues/1123) @@ -56,14 +77,14 @@ - Drop support for ruby 2.4 [\#1601](https://github.com/lynndylanhurley/devise_token_auth/pull/1601) ([MaicolBen](https://github.com/MaicolBen)) - Don't leak information about the existence of accounts in SessionsController [\#1600](https://github.com/lynndylanhurley/devise_token_auth/pull/1600) ([moritzhoeppner](https://github.com/moritzhoeppner)) -- add redirect\_to options for rails7 allow\_other\_host [\#1599](https://github.com/lynndylanhurley/devise_token_auth/pull/1599) ([ihatov08](https://github.com/ihatov08)) +- add redirect_to options for rails7 allow_other_host [\#1599](https://github.com/lynndylanhurley/devise_token_auth/pull/1599) ([ihatov08](https://github.com/ihatov08)) - Update faker requirement from ~\> 2.16 to ~\> 3.2 [\#1593](https://github.com/lynndylanhurley/devise_token_auth/pull/1593) ([dependabot[bot]](https://github.com/apps/dependabot)) - Update mongoid-locker requirement from ~\> 1.0 to ~\> 2.0 [\#1592](https://github.com/lynndylanhurley/devise_token_auth/pull/1592) ([dependabot[bot]](https://github.com/apps/dependabot)) - dependencies/dependabot configuration [\#1590](https://github.com/lynndylanhurley/devise_token_auth/pull/1590) ([jotolo](https://github.com/jotolo)) - Remove sprockets [\#1589](https://github.com/lynndylanhurley/devise_token_auth/pull/1589) ([MaicolBen](https://github.com/MaicolBen)) - update/test configuration Rails7 and mongoid7 [\#1588](https://github.com/lynndylanhurley/devise_token_auth/pull/1588) ([jotolo](https://github.com/jotolo)) - brakeman vulnaribility UnsafeReflection. [\#1587](https://github.com/lynndylanhurley/devise_token_auth/pull/1587) ([ryanfox1985](https://github.com/ryanfox1985)) -- Method sign\_in with wrong parameters [\#1586](https://github.com/lynndylanhurley/devise_token_auth/pull/1586) ([lazaronixon](https://github.com/lazaronixon)) +- Method sign_in with wrong parameters [\#1586](https://github.com/lynndylanhurley/devise_token_auth/pull/1586) ([lazaronixon](https://github.com/lazaronixon)) - update/Ruby 3.x and Rails 7.0 [\#1584](https://github.com/lynndylanhurley/devise_token_auth/pull/1584) ([jotolo](https://github.com/jotolo)) - Add support for ruby 3 & fix test suite [\#1582](https://github.com/lynndylanhurley/devise_token_auth/pull/1582) ([MaicolBen](https://github.com/MaicolBen)) - chore: add vanilla-token-auth to client list [\#1578](https://github.com/lynndylanhurley/devise_token_auth/pull/1578) ([theblang](https://github.com/theblang)) @@ -71,7 +92,7 @@ - Revert "Fix unpermitted parameters warning" [\#1571](https://github.com/lynndylanhurley/devise_token_auth/pull/1571) ([MaicolBen](https://github.com/MaicolBen)) - Fixed vulnerabilities [\#1569](https://github.com/lynndylanhurley/devise_token_auth/pull/1569) ([ryanfox1985](https://github.com/ryanfox1985)) - Fix unpermitted parameters warning [\#1568](https://github.com/lynndylanhurley/devise_token_auth/pull/1568) ([remy727](https://github.com/remy727)) -- Remove bearer token if cookie\_enabled is true [\#1567](https://github.com/lynndylanhurley/devise_token_auth/pull/1567) ([rhiroshi](https://github.com/rhiroshi)) +- Remove bearer token if cookie_enabled is true [\#1567](https://github.com/lynndylanhurley/devise_token_auth/pull/1567) ([rhiroshi](https://github.com/rhiroshi)) - Update initializer template [\#1564](https://github.com/lynndylanhurley/devise_token_auth/pull/1564) ([djpremier](https://github.com/djpremier)) - Allow omniauth redirect post method [\#1563](https://github.com/lynndylanhurley/devise_token_auth/pull/1563) ([florindiconescu](https://github.com/florindiconescu)) - Avoid raising a RoutingError when confirming a user twice [\#1557](https://github.com/lynndylanhurley/devise_token_auth/pull/1557) ([micred](https://github.com/micred)) @@ -88,15 +109,15 @@ - Commit 1a0483fbd12583810f21eb320abfa8b768724774 makes \#\ [\#1538](https://github.com/lynndylanhurley/devise_token_auth/issues/1538) - Rails 7 support? [\#1533](https://github.com/lynndylanhurley/devise_token_auth/issues/1533) -- Request: [\#1526](https://github.com/lynndylanhurley/devise_token_auth/issues/1526) +- Request: [\#1526](https://github.com/lynndylanhurley/devise_token_auth/issues/1526) - Rails 7 Issue [\#1523](https://github.com/lynndylanhurley/devise_token_auth/issues/1523) - Bearer Token Usage [\#1522](https://github.com/lynndylanhurley/devise_token_auth/issues/1522) - Got "ActionDispatch::Request::Session::DisabledSessionError" [\#1521](https://github.com/lynndylanhurley/devise_token_auth/issues/1521) - Travis CI migration or alternatives [\#1518](https://github.com/lynndylanhurley/devise_token_auth/issues/1518) - Update dependency to support Rails 7.0.0.rc1 [\#1515](https://github.com/lynndylanhurley/devise_token_auth/issues/1515) -- Devise, devise\_auth\_token and activeadmin with 2 different models - Controller error [\#1512](https://github.com/lynndylanhurley/devise_token_auth/issues/1512) +- Devise, devise_auth_token and activeadmin with 2 different models - Controller error [\#1512](https://github.com/lynndylanhurley/devise_token_auth/issues/1512) - Paranoid mode still returning a distinguishable 404 responses [\#1510](https://github.com/lynndylanhurley/devise_token_auth/issues/1510) -- Invalid client with google-oauth2 [\#1499](https://github.com/lynndylanhurley/devise_token_auth/issues/1499) +- Invalid client with google-oauth2 [\#1499](https://github.com/lynndylanhurley/devise_token_auth/issues/1499) - Concurrency issue? [\#1497](https://github.com/lynndylanhurley/devise_token_auth/issues/1497) - Doesn't seem to follow Bearer Token authorization spec...? [\#1487](https://github.com/lynndylanhurley/devise_token_auth/issues/1487) - Can we have a new version released? [\#1483](https://github.com/lynndylanhurley/devise_token_auth/issues/1483) @@ -120,7 +141,7 @@ - Migrate to GitHub Actions [\#1519](https://github.com/lynndylanhurley/devise_token_auth/pull/1519) ([enomotodev](https://github.com/enomotodev)) - Support Rails 7.0 [\#1517](https://github.com/lynndylanhurley/devise_token_auth/pull/1517) ([enomotodev](https://github.com/enomotodev)) - \[bugfix\] omniauth: handle POST action redirects [\#1509](https://github.com/lynndylanhurley/devise_token_auth/pull/1509) ([lynndylanhurley](https://github.com/lynndylanhurley)) -- Fix the doc missing configure devise mail sender [\#1504](https://github.com/lynndylanhurley/devise_token_auth/pull/1504) ([hsonthach](https://github.com/hsonthach)) +- Fix the doc missing configure devise mail sender [\#1504](https://github.com/lynndylanhurley/devise_token_auth/pull/1504) ([robertthach68](https://github.com/robertthach68)) - Fix callback if migrations fails [\#1502](https://github.com/lynndylanhurley/devise_token_auth/pull/1502) ([thooams](https://github.com/thooams)) - wrap creation and save of token in a transaction [\#1498](https://github.com/lynndylanhurley/devise_token_auth/pull/1498) ([pascalbetz](https://github.com/pascalbetz)) - Increase required ruby version to 2.3 [\#1495](https://github.com/lynndylanhurley/devise_token_auth/pull/1495) ([mcelicalderon](https://github.com/mcelicalderon)) @@ -141,12 +162,12 @@ - DeviseTokenAuth::Errors::InvalidModel [\#1485](https://github.com/lynndylanhurley/devise_token_auth/issues/1485) - How not to update the headers when the api server returns a response with an error status [\#1476](https://github.com/lynndylanhurley/devise_token_auth/issues/1476) - Does not install on Rails 6.1 and Ruby 2.7, fresh install [\#1475](https://github.com/lynndylanhurley/devise_token_auth/issues/1475) -- Devise::Models::Authenticatable::BLACKLIST\_FOR\_SERIALIZATION is deprecated [\#1474](https://github.com/lynndylanhurley/devise_token_auth/issues/1474) +- Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION is deprecated [\#1474](https://github.com/lynndylanhurley/devise_token_auth/issues/1474) - @token not assigned prior to delete/destory [\#1465](https://github.com/lynndylanhurley/devise_token_auth/issues/1465) -- Installing devise\_token\_auth on MacOS, rails conflict [\#1458](https://github.com/lynndylanhurley/devise_token_auth/issues/1458) +- Installing devise_token_auth on MacOS, rails conflict [\#1458](https://github.com/lynndylanhurley/devise_token_auth/issues/1458) - Deprecation warning `connection_config is deprecated and will be removed from Rails 6.2` when using Rails 6.1 [\#1451](https://github.com/lynndylanhurley/devise_token_auth/issues/1451) -- Trying to integrate with devise-multi\_email [\#1421](https://github.com/lynndylanhurley/devise_token_auth/issues/1421) -- Rails email change not send confirmation emaill [\#1338](https://github.com/lynndylanhurley/devise_token_auth/issues/1338) +- Trying to integrate with devise-multi_email [\#1421](https://github.com/lynndylanhurley/devise_token_auth/issues/1421) +- Rails email change not send confirmation emaill [\#1338](https://github.com/lynndylanhurley/devise_token_auth/issues/1338) **Merged pull requests:** @@ -155,19 +176,19 @@ - check password changed only when using password authentication [\#1486](https://github.com/lynndylanhurley/devise_token_auth/pull/1486) ([qiuyin](https://github.com/qiuyin)) - Add new param FAQ [\#1481](https://github.com/lynndylanhurley/devise_token_auth/pull/1481) ([muratiger](https://github.com/muratiger)) - fix mongoid detecting bug [\#1478](https://github.com/lynndylanhurley/devise_token_auth/pull/1478) ([qiuyin](https://github.com/qiuyin)) -- replace deprecated constant BLACKLIST\_FOR\_SERIALIZATION [\#1473](https://github.com/lynndylanhurley/devise_token_auth/pull/1473) ([prashant-kiwi](https://github.com/prashant-kiwi)) +- replace deprecated constant BLACKLIST_FOR_SERIALIZATION [\#1473](https://github.com/lynndylanhurley/devise_token_auth/pull/1473) ([prashant-kiwi](https://github.com/prashant-kiwi)) - Workaround for cc-test-reporter with SimpleCov 0.18 [\#1472](https://github.com/lynndylanhurley/devise_token_auth/pull/1472) ([enomotodev](https://github.com/enomotodev)) - Fix mongo setup in travis [\#1471](https://github.com/lynndylanhurley/devise_token_auth/pull/1471) ([MaicolBen](https://github.com/MaicolBen)) - Use the same behavior than the deprecated URI.escape [\#1470](https://github.com/lynndylanhurley/devise_token_auth/pull/1470) ([MaicolBen](https://github.com/MaicolBen)) - Replace URI::escape which was removed in Ruby 3 [\#1468](https://github.com/lynndylanhurley/devise_token_auth/pull/1468) ([alea12](https://github.com/alea12)) -- Update connection\_config to connection\_db\_config [\#1467](https://github.com/lynndylanhurley/devise_token_auth/pull/1467) ([melnik0v](https://github.com/melnik0v)) +- Update connection_config to connection_db_config [\#1467](https://github.com/lynndylanhurley/devise_token_auth/pull/1467) ([melnik0v](https://github.com/melnik0v)) - Fix docs/config/initialization.md [\#1464](https://github.com/lynndylanhurley/devise_token_auth/pull/1464) ([yoshitsugu](https://github.com/yoshitsugu)) - Fix omniauth version until devise fixes omniauth requirement [\#1463](https://github.com/lynndylanhurley/devise_token_auth/pull/1463) ([MaicolBen](https://github.com/MaicolBen)) - Add support for sending and receiving the auth token via a server cookie [\#1453](https://github.com/lynndylanhurley/devise_token_auth/pull/1453) ([theblang](https://github.com/theblang)) - Fix critical error on registration with confirmation mode [\#1447](https://github.com/lynndylanhurley/devise_token_auth/pull/1447) ([pnghai](https://github.com/pnghai)) - ## [v1.1.5](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.5) (2020-12-08) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.4...v1.1.5) **Closed issues:** @@ -175,9 +196,9 @@ - Update dependency to support Rails 6.1/6.1.0.rc1 [\#1443](https://github.com/lynndylanhurley/devise_token_auth/issues/1443) - undefined method `tokens' for \#\":String\) [\#1375](https://github.com/lynndylanhurley/devise_token_auth/issues/1375) -- mation\_instruction [\#1373](https://github.com/lynndylanhurley/devise_token_auth/issues/1373) -- Unpermitted parameter :session when signing in using javascript fetch [\#1361](https://github.com/lynndylanhurley/devise_token_auth/issues/1361) -- How do i authenticate with graphql-ruby? [\#1360](https://github.com/lynndylanhurley/devise_token_auth/issues/1360) -- Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable [\#1013](https://github.com/lynndylanhurley/devise_token_auth/issues/1013) - -**Merged pull requests:** - -- Update faq.md [\#1401](https://github.com/lynndylanhurley/devise_token_auth/pull/1401) ([mdjamal](https://github.com/mdjamal)) -- Update assign\_provider\_attrs to strip 'name' field [\#1398](https://github.com/lynndylanhurley/devise_token_auth/pull/1398) ([SpLouk](https://github.com/SpLouk)) -- Fix grammar [\#1396](https://github.com/lynndylanhurley/devise_token_auth/pull/1396) ([arku](https://github.com/arku)) -- \[Refactor\] fixed "not\_email" setting in ja.yml [\#1395](https://github.com/lynndylanhurley/devise_token_auth/pull/1395) ([eitches](https://github.com/eitches)) -- CI build fix: Pin to pry \< 0.13 for 2.3 support, workaround CodeClimate reporter issue [\#1393](https://github.com/lynndylanhurley/devise_token_auth/pull/1393) ([olleolleolle](https://github.com/olleolleolle)) -- Fix broken link [\#1392](https://github.com/lynndylanhurley/devise_token_auth/pull/1392) ([dlederle](https://github.com/dlederle)) -- Fix: Save user authentication token after email confirmation [\#1391](https://github.com/lynndylanhurley/devise_token_auth/pull/1391) ([gabrielbursztein2](https://github.com/gabrielbursztein2)) -- Fix token-type header key in testing example docs [\#1390](https://github.com/lynndylanhurley/devise_token_auth/pull/1390) ([goalaleo](https://github.com/goalaleo)) -- Issue - 1358 Argument error when converting token updated\_at using to… [\#1388](https://github.com/lynndylanhurley/devise_token_auth/pull/1388) ([saichander17](https://github.com/saichander17)) -- Validate that token is valid for patch request last token [\#1386](https://github.com/lynndylanhurley/devise_token_auth/pull/1386) ([ahmedmagdy711](https://github.com/ahmedmagdy711)) -- Fix docs/usage/reset\_password.md [\#1382](https://github.com/lynndylanhurley/devise_token_auth/pull/1382) ([K-Sato1995](https://github.com/K-Sato1995)) -- Fix missing polish and portugese missing translation errors [\#1377](https://github.com/lynndylanhurley/devise_token_auth/pull/1377) ([woochaq](https://github.com/woochaq)) -- \[Documentation\] write complete path for authentication\_test\_spec.rb [\#1376](https://github.com/lynndylanhurley/devise_token_auth/pull/1376) ([cprodhomme](https://github.com/cprodhomme)) -- Add case sensitive option required to prevent deprecation warning in … [\#1368](https://github.com/lynndylanhurley/devise_token_auth/pull/1368) ([niciliketo](https://github.com/niciliketo)) -- Add rails 6.0 config to travis [\#1366](https://github.com/lynndylanhurley/devise_token_auth/pull/1366) ([brateq](https://github.com/brateq)) -- Add docs for confirmation endpoint [\#1365](https://github.com/lynndylanhurley/devise_token_auth/pull/1365) ([brateq](https://github.com/brateq)) -- Remove Trackable option from generator [\#1362](https://github.com/lynndylanhurley/devise_token_auth/pull/1362) ([SugiKent](https://github.com/SugiKent)) -- Please merge again [\#1350](https://github.com/lynndylanhurley/devise_token_auth/pull/1350) ([exocode](https://github.com/exocode)) -- Fix dead link [\#1349](https://github.com/lynndylanhurley/devise_token_auth/pull/1349) ([tegandbiscuits](https://github.com/tegandbiscuits)) -- detect Mongoid \(till Mongoid will implement it\) [\#1348](https://github.com/lynndylanhurley/devise_token_auth/pull/1348) ([exocode](https://github.com/exocode)) -- feat\(oauth-apple\): support Sign in with Apple as a documented OmniAuth provider [\#1347](https://github.com/lynndylanhurley/devise_token_auth/pull/1347) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Add Korean locale [\#1346](https://github.com/lynndylanhurley/devise_token_auth/pull/1346) ([ghost](https://github.com/ghost)) -- doc: remove duplicated test case on ./docs/usage/testing.md [\#1344](https://github.com/lynndylanhurley/devise_token_auth/pull/1344) ([miyataka](https://github.com/miyataka)) -- Fix to be able to use Devise::confirmable module [\#1343](https://github.com/lynndylanhurley/devise_token_auth/pull/1343) ([makicamel](https://github.com/makicamel)) -- repeat any query params after a fragment [\#1341](https://github.com/lynndylanhurley/devise_token_auth/pull/1341) ([colmben](https://github.com/colmben)) +- Memorize current\_\#{group_name} to avoid error [\#722](https://github.com/lynndylanhurley/devise_token_auth/pull/722) ([Charlie-Hua](https://github.com/Charlie-Hua)) ## [v1.1.4](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.4) (2020-06-02) @@ -270,8 +250,8 @@ - possible to disable the self-registration endpoint? [\#1402](https://github.com/lynndylanhurley/devise_token_auth/issues/1402) - Axios formatting and Rails controller validation? [\#1380](https://github.com/lynndylanhurley/devise_token_auth/issues/1380) -- NoMethodError \(undefined method `client' for "\":String\) [\#1375](https://github.com/lynndylanhurley/devise_token_auth/issues/1375) -- mation\_instruction [\#1373](https://github.com/lynndylanhurley/devise_token_auth/issues/1373) +- NoMethodError (undefined method `client' for "\":String\) [\#1375](https://github.com/lynndylanhurley/devise_token_auth/issues/1375) +- mation_instruction [\#1373](https://github.com/lynndylanhurley/devise_token_auth/issues/1373) - Unpermitted parameter :session when signing in using javascript fetch [\#1361](https://github.com/lynndylanhurley/devise_token_auth/issues/1361) - How do i authenticate with graphql-ruby? [\#1360](https://github.com/lynndylanhurley/devise_token_auth/issues/1360) - Using DeviseTokenAuth::Concerns::User breaks Devise::confirmable and Devise::reconfirmable [\#1013](https://github.com/lynndylanhurley/devise_token_auth/issues/1013) @@ -279,18 +259,18 @@ **Merged pull requests:** - Update faq.md [\#1401](https://github.com/lynndylanhurley/devise_token_auth/pull/1401) ([mdjamal](https://github.com/mdjamal)) -- Update assign\_provider\_attrs to strip 'name' field [\#1398](https://github.com/lynndylanhurley/devise_token_auth/pull/1398) ([SpLouk](https://github.com/SpLouk)) +- Update assign_provider_attrs to strip 'name' field [\#1398](https://github.com/lynndylanhurley/devise_token_auth/pull/1398) ([SpLouk](https://github.com/SpLouk)) - Fix grammar [\#1396](https://github.com/lynndylanhurley/devise_token_auth/pull/1396) ([arku](https://github.com/arku)) -- \[Refactor\] fixed "not\_email" setting in ja.yml [\#1395](https://github.com/lynndylanhurley/devise_token_auth/pull/1395) ([h-sada](https://github.com/h-sada)) +- \[Refactor\] fixed "not_email" setting in ja.yml [\#1395](https://github.com/lynndylanhurley/devise_token_auth/pull/1395) ([eitches](https://github.com/eitches)) - CI build fix: Pin to pry \< 0.13 for 2.3 support, workaround CodeClimate reporter issue [\#1393](https://github.com/lynndylanhurley/devise_token_auth/pull/1393) ([olleolleolle](https://github.com/olleolleolle)) - Fix broken link [\#1392](https://github.com/lynndylanhurley/devise_token_auth/pull/1392) ([dlederle](https://github.com/dlederle)) - Fix: Save user authentication token after email confirmation [\#1391](https://github.com/lynndylanhurley/devise_token_auth/pull/1391) ([gabrielbursztein2](https://github.com/gabrielbursztein2)) - Fix token-type header key in testing example docs [\#1390](https://github.com/lynndylanhurley/devise_token_auth/pull/1390) ([goalaleo](https://github.com/goalaleo)) -- Issue - 1358 Argument error when converting token updated\_at using to… [\#1388](https://github.com/lynndylanhurley/devise_token_auth/pull/1388) ([saichander17](https://github.com/saichander17)) +- Issue - 1358 Argument error when converting token updated_at using to… [\#1388](https://github.com/lynndylanhurley/devise_token_auth/pull/1388) ([saichander17](https://github.com/saichander17)) - Validate that token is valid for patch request last token [\#1386](https://github.com/lynndylanhurley/devise_token_auth/pull/1386) ([ahmedmagdy711](https://github.com/ahmedmagdy711)) -- Fix docs/usage/reset\_password.md [\#1382](https://github.com/lynndylanhurley/devise_token_auth/pull/1382) ([K-Sato1995](https://github.com/K-Sato1995)) +- Fix docs/usage/reset_password.md [\#1382](https://github.com/lynndylanhurley/devise_token_auth/pull/1382) ([K-Sato1995](https://github.com/K-Sato1995)) - Fix missing polish and portugese missing translation errors [\#1377](https://github.com/lynndylanhurley/devise_token_auth/pull/1377) ([woochaq](https://github.com/woochaq)) -- \[Documentation\] write complete path for authentication\_test\_spec.rb [\#1376](https://github.com/lynndylanhurley/devise_token_auth/pull/1376) ([cprodhomme](https://github.com/cprodhomme)) +- \[Documentation\] write complete path for authentication_test_spec.rb [\#1376](https://github.com/lynndylanhurley/devise_token_auth/pull/1376) ([cprodhomme](https://github.com/cprodhomme)) - Add case sensitive option required to prevent deprecation warning in … [\#1368](https://github.com/lynndylanhurley/devise_token_auth/pull/1368) ([niciliketo](https://github.com/niciliketo)) - Add rails 6.0 config to travis [\#1366](https://github.com/lynndylanhurley/devise_token_auth/pull/1366) ([brateq](https://github.com/brateq)) - Add docs for confirmation endpoint [\#1365](https://github.com/lynndylanhurley/devise_token_auth/pull/1365) ([brateq](https://github.com/brateq)) @@ -299,14 +279,13 @@ - Fix dead link [\#1349](https://github.com/lynndylanhurley/devise_token_auth/pull/1349) ([tegandbiscuits](https://github.com/tegandbiscuits)) - detect Mongoid \(till Mongoid will implement it\) [\#1348](https://github.com/lynndylanhurley/devise_token_auth/pull/1348) ([exocode](https://github.com/exocode)) - feat\(oauth-apple\): support Sign in with Apple as a documented OmniAuth provider [\#1347](https://github.com/lynndylanhurley/devise_token_auth/pull/1347) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Add Korean locale [\#1346](https://github.com/lynndylanhurley/devise_token_auth/pull/1346) ([sdu6342](https://github.com/sdu6342)) +- Add Korean locale [\#1346](https://github.com/lynndylanhurley/devise_token_auth/pull/1346) ([ghost](https://github.com/ghost)) - doc: remove duplicated test case on ./docs/usage/testing.md [\#1344](https://github.com/lynndylanhurley/devise_token_auth/pull/1344) ([miyataka](https://github.com/miyataka)) - Fix to be able to use Devise::confirmable module [\#1343](https://github.com/lynndylanhurley/devise_token_auth/pull/1343) ([makicamel](https://github.com/makicamel)) - repeat any query params after a fragment [\#1341](https://github.com/lynndylanhurley/devise_token_auth/pull/1341) ([colmben](https://github.com/colmben)) -# Change Log - ## [v1.1.3](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.3) (2019-09-26) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.2...v1.1.3) **Fixed bugs:** @@ -317,9 +296,9 @@ **Closed issues:** - Rails 6.0 [\#1334](https://github.com/lynndylanhurley/devise_token_auth/issues/1334) -- CookieOverflow with [\#1322](https://github.com/lynndylanhurley/devise_token_auth/issues/1322) -- Confirmations controller route error not found [\#1316](https://github.com/lynndylanhurley/devise_token_auth/issues/1316) -- render\_create\_error not called when no json is provided [\#929](https://github.com/lynndylanhurley/devise_token_auth/issues/929) +- CookieOverflow with [\#1322](https://github.com/lynndylanhurley/devise_token_auth/issues/1322) +- Confirmations controller route error not found [\#1316](https://github.com/lynndylanhurley/devise_token_auth/issues/1316) +- render_create_error not called when no json is provided [\#929](https://github.com/lynndylanhurley/devise_token_auth/issues/929) **Merged pull requests:** @@ -328,12 +307,13 @@ - Allow password reset with token alone [\#1295](https://github.com/lynndylanhurley/devise_token_auth/pull/1295) ([jkeen](https://github.com/jkeen)) ## [v1.1.2](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.2) (2019-08-24) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.1...v1.1.2) **Closed issues:** - Make compatible with devise 4.7 [\#1331](https://github.com/lynndylanhurley/devise_token_auth/issues/1331) -- Error after upgrade to Rails 6.0.0 [\#1329](https://github.com/lynndylanhurley/devise_token_auth/issues/1329) +- Error after upgrade to Rails 6.0.0 [\#1329](https://github.com/lynndylanhurley/devise_token_auth/issues/1329) - Documentation link on sidebar is incorrect [\#1325](https://github.com/lynndylanhurley/devise_token_auth/issues/1325) - Unable to create user with mongodb as ORM [\#1293](https://github.com/lynndylanhurley/devise_token_auth/issues/1293) - Missing user credential in confirmation redirect url querystring [\#1292](https://github.com/lynndylanhurley/devise_token_auth/issues/1292) @@ -342,9 +322,10 @@ - Fix devise version [\#1333](https://github.com/lynndylanhurley/devise_token_auth/pull/1333) ([laerciosb](https://github.com/laerciosb)) - Skip callback when active record [\#1330](https://github.com/lynndylanhurley/devise_token_auth/pull/1330) ([enomotodev](https://github.com/enomotodev)) -- Use param-way version of saved\_change\_to\_encrypted\_password [\#1328](https://github.com/lynndylanhurley/devise_token_auth/pull/1328) ([MaicolBen](https://github.com/MaicolBen)) +- Use param-way version of saved_change_to_encrypted_password [\#1328](https://github.com/lynndylanhurley/devise_token_auth/pull/1328) ([MaicolBen](https://github.com/MaicolBen)) ## [v1.1.1](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.1) (2019-08-18) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.1.0...v1.1.1) **Closed issues:** @@ -355,22 +336,22 @@ - uninitialized constant DeviseTokenAuth::Concerns in development. [\#1312](https://github.com/lynndylanhurley/devise_token_auth/issues/1312) - Change how to update existing user migration [\#1311](https://github.com/lynndylanhurley/devise_token_auth/issues/1311) - Huge performance downgrade from v0.1.43 to v1.1.0 [\#1301](https://github.com/lynndylanhurley/devise_token_auth/issues/1301) -- Cant log in - \#\\> [\#1300](https://github.com/lynndylanhurley/devise_token_auth/issues/1300) +- Cant log in - \#\\> [\#1300](https://github.com/lynndylanhurley/devise_token_auth/issues/1300) - Generate authorization headers without the need for an email and password. [\#1298](https://github.com/lynndylanhurley/devise_token_auth/issues/1298) - Any way to "become" user? [\#1291](https://github.com/lynndylanhurley/devise_token_auth/issues/1291) - Can't find documentation, can't omniauth login [\#1290](https://github.com/lynndylanhurley/devise_token_auth/issues/1290) - undefined method `tokens' for \#\ [\#1288](https://github.com/lynndylanhurley/devise_token_auth/issues/1288) - Possible Phishing Attack Vulnerability [\#1287](https://github.com/lynndylanhurley/devise_token_auth/issues/1287) -- Unable to sign\_in even if user confirmation is success [\#1285](https://github.com/lynndylanhurley/devise_token_auth/issues/1285) +- Unable to sign_in even if user confirmation is success [\#1285](https://github.com/lynndylanhurley/devise_token_auth/issues/1285) - Changelog? [\#1275](https://github.com/lynndylanhurley/devise_token_auth/issues/1275) -- devise\_token\_auth depends on vulnerable devise version [\#1273](https://github.com/lynndylanhurley/devise_token_auth/issues/1273) +- devise_token_auth depends on vulnerable devise version [\#1273](https://github.com/lynndylanhurley/devise_token_auth/issues/1273) - Database index question [\#1272](https://github.com/lynndylanhurley/devise_token_auth/issues/1272) - Reset Password Must Be Done in 5 Seconds [\#1265](https://github.com/lynndylanhurley/devise_token_auth/issues/1265) - How do I use the gem with Mongoid? \[ANSWERED\] [\#1263](https://github.com/lynndylanhurley/devise_token_auth/issues/1263) -- devise\_token\_auth is not working in rails 6 ruby 2.6 [\#1259](https://github.com/lynndylanhurley/devise_token_auth/issues/1259) +- devise_token_auth is not working in rails 6 ruby 2.6 [\#1259](https://github.com/lynndylanhurley/devise_token_auth/issues/1259) - undefined method '\[\]' for nil:NilClass when confirming email [\#1224](https://github.com/lynndylanhurley/devise_token_auth/issues/1224) -- Unable to sign\_out a user that is being deleted which causes 404 as devise\_token\_auth attempts to find to create headers. [\#1205](https://github.com/lynndylanhurley/devise_token_auth/issues/1205) -- API Does Not Use Api\_Controller [\#887](https://github.com/lynndylanhurley/devise_token_auth/issues/887) +- Unable to sign_out a user that is being deleted which causes 404 as devise_token_auth attempts to find to create headers. [\#1205](https://github.com/lynndylanhurley/devise_token_auth/issues/1205) +- API Does Not Use Api_Controller [\#887](https://github.com/lynndylanhurley/devise_token_auth/issues/887) - Use issue for "real" issue with the gem, and stackoverflow for integration problem [\#756](https://github.com/lynndylanhurley/devise_token_auth/issues/756) - User tokens don't properly deserialize [\#121](https://github.com/lynndylanhurley/devise_token_auth/issues/121) @@ -381,12 +362,12 @@ - Add mysql & psql service to travis because it isn't by default anymore [\#1323](https://github.com/lynndylanhurley/devise_token_auth/pull/1323) ([MaicolBen](https://github.com/MaicolBen)) - Fix "manage the tokens" broken link in FAQ [\#1320](https://github.com/lynndylanhurley/devise_token_auth/pull/1320) ([brateq](https://github.com/brateq)) - CI: Use 2.6.3, drop unused directive sudo: false [\#1317](https://github.com/lynndylanhurley/devise_token_auth/pull/1317) ([olleolleolle](https://github.com/olleolleolle)) -- updates: use update instead of update\_attributes [\#1314](https://github.com/lynndylanhurley/devise_token_auth/pull/1314) ([moray95](https://github.com/moray95)) -- fix\(current\_user\): revert false return in set\_user\_by\_token when token is not present [\#1306](https://github.com/lynndylanhurley/devise_token_auth/pull/1306) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- updates: use update instead of update_attributes [\#1314](https://github.com/lynndylanhurley/devise_token_auth/pull/1314) ([moray95](https://github.com/moray95)) +- fix\(current_user\): revert false return in set_user_by_token when token is not present [\#1306](https://github.com/lynndylanhurley/devise_token_auth/pull/1306) ([booleanbetrayal](https://github.com/booleanbetrayal)) - Update changelog [\#1297](https://github.com/lynndylanhurley/devise_token_auth/pull/1297) ([MaicolBen](https://github.com/MaicolBen)) - Relax bcrypt version [\#1296](https://github.com/lynndylanhurley/devise_token_auth/pull/1296) ([MaicolBen](https://github.com/MaicolBen)) - CI: Update matrix [\#1277](https://github.com/lynndylanhurley/devise_token_auth/pull/1277) ([olleolleolle](https://github.com/olleolleolle)) -- Skip token\_validations route [\#1271](https://github.com/lynndylanhurley/devise_token_auth/pull/1271) ([yasuman](https://github.com/yasuman)) +- Skip token_validations route [\#1271](https://github.com/lynndylanhurley/devise_token_auth/pull/1271) ([yasuman](https://github.com/yasuman)) - Resend confirmation instructions [\#1267](https://github.com/lynndylanhurley/devise_token_auth/pull/1267) ([lpsBetty](https://github.com/lpsBetty)) - Tokens serialization [\#1250](https://github.com/lynndylanhurley/devise_token_auth/pull/1250) ([dks17](https://github.com/dks17)) - Delete namespece and fix file name change to prevent override behavior of the default email validator [\#1242](https://github.com/lynndylanhurley/devise_token_auth/pull/1242) ([ihatov08](https://github.com/ihatov08)) @@ -396,6 +377,7 @@ # Change Log ## [v1.1.0](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.1.0) (2019-03-18) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.0.0...v1.1.0) **Implemented enhancements:** @@ -405,21 +387,21 @@ **Closed issues:** - Support Devise 4.6 [\#1270](https://github.com/lynndylanhurley/devise_token_auth/issues/1270) -- Headers remove token when config token\_lifespan [\#1268](https://github.com/lynndylanhurley/devise_token_auth/issues/1268) +- Headers remove token when config token_lifespan [\#1268](https://github.com/lynndylanhurley/devise_token_auth/issues/1268) - Reset Password Flow [\#1264](https://github.com/lynndylanhurley/devise_token_auth/issues/1264) - How to check Client value is expired or not? [\#1254](https://github.com/lynndylanhurley/devise_token_auth/issues/1254) -- access to current\_user not available [\#1246](https://github.com/lynndylanhurley/devise_token_auth/issues/1246) +- access to current_user not available [\#1246](https://github.com/lynndylanhurley/devise_token_auth/issues/1246) - subsequents Sign In does not add new tokens and return 401 [\#1244](https://github.com/lynndylanhurley/devise_token_auth/issues/1244) -- Could not find generator 'devise\_token\_auth:install\_mongoid' [\#1239](https://github.com/lynndylanhurley/devise_token_auth/issues/1239) -- undefined method `authenticate\_user!' when User class nested in module [\#1234](https://github.com/lynndylanhurley/devise_token_auth/issues/1234) -- I cant acsess to current\_user [\#1231](https://github.com/lynndylanhurley/devise_token_auth/issues/1231) -- Update token\_lifespan in production remove response headers [\#1227](https://github.com/lynndylanhurley/devise_token_auth/issues/1227) +- Could not find generator 'devise_token_auth:install_mongoid' [\#1239](https://github.com/lynndylanhurley/devise_token_auth/issues/1239) +- undefined method `authenticate_user!' when User class nested in module [\#1234](https://github.com/lynndylanhurley/devise_token_auth/issues/1234) +- I cant acsess to current_user [\#1231](https://github.com/lynndylanhurley/devise_token_auth/issues/1231) +- Update token_lifespan in production remove response headers [\#1227](https://github.com/lynndylanhurley/devise_token_auth/issues/1227) - Rename uid field to uuid [\#1225](https://github.com/lynndylanhurley/devise_token_auth/issues/1225) -- mysql2 0.4.6 error: use of undeclared identifier 'MYSQL\_SECURE\_AUTH' [\#1222](https://github.com/lynndylanhurley/devise_token_auth/issues/1222) +- mysql2 0.4.6 error: use of undeclared identifier 'MYSQL_SECURE_AUTH' [\#1222](https://github.com/lynndylanhurley/devise_token_auth/issues/1222) - POST with JSON Content-Type: application/json not passing parameters [\#1221](https://github.com/lynndylanhurley/devise_token_auth/issues/1221) - Password controller : edit does not use default password reset url ? [\#1219](https://github.com/lynndylanhurley/devise_token_auth/issues/1219) - Mongoid support [\#1198](https://github.com/lynndylanhurley/devise_token_auth/issues/1198) -- ensure\_pristine\_resource error [\#1135](https://github.com/lynndylanhurley/devise_token_auth/issues/1135) +- ensure_pristine_resource error [\#1135](https://github.com/lynndylanhurley/devise_token_auth/issues/1135) - codeclimate-test-reporter soon be deprecated [\#1080](https://github.com/lynndylanhurley/devise_token_auth/issues/1080) - Session Overflow Error [\#1077](https://github.com/lynndylanhurley/devise_token_auth/issues/1077) @@ -428,13 +410,13 @@ - allow devise \< 4.7 [\#1269](https://github.com/lynndylanhurley/devise_token_auth/pull/1269) ([doits](https://github.com/doits)) - Update Angular-Token README links [\#1257](https://github.com/lynndylanhurley/devise_token_auth/pull/1257) ([neroniaky](https://github.com/neroniaky)) - create he.yml translation file for Hebrew [\#1256](https://github.com/lynndylanhurley/devise_token_auth/pull/1256) ([aryehbeitz](https://github.com/aryehbeitz)) -- Split up methods in omniauth\_callbacks\_ctrl for easier extensibility [\#1251](https://github.com/lynndylanhurley/devise_token_auth/pull/1251) ([nbrustein](https://github.com/nbrustein)) +- Split up methods in omniauth_callbacks_ctrl for easier extensibility [\#1251](https://github.com/lynndylanhurley/devise_token_auth/pull/1251) ([nbrustein](https://github.com/nbrustein)) - Update appraisals, Travis config, ruby and rails versions [\#1249](https://github.com/lynndylanhurley/devise_token_auth/pull/1249) ([dks17](https://github.com/dks17)) - sign in multiple resources [\#1248](https://github.com/lynndylanhurley/devise_token_auth/pull/1248) ([Hamdan85](https://github.com/Hamdan85)) -- Add tests for passwords\#edit when redirect\_whitelist is set [\#1247](https://github.com/lynndylanhurley/devise_token_auth/pull/1247) ([MaicolBen](https://github.com/MaicolBen)) -- Use email\_provider? at sync\_uid [\#1243](https://github.com/lynndylanhurley/devise_token_auth/pull/1243) ([ihatov08](https://github.com/ihatov08)) +- Add tests for passwords\#edit when redirect_whitelist is set [\#1247](https://github.com/lynndylanhurley/devise_token_auth/pull/1247) ([MaicolBen](https://github.com/MaicolBen)) +- Use email_provider? at sync_uid [\#1243](https://github.com/lynndylanhurley/devise_token_auth/pull/1243) ([ihatov08](https://github.com/ihatov08)) - Fixed a reset password message in Japanese locales. [\#1241](https://github.com/lynndylanhurley/devise_token_auth/pull/1241) ([seigo23](https://github.com/seigo23)) -- Allow the use of allow\_unconfirmed\_access\_for for registration [\#1238](https://github.com/lynndylanhurley/devise_token_auth/pull/1238) ([bananatron](https://github.com/bananatron)) +- Allow the use of allow_unconfirmed_access_for for registration [\#1238](https://github.com/lynndylanhurley/devise_token_auth/pull/1238) ([bananatron](https://github.com/bananatron)) - Scope the EmailValidator to the DeviseTokenAuth module; add Solidus/Spree usage note to faq [\#1233](https://github.com/lynndylanhurley/devise_token_auth/pull/1233) ([skycocker](https://github.com/skycocker)) - Fix doc link [\#1230](https://github.com/lynndylanhurley/devise_token_auth/pull/1230) ([Hiromi-Kai](https://github.com/Hiromi-Kai)) - Use redirect url to edit from initializer as well [\#1228](https://github.com/lynndylanhurley/devise_token_auth/pull/1228) ([MaicolBen](https://github.com/MaicolBen)) @@ -444,6 +426,7 @@ - Simplifying ConfirmationsController show behavior [\#1075](https://github.com/lynndylanhurley/devise_token_auth/pull/1075) ([dks17](https://github.com/dks17)) ## [v1.0.0](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.0.0) (2018-10-23) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.0.0rc2...v1.0.0) **Closed issues:** @@ -456,6 +439,7 @@ - Bump version 1.0.0 [\#1229](https://github.com/lynndylanhurley/devise_token_auth/pull/1229) ([MaicolBen](https://github.com/MaicolBen)) ## [v1.0.0rc2](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.0.0rc2) (2018-09-21) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.2.0...v1.0.0rc2) **Closed issues:** @@ -466,24 +450,25 @@ - Token is no longer accepted after some time, only with a new "validate token" request [\#1204](https://github.com/lynndylanhurley/devise_token_auth/issues/1204) - How to share tokens across subdomains using devise-token-auth? [\#1199](https://github.com/lynndylanhurley/devise_token_auth/issues/1199) - 401s after response with new headers fail [\#1174](https://github.com/lynndylanhurley/devise_token_auth/issues/1174) -- A few refreshes after login gives me a blank access token and expiry, logging me out [\#1147](https://github.com/lynndylanhurley/devise_token_auth/issues/1147) +- A few refreshes after login gives me a blank access token and expiry, logging me out [\#1147](https://github.com/lynndylanhurley/devise_token_auth/issues/1147) - Extract Registrations Controller logic out to overrideable methods ??? [\#1143](https://github.com/lynndylanhurley/devise_token_auth/issues/1143) - ConfirmationsController redirection error [\#1084](https://github.com/lynndylanhurley/devise_token_auth/issues/1084) - Where should I store token? [\#1005](https://github.com/lynndylanhurley/devise_token_auth/issues/1005) -- devise\_token\_auth initializer breaks omniauth paths [\#966](https://github.com/lynndylanhurley/devise_token_auth/issues/966) -- default\_confirm\_success\_url fails in initializer [\#223](https://github.com/lynndylanhurley/devise_token_auth/issues/223) +- devise_token_auth initializer breaks omniauth paths [\#966](https://github.com/lynndylanhurley/devise_token_auth/issues/966) +- default_confirm_success_url fails in initializer [\#223](https://github.com/lynndylanhurley/devise_token_auth/issues/223) **Merged pull requests:** - Add rails lowest version to gemspec [\#1212](https://github.com/lynndylanhurley/devise_token_auth/pull/1212) ([masatooba](https://github.com/masatooba)) -- Add required\_ruby\_version [\#1208](https://github.com/lynndylanhurley/devise_token_auth/pull/1208) ([masatooba](https://github.com/masatooba)) +- Add required_ruby_version [\#1208](https://github.com/lynndylanhurley/devise_token_auth/pull/1208) ([masatooba](https://github.com/masatooba)) - chore\(deps\): expand devise to allow \< 4.6 [\#1203](https://github.com/lynndylanhurley/devise_token_auth/pull/1203) ([taneliang](https://github.com/taneliang)) - \[da-DK\] Improve grammar [\#1201](https://github.com/lynndylanhurley/devise_token_auth/pull/1201) ([olleolleolle](https://github.com/olleolleolle)) - Optimize resource valid check after set the headers [\#1188](https://github.com/lynndylanhurley/devise_token_auth/pull/1188) ([MaicolBen](https://github.com/MaicolBen)) - Moved to fallback instance variables in `set\_user\_by\_token` [\#1166](https://github.com/lynndylanhurley/devise_token_auth/pull/1166) ([twolfson](https://github.com/twolfson)) -- confirmation should redirect to default\_confirm\_success\_url by default [\#1091](https://github.com/lynndylanhurley/devise_token_auth/pull/1091) ([maysam](https://github.com/maysam)) +- confirmation should redirect to default_confirm_success_url by default [\#1091](https://github.com/lynndylanhurley/devise_token_auth/pull/1091) ([maysam](https://github.com/maysam)) ## [v0.2.0](https://github.com/lynndylanhurley/devise_token_auth/tree/v0.2.0) (2018-08-10) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v1.0.0rc1...v0.2.0) **Merged pull requests:** @@ -491,6 +476,7 @@ - Revert \#703 "Always set header in batch mode" [\#1161](https://github.com/lynndylanhurley/devise_token_auth/pull/1161) ([MaicolBen](https://github.com/MaicolBen)) ## [v1.0.0rc1](https://github.com/lynndylanhurley/devise_token_auth/tree/v1.0.0rc1) (2018-08-10) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.1.43...v1.0.0rc1) **Implemented enhancements:** @@ -506,43 +492,43 @@ - overriding registrations controller with active model serializer. [\#1194](https://github.com/lynndylanhurley/devise_token_auth/issues/1194) - NameError \(undefined local variable or method `provider' for \#\\): [\#1187](https://github.com/lynndylanhurley/devise_token_auth/issues/1187) -- The email\_required? method is not working [\#1186](https://github.com/lynndylanhurley/devise_token_auth/issues/1186) +- The email_required? method is not working [\#1186](https://github.com/lynndylanhurley/devise_token_auth/issues/1186) - Forgotten log files on the dummy test folder - More than a hundred megabytes [\#1185](https://github.com/lynndylanhurley/devise_token_auth/issues/1185) -- undefined method `create\_token' for \#\ Did you mean? created\_at [\#1179](https://github.com/lynndylanhurley/devise_token_auth/issues/1179) +- undefined method `create_token' for \#\ Did you mean? created_at [\#1179](https://github.com/lynndylanhurley/devise_token_auth/issues/1179) - Unpermitted parameter: :registration [\#1178](https://github.com/lynndylanhurley/devise_token_auth/issues/1178) - Remove Password Validation [\#1177](https://github.com/lynndylanhurley/devise_token_auth/issues/1177) - Devise Token Auth Postman configuration [\#1173](https://github.com/lynndylanhurley/devise_token_auth/issues/1173) - Set default provider as "username" instead of "email" [\#1172](https://github.com/lynndylanhurley/devise_token_auth/issues/1172) - How to implement 2FA? [\#1171](https://github.com/lynndylanhurley/devise_token_auth/issues/1171) - Skip email confirmation [\#1170](https://github.com/lynndylanhurley/devise_token_auth/issues/1170) -- Multiples Profiles Relationship [\#1168](https://github.com/lynndylanhurley/devise_token_auth/issues/1168) -- request.headers.merge is not work. [\#1167](https://github.com/lynndylanhurley/devise_token_auth/issues/1167) +- Multiples Profiles Relationship [\#1168](https://github.com/lynndylanhurley/devise_token_auth/issues/1168) +- request.headers.merge is not work. [\#1167](https://github.com/lynndylanhurley/devise_token_auth/issues/1167) - How to add another parameter to validate a user? [\#1162](https://github.com/lynndylanhurley/devise_token_auth/issues/1162) - Getting undefined method `make\_response!` for overridden Devise controller class [\#1158](https://github.com/lynndylanhurley/devise_token_auth/issues/1158) -- cant sigh\_in on my custom controller [\#1150](https://github.com/lynndylanhurley/devise_token_auth/issues/1150) -- Mocha/minitest issue in test\_helper.rb [\#1149](https://github.com/lynndylanhurley/devise_token_auth/issues/1149) +- cant sigh_in on my custom controller [\#1150](https://github.com/lynndylanhurley/devise_token_auth/issues/1150) +- Mocha/minitest issue in test_helper.rb [\#1149](https://github.com/lynndylanhurley/devise_token_auth/issues/1149) - How could send the access-token and other credentials ? [\#1146](https://github.com/lynndylanhurley/devise_token_auth/issues/1146) - How to override concern [\#1145](https://github.com/lynndylanhurley/devise_token_auth/issues/1145) -- Support for find\_for\_database\_authentication [\#1138](https://github.com/lynndylanhurley/devise_token_auth/issues/1138) +- Support for find_for_database_authentication [\#1138](https://github.com/lynndylanhurley/devise_token_auth/issues/1138) - Breaking tests / travis builds - Mocha gem was updated. [\#1137](https://github.com/lynndylanhurley/devise_token_auth/issues/1137) -- How solve undefined method `allow\_password\_change' while changing user password ? [\#1136](https://github.com/lynndylanhurley/devise_token_auth/issues/1136) -- Email case\_insensitive with soulda matchers [\#1133](https://github.com/lynndylanhurley/devise_token_auth/issues/1133) +- How solve undefined method `allow_password_change' while changing user password ? [\#1136](https://github.com/lynndylanhurley/devise_token_auth/issues/1136) +- Email case_insensitive with soulda matchers [\#1133](https://github.com/lynndylanhurley/devise_token_auth/issues/1133) - Clear ActiveRecord::AttributeMethods::Dirty Deprecated Methods [\#1131](https://github.com/lynndylanhurley/devise_token_auth/issues/1131) - Password/Edit route not working [\#1127](https://github.com/lynndylanhurley/devise_token_auth/issues/1127) - Automatic Login after successful email confirmation [\#1122](https://github.com/lynndylanhurley/devise_token_auth/issues/1122) - Clarification on OAuth Flow [\#1118](https://github.com/lynndylanhurley/devise_token_auth/issues/1118) - New Bounty: $100 for README Edits/Improvements, issue queue cleanup [\#1114](https://github.com/lynndylanhurley/devise_token_auth/issues/1114) - Tests on token expiry fail when they're run on the WET time zone [\#1112](https://github.com/lynndylanhurley/devise_token_auth/issues/1112) -- uid is blank upon basic rails 5 api setup, user registration [\#1111](https://github.com/lynndylanhurley/devise_token_auth/issues/1111) -- v0.1.43 causes Missing confirm\_success\_url parameter error [\#1108](https://github.com/lynndylanhurley/devise_token_auth/issues/1108) -- max\_number\_of\_devices config seems doesn't work! [\#1107](https://github.com/lynndylanhurley/devise_token_auth/issues/1107) +- uid is blank upon basic rails 5 api setup, user registration [\#1111](https://github.com/lynndylanhurley/devise_token_auth/issues/1111) +- v0.1.43 causes Missing confirm_success_url parameter error [\#1108](https://github.com/lynndylanhurley/devise_token_auth/issues/1108) +- max_number_of_devices config seems doesn't work! [\#1107](https://github.com/lynndylanhurley/devise_token_auth/issues/1107) - LoadError: cannot load such file -- omniauth [\#1105](https://github.com/lynndylanhurley/devise_token_auth/issues/1105) -- Token is not generated when login through facebook [\#1099](https://github.com/lynndylanhurley/devise_token_auth/issues/1099) -- Why does update\_auth\_header need to query the resource for tokens again? [\#1097](https://github.com/lynndylanhurley/devise_token_auth/issues/1097) +- Token is not generated when login through facebook [\#1099](https://github.com/lynndylanhurley/devise_token_auth/issues/1099) +- Why does update_auth_header need to query the resource for tokens again? [\#1097](https://github.com/lynndylanhurley/devise_token_auth/issues/1097) - "an error ocurred" when receiving the callback from google [\#1090](https://github.com/lynndylanhurley/devise_token_auth/issues/1090) -- devise omniauth redirect issue after installing devise\_token\_auth [\#1088](https://github.com/lynndylanhurley/devise_token_auth/issues/1088) +- devise omniauth redirect issue after installing devise_token_auth [\#1088](https://github.com/lynndylanhurley/devise_token_auth/issues/1088) - Simplify the Readme. [\#1069](https://github.com/lynndylanhurley/devise_token_auth/issues/1069) -- Different max\_number\_of\_devices based on devise model [\#1003](https://github.com/lynndylanhurley/devise_token_auth/issues/1003) +- Different max_number_of_devices based on devise model [\#1003](https://github.com/lynndylanhurley/devise_token_auth/issues/1003) - Action Cable and devise token auth [\#986](https://github.com/lynndylanhurley/devise_token_auth/issues/986) - Cut a release [\#972](https://github.com/lynndylanhurley/devise_token_auth/issues/972) - minor error in README with regard to usage alongside Devise [\#745](https://github.com/lynndylanhurley/devise_token_auth/issues/745) @@ -565,13 +551,13 @@ - Update FAQ method for using DeviseTokenAuth alongside Devise [\#1175](https://github.com/lynndylanhurley/devise_token_auth/pull/1175) ([mrkrlli](https://github.com/mrkrlli)) - Require mocha \>= 1.5 [\#1169](https://github.com/lynndylanhurley/devise_token_auth/pull/1169) ([krzysiek1507](https://github.com/krzysiek1507)) - Test against newest Ruby from line [\#1163](https://github.com/lynndylanhurley/devise_token_auth/pull/1163) ([krzysiek1507](https://github.com/krzysiek1507)) -- Add frozen\_string\_literal pragma to ruby files [\#1157](https://github.com/lynndylanhurley/devise_token_auth/pull/1157) ([krzysiek1507](https://github.com/krzysiek1507)) +- Add frozen_string_literal pragma to ruby files [\#1157](https://github.com/lynndylanhurley/devise_token_auth/pull/1157) ([krzysiek1507](https://github.com/krzysiek1507)) - 1143 extract @resource initialization out to a named overrideable method [\#1144](https://github.com/lynndylanhurley/devise_token_auth/pull/1144) ([Marinlemaignan](https://github.com/Marinlemaignan)) - Setup appraisal for rails 4 [\#1142](https://github.com/lynndylanhurley/devise_token_auth/pull/1142) ([krzysiek1507](https://github.com/krzysiek1507)) - Setup appraisal [\#1134](https://github.com/lynndylanhurley/devise_token_auth/pull/1134) ([krzysiek1507](https://github.com/krzysiek1507)) - 1131 fix deprecation warning for dirty attributes for rails \> 5 [\#1132](https://github.com/lynndylanhurley/devise_token_auth/pull/1132) ([Marinlemaignan](https://github.com/Marinlemaignan)) - Rubocop Fixes 2 [\#1130](https://github.com/lynndylanhurley/devise_token_auth/pull/1130) ([dks17](https://github.com/dks17)) -- Clean readme & move doc [\#1129](https://github.com/lynndylanhurley/devise_token_auth/pull/1129) ([MaicolBen](https://github.com/MaicolBen)) +- Clean readme & move doc [\#1129](https://github.com/lynndylanhurley/devise_token_auth/pull/1129) ([MaicolBen](https://github.com/MaicolBen)) - Rubocop Fixes [\#1126](https://github.com/lynndylanhurley/devise_token_auth/pull/1126) ([dks17](https://github.com/dks17)) - sv.yml localization [\#1120](https://github.com/lynndylanhurley/devise_token_auth/pull/1120) ([olleolleolle](https://github.com/olleolleolle)) - da-DK: fix translation typo \(burger!\) [\#1119](https://github.com/lynndylanhurley/devise_token_auth/pull/1119) ([olleolleolle](https://github.com/olleolleolle)) @@ -579,21 +565,22 @@ - Test against ruby 2.5 [\#1116](https://github.com/lynndylanhurley/devise_token_auth/pull/1116) ([krzysiek1507](https://github.com/krzysiek1507)) - Max number of devices in new session [\#1115](https://github.com/lynndylanhurley/devise_token_auth/pull/1115) ([Evan-M](https://github.com/Evan-M)) - Refactor uses of time now [\#1113](https://github.com/lynndylanhurley/devise_token_auth/pull/1113) ([nesteves](https://github.com/nesteves)) -- max\_number\_of\_devices should be used in a new session as well [\#1109](https://github.com/lynndylanhurley/devise_token_auth/pull/1109) ([MaicolBen](https://github.com/MaicolBen)) +- max_number_of_devices should be used in a new session as well [\#1109](https://github.com/lynndylanhurley/devise_token_auth/pull/1109) ([MaicolBen](https://github.com/MaicolBen)) - Activating Open Collective [\#1104](https://github.com/lynndylanhurley/devise_token_auth/pull/1104) ([monkeywithacupcake](https://github.com/monkeywithacupcake)) ## [v0.1.43](https://github.com/lynndylanhurley/devise_token_auth/tree/v0.1.43) (2018-03-07) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.1.43.beta1...v0.1.43) **Closed issues:** - Problems with devise version [\#1102](https://github.com/lynndylanhurley/devise_token_auth/issues/1102) -- user\_signed\_in? is false after successful sign in [\#1101](https://github.com/lynndylanhurley/devise_token_auth/issues/1101) +- user_signed_in? is false after successful sign in [\#1101](https://github.com/lynndylanhurley/devise_token_auth/issues/1101) - Basic Example with Postman? [\#1094](https://github.com/lynndylanhurley/devise_token_auth/issues/1094) - No create in confirmations controller? [\#1093](https://github.com/lynndylanhurley/devise_token_auth/issues/1093) - Does it works with Sequel? [\#1092](https://github.com/lynndylanhurley/devise_token_auth/issues/1092) - Can't add field for unique validation [\#1089](https://github.com/lynndylanhurley/devise_token_auth/issues/1089) -- No access\_token through api when signing in by finding user. [\#1087](https://github.com/lynndylanhurley/devise_token_auth/issues/1087) +- No access_token through api when signing in by finding user. [\#1087](https://github.com/lynndylanhurley/devise_token_auth/issues/1087) - Password Reset Link params without POST /password [\#1070](https://github.com/lynndylanhurley/devise_token_auth/issues/1070) - Confirmable should not be dependant on trackable [\#1065](https://github.com/lynndylanhurley/devise_token_auth/issues/1065) - NoMethodError: undefined method `provider' for \#\ after second sign\_in request with postgres [\#1052](https://github.com/lynndylanhurley/devise_token_auth/issues/1052) +- \#\ after second sign_in request with postgres [\#1052](https://github.com/lynndylanhurley/devise_token_auth/issues/1052) - Manual Authentication and Registration [\#1051](https://github.com/lynndylanhurley/devise_token_auth/issues/1051) - I can not insert name when registering user [\#1048](https://github.com/lynndylanhurley/devise_token_auth/issues/1048) -- NoMethodError: undefined method 'allow\_password\_change=' [\#1046](https://github.com/lynndylanhurley/devise_token_auth/issues/1046) +- NoMethodError: undefined method 'allow_password_change=' [\#1046](https://github.com/lynndylanhurley/devise_token_auth/issues/1046) - Confirmation flow [\#1045](https://github.com/lynndylanhurley/devise_token_auth/issues/1045) - undefined local variable or method `flash' for \#\\) [\#853](https://github.com/lynndylanhurley/devise_token_auth/issues/853) +- NoMethodError \(undefined method `new_session_path' for \#\\) [\#853](https://github.com/lynndylanhurley/devise_token_auth/issues/853) - Token based authentication with LDAP only [\#850](https://github.com/lynndylanhurley/devise_token_auth/issues/850) - Insecure session created with reset password link [\#848](https://github.com/lynndylanhurley/devise_token_auth/issues/848) - Swagger / Yard Docs [\#846](https://github.com/lynndylanhurley/devise_token_auth/issues/846) - NoMethodError: undefined method `\[\]=' for nil:NilClass in unit test [\#839](https://github.com/lynndylanhurley/devise_token_auth/issues/839) -- No resource\_class found [\#838](https://github.com/lynndylanhurley/devise_token_auth/issues/838) -- How to Custom Mailer ? [\#837](https://github.com/lynndylanhurley/devise_token_auth/issues/837) +- No resource_class found [\#838](https://github.com/lynndylanhurley/devise_token_auth/issues/838) +- How to Custom Mailer ? [\#837](https://github.com/lynndylanhurley/devise_token_auth/issues/837) - Password gets updated but current password is still invalid. [\#836](https://github.com/lynndylanhurley/devise_token_auth/issues/836) - CookieOverflow on namespaced controllers [\#835](https://github.com/lynndylanhurley/devise_token_auth/issues/835) -- no registration routes when used with devise [\#834](https://github.com/lynndylanhurley/devise_token_auth/issues/834) +- no registration routes when used with devise [\#834](https://github.com/lynndylanhurley/devise_token_auth/issues/834) - Incompatibility with shoulda in email uniqueness [\#833](https://github.com/lynndylanhurley/devise_token_auth/issues/833) -- No HTML for omniauth\_external\_window view in Rails 5 API [\#830](https://github.com/lynndylanhurley/devise_token_auth/issues/830) -- DeviseTokenAuth::TokenValidationsController\#validate\_token returns 401 unauthorized. [\#829](https://github.com/lynndylanhurley/devise_token_auth/issues/829) +- No HTML for omniauth_external_window view in Rails 5 API [\#830](https://github.com/lynndylanhurley/devise_token_auth/issues/830) +- DeviseTokenAuth::TokenValidationsController\#validate_token returns 401 unauthorized. [\#829](https://github.com/lynndylanhurley/devise_token_auth/issues/829) - Console warning [\#828](https://github.com/lynndylanhurley/devise_token_auth/issues/828) - omniauth-facebook authentication with an Angular 2 front end application. [\#827](https://github.com/lynndylanhurley/devise_token_auth/issues/827) - uid is similar to email [\#825](https://github.com/lynndylanhurley/devise_token_auth/issues/825) - Use POST to sign in. GET is not supported. [\#823](https://github.com/lynndylanhurley/devise_token_auth/issues/823) - Invalid login credentials. Please try again. [\#822](https://github.com/lynndylanhurley/devise_token_auth/issues/822) - Devise redirecting Web request to the Token JSON API [\#821](https://github.com/lynndylanhurley/devise_token_auth/issues/821) -- Wrong model mapped for token\_validation [\#820](https://github.com/lynndylanhurley/devise_token_auth/issues/820) +- Wrong model mapped for token_validation [\#820](https://github.com/lynndylanhurley/devise_token_auth/issues/820) - Banning a user [\#817](https://github.com/lynndylanhurley/devise_token_auth/issues/817) -- Sometimes very frequently, sometimes very randomly - 401 Unauthorized. [\#813](https://github.com/lynndylanhurley/devise_token_auth/issues/813) +- Sometimes very frequently, sometimes very randomly - 401 Unauthorized. [\#813](https://github.com/lynndylanhurley/devise_token_auth/issues/813) - The confirmation email is not send with the standard devise support [\#812](https://github.com/lynndylanhurley/devise_token_auth/issues/812) - Securing headers on client side [\#809](https://github.com/lynndylanhurley/devise_token_auth/issues/809) - Impersonate user [\#802](https://github.com/lynndylanhurley/devise_token_auth/issues/802) - Can't use JBuilder templates when overriding rendering methods [\#801](https://github.com/lynndylanhurley/devise_token_auth/issues/801) -- I18n broken \(e.g. :already\_in\_use\) [\#799](https://github.com/lynndylanhurley/devise_token_auth/issues/799) +- I18n broken \(e.g. :already_in_use\) [\#799](https://github.com/lynndylanhurley/devise_token_auth/issues/799) - very unstable gem full of bugs !! [\#795](https://github.com/lynndylanhurley/devise_token_auth/issues/795) - CORS answers 404 always [\#794](https://github.com/lynndylanhurley/devise_token_auth/issues/794) - Authorized Users Only on iOS client [\#792](https://github.com/lynndylanhurley/devise_token_auth/issues/792) -- user\_signed\_in? doesn't returning access\_token after few continuous call to it !!! [\#791](https://github.com/lynndylanhurley/devise_token_auth/issues/791) -- 302 found when I try to redirect to "/devise\_token\_auth/sessions\#create" [\#790](https://github.com/lynndylanhurley/devise_token_auth/issues/790) -- Initializer default\_password\_reset\_url not working. [\#789](https://github.com/lynndylanhurley/devise_token_auth/issues/789) +- user_signed_in? doesn't returning access_token after few continuous call to it !!! [\#791](https://github.com/lynndylanhurley/devise_token_auth/issues/791) +- 302 found when I try to redirect to "/devise_token_auth/sessions\#create" [\#790](https://github.com/lynndylanhurley/devise_token_auth/issues/790) +- Initializer default_password_reset_url not working. [\#789](https://github.com/lynndylanhurley/devise_token_auth/issues/789) - Gem querying database twice for authenticating user [\#788](https://github.com/lynndylanhurley/devise_token_auth/issues/788) - No authentication headers when using Single Table Inheritance on my User model [\#783](https://github.com/lynndylanhurley/devise_token_auth/issues/783) -- Can't migrate database after 'rails g devise\_token\_auth:install User auth' [\#781](https://github.com/lynndylanhurley/devise_token_auth/issues/781) -- Diferent tokens from devise and devise\_token\_auth some times get in conflict... [\#780](https://github.com/lynndylanhurley/devise_token_auth/issues/780) +- Can't migrate database after 'rails g devise_token_auth:install User auth' [\#781](https://github.com/lynndylanhurley/devise_token_auth/issues/781) +- Diferent tokens from devise and devise_token_auth some times get in conflict... [\#780](https://github.com/lynndylanhurley/devise_token_auth/issues/780) - LinkedIn SignIn [\#778](https://github.com/lynndylanhurley/devise_token_auth/issues/778) -- Rails engine \(api only\) - undefined method `mount\_devise\_token\_auth\_for' for \#\\) [\#853](https://github.com/lynndylanhurley/devise_token_auth/issues/853) +- NoMethodError \(undefined method `new_session_path' for \#\\) [\#853](https://github.com/lynndylanhurley/devise_token_auth/issues/853) - Headers not present in all requests [\#851](https://github.com/lynndylanhurley/devise_token_auth/issues/851) - Token based authentication with LDAP only [\#850](https://github.com/lynndylanhurley/devise_token_auth/issues/850) - Insecure session created with reset password link [\#848](https://github.com/lynndylanhurley/devise_token_auth/issues/848) - Swagger / Yard Docs [\#846](https://github.com/lynndylanhurley/devise_token_auth/issues/846) -- uninitialized constant SECRET\_KEY\_BASE [\#845](https://github.com/lynndylanhurley/devise_token_auth/issues/845) +- uninitialized constant SECRET_KEY_BASE [\#845](https://github.com/lynndylanhurley/devise_token_auth/issues/845) - NoMethodError: undefined method `\[\]=' for nil:NilClass in unit test [\#839](https://github.com/lynndylanhurley/devise_token_auth/issues/839) -- No resource\_class found [\#838](https://github.com/lynndylanhurley/devise_token_auth/issues/838) -- How to Custom Mailer ? [\#837](https://github.com/lynndylanhurley/devise_token_auth/issues/837) +- No resource_class found [\#838](https://github.com/lynndylanhurley/devise_token_auth/issues/838) +- How to Custom Mailer ? [\#837](https://github.com/lynndylanhurley/devise_token_auth/issues/837) - Password gets updated but current password is still invalid. [\#836](https://github.com/lynndylanhurley/devise_token_auth/issues/836) - CookieOverflow on namespaced controllers [\#835](https://github.com/lynndylanhurley/devise_token_auth/issues/835) -- no registration routes when used with devise [\#834](https://github.com/lynndylanhurley/devise_token_auth/issues/834) +- no registration routes when used with devise [\#834](https://github.com/lynndylanhurley/devise_token_auth/issues/834) - Incompatibility with shoulda in email uniqueness [\#833](https://github.com/lynndylanhurley/devise_token_auth/issues/833) -- devise\_token\_auth: can't work with Rails subdomain. [\#831](https://github.com/lynndylanhurley/devise_token_auth/issues/831) -- No HTML for omniauth\_external\_window view in Rails 5 API [\#830](https://github.com/lynndylanhurley/devise_token_auth/issues/830) -- DeviseTokenAuth::TokenValidationsController\#validate\_token returns 401 unauthorized. [\#829](https://github.com/lynndylanhurley/devise_token_auth/issues/829) +- devise_token_auth: can't work with Rails subdomain. [\#831](https://github.com/lynndylanhurley/devise_token_auth/issues/831) +- No HTML for omniauth_external_window view in Rails 5 API [\#830](https://github.com/lynndylanhurley/devise_token_auth/issues/830) +- DeviseTokenAuth::TokenValidationsController\#validate_token returns 401 unauthorized. [\#829](https://github.com/lynndylanhurley/devise_token_auth/issues/829) - Console warning [\#828](https://github.com/lynndylanhurley/devise_token_auth/issues/828) - omniauth-facebook authentication with an Angular 2 front end application. [\#827](https://github.com/lynndylanhurley/devise_token_auth/issues/827) - uid is similar to email [\#825](https://github.com/lynndylanhurley/devise_token_auth/issues/825) @@ -1133,51 +1121,51 @@ - Use POST to sign in. GET is not supported. [\#823](https://github.com/lynndylanhurley/devise_token_auth/issues/823) - Invalid login credentials. Please try again. [\#822](https://github.com/lynndylanhurley/devise_token_auth/issues/822) - Devise redirecting Web request to the Token JSON API [\#821](https://github.com/lynndylanhurley/devise_token_auth/issues/821) -- Wrong model mapped for token\_validation [\#820](https://github.com/lynndylanhurley/devise_token_auth/issues/820) +- Wrong model mapped for token_validation [\#820](https://github.com/lynndylanhurley/devise_token_auth/issues/820) - readme code for controller override needs a slight change [\#819](https://github.com/lynndylanhurley/devise_token_auth/issues/819) - Banning a user [\#817](https://github.com/lynndylanhurley/devise_token_auth/issues/817) - Support for multiple providers during same session [\#815](https://github.com/lynndylanhurley/devise_token_auth/issues/815) -- Sometimes very frequently, sometimes very randomly - 401 Unauthorized. [\#813](https://github.com/lynndylanhurley/devise_token_auth/issues/813) +- Sometimes very frequently, sometimes very randomly - 401 Unauthorized. [\#813](https://github.com/lynndylanhurley/devise_token_auth/issues/813) - The confirmation email is not send with the standard devise support [\#812](https://github.com/lynndylanhurley/devise_token_auth/issues/812) - not supporting for angular1.6 [\#810](https://github.com/lynndylanhurley/devise_token_auth/issues/810) - Securing headers on client side [\#809](https://github.com/lynndylanhurley/devise_token_auth/issues/809) - Add has one/belongs to assotiation [\#807](https://github.com/lynndylanhurley/devise_token_auth/issues/807) -- redirect\_url required but not permitted in strong parameters [\#805](https://github.com/lynndylanhurley/devise_token_auth/issues/805) +- redirect_url required but not permitted in strong parameters [\#805](https://github.com/lynndylanhurley/devise_token_auth/issues/805) - Impersonate user [\#802](https://github.com/lynndylanhurley/devise_token_auth/issues/802) - Can't use JBuilder templates when overriding rendering methods [\#801](https://github.com/lynndylanhurley/devise_token_auth/issues/801) -- I18n broken \(e.g. :already\_in\_use\) [\#799](https://github.com/lynndylanhurley/devise_token_auth/issues/799) +- I18n broken \(e.g. :already_in_use\) [\#799](https://github.com/lynndylanhurley/devise_token_auth/issues/799) - Data leak on create password reset [\#797](https://github.com/lynndylanhurley/devise_token_auth/issues/797) - Rails 5 API Mode Not Authorizing [\#796](https://github.com/lynndylanhurley/devise_token_auth/issues/796) - very unstable gem full of bugs !! [\#795](https://github.com/lynndylanhurley/devise_token_auth/issues/795) - CORS answers 404 always [\#794](https://github.com/lynndylanhurley/devise_token_auth/issues/794) - Authorized Users Only on iOS client [\#792](https://github.com/lynndylanhurley/devise_token_auth/issues/792) -- user\_signed\_in? doesn't returning access\_token after few continuous call to it !!! [\#791](https://github.com/lynndylanhurley/devise_token_auth/issues/791) -- 302 found when I try to redirect to "/devise\_token\_auth/sessions\#create" [\#790](https://github.com/lynndylanhurley/devise_token_auth/issues/790) -- Initializer default\_password\_reset\_url not working. [\#789](https://github.com/lynndylanhurley/devise_token_auth/issues/789) +- user_signed_in? doesn't returning access_token after few continuous call to it !!! [\#791](https://github.com/lynndylanhurley/devise_token_auth/issues/791) +- 302 found when I try to redirect to "/devise_token_auth/sessions\#create" [\#790](https://github.com/lynndylanhurley/devise_token_auth/issues/790) +- Initializer default_password_reset_url not working. [\#789](https://github.com/lynndylanhurley/devise_token_auth/issues/789) - Gem querying database twice for authenticating user [\#788](https://github.com/lynndylanhurley/devise_token_auth/issues/788) - wrong constant name user [\#784](https://github.com/lynndylanhurley/devise_token_auth/issues/784) - No authentication headers when using Single Table Inheritance on my User model [\#783](https://github.com/lynndylanhurley/devise_token_auth/issues/783) -- Can't migrate database after 'rails g devise\_token\_auth:install User auth' [\#781](https://github.com/lynndylanhurley/devise_token_auth/issues/781) -- Diferent tokens from devise and devise\_token\_auth some times get in conflict... [\#780](https://github.com/lynndylanhurley/devise_token_auth/issues/780) -- current\_user returns nill [\#779](https://github.com/lynndylanhurley/devise_token_auth/issues/779) +- Can't migrate database after 'rails g devise_token_auth:install User auth' [\#781](https://github.com/lynndylanhurley/devise_token_auth/issues/781) +- Diferent tokens from devise and devise_token_auth some times get in conflict... [\#780](https://github.com/lynndylanhurley/devise_token_auth/issues/780) +- current_user returns nill [\#779](https://github.com/lynndylanhurley/devise_token_auth/issues/779) - LinkedIn SignIn [\#778](https://github.com/lynndylanhurley/devise_token_auth/issues/778) -- Rails engine \(api only\) - undefined method `mount\_devise\_token\_auth\_for' for \#\ [\#297](https://github.com/lynndylanhurley/devise_token_auth/issues/297) - Confirmation URL giving bad arguments [\#293](https://github.com/lynndylanhurley/devise_token_auth/issues/293) -- Conder making view helpers available in token\_validations\_controller [\#292](https://github.com/lynndylanhurley/devise_token_auth/issues/292) -- set\_user\_by\_token not called in overriden controller [\#291](https://github.com/lynndylanhurley/devise_token_auth/issues/291) +- Conder making view helpers available in token_validations_controller [\#292](https://github.com/lynndylanhurley/devise_token_auth/issues/292) +- set_user_by_token not called in overriden controller [\#291](https://github.com/lynndylanhurley/devise_token_auth/issues/291) - Using alongside "normal" rails app [\#290](https://github.com/lynndylanhurley/devise_token_auth/issues/290) -- Question: Should we send password reset instructions to unconfirmed emails? [\#287](https://github.com/lynndylanhurley/devise_token_auth/issues/287) +- Question: Should we send password reset instructions to unconfirmed emails? [\#287](https://github.com/lynndylanhurley/devise_token_auth/issues/287) - NoMethodError \(undefined method `\[\]' for nil:NilClass\): [\#286](https://github.com/lynndylanhurley/devise_token_auth/issues/286) - Facebook omniauth redirection is missing url when testing on localhost [\#285](https://github.com/lynndylanhurley/devise_token_auth/issues/285) - Reset password error. [\#284](https://github.com/lynndylanhurley/devise_token_auth/issues/284) -- Configured verbatim, devise\_token\_auth receives this error google only [\#282](https://github.com/lynndylanhurley/devise_token_auth/issues/282) +- Configured verbatim, devise_token_auth receives this error google only [\#282](https://github.com/lynndylanhurley/devise_token_auth/issues/282) - No route matches \[GET\] "/users/facebook/callback" [\#280](https://github.com/lynndylanhurley/devise_token_auth/issues/280) - Facebook Auth isn't working for Google Chrome users that have Data Compression set to on [\#279](https://github.com/lynndylanhurley/devise_token_auth/issues/279) - No route matches \[GET\] "/omniauth/:provider" [\#278](https://github.com/lynndylanhurley/devise_token_auth/issues/278) - How to refresh token/expiry? [\#275](https://github.com/lynndylanhurley/devise_token_auth/issues/275) -- wrong number of arguments \(1 for 0\): in DeviseTokenAuth::RegistrationsController\#create [\#274](https://github.com/lynndylanhurley/devise_token_auth/issues/274) +- wrong number of arguments \(1 for 0\): in DeviseTokenAuth::RegistrationsController\#create [\#274](https://github.com/lynndylanhurley/devise_token_auth/issues/274) - Can not save a user with nil tokens attribute [\#271](https://github.com/lynndylanhurley/devise_token_auth/issues/271) -- Shouldn't validate\_token param be access-token, not auth\_token? [\#270](https://github.com/lynndylanhurley/devise_token_auth/issues/270) +- Shouldn't validate_token param be access-token, not auth_token? [\#270](https://github.com/lynndylanhurley/devise_token_auth/issues/270) - include associations on login [\#269](https://github.com/lynndylanhurley/devise_token_auth/issues/269) - Used alongside standard Devise broke the Devise mail confirmation [\#265](https://github.com/lynndylanhurley/devise_token_auth/issues/265) - How To Handle Guest Account [\#264](https://github.com/lynndylanhurley/devise_token_auth/issues/264) @@ -1475,14 +1463,14 @@ - Custom Serializer like ActiveModel Serializer [\#249](https://github.com/lynndylanhurley/devise_token_auth/issues/249) - reset password link is not getting to redirection [\#247](https://github.com/lynndylanhurley/devise_token_auth/issues/247) - File download with query params [\#246](https://github.com/lynndylanhurley/devise_token_auth/issues/246) -- Info: is devise\_token\_auth compatible with rails 3.2.19? [\#245](https://github.com/lynndylanhurley/devise_token_auth/issues/245) +- Info: is devise_token_auth compatible with rails 3.2.19? [\#245](https://github.com/lynndylanhurley/devise_token_auth/issues/245) - Should a 404 reset tokens? [\#244](https://github.com/lynndylanhurley/devise_token_auth/issues/244) - Headers required for different methods [\#243](https://github.com/lynndylanhurley/devise_token_auth/issues/243) - Unpermitted parameters: format, session, lang [\#239](https://github.com/lynndylanhurley/devise_token_auth/issues/239) -- On sign\_in, devise\_token\_auth expects the uid to be the same as the email [\#237](https://github.com/lynndylanhurley/devise_token_auth/issues/237) -- Name conflict with inherited\_resources [\#236](https://github.com/lynndylanhurley/devise_token_auth/issues/236) -- Devise.secret\_key was not set. Please add the following to your Devise initializer [\#235](https://github.com/lynndylanhurley/devise_token_auth/issues/235) -- sign\_in will not fetch the token [\#234](https://github.com/lynndylanhurley/devise_token_auth/issues/234) +- On sign_in, devise_token_auth expects the uid to be the same as the email [\#237](https://github.com/lynndylanhurley/devise_token_auth/issues/237) +- Name conflict with inherited_resources [\#236](https://github.com/lynndylanhurley/devise_token_auth/issues/236) +- Devise.secret_key was not set. Please add the following to your Devise initializer [\#235](https://github.com/lynndylanhurley/devise_token_auth/issues/235) +- sign_in will not fetch the token [\#234](https://github.com/lynndylanhurley/devise_token_auth/issues/234) - Expected params don't match Devise itself [\#233](https://github.com/lynndylanhurley/devise_token_auth/issues/233) - Remove \('\#'\) symbol when using html5mode in locationProvider [\#232](https://github.com/lynndylanhurley/devise_token_auth/issues/232) - Log in request 401 error [\#231](https://github.com/lynndylanhurley/devise_token_auth/issues/231) @@ -1490,12 +1478,12 @@ - Devise email validation disabled...why? [\#229](https://github.com/lynndylanhurley/devise_token_auth/issues/229) - Namespaced Models [\#228](https://github.com/lynndylanhurley/devise_token_auth/issues/228) - Can't verify CSRF token authenticity [\#227](https://github.com/lynndylanhurley/devise_token_auth/issues/227) -- confirm\_success\_url error not working [\#226](https://github.com/lynndylanhurley/devise_token_auth/issues/226) -- pending\_reconfirmation called when confirmable isn't used [\#224](https://github.com/lynndylanhurley/devise_token_auth/issues/224) -- Error on OmniauthCallbacksController\#omniauth\_success [\#222](https://github.com/lynndylanhurley/devise_token_auth/issues/222) -- omniauth\_success.html.erb JSON bug [\#221](https://github.com/lynndylanhurley/devise_token_auth/issues/221) -- undefined method `authenticate\_user!' [\#219](https://github.com/lynndylanhurley/devise_token_auth/issues/219) -- Using devise\_token\_auth and ng\_token\_auth with angularJS in an Ionic Hybrid application [\#218](https://github.com/lynndylanhurley/devise_token_auth/issues/218) +- confirm_success_url error not working [\#226](https://github.com/lynndylanhurley/devise_token_auth/issues/226) +- pending_reconfirmation called when confirmable isn't used [\#224](https://github.com/lynndylanhurley/devise_token_auth/issues/224) +- Error on OmniauthCallbacksController\#omniauth_success [\#222](https://github.com/lynndylanhurley/devise_token_auth/issues/222) +- omniauth_success.html.erb JSON bug [\#221](https://github.com/lynndylanhurley/devise_token_auth/issues/221) +- undefined method `authenticate_user!' [\#219](https://github.com/lynndylanhurley/devise_token_auth/issues/219) +- Using devise_token_auth and ng_token_auth with angularJS in an Ionic Hybrid application [\#218](https://github.com/lynndylanhurley/devise_token_auth/issues/218) - Where can I got token? [\#217](https://github.com/lynndylanhurley/devise_token_auth/issues/217) - The omniauth implementation on this gem use redirection. We need to get around these. [\#216](https://github.com/lynndylanhurley/devise_token_auth/issues/216) - Which software did you use to create the workflow ? [\#215](https://github.com/lynndylanhurley/devise_token_auth/issues/215) @@ -1506,48 +1494,48 @@ - Limit tokens hash? [\#208](https://github.com/lynndylanhurley/devise_token_auth/issues/208) - 500 error returned when no data is POSTed to registration controller [\#203](https://github.com/lynndylanhurley/devise_token_auth/issues/203) - undefined method `match' for nil:NilClass [\#201](https://github.com/lynndylanhurley/devise_token_auth/issues/201) -- No route matches \[GET\] "/omniauth/sign\_in" [\#199](https://github.com/lynndylanhurley/devise_token_auth/issues/199) +- No route matches \[GET\] "/omniauth/sign_in" [\#199](https://github.com/lynndylanhurley/devise_token_auth/issues/199) - DELETE method becoming OPTIONS @ Heroku [\#197](https://github.com/lynndylanhurley/devise_token_auth/issues/197) - I have a rails backend rendered app \(erb\). Can I switch to devise token auth? [\#196](https://github.com/lynndylanhurley/devise_token_auth/issues/196) - 40 Mb log file and 1 minute to have token with curl [\#195](https://github.com/lynndylanhurley/devise_token_auth/issues/195) - authentication via phone \# [\#194](https://github.com/lynndylanhurley/devise_token_auth/issues/194) - 401 unauthorized [\#193](https://github.com/lynndylanhurley/devise_token_auth/issues/193) - Cannot use this gem alongside Devise [\#192](https://github.com/lynndylanhurley/devise_token_auth/issues/192) -- GET requests to sign\_in shouldn't raise an exception [\#190](https://github.com/lynndylanhurley/devise_token_auth/issues/190) +- GET requests to sign_in shouldn't raise an exception [\#190](https://github.com/lynndylanhurley/devise_token_auth/issues/190) - Api not locked by default [\#189](https://github.com/lynndylanhurley/devise_token_auth/issues/189) -- Some headers without "access-token" \(and friends\) while testing with Rspec [\#188](https://github.com/lynndylanhurley/devise_token_auth/issues/188) -- Rails 4.1 [\#187](https://github.com/lynndylanhurley/devise_token_auth/issues/187) -- Unable to override OmniauthCallbacksController\#redirect\_callbacks [\#186](https://github.com/lynndylanhurley/devise_token_auth/issues/186) +- Some headers without "access-token" \(and friends\) while testing with Rspec [\#188](https://github.com/lynndylanhurley/devise_token_auth/issues/188) +- Rails 4.1 [\#187](https://github.com/lynndylanhurley/devise_token_auth/issues/187) +- Unable to override OmniauthCallbacksController\#redirect_callbacks [\#186](https://github.com/lynndylanhurley/devise_token_auth/issues/186) - AbstractController::ActionNotFound with Controller Override [\#185](https://github.com/lynndylanhurley/devise_token_auth/issues/185) -- Devise and devise\_token\_auth omniauth callbacks [\#184](https://github.com/lynndylanhurley/devise_token_auth/issues/184) +- Devise and devise_token_auth omniauth callbacks [\#184](https://github.com/lynndylanhurley/devise_token_auth/issues/184) - Token based authentication with no sessions [\#183](https://github.com/lynndylanhurley/devise_token_auth/issues/183) -- undefined method `authenticate\_user!' [\#182](https://github.com/lynndylanhurley/devise_token_auth/issues/182) +- undefined method `authenticate_user!' [\#182](https://github.com/lynndylanhurley/devise_token_auth/issues/182) - Best way to set up migration for installation on existing User table already using Devise? [\#181](https://github.com/lynndylanhurley/devise_token_auth/issues/181) - Architecture Q: Why did you not use Warden? [\#180](https://github.com/lynndylanhurley/devise_token_auth/issues/180) - NoMethodError \(undefined method `\[\]=' for nil:NilClass\) [\#178](https://github.com/lynndylanhurley/devise_token_auth/issues/178) -- confirm\_success\_url shouldn't be a required param [\#176](https://github.com/lynndylanhurley/devise_token_auth/issues/176) +- confirm_success_url shouldn't be a required param [\#176](https://github.com/lynndylanhurley/devise_token_auth/issues/176) - Provide an OAuth implementation for native apps [\#175](https://github.com/lynndylanhurley/devise_token_auth/issues/175) - getting an argument error when trying to use omniauth [\#174](https://github.com/lynndylanhurley/devise_token_auth/issues/174) - Sign in via username doesn't seem to work correctly. [\#173](https://github.com/lynndylanhurley/devise_token_auth/issues/173) - Cannot use + sign in email address. [\#171](https://github.com/lynndylanhurley/devise_token_auth/issues/171) -- Sign\_in / Sign\_up via token\_auth and via session [\#168](https://github.com/lynndylanhurley/devise_token_auth/issues/168) +- Sign_in / Sign_up via token_auth and via session [\#168](https://github.com/lynndylanhurley/devise_token_auth/issues/168) - How can i authenticate using curl and get private entries ! [\#167](https://github.com/lynndylanhurley/devise_token_auth/issues/167) - Facebook login - Redirect issue [\#166](https://github.com/lynndylanhurley/devise_token_auth/issues/166) - Pessimistic Locking produces ArgumentError [\#165](https://github.com/lynndylanhurley/devise_token_auth/issues/165) -- expired confirmation & reset link [\#164](https://github.com/lynndylanhurley/devise_token_auth/issues/164) +- expired confirmation & reset link [\#164](https://github.com/lynndylanhurley/devise_token_auth/issues/164) - Storing token in Redis? [\#163](https://github.com/lynndylanhurley/devise_token_auth/issues/163) -- POTENTIAL SECURITY RISK: Setting confirm\_success\_url and redirect\_url via API [\#162](https://github.com/lynndylanhurley/devise_token_auth/issues/162) +- POTENTIAL SECURITY RISK: Setting confirm_success_url and redirect_url via API [\#162](https://github.com/lynndylanhurley/devise_token_auth/issues/162) - Sign out just on client side ? [\#161](https://github.com/lynndylanhurley/devise_token_auth/issues/161) -- Unpermitted parameter: redirect\_url [\#160](https://github.com/lynndylanhurley/devise_token_auth/issues/160) -- Issues using devise and devise\_token\_auth [\#159](https://github.com/lynndylanhurley/devise_token_auth/issues/159) +- Unpermitted parameter: redirect_url [\#160](https://github.com/lynndylanhurley/devise_token_auth/issues/160) +- Issues using devise and devise_token_auth [\#159](https://github.com/lynndylanhurley/devise_token_auth/issues/159) - Add role based authorization [\#158](https://github.com/lynndylanhurley/devise_token_auth/issues/158) - list with http response codes [\#157](https://github.com/lynndylanhurley/devise_token_auth/issues/157) - Not compatible with ActiveAdmin [\#156](https://github.com/lynndylanhurley/devise_token_auth/issues/156) -- \[Duplicate\] is devise\_invitable supported? [\#154](https://github.com/lynndylanhurley/devise_token_auth/issues/154) +- \[Duplicate\] is devise_invitable supported? [\#154](https://github.com/lynndylanhurley/devise_token_auth/issues/154) - Trouble accessing provider auth key and secret [\#153](https://github.com/lynndylanhurley/devise_token_auth/issues/153) - Omniauth: New user or not ? [\#151](https://github.com/lynndylanhurley/devise_token_auth/issues/151) - User can register with a "false" email [\#149](https://github.com/lynndylanhurley/devise_token_auth/issues/149) -- /validate\_token [\#148](https://github.com/lynndylanhurley/devise_token_auth/issues/148) +- /validate_token [\#148](https://github.com/lynndylanhurley/devise_token_auth/issues/148) - Email confirmation link [\#147](https://github.com/lynndylanhurley/devise_token_auth/issues/147) - Tokens field on database [\#146](https://github.com/lynndylanhurley/devise_token_auth/issues/146) - Twitter OAuth always throughs CookieOverflow [\#145](https://github.com/lynndylanhurley/devise_token_auth/issues/145) @@ -1555,14 +1543,14 @@ - Getting 401 unauthorized on login attempt [\#142](https://github.com/lynndylanhurley/devise_token_auth/issues/142) - Forcing SSL for DeviseTokenAuth causes error 'new' could not be found [\#141](https://github.com/lynndylanhurley/devise_token_auth/issues/141) - Comparing with jwt [\#140](https://github.com/lynndylanhurley/devise_token_auth/issues/140) -- Can't get omniauth to work \(error in redirect\_callbacks\) [\#139](https://github.com/lynndylanhurley/devise_token_auth/issues/139) +- Can't get omniauth to work \(error in redirect_callbacks\) [\#139](https://github.com/lynndylanhurley/devise_token_auth/issues/139) - Change controller inheritance [\#138](https://github.com/lynndylanhurley/devise_token_auth/issues/138) - Reset Password call returns 400 for Not Found user [\#137](https://github.com/lynndylanhurley/devise_token_auth/issues/137) - The gem is too big. Please take care of it. [\#136](https://github.com/lynndylanhurley/devise_token_auth/issues/136) - Error when loging with facebook the second time without logout [\#135](https://github.com/lynndylanhurley/devise_token_auth/issues/135) -- NoMethodError \(undefined method `name' for nil:NilClass\) - devise\_controller.rb:22 [\#134](https://github.com/lynndylanhurley/devise_token_auth/issues/134) -- OmniAuth redirect doesn't work if using the generated mount\_devise\_token route [\#133](https://github.com/lynndylanhurley/devise_token_auth/issues/133) -- Missing template /omniauth\_response [\#132](https://github.com/lynndylanhurley/devise_token_auth/issues/132) +- NoMethodError \(undefined method `name' for nil:NilClass\) - devise_controller.rb:22 [\#134](https://github.com/lynndylanhurley/devise_token_auth/issues/134) +- OmniAuth redirect doesn't work if using the generated mount_devise_token route [\#133](https://github.com/lynndylanhurley/devise_token_auth/issues/133) +- Missing template /omniauth_response [\#132](https://github.com/lynndylanhurley/devise_token_auth/issues/132) - Sudo action / confirm your identity protocol [\#131](https://github.com/lynndylanhurley/devise_token_auth/issues/131) - Unpermitted parameter: session [\#130](https://github.com/lynndylanhurley/devise_token_auth/issues/130) - OAuth error: We're sorry, but something went wrong [\#129](https://github.com/lynndylanhurley/devise_token_auth/issues/129) @@ -1570,11 +1558,11 @@ - Sign in with login instead of email [\#126](https://github.com/lynndylanhurley/devise_token_auth/issues/126) - Error sending password reset email when not using confirmable [\#124](https://github.com/lynndylanhurley/devise_token_auth/issues/124) - Using expired token for parallel calls [\#123](https://github.com/lynndylanhurley/devise_token_auth/issues/123) -- devise\_token\_auth for multiple client [\#122](https://github.com/lynndylanhurley/devise_token_auth/issues/122) -- OmniauthCallbacksController\#omniauth\_success wrong number of arguments \(1 for 0\) [\#119](https://github.com/lynndylanhurley/devise_token_auth/issues/119) +- devise_token_auth for multiple client [\#122](https://github.com/lynndylanhurley/devise_token_auth/issues/122) +- OmniauthCallbacksController\#omniauth_success wrong number of arguments \(1 for 0\) [\#119](https://github.com/lynndylanhurley/devise_token_auth/issues/119) - Could not load 'omniauth' [\#118](https://github.com/lynndylanhurley/devise_token_auth/issues/118) - bad argument \(expected URI object or URI string\) [\#116](https://github.com/lynndylanhurley/devise_token_auth/issues/116) -- devise\_token\_auth for public API, but devise for rest of app? [\#114](https://github.com/lynndylanhurley/devise_token_auth/issues/114) +- devise_token_auth for public API, but devise for rest of app? [\#114](https://github.com/lynndylanhurley/devise_token_auth/issues/114) - Omniauthable deleted on UsersConcern : Why ? [\#111](https://github.com/lynndylanhurley/devise_token_auth/issues/111) - Unrequired route [\#110](https://github.com/lynndylanhurley/devise_token_auth/issues/110) - Invalid Authenticity Token with last version [\#109](https://github.com/lynndylanhurley/devise_token_auth/issues/109) @@ -1593,81 +1581,81 @@ - API versioning the devise scope of token validation and ominiauth controller path will wrap up [\#96](https://github.com/lynndylanhurley/devise_token_auth/issues/96) - Overwriting default "from" email address [\#94](https://github.com/lynndylanhurley/devise_token_auth/issues/94) - uninitialized constant DeviseTokenAuth [\#92](https://github.com/lynndylanhurley/devise_token_auth/issues/92) -- change\_headers\_on\_each\_request not working expiry header empty [\#90](https://github.com/lynndylanhurley/devise_token_auth/issues/90) -- allow\_unconfirmed\_access\_for [\#89](https://github.com/lynndylanhurley/devise_token_auth/issues/89) +- change_headers_on_each_request not working expiry header empty [\#90](https://github.com/lynndylanhurley/devise_token_auth/issues/90) +- allow_unconfirmed_access_for [\#89](https://github.com/lynndylanhurley/devise_token_auth/issues/89) - Gem render consistency [\#87](https://github.com/lynndylanhurley/devise_token_auth/issues/87) - Sample Sessions Controller for logging in via Rails View. [\#86](https://github.com/lynndylanhurley/devise_token_auth/issues/86) -- Change authorization key: Use phone\_number instead of email [\#84](https://github.com/lynndylanhurley/devise_token_auth/issues/84) -- Conflict with active\_admin gem [\#83](https://github.com/lynndylanhurley/devise_token_auth/issues/83) -- NoMethodError in DeviseTokenAuth::OmniauthCallbacksController\#redirect\_callbacks [\#82](https://github.com/lynndylanhurley/devise_token_auth/issues/82) +- Change authorization key: Use phone_number instead of email [\#84](https://github.com/lynndylanhurley/devise_token_auth/issues/84) +- Conflict with active_admin gem [\#83](https://github.com/lynndylanhurley/devise_token_auth/issues/83) +- NoMethodError in DeviseTokenAuth::OmniauthCallbacksController\#redirect_callbacks [\#82](https://github.com/lynndylanhurley/devise_token_auth/issues/82) - All the APIs are getting 'Authorized users only' [\#81](https://github.com/lynndylanhurley/devise_token_auth/issues/81) - Is Devise option Rememberable required ? [\#80](https://github.com/lynndylanhurley/devise_token_auth/issues/80) -- Problem with skip\_confirmation! [\#78](https://github.com/lynndylanhurley/devise_token_auth/issues/78) +- Problem with skip_confirmation! [\#78](https://github.com/lynndylanhurley/devise_token_auth/issues/78) - Cannot reset password if registered by omniauth [\#77](https://github.com/lynndylanhurley/devise_token_auth/issues/77) - NoMethodError at /omniauth/facebook/callback - undefined method `\[\]' for nil:NilClass [\#76](https://github.com/lynndylanhurley/devise_token_auth/issues/76) - Usage with Grape [\#73](https://github.com/lynndylanhurley/devise_token_auth/issues/73) - Remove dependency on ActiveRecord [\#72](https://github.com/lynndylanhurley/devise_token_auth/issues/72) - Skipping Registrations Controller Altogether [\#70](https://github.com/lynndylanhurley/devise_token_auth/issues/70) -- Problem in validate\_token if the model is in a namespace [\#69](https://github.com/lynndylanhurley/devise_token_auth/issues/69) +- Problem in validate_token if the model is in a namespace [\#69](https://github.com/lynndylanhurley/devise_token_auth/issues/69) - Cannot send confirmation email if there is no 'User' model [\#68](https://github.com/lynndylanhurley/devise_token_auth/issues/68) - Better guidelines for contributors [\#65](https://github.com/lynndylanhurley/devise_token_auth/issues/65) - admin namespace [\#63](https://github.com/lynndylanhurley/devise_token_auth/issues/63) - Devise trackable module not working [\#62](https://github.com/lynndylanhurley/devise_token_auth/issues/62) - Allow updating of default attributes by default? [\#61](https://github.com/lynndylanhurley/devise_token_auth/issues/61) -- Devise\_token\_auth without OmniAuth authentication [\#60](https://github.com/lynndylanhurley/devise_token_auth/issues/60) +- Devise_token_auth without OmniAuth authentication [\#60](https://github.com/lynndylanhurley/devise_token_auth/issues/60) - Reset Password error [\#59](https://github.com/lynndylanhurley/devise_token_auth/issues/59) - Confirmable - unconfirmed email [\#58](https://github.com/lynndylanhurley/devise_token_auth/issues/58) - Email Column Isn't Used for Database Authentication [\#56](https://github.com/lynndylanhurley/devise_token_auth/issues/56) - Unique Key for Provider and UID Combination [\#55](https://github.com/lynndylanhurley/devise_token_auth/issues/55) - User Info in separate table or removed [\#53](https://github.com/lynndylanhurley/devise_token_auth/issues/53) - rename @user to @resource [\#48](https://github.com/lynndylanhurley/devise_token_auth/issues/48) -- Active\_admin issue [\#47](https://github.com/lynndylanhurley/devise_token_auth/issues/47) +- Active_admin issue [\#47](https://github.com/lynndylanhurley/devise_token_auth/issues/47) - Possible Logout Issue [\#46](https://github.com/lynndylanhurley/devise_token_auth/issues/46) - Routes not appended to routes.rb [\#45](https://github.com/lynndylanhurley/devise_token_auth/issues/45) -- Return resource.errors.full\_messages in addition to resource.errors [\#44](https://github.com/lynndylanhurley/devise_token_auth/issues/44) -- Devise and Devise\_Token\_Auth in api namespace [\#43](https://github.com/lynndylanhurley/devise_token_auth/issues/43) +- Return resource.errors.full_messages in addition to resource.errors [\#44](https://github.com/lynndylanhurley/devise_token_auth/issues/44) +- Devise and Devise_Token_Auth in api namespace [\#43](https://github.com/lynndylanhurley/devise_token_auth/issues/43) - Trackable attributes are not being updated. [\#42](https://github.com/lynndylanhurley/devise_token_auth/issues/42) -- Avoid using respond\_to in application controller [\#41](https://github.com/lynndylanhurley/devise_token_auth/issues/41) -- devise\_token\_auth assumes you want the :confirmable functionality [\#40](https://github.com/lynndylanhurley/devise_token_auth/issues/40) +- Avoid using respond_to in application controller [\#41](https://github.com/lynndylanhurley/devise_token_auth/issues/41) +- devise_token_auth assumes you want the :confirmable functionality [\#40](https://github.com/lynndylanhurley/devise_token_auth/issues/40) - undefined method `match' for nil:NilClass [\#39](https://github.com/lynndylanhurley/devise_token_auth/issues/39) - Expired token aren't removed when session expires [\#38](https://github.com/lynndylanhurley/devise_token_auth/issues/38) -- sign\_up helper [\#37](https://github.com/lynndylanhurley/devise_token_auth/issues/37) -- self.tokens\[client\_id\]\['token'\] != token [\#30](https://github.com/lynndylanhurley/devise_token_auth/issues/30) +- sign_up helper [\#37](https://github.com/lynndylanhurley/devise_token_auth/issues/37) +- self.tokens\[client_id\]\['token'\] != token [\#30](https://github.com/lynndylanhurley/devise_token_auth/issues/30) - How is the uid generated for non-omniauth users? [\#29](https://github.com/lynndylanhurley/devise_token_auth/issues/29) -- Access to current\_user variable? [\#28](https://github.com/lynndylanhurley/devise_token_auth/issues/28) -- Filter chain halted as :require\_no\_authentication [\#27](https://github.com/lynndylanhurley/devise_token_auth/issues/27) +- Access to current_user variable? [\#28](https://github.com/lynndylanhurley/devise_token_auth/issues/28) +- Filter chain halted as :require_no_authentication [\#27](https://github.com/lynndylanhurley/devise_token_auth/issues/27) - Allow additional parameters for registration [\#25](https://github.com/lynndylanhurley/devise_token_auth/issues/25) -- Cannot add more parameters at sign\_up [\#22](https://github.com/lynndylanhurley/devise_token_auth/issues/22) +- Cannot add more parameters at sign_up [\#22](https://github.com/lynndylanhurley/devise_token_auth/issues/22) - Error on Registration [\#21](https://github.com/lynndylanhurley/devise_token_auth/issues/21) - Error with authentication [\#20](https://github.com/lynndylanhurley/devise_token_auth/issues/20) - Cascade of Issues with Omniauth\(?\) [\#18](https://github.com/lynndylanhurley/devise_token_auth/issues/18) - Batch Requests Respond with Original Auth Token [\#17](https://github.com/lynndylanhurley/devise_token_auth/issues/17) - Sign out with email provider error [\#16](https://github.com/lynndylanhurley/devise_token_auth/issues/16) -- sessions\_controller.rb [\#12](https://github.com/lynndylanhurley/devise_token_auth/issues/12) +- sessions_controller.rb [\#12](https://github.com/lynndylanhurley/devise_token_auth/issues/12) - Github login in example is broken [\#10](https://github.com/lynndylanhurley/devise_token_auth/issues/10) - Facebook auth is broken [\#9](https://github.com/lynndylanhurley/devise_token_auth/issues/9) - Generator is not working [\#8](https://github.com/lynndylanhurley/devise_token_auth/issues/8) - Test ticket from Code Climate [\#6](https://github.com/lynndylanhurley/devise_token_auth/issues/6) - Test ticket from Code Climate [\#5](https://github.com/lynndylanhurley/devise_token_auth/issues/5) -- extending the devise\_token\_auth user model [\#4](https://github.com/lynndylanhurley/devise_token_auth/issues/4) +- extending the devise_token_auth user model [\#4](https://github.com/lynndylanhurley/devise_token_auth/issues/4) - A few ideas [\#3](https://github.com/lynndylanhurley/devise_token_auth/issues/3) - Google Oauth2 does not set cookies in production. [\#1](https://github.com/lynndylanhurley/devise_token_auth/issues/1) **Merged pull requests:** -- Fixes include bug causing sign\_in to require auth [\#1016](https://github.com/lynndylanhurley/devise_token_auth/pull/1016) ([karlingen](https://github.com/karlingen)) +- Fixes include bug causing sign_in to require auth [\#1016](https://github.com/lynndylanhurley/devise_token_auth/pull/1016) ([karlingen](https://github.com/karlingen)) - Update CONTRIBUTING.md [\#1009](https://github.com/lynndylanhurley/devise_token_auth/pull/1009) ([stratigos](https://github.com/stratigos)) - Adding Danish locale [\#1006](https://github.com/lynndylanhurley/devise_token_auth/pull/1006) ([mikkeljuhl](https://github.com/mikkeljuhl)) - allow only one confirmation [\#1001](https://github.com/lynndylanhurley/devise_token_auth/pull/1001) ([MaicolBen](https://github.com/MaicolBen)) -- Added capitalize to user\_class in model file template [\#1000](https://github.com/lynndylanhurley/devise_token_auth/pull/1000) ([kiritAyya](https://github.com/kiritAyya)) +- Added capitalize to user_class in model file template [\#1000](https://github.com/lynndylanhurley/devise_token_auth/pull/1000) ([kiritAyya](https://github.com/kiritAyya)) - Match email regexp with devise [\#999](https://github.com/lynndylanhurley/devise_token_auth/pull/999) ([MaicolBen](https://github.com/MaicolBen)) -- Edit RegistrationsController\#create to use ResourceFinder::provider [\#998](https://github.com/lynndylanhurley/devise_token_auth/pull/998) ([m4-miranda](https://github.com/m4-miranda)) -- 993 - mirror auth header keys in build\_auth\_url query params [\#996](https://github.com/lynndylanhurley/devise_token_auth/pull/996) ([ethagnawl](https://github.com/ethagnawl)) +- Edit RegistrationsController\#create to use ResourceFinder::provider [\#998](https://github.com/lynndylanhurley/devise_token_auth/pull/998) ([m4-miranda](https://github.com/m4-miranda)) +- 993 - mirror auth header keys in build_auth_url query params [\#996](https://github.com/lynndylanhurley/devise_token_auth/pull/996) ([ethagnawl](https://github.com/ethagnawl)) - Add link to wiki of how to add fields for an existing user table [\#985](https://github.com/lynndylanhurley/devise_token_auth/pull/985) ([MaicolBen](https://github.com/MaicolBen)) -- contemplate single table inheritance in DeviseTokenAuth::Concerns::SetUserByToken\#set\_user\_by\_token [\#984](https://github.com/lynndylanhurley/devise_token_auth/pull/984) ([maxwells](https://github.com/maxwells)) +- contemplate single table inheritance in DeviseTokenAuth::Concerns::SetUserByToken\#set_user_by_token [\#984](https://github.com/lynndylanhurley/devise_token_auth/pull/984) ([maxwells](https://github.com/maxwells)) - Upgrade test suite to use Rails 5 [\#981](https://github.com/lynndylanhurley/devise_token_auth/pull/981) ([lynndylanhurley](https://github.com/lynndylanhurley)) - Conditionally set rails version on migration [\#979](https://github.com/lynndylanhurley/devise_token_auth/pull/979) ([MaicolBen](https://github.com/MaicolBen)) -- remove confirm\_success\_url entries from dummy migrations [\#978](https://github.com/lynndylanhurley/devise_token_auth/pull/978) ([ethagnawl](https://github.com/ethagnawl)) +- remove confirm_success_url entries from dummy migrations [\#978](https://github.com/lynndylanhurley/devise_token_auth/pull/978) ([ethagnawl](https://github.com/ethagnawl)) - link to cached version of \_How to Run a Single Rails Unit Test\_ blog … [\#977](https://github.com/lynndylanhurley/devise_token_auth/pull/977) ([ethagnawl](https://github.com/ethagnawl)) - Fix default provider after refactor in concern [\#975](https://github.com/lynndylanhurley/devise_token_auth/pull/975) ([MaicolBen](https://github.com/MaicolBen)) - Adding in unlocks controller and specs. This should resolve \#927. [\#971](https://github.com/lynndylanhurley/devise_token_auth/pull/971) ([brycesenz](https://github.com/brycesenz)) @@ -1676,19 +1664,19 @@ - Add note about Grape usage. Closes \#73. [\#967](https://github.com/lynndylanhurley/devise_token_auth/pull/967) ([zachfeldman](https://github.com/zachfeldman)) - Allow other provider than email when logins [\#964](https://github.com/lynndylanhurley/devise_token_auth/pull/964) ([MaicolBen](https://github.com/MaicolBen)) - change devise method to reset password by token [\#957](https://github.com/lynndylanhurley/devise_token_auth/pull/957) ([dks17](https://github.com/dks17)) -- Docs - add confirm\_sucess\_url to required params in email registration [\#956](https://github.com/lynndylanhurley/devise_token_auth/pull/956) ([pnewsam](https://github.com/pnewsam)) +- Docs - add confirm_sucess_url to required params in email registration [\#956](https://github.com/lynndylanhurley/devise_token_auth/pull/956) ([pnewsam](https://github.com/pnewsam)) - Fix header name on account delete documentation [\#909](https://github.com/lynndylanhurley/devise_token_auth/pull/909) ([mconiglio](https://github.com/mconiglio)) -- Document the confirm\_success\_url param for email registration [\#901](https://github.com/lynndylanhurley/devise_token_auth/pull/901) ([nerfologist](https://github.com/nerfologist)) +- Document the confirm_success_url param for email registration [\#901](https://github.com/lynndylanhurley/devise_token_auth/pull/901) ([nerfologist](https://github.com/nerfologist)) - Fix header markdown typo [\#895](https://github.com/lynndylanhurley/devise_token_auth/pull/895) ([f3ndot](https://github.com/f3ndot)) -- Support setting whitelist, without setting default redirect\_url [\#894](https://github.com/lynndylanhurley/devise_token_auth/pull/894) ([dkniffin](https://github.com/dkniffin)) -- Support for devise 4.3 that is now supporting rails 5.1 [\#891](https://github.com/lynndylanhurley/devise_token_auth/pull/891) ([silviusimeria](https://github.com/silviusimeria)) +- Support setting whitelist, without setting default redirect_url [\#894](https://github.com/lynndylanhurley/devise_token_auth/pull/894) ([dkniffin](https://github.com/dkniffin)) +- Support for devise 4.3 that is now supporting rails 5.1 [\#891](https://github.com/lynndylanhurley/devise_token_auth/pull/891) ([silviusimeria](https://github.com/silviusimeria)) - Translate message: Authorized users only through devise [\#883](https://github.com/lynndylanhurley/devise_token_auth/pull/883) ([vincenzodev](https://github.com/vincenzodev)) - Updated generator test code to work with rails 5 [\#872](https://github.com/lynndylanhurley/devise_token_auth/pull/872) ([jrhee17](https://github.com/jrhee17)) - Feature/customable authorized users only error response [\#869](https://github.com/lynndylanhurley/devise_token_auth/pull/869) ([abeyuya](https://github.com/abeyuya)) - Use rails validator instead of custom one [\#865](https://github.com/lynndylanhurley/devise_token_auth/pull/865) ([MaicolBen](https://github.com/MaicolBen)) - use URI::HTTPS to generate HTTPS redirects [\#864](https://github.com/lynndylanhurley/devise_token_auth/pull/864) ([cgc](https://github.com/cgc)) -- Persist allow\_password\_change in the database [\#863](https://github.com/lynndylanhurley/devise_token_auth/pull/863) ([MohamedBassem](https://github.com/MohamedBassem)) -- Rename find\_by methods [\#860](https://github.com/lynndylanhurley/devise_token_auth/pull/860) ([alex-lairan](https://github.com/alex-lairan)) +- Persist allow_password_change in the database [\#863](https://github.com/lynndylanhurley/devise_token_auth/pull/863) ([MohamedBassem](https://github.com/MohamedBassem)) +- Rename find_by methods [\#860](https://github.com/lynndylanhurley/devise_token_auth/pull/860) ([alex-lairan](https://github.com/alex-lairan)) - Support for Devise 4.2.1 [\#852](https://github.com/lynndylanhurley/devise_token_auth/pull/852) ([ckho](https://github.com/ckho)) - Ability to use different default fields in model [\#849](https://github.com/lynndylanhurley/devise_token_auth/pull/849) ([blddmnd](https://github.com/blddmnd)) - GitHub Issues template, Contributing guidelines [\#847](https://github.com/lynndylanhurley/devise_token_auth/pull/847) ([olleolleolle](https://github.com/olleolleolle)) @@ -1699,13 +1687,13 @@ - Prevent getting table info if not connected to db [\#814](https://github.com/lynndylanhurley/devise_token_auth/pull/814) ([cbliard](https://github.com/cbliard)) - Add support for italian locale [\#811](https://github.com/lynndylanhurley/devise_token_auth/pull/811) ([Chosko](https://github.com/Chosko)) - Fix privacy issue with password reset request [\#808](https://github.com/lynndylanhurley/devise_token_auth/pull/808) ([biomancer](https://github.com/biomancer)) -- Add missing parameter :redirect\_url, fixes \#805 [\#806](https://github.com/lynndylanhurley/devise_token_auth/pull/806) ([Rush](https://github.com/Rush)) +- Add missing parameter :redirect_url, fixes \#805 [\#806](https://github.com/lynndylanhurley/devise_token_auth/pull/806) ([Rush](https://github.com/Rush)) - Fix language errors in German locale [\#800](https://github.com/lynndylanhurley/devise_token_auth/pull/800) ([morgler](https://github.com/morgler)) - Don't send extra data on request password reset [\#798](https://github.com/lynndylanhurley/devise_token_auth/pull/798) ([Mrjaco12](https://github.com/Mrjaco12)) -- Travis: use the code\_climate addon config [\#786](https://github.com/lynndylanhurley/devise_token_auth/pull/786) ([olleolleolle](https://github.com/olleolleolle)) +- Travis: use the code_climate addon config [\#786](https://github.com/lynndylanhurley/devise_token_auth/pull/786) ([olleolleolle](https://github.com/olleolleolle)) - Update link [\#782](https://github.com/lynndylanhurley/devise_token_auth/pull/782) ([dijonkitchen](https://github.com/dijonkitchen)) -- Add index for confirmation\_token [\#767](https://github.com/lynndylanhurley/devise_token_auth/pull/767) ([dijonkitchen](https://github.com/dijonkitchen)) -- Fixes constructing redirect\_route [\#765](https://github.com/lynndylanhurley/devise_token_auth/pull/765) ([piotrkaczmarek](https://github.com/piotrkaczmarek)) +- Add index for confirmation_token [\#767](https://github.com/lynndylanhurley/devise_token_auth/pull/767) ([dijonkitchen](https://github.com/dijonkitchen)) +- Fixes constructing redirect_route [\#765](https://github.com/lynndylanhurley/devise_token_auth/pull/765) ([piotrkaczmarek](https://github.com/piotrkaczmarek)) - Use standart ActiveRecord error message for email uniqueness validation [\#746](https://github.com/lynndylanhurley/devise_token_auth/pull/746) ([mpugach](https://github.com/mpugach)) - Add Romanian locale. [\#743](https://github.com/lynndylanhurley/devise_token_auth/pull/743) ([razvanmitre](https://github.com/razvanmitre)) - Ruby syntax: replace and/not with &&/! [\#733](https://github.com/lynndylanhurley/devise_token_auth/pull/733) ([olleolleolle](https://github.com/olleolleolle)) @@ -1713,7 +1701,7 @@ - Add an extra line to the "contributing" list [\#720](https://github.com/lynndylanhurley/devise_token_auth/pull/720) ([jahammo2](https://github.com/jahammo2)) - Fix grammar [\#712](https://github.com/lynndylanhurley/devise_token_auth/pull/712) ([dijonkitchen](https://github.com/dijonkitchen)) - Added reference to Angular2-Token to README [\#710](https://github.com/lynndylanhurley/devise_token_auth/pull/710) ([neroniaky](https://github.com/neroniaky)) -- feat\(whitelist\): add wildcard support for redirect\_whitelist patterns [\#709](https://github.com/lynndylanhurley/devise_token_auth/pull/709) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- feat\(whitelist\): add wildcard support for redirect_whitelist patterns [\#709](https://github.com/lynndylanhurley/devise_token_auth/pull/709) ([booleanbetrayal](https://github.com/booleanbetrayal)) - Allow user specific token lifespans [\#704](https://github.com/lynndylanhurley/devise_token_auth/pull/704) ([codez](https://github.com/codez)) - Always set header in batch mode [\#703](https://github.com/lynndylanhurley/devise_token_auth/pull/703) ([codez](https://github.com/codez)) - Fix Migration Deprecation Warning [\#700](https://github.com/lynndylanhurley/devise_token_auth/pull/700) ([juddey](https://github.com/juddey)) @@ -1724,8 +1712,8 @@ - Fix for issue \#600 [\#674](https://github.com/lynndylanhurley/devise_token_auth/pull/674) ([milep](https://github.com/milep)) - Use lockable devise option and unlock controller overwrite [\#669](https://github.com/lynndylanhurley/devise_token_auth/pull/669) ([genaromadrid](https://github.com/genaromadrid)) - Fix setup config example in README [\#665](https://github.com/lynndylanhurley/devise_token_auth/pull/665) ([guich-wo](https://github.com/guich-wo)) -- added bypass\_sign\_in for next version of Devise [\#663](https://github.com/lynndylanhurley/devise_token_auth/pull/663) ([KendallPark](https://github.com/KendallPark)) -- fix method 'is\_json\_api' with active\_model\_serialier v 0.10.0 [\#651](https://github.com/lynndylanhurley/devise_token_auth/pull/651) ([woodcrust](https://github.com/woodcrust)) +- added bypass_sign_in for next version of Devise [\#663](https://github.com/lynndylanhurley/devise_token_auth/pull/663) ([KendallPark](https://github.com/KendallPark)) +- fix method 'is_json_api' with active_model_serialier v 0.10.0 [\#651](https://github.com/lynndylanhurley/devise_token_auth/pull/651) ([woodcrust](https://github.com/woodcrust)) - Tokens count overmuch fixed [\#650](https://github.com/lynndylanhurley/devise_token_auth/pull/650) ([JerryGreen](https://github.com/JerryGreen)) - updates config wrapper to conform with newer idiom [\#648](https://github.com/lynndylanhurley/devise_token_auth/pull/648) ([bvandgrift](https://github.com/bvandgrift)) - Adding support for devise 4.1.1 [\#642](https://github.com/lynndylanhurley/devise_token_auth/pull/642) ([iainmcg](https://github.com/iainmcg)) @@ -1733,7 +1721,7 @@ - Fix yields from controller actions [\#638](https://github.com/lynndylanhurley/devise_token_auth/pull/638) ([tiagojsag](https://github.com/tiagojsag)) - Fix generator to correctly inject content into the user model in rails 5 [\#636](https://github.com/lynndylanhurley/devise_token_auth/pull/636) ([ethangk](https://github.com/ethangk)) - fix spelling in comment on token auth concern [\#632](https://github.com/lynndylanhurley/devise_token_auth/pull/632) ([dandlezzz](https://github.com/dandlezzz)) -- fixed devise deprecation warning for config.email\_regexp [\#618](https://github.com/lynndylanhurley/devise_token_auth/pull/618) ([lemuelbarango](https://github.com/lemuelbarango)) +- fixed devise deprecation warning for config.email_regexp [\#618](https://github.com/lynndylanhurley/devise_token_auth/pull/618) ([lemuelbarango](https://github.com/lemuelbarango)) - Revert "Update readme for headers names" [\#592](https://github.com/lynndylanhurley/devise_token_auth/pull/592) ([ash1day](https://github.com/ash1day)) - Update readme for headers names [\#589](https://github.com/lynndylanhurley/devise_token_auth/pull/589) ([ash1day](https://github.com/ash1day)) - Add info to README [\#585](https://github.com/lynndylanhurley/devise_token_auth/pull/585) ([ghost](https://github.com/ghost)) @@ -1745,16 +1733,16 @@ - User concern: Ensure fallback is in place [\#564](https://github.com/lynndylanhurley/devise_token_auth/pull/564) ([olleolleolle](https://github.com/olleolleolle)) - Return resource with top-level 'type' member. [\#562](https://github.com/lynndylanhurley/devise_token_auth/pull/562) ([ruimiguelsantos](https://github.com/ruimiguelsantos)) - Fix devise mapping [\#540](https://github.com/lynndylanhurley/devise_token_auth/pull/540) ([merqlove](https://github.com/merqlove)) -- Make all json responses to be json\_api compliant [\#537](https://github.com/lynndylanhurley/devise_token_auth/pull/537) ([djsegal](https://github.com/djsegal)) +- Make all json responses to be json_api compliant [\#537](https://github.com/lynndylanhurley/devise_token_auth/pull/537) ([djsegal](https://github.com/djsegal)) - Avoid sending auth headers if while processing used token is cleared [\#531](https://github.com/lynndylanhurley/devise_token_auth/pull/531) ([virginia-rodriguez](https://github.com/virginia-rodriguez)) - Add Japanese locale and fix typo [\#530](https://github.com/lynndylanhurley/devise_token_auth/pull/530) ([metalunk](https://github.com/metalunk)) - Added omniauth post route [\#528](https://github.com/lynndylanhurley/devise_token_auth/pull/528) ([v3rtx](https://github.com/v3rtx)) - Extract model callbacks [\#525](https://github.com/lynndylanhurley/devise_token_auth/pull/525) ([merqlove](https://github.com/merqlove)) -- create token when no client\_id token [\#523](https://github.com/lynndylanhurley/devise_token_auth/pull/523) ([charlesdg](https://github.com/charlesdg)) -- Fix enable\_standard\_devise\_support in initializer [\#518](https://github.com/lynndylanhurley/devise_token_auth/pull/518) ([halilim](https://github.com/halilim)) -- Make render\_create\_success render valid json\_api [\#513](https://github.com/lynndylanhurley/devise_token_auth/pull/513) ([djsegal](https://github.com/djsegal)) -- Prevent raise of exception if set\_user\_by\_token not defined [\#511](https://github.com/lynndylanhurley/devise_token_auth/pull/511) ([jeryRazakarison](https://github.com/jeryRazakarison)) -- send\_on\_create\_confirmation\_instructions callback isn't defined \(rails 5\) [\#508](https://github.com/lynndylanhurley/devise_token_auth/pull/508) ([fivetwentysix](https://github.com/fivetwentysix)) +- create token when no client_id token [\#523](https://github.com/lynndylanhurley/devise_token_auth/pull/523) ([charlesdg](https://github.com/charlesdg)) +- Fix enable_standard_devise_support in initializer [\#518](https://github.com/lynndylanhurley/devise_token_auth/pull/518) ([halilim](https://github.com/halilim)) +- Make render_create_success render valid json_api [\#513](https://github.com/lynndylanhurley/devise_token_auth/pull/513) ([djsegal](https://github.com/djsegal)) +- Prevent raise of exception if set_user_by_token not defined [\#511](https://github.com/lynndylanhurley/devise_token_auth/pull/511) ([jeryRazakarison](https://github.com/jeryRazakarison)) +- send_on_create_confirmation_instructions callback isn't defined \(rails 5\) [\#508](https://github.com/lynndylanhurley/devise_token_auth/pull/508) ([fivetwentysix](https://github.com/fivetwentysix)) - \[REBASE\] Fix rails 5 deprecation and devise parameter sanitization [\#507](https://github.com/lynndylanhurley/devise_token_auth/pull/507) ([fivetwentysix](https://github.com/fivetwentysix)) - remove deprecations from RegistrationsController [\#506](https://github.com/lynndylanhurley/devise_token_auth/pull/506) ([fivetwentysix](https://github.com/fivetwentysix)) - Allow new devise version for rails 5 compatibility [\#499](https://github.com/lynndylanhurley/devise_token_auth/pull/499) ([djsegal](https://github.com/djsegal)) @@ -1775,7 +1763,7 @@ - limiting the number of concurrent devices [\#434](https://github.com/lynndylanhurley/devise_token_auth/pull/434) ([paulosoares86](https://github.com/paulosoares86)) - Raise error in controller method [\#430](https://github.com/lynndylanhurley/devise_token_auth/pull/430) ([ArneZsng](https://github.com/ArneZsng)) - feat\(enable-standard-devise\): allow configurable support of legacy Devise authentication [\#428](https://github.com/lynndylanhurley/devise_token_auth/pull/428) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Support for i18n in mailers views [\#427](https://github.com/lynndylanhurley/devise_token_auth/pull/427) ([ponyesteves](https://github.com/ponyesteves)) +- Support for i18n in mailers views [\#427](https://github.com/lynndylanhurley/devise_token_auth/pull/427) ([ponyesteves](https://github.com/ponyesteves)) - Fix omniauthredirection when under scopes [\#425](https://github.com/lynndylanhurley/devise_token_auth/pull/425) ([xjunior](https://github.com/xjunior)) - Translation to German [\#423](https://github.com/lynndylanhurley/devise_token_auth/pull/423) ([haslinger](https://github.com/haslinger)) - fix\(url\): preserve query parameters when building urls [\#421](https://github.com/lynndylanhurley/devise_token_auth/pull/421) ([nbrustein](https://github.com/nbrustein)) @@ -1806,24 +1794,24 @@ - feat\(improved-omniauth\): omniauth sameWindow and inAppBrowser flows [\#323](https://github.com/lynndylanhurley/devise_token_auth/pull/323) ([nbrustein](https://github.com/nbrustein)) - Fix invalid omniauth redirect [\#322](https://github.com/lynndylanhurley/devise_token_auth/pull/322) ([troggy](https://github.com/troggy)) - Old password check before password update [\#317](https://github.com/lynndylanhurley/devise_token_auth/pull/317) ([jakubrohleder](https://github.com/jakubrohleder)) -- Remove erroneous colon from before\_action callback [\#310](https://github.com/lynndylanhurley/devise_token_auth/pull/310) ([jmliu](https://github.com/jmliu)) +- Remove erroneous colon from before_action callback [\#310](https://github.com/lynndylanhurley/devise_token_auth/pull/310) ([jmliu](https://github.com/jmliu)) - Disabled serialization for JSON type columns [\#306](https://github.com/lynndylanhurley/devise_token_auth/pull/306) ([colavitam](https://github.com/colavitam)) - Set default provider to "email" in migration [\#302](https://github.com/lynndylanhurley/devise_token_auth/pull/302) ([colavitam](https://github.com/colavitam)) - Fix an issue for not :confirmable users [\#296](https://github.com/lynndylanhurley/devise_token_auth/pull/296) ([sebfie](https://github.com/sebfie)) - Update README.md [\#295](https://github.com/lynndylanhurley/devise_token_auth/pull/295) ([adisos](https://github.com/adisos)) -- Fix MOUNT\_PATH 'Read More' link [\#294](https://github.com/lynndylanhurley/devise_token_auth/pull/294) ([jmliu](https://github.com/jmliu)) +- Fix MOUNT_PATH 'Read More' link [\#294](https://github.com/lynndylanhurley/devise_token_auth/pull/294) ([jmliu](https://github.com/jmliu)) - Don't send password reset instructions to unconfirmed email [\#288](https://github.com/lynndylanhurley/devise_token_auth/pull/288) ([coryschires](https://github.com/coryschires)) - Feature/i18n support [\#283](https://github.com/lynndylanhurley/devise_token_auth/pull/283) ([sebfie](https://github.com/sebfie)) -- Update documentation for validate\_token [\#277](https://github.com/lynndylanhurley/devise_token_auth/pull/277) ([adamgall](https://github.com/adamgall)) +- Update documentation for validate_token [\#277](https://github.com/lynndylanhurley/devise_token_auth/pull/277) ([adamgall](https://github.com/adamgall)) - Added json support for tokens [\#276](https://github.com/lynndylanhurley/devise_token_auth/pull/276) ([shicholas](https://github.com/shicholas)) -- perf\(token\_is\_current?\): add simplistic cache to reduce overhead of redundant token checks during validation calls [\#272](https://github.com/lynndylanhurley/devise_token_auth/pull/272) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- perf\(update\_auth\_header\): only lock the resource if we are rotating tokens [\#267](https://github.com/lynndylanhurley/devise_token_auth/pull/267) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- fix\(email-validation\): Update in-use email validation message during registration to allow full\_message use [\#255](https://github.com/lynndylanhurley/devise_token_auth/pull/255) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- perf\(token_is_current?\): add simplistic cache to reduce overhead of redundant token checks during validation calls [\#272](https://github.com/lynndylanhurley/devise_token_auth/pull/272) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- perf\(update_auth_header\): only lock the resource if we are rotating tokens [\#267](https://github.com/lynndylanhurley/devise_token_auth/pull/267) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- fix\(email-validation\): Update in-use email validation message during registration to allow full_message use [\#255](https://github.com/lynndylanhurley/devise_token_auth/pull/255) ([booleanbetrayal](https://github.com/booleanbetrayal)) - fix\(session\#new\): fix unhandled 500 when logging in with valid user and bad password [\#254](https://github.com/lynndylanhurley/devise_token_auth/pull/254) ([mathemagica](https://github.com/mathemagica)) -- feat\(ominauth\): support json-formatted values in omniauth callback. [\#252](https://github.com/lynndylanhurley/devise_token_auth/pull/252) ([nbrustein](https://github.com/nbrustein)) -- fix\(sessions controller\): call reset\_session on destroy [\#251](https://github.com/lynndylanhurley/devise_token_auth/pull/251) ([nbrustein](https://github.com/nbrustein)) -- fix\(resource\_class\): support optional mapping property from set\_user\_by\_token [\#250](https://github.com/lynndylanhurley/devise_token_auth/pull/250) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Allow current\_password to be supplied when updating profile. [\#240](https://github.com/lynndylanhurley/devise_token_auth/pull/240) ([jasonswett](https://github.com/jasonswett)) +- feat\(ominauth\): support json-formatted values in omniauth callback. [\#252](https://github.com/lynndylanhurley/devise_token_auth/pull/252) ([nbrustein](https://github.com/nbrustein)) +- fix\(sessions controller\): call reset_session on destroy [\#251](https://github.com/lynndylanhurley/devise_token_auth/pull/251) ([nbrustein](https://github.com/nbrustein)) +- fix\(resource_class\): support optional mapping property from set_user_by_token [\#250](https://github.com/lynndylanhurley/devise_token_auth/pull/250) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- Allow current_password to be supplied when updating profile. [\#240](https://github.com/lynndylanhurley/devise_token_auth/pull/240) ([jasonswett](https://github.com/jasonswett)) - fixes password reset when not using confirmable [\#225](https://github.com/lynndylanhurley/devise_token_auth/pull/225) ([aesnyder](https://github.com/aesnyder)) - Fix error when email missing from registration params [\#220](https://github.com/lynndylanhurley/devise_token_auth/pull/220) ([iangreenleaf](https://github.com/iangreenleaf)) - URI fragment should appear at the end of URL [\#214](https://github.com/lynndylanhurley/devise_token_auth/pull/214) ([edymerchk](https://github.com/edymerchk)) @@ -1834,23 +1822,23 @@ - Return 422 \(was 500\) when empty body for sign up and account update [\#204](https://github.com/lynndylanhurley/devise_token_auth/pull/204) ([mchavarriagam](https://github.com/mchavarriagam)) - Users with allowed unconfirmed access can now log in successfully. [\#202](https://github.com/lynndylanhurley/devise_token_auth/pull/202) ([colavitam](https://github.com/colavitam)) - Authenticating an existing Warden/Devise User [\#200](https://github.com/lynndylanhurley/devise_token_auth/pull/200) ([nickL](https://github.com/nickL)) -- GET sign\_in should direct people to use POST sign\_in rather than raising exception [\#191](https://github.com/lynndylanhurley/devise_token_auth/pull/191) ([milesmatthias](https://github.com/milesmatthias)) +- GET sign_in should direct people to use POST sign_in rather than raising exception [\#191](https://github.com/lynndylanhurley/devise_token_auth/pull/191) ([milesmatthias](https://github.com/milesmatthias)) - Ignore 'extra' in Twitter auth response to avoid CookieOverflow. Fixes \#145. [\#179](https://github.com/lynndylanhurley/devise_token_auth/pull/179) ([tbloncar](https://github.com/tbloncar)) -- Some missing as\_json ? [\#152](https://github.com/lynndylanhurley/devise_token_auth/pull/152) ([nicolas-besnard](https://github.com/nicolas-besnard)) +- Some missing as_json ? [\#152](https://github.com/lynndylanhurley/devise_token_auth/pull/152) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Check email format on registration [\#150](https://github.com/lynndylanhurley/devise_token_auth/pull/150) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Actual header key uses dashes, not underscores. [\#143](https://github.com/lynndylanhurley/devise_token_auth/pull/143) ([ragaskar](https://github.com/ragaskar)) - Username register login [\#128](https://github.com/lynndylanhurley/devise_token_auth/pull/128) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Check if confirmable is active before skipping confirmation [\#125](https://github.com/lynndylanhurley/devise_token_auth/pull/125) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Fix links to section about controller integration. [\#117](https://github.com/lynndylanhurley/devise_token_auth/pull/117) ([Le6ow5k1](https://github.com/Le6ow5k1)) -- document GET for /validate\_token [\#113](https://github.com/lynndylanhurley/devise_token_auth/pull/113) ([lukaselmer](https://github.com/lukaselmer)) +- document GET for /validate_token [\#113](https://github.com/lynndylanhurley/devise_token_auth/pull/113) ([lukaselmer](https://github.com/lukaselmer)) - Fix small error in documentation. [\#91](https://github.com/lynndylanhurley/devise_token_auth/pull/91) ([edgarhenriquez](https://github.com/edgarhenriquez)) - Exclude devise modules [\#85](https://github.com/lynndylanhurley/devise_token_auth/pull/85) ([jartek](https://github.com/jartek)) - fix\(registration and update\): Ensure UID is updated alongside Email, and case-sensitivity is honored [\#71](https://github.com/lynndylanhurley/devise_token_auth/pull/71) ([booleanbetrayal](https://github.com/booleanbetrayal)) - Add better guidelines for contributors. [\#67](https://github.com/lynndylanhurley/devise_token_auth/pull/67) ([edgarhenriquez](https://github.com/edgarhenriquez)) -- Use resource\_class to override email confirmation. [\#64](https://github.com/lynndylanhurley/devise_token_auth/pull/64) ([edgarhenriquez](https://github.com/edgarhenriquez)) -- fix\(case-sensitivity\): support devise case\_insensitive\_keys for session ... [\#57](https://github.com/lynndylanhurley/devise_token_auth/pull/57) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- fix\(contention\): fix write contention in update\_auth\_headers and always ... [\#52](https://github.com/lynndylanhurley/devise_token_auth/pull/52) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Include resource.errors.full\_messages in error response. [\#50](https://github.com/lynndylanhurley/devise_token_auth/pull/50) ([jasonswett](https://github.com/jasonswett)) +- Use resource_class to override email confirmation. [\#64](https://github.com/lynndylanhurley/devise_token_auth/pull/64) ([edgarhenriquez](https://github.com/edgarhenriquez)) +- fix\(case-sensitivity\): support devise case_insensitive_keys for session ... [\#57](https://github.com/lynndylanhurley/devise_token_auth/pull/57) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- fix\(contention\): fix write contention in update_auth_headers and always ... [\#52](https://github.com/lynndylanhurley/devise_token_auth/pull/52) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- Include resource.errors.full_messages in error response. [\#50](https://github.com/lynndylanhurley/devise_token_auth/pull/50) ([jasonswett](https://github.com/jasonswett)) - fix\(expiry\): fix an issue where token expiration checks were too permissive [\#49](https://github.com/lynndylanhurley/devise_token_auth/pull/49) ([booleanbetrayal](https://github.com/booleanbetrayal)) - Update README with Example Generator Command [\#35](https://github.com/lynndylanhurley/devise_token_auth/pull/35) ([wwilkins](https://github.com/wwilkins)) - Remove OmniAuth dependency [\#26](https://github.com/lynndylanhurley/devise_token_auth/pull/26) ([hannahhoward](https://github.com/hannahhoward)) @@ -1862,15 +1850,16 @@ # Change Log ## [v0.1.42](https://github.com/lynndylanhurley/devise_token_auth/tree/v0.1.42) (2017-05-17) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.1.41...v0.1.42) **Closed issues:** -- devise\_token\_auth blocks upgrade to Rails 5.1.0 [\#875](https://github.com/lynndylanhurley/devise_token_auth/issues/875) +- devise_token_auth blocks upgrade to Rails 5.1.0 [\#875](https://github.com/lynndylanhurley/devise_token_auth/issues/875) **Merged pull requests:** -- Support for devise 4.3 that is now supporting rails 5.1 [\#891](https://github.com/lynndylanhurley/devise_token_auth/pull/891) ([silviusimeria](https://github.com/silviusimeria)) +- Support for devise 4.3 that is now supporting rails 5.1 [\#891](https://github.com/lynndylanhurley/devise_token_auth/pull/891) ([silviusimeria](https://github.com/silviusimeria)) # Change Log @@ -1895,19 +1884,19 @@ - Can only register one account. [\#858](https://github.com/lynndylanhurley/devise_token_auth/issues/858) - No access-token in the header [\#855](https://github.com/lynndylanhurley/devise_token_auth/issues/855) - Headers not present in all requests [\#851](https://github.com/lynndylanhurley/devise_token_auth/issues/851) -- uninitialized constant SECRET\_KEY\_BASE [\#845](https://github.com/lynndylanhurley/devise_token_auth/issues/845) -- devise\_token\_auth: can't work with Rails subdomain. [\#831](https://github.com/lynndylanhurley/devise_token_auth/issues/831) +- uninitialized constant SECRET_KEY_BASE [\#845](https://github.com/lynndylanhurley/devise_token_auth/issues/845) +- devise_token_auth: can't work with Rails subdomain. [\#831](https://github.com/lynndylanhurley/devise_token_auth/issues/831) - Question: email confirmation token URI with Rails API [\#824](https://github.com/lynndylanhurley/devise_token_auth/issues/824) - readme code for controller override needs a slight change [\#819](https://github.com/lynndylanhurley/devise_token_auth/issues/819) - Support for multiple providers during same session [\#815](https://github.com/lynndylanhurley/devise_token_auth/issues/815) - not supporting for angular1.6 [\#810](https://github.com/lynndylanhurley/devise_token_auth/issues/810) - Add has one/belongs to assotiation [\#807](https://github.com/lynndylanhurley/devise_token_auth/issues/807) -- redirect\_url required but not permitted in strong parameters [\#805](https://github.com/lynndylanhurley/devise_token_auth/issues/805) +- redirect_url required but not permitted in strong parameters [\#805](https://github.com/lynndylanhurley/devise_token_auth/issues/805) - Data leak on create password reset [\#797](https://github.com/lynndylanhurley/devise_token_auth/issues/797) - Rails 5 API Mode Not Authorizing [\#796](https://github.com/lynndylanhurley/devise_token_auth/issues/796) - wrong constant name user [\#784](https://github.com/lynndylanhurley/devise_token_auth/issues/784) -- current\_user returns nill [\#779](https://github.com/lynndylanhurley/devise_token_auth/issues/779) -- ActionController::RoutingError - undefined method `helper\_method' [\#776](https://github.com/lynndylanhurley/devise_token_auth/issues/776) +- current_user returns nill [\#779](https://github.com/lynndylanhurley/devise_token_auth/issues/779) +- ActionController::RoutingError - undefined method `helper_method' [\#776](https://github.com/lynndylanhurley/devise_token_auth/issues/776) - Minimum Limits on a token? [\#764](https://github.com/lynndylanhurley/devise_token_auth/issues/764) - Octopus throwing error when deleting expired tokens [\#761](https://github.com/lynndylanhurley/devise_token_auth/issues/761) - Only one User model return the correct headers [\#757](https://github.com/lynndylanhurley/devise_token_auth/issues/757) @@ -1916,97 +1905,97 @@ - Rails 5 API deployed as microservices [\#741](https://github.com/lynndylanhurley/devise_token_auth/issues/741) - Query params left in url after facebook login cause authentication to fail on refresh [\#734](https://github.com/lynndylanhurley/devise_token_auth/issues/734) - Can't permit parameters in rails engine [\#731](https://github.com/lynndylanhurley/devise_token_auth/issues/731) -- Cannot integrate with omniauth-facebook [\#729](https://github.com/lynndylanhurley/devise_token_auth/issues/729) +- Cannot integrate with omniauth-facebook [\#729](https://github.com/lynndylanhurley/devise_token_auth/issues/729) - Two models, one not working [\#726](https://github.com/lynndylanhurley/devise_token_auth/issues/726) -- API response bodies are empty when using active\_model\_serializers [\#715](https://github.com/lynndylanhurley/devise_token_auth/issues/715) -- /sign\_out route is returning 404 not found [\#713](https://github.com/lynndylanhurley/devise_token_auth/issues/713) +- API response bodies are empty when using active_model_serializers [\#715](https://github.com/lynndylanhurley/devise_token_auth/issues/715) +- /sign_out route is returning 404 not found [\#713](https://github.com/lynndylanhurley/devise_token_auth/issues/713) - Why is `tokens` field a json type and how to create a query based on inside values? [\#707](https://github.com/lynndylanhurley/devise_token_auth/issues/707) - Deprecation Error Message on 5.0 [\#698](https://github.com/lynndylanhurley/devise_token_auth/issues/698) - "Covert Redirect" Vulnerability [\#696](https://github.com/lynndylanhurley/devise_token_auth/issues/696) - No route matches \[POST\] "/api/v1/auth" [\#694](https://github.com/lynndylanhurley/devise_token_auth/issues/694) - Got this error with ActiveAdmin "wrong number of arguments \(1 for 0\)" [\#692](https://github.com/lynndylanhurley/devise_token_auth/issues/692) -- using devise\_token\_auth for API alongside standard devise gem for HTML view [\#689](https://github.com/lynndylanhurley/devise_token_auth/issues/689) -- No Headers after sign\_in for new Users created by Admin [\#685](https://github.com/lynndylanhurley/devise_token_auth/issues/685) -- NoMethodError \(undefined method `headers\_names' for DeviseTokenAuth:Module\) [\#684](https://github.com/lynndylanhurley/devise_token_auth/issues/684) +- using devise_token_auth for API alongside standard devise gem for HTML view [\#689](https://github.com/lynndylanhurley/devise_token_auth/issues/689) +- No Headers after sign_in for new Users created by Admin [\#685](https://github.com/lynndylanhurley/devise_token_auth/issues/685) +- NoMethodError \(undefined method `headers_names' for DeviseTokenAuth:Module\) [\#684](https://github.com/lynndylanhurley/devise_token_auth/issues/684) - Fast page refresh problem [\#683](https://github.com/lynndylanhurley/devise_token_auth/issues/683) -- IndexError: string not matched on User sign\_in [\#681](https://github.com/lynndylanhurley/devise_token_auth/issues/681) -- skip\_confirmation\_notification! not working [\#679](https://github.com/lynndylanhurley/devise_token_auth/issues/679) -- rails g devise\_token\_auth:install User auth hangs and does nothing [\#671](https://github.com/lynndylanhurley/devise_token_auth/issues/671) +- IndexError: string not matched on User sign_in [\#681](https://github.com/lynndylanhurley/devise_token_auth/issues/681) +- skip_confirmation_notification! not working [\#679](https://github.com/lynndylanhurley/devise_token_auth/issues/679) +- rails g devise_token_auth:install User auth hangs and does nothing [\#671](https://github.com/lynndylanhurley/devise_token_auth/issues/671) - Bump version to support devise 4.1.1 [\#659](https://github.com/lynndylanhurley/devise_token_auth/issues/659) -- callback :set\_user\_by\_token has not been defined [\#649](https://github.com/lynndylanhurley/devise_token_auth/issues/649) -- Issues with active\_model\_serializers [\#644](https://github.com/lynndylanhurley/devise_token_auth/issues/644) +- callback :set_user_by_token has not been defined [\#649](https://github.com/lynndylanhurley/devise_token_auth/issues/649) +- Issues with active_model_serializers [\#644](https://github.com/lynndylanhurley/devise_token_auth/issues/644) - Error with devise [\#643](https://github.com/lynndylanhurley/devise_token_auth/issues/643) -- undefined method `token\_validation\_response' [\#635](https://github.com/lynndylanhurley/devise_token_auth/issues/635) -- when password is reset from UI, all tokens must be removed if remove\_tokens\_after\_password\_reset is true [\#634](https://github.com/lynndylanhurley/devise_token_auth/issues/634) +- undefined method `token_validation_response' [\#635](https://github.com/lynndylanhurley/devise_token_auth/issues/635) +- when password is reset from UI, all tokens must be removed if remove_tokens_after_password_reset is true [\#634](https://github.com/lynndylanhurley/devise_token_auth/issues/634) - Relax devise dependency to allow 4.1 [\#631](https://github.com/lynndylanhurley/devise_token_auth/issues/631) - Rails 5 generator doesn't insert concern [\#627](https://github.com/lynndylanhurley/devise_token_auth/issues/627) -- NoMethodError \(undefined method `find\_by\_uid'\) in production. [\#625](https://github.com/lynndylanhurley/devise_token_auth/issues/625) +- NoMethodError \(undefined method `find_by_uid'\) in production. [\#625](https://github.com/lynndylanhurley/devise_token_auth/issues/625) - Why is password confirmation required ? [\#624](https://github.com/lynndylanhurley/devise_token_auth/issues/624) -- Curl not working for sign\_in but works on ng-token-angular [\#620](https://github.com/lynndylanhurley/devise_token_auth/issues/620) +- Curl not working for sign_in but works on ng-token-angular [\#620](https://github.com/lynndylanhurley/devise_token_auth/issues/620) - After Sign-in success, The following requests on Angular side are unauthorized. [\#619](https://github.com/lynndylanhurley/devise_token_auth/issues/619) - Omniauth - Facebook app doesn't run callback url after successful Facebook authentication [\#615](https://github.com/lynndylanhurley/devise_token_auth/issues/615) -- :authenticate\_user! wired behaviour [\#614](https://github.com/lynndylanhurley/devise_token_auth/issues/614) -- current\_user is nil, request headers are all upcased and prefixed with HTML\_ [\#611](https://github.com/lynndylanhurley/devise_token_auth/issues/611) +- :authenticate_user! wired behaviour [\#614](https://github.com/lynndylanhurley/devise_token_auth/issues/614) +- current_user is nil, request headers are all upcased and prefixed with HTML\_ [\#611](https://github.com/lynndylanhurley/devise_token_auth/issues/611) - Problem in generated routes [\#607](https://github.com/lynndylanhurley/devise_token_auth/issues/607) - Rails 5 API Mode - no headers in response [\#606](https://github.com/lynndylanhurley/devise_token_auth/issues/606) -- Filter chain halted as :authenticate\_user! rendered or redirected [\#603](https://github.com/lynndylanhurley/devise_token_auth/issues/603) +- Filter chain halted as :authenticate_user! rendered or redirected [\#603](https://github.com/lynndylanhurley/devise_token_auth/issues/603) - 422 Unprocessable Entity when using local IP address [\#601](https://github.com/lynndylanhurley/devise_token_auth/issues/601) -- not working with latest version of active\_model\_serializers [\#600](https://github.com/lynndylanhurley/devise_token_auth/issues/600) -- overriding rendering methods in devise\_token\_auth [\#597](https://github.com/lynndylanhurley/devise_token_auth/issues/597) -- redirect\_url is missing in email instructions sent to the user for password reset [\#588](https://github.com/lynndylanhurley/devise_token_auth/issues/588) -- Unpermitted parameter: {"email":"mail@gmail.com","password":"abcdefgh","password\_confirmation":"abcdefgh"} [\#587](https://github.com/lynndylanhurley/devise_token_auth/issues/587) +- not working with latest version of active_model_serializers [\#600](https://github.com/lynndylanhurley/devise_token_auth/issues/600) +- overriding rendering methods in devise_token_auth [\#597](https://github.com/lynndylanhurley/devise_token_auth/issues/597) +- redirect_url is missing in email instructions sent to the user for password reset [\#588](https://github.com/lynndylanhurley/devise_token_auth/issues/588) +- Unpermitted parameter: {"email":"mail@gmail.com","password":"abcdefgh","password_confirmation":"abcdefgh"} [\#587](https://github.com/lynndylanhurley/devise_token_auth/issues/587) - can't authenticate user when opening a new download tab [\#582](https://github.com/lynndylanhurley/devise_token_auth/issues/582) - Mails are not being sent [\#581](https://github.com/lynndylanhurley/devise_token_auth/issues/581) -- current\_user seems to be nil after doing requests from different tabs [\#579](https://github.com/lynndylanhurley/devise_token_auth/issues/579) -- Do we have any rspec helpers to sign\_in an user? [\#577](https://github.com/lynndylanhurley/devise_token_auth/issues/577) -- Cannot override json response of authenticate\_user! [\#575](https://github.com/lynndylanhurley/devise_token_auth/issues/575) -- return custom json data after sign\_in [\#567](https://github.com/lynndylanhurley/devise_token_auth/issues/567) -- /auth/validate\_token works but getting 401 unauthorized when sending request with auth headers [\#550](https://github.com/lynndylanhurley/devise_token_auth/issues/550) +- current_user seems to be nil after doing requests from different tabs [\#579](https://github.com/lynndylanhurley/devise_token_auth/issues/579) +- Do we have any rspec helpers to sign_in an user? [\#577](https://github.com/lynndylanhurley/devise_token_auth/issues/577) +- Cannot override json response of authenticate_user! [\#575](https://github.com/lynndylanhurley/devise_token_auth/issues/575) +- return custom json data after sign_in [\#567](https://github.com/lynndylanhurley/devise_token_auth/issues/567) +- /auth/validate_token works but getting 401 unauthorized when sending request with auth headers [\#550](https://github.com/lynndylanhurley/devise_token_auth/issues/550) - Where is the access key of omniauth provider? [\#549](https://github.com/lynndylanhurley/devise_token_auth/issues/549) - How this gem is different from a JWT system? [\#543](https://github.com/lynndylanhurley/devise_token_auth/issues/543) - Improper formatting for JSON API error/success responses [\#536](https://github.com/lynndylanhurley/devise_token_auth/issues/536) - Is it a hybrid authentication system? [\#527](https://github.com/lynndylanhurley/devise_token_auth/issues/527) -- check\_current\_password\_before\_update still requires password when resetting password [\#526](https://github.com/lynndylanhurley/devise_token_auth/issues/526) +- check_current_password_before_update still requires password when resetting password [\#526](https://github.com/lynndylanhurley/devise_token_auth/issues/526) - Manually authenticate for testing [\#521](https://github.com/lynndylanhurley/devise_token_auth/issues/521) - Support for STI [\#517](https://github.com/lynndylanhurley/devise_token_auth/issues/517) -- DEPRECATION WARNING: alias\_method\_chain is deprecated [\#514](https://github.com/lynndylanhurley/devise_token_auth/issues/514) -- JSON responses don't fit JSON\_API requirements [\#512](https://github.com/lynndylanhurley/devise_token_auth/issues/512) +- DEPRECATION WARNING: alias_method_chain is deprecated [\#514](https://github.com/lynndylanhurley/devise_token_auth/issues/514) +- JSON responses don't fit JSON_API requirements [\#512](https://github.com/lynndylanhurley/devise_token_auth/issues/512) - Not working with rails 5 and devise master [\#504](https://github.com/lynndylanhurley/devise_token_auth/issues/504) -- Unpermitted parameters: confirm\_success\_url, config\_name, registration [\#501](https://github.com/lynndylanhurley/devise_token_auth/issues/501) -- set\_user\_by\_token not defined in production for rails 5 [\#500](https://github.com/lynndylanhurley/devise_token_auth/issues/500) +- Unpermitted parameters: confirm_success_url, config_name, registration [\#501](https://github.com/lynndylanhurley/devise_token_auth/issues/501) +- set_user_by_token not defined in production for rails 5 [\#500](https://github.com/lynndylanhurley/devise_token_auth/issues/500) - Master branch no longer working with devise master branch \(version error\) [\#498](https://github.com/lynndylanhurley/devise_token_auth/issues/498) - uid is not getting set in git revision 996b9cf23a18 [\#497](https://github.com/lynndylanhurley/devise_token_auth/issues/497) -- ve\_model\_serializer namespace [\#492](https://github.com/lynndylanhurley/devise_token_auth/issues/492) -- User remains logged in when using devise and devise\_token\_auth in the same app [\#486](https://github.com/lynndylanhurley/devise_token_auth/issues/486) -- DEPRECATION WARNING: alias\_method\_chain is deprecated. Rails 5 [\#482](https://github.com/lynndylanhurley/devise_token_auth/issues/482) -- validate\_token - resource\_name - undefined method `name' for nil:NilClass [\#480](https://github.com/lynndylanhurley/devise_token_auth/issues/480) +- ve_model_serializer namespace [\#492](https://github.com/lynndylanhurley/devise_token_auth/issues/492) +- User remains logged in when using devise and devise_token_auth in the same app [\#486](https://github.com/lynndylanhurley/devise_token_auth/issues/486) +- DEPRECATION WARNING: alias_method_chain is deprecated. Rails 5 [\#482](https://github.com/lynndylanhurley/devise_token_auth/issues/482) +- validate_token - resource_name - undefined method `name' for nil:NilClass [\#480](https://github.com/lynndylanhurley/devise_token_auth/issues/480) - Helpers being loaded for Rails API's [\#468](https://github.com/lynndylanhurley/devise_token_auth/issues/468) - Unable to call `rails g devise\_token\_auth:install` within rails engine [\#465](https://github.com/lynndylanhurley/devise_token_auth/issues/465) - locales `errors.messages.already\_in\_use` seems broken [\#463](https://github.com/lynndylanhurley/devise_token_auth/issues/463) - It shows "An error occurred" after omniauth callback [\#445](https://github.com/lynndylanhurley/devise_token_auth/issues/445) - - [\#444](https://github.com/lynndylanhurley/devise_token_auth/issues/444) - Put Access Token in body [\#442](https://github.com/lynndylanhurley/devise_token_auth/issues/442) -- Unable to add a new param for sign up [\#440](https://github.com/lynndylanhurley/devise_token_auth/issues/440) -- Undefined method provider from devise\_toke\_auth concerns/user.rb [\#438](https://github.com/lynndylanhurley/devise_token_auth/issues/438) +- Unable to add a new param for sign up [\#440](https://github.com/lynndylanhurley/devise_token_auth/issues/440) +- Undefined method provider from devise_toke_auth concerns/user.rb [\#438](https://github.com/lynndylanhurley/devise_token_auth/issues/438) - Scoped DeviseToken but it still affects the original Omniauth redirects. [\#429](https://github.com/lynndylanhurley/devise_token_auth/issues/429) - Can't create user via api [\#422](https://github.com/lynndylanhurley/devise_token_auth/issues/422) -- Password Reset question, do I need my own form? [\#418](https://github.com/lynndylanhurley/devise_token_auth/issues/418) +- Password Reset question, do I need my own form? [\#418](https://github.com/lynndylanhurley/devise_token_auth/issues/418) - Large Size on Disk [\#415](https://github.com/lynndylanhurley/devise_token_auth/issues/415) -- The validate\_token function in the readme is missing a parameter [\#413](https://github.com/lynndylanhurley/devise_token_auth/issues/413) +- The validate_token function in the readme is missing a parameter [\#413](https://github.com/lynndylanhurley/devise_token_auth/issues/413) - Cannot migrate database: NoMethodError: undefined method `new' for DeviseTokenAuth:Module [\#406](https://github.com/lynndylanhurley/devise_token_auth/issues/406) -- change\_headers\_on\_each\_request and batch requests [\#403](https://github.com/lynndylanhurley/devise_token_auth/issues/403) +- change_headers_on_each_request and batch requests [\#403](https://github.com/lynndylanhurley/devise_token_auth/issues/403) - Multiple users, returning\(and creating\) wrong model's auth token [\#399](https://github.com/lynndylanhurley/devise_token_auth/issues/399) - Can't verify CSRF token authenticity [\#398](https://github.com/lynndylanhurley/devise_token_auth/issues/398) - uninitialized constant DeviseTokenAuth::OmniauthCallbacksController::BCrypt [\#393](https://github.com/lynndylanhurley/devise_token_auth/issues/393) - Sign in not success. [\#388](https://github.com/lynndylanhurley/devise_token_auth/issues/388) -- password length [\#380](https://github.com/lynndylanhurley/devise_token_auth/issues/380) +- password length [\#380](https://github.com/lynndylanhurley/devise_token_auth/issues/380) - Devise token auth not found routing error [\#379](https://github.com/lynndylanhurley/devise_token_auth/issues/379) - Defining a custom primary key [\#378](https://github.com/lynndylanhurley/devise_token_auth/issues/378) - seeing other users data after login/out with different users on ionic [\#375](https://github.com/lynndylanhurley/devise_token_auth/issues/375) - omniauth: when redirecting, user object should not be serialized into url [\#368](https://github.com/lynndylanhurley/devise_token_auth/issues/368) -- getting ng-token-auth and devise\_token\_auth to work with OAuth in ionic InAppBrowser [\#367](https://github.com/lynndylanhurley/devise_token_auth/issues/367) +- getting ng-token-auth and devise_token_auth to work with OAuth in ionic InAppBrowser [\#367](https://github.com/lynndylanhurley/devise_token_auth/issues/367) - omniauth callback redirect not working properly when using namespace/scope [\#362](https://github.com/lynndylanhurley/devise_token_auth/issues/362) -- invalid token in method set\_user\_by\_token on RegistrationsController\#update [\#357](https://github.com/lynndylanhurley/devise_token_auth/issues/357) +- invalid token in method set_user_by_token on RegistrationsController\#update [\#357](https://github.com/lynndylanhurley/devise_token_auth/issues/357) - Allow devise patch version updates [\#351](https://github.com/lynndylanhurley/devise_token_auth/issues/351) - Error validating token [\#348](https://github.com/lynndylanhurley/devise_token_auth/issues/348) - Restricting access to controllers methods [\#340](https://github.com/lynndylanhurley/devise_token_auth/issues/340) @@ -2015,11 +2004,11 @@ - NameError \(uninitialized constant DeviseTokenAuth::Concerns::User::BCrypt\) [\#333](https://github.com/lynndylanhurley/devise_token_auth/issues/333) - Unpermitted parameters: format, session [\#328](https://github.com/lynndylanhurley/devise_token_auth/issues/328) - Concern causes app to connect to database when precompiling assets. [\#327](https://github.com/lynndylanhurley/devise_token_auth/issues/327) -- devise token auth + Save Facebook auth\_hash info in database [\#326](https://github.com/lynndylanhurley/devise_token_auth/issues/326) +- devise token auth + Save Facebook auth_hash info in database [\#326](https://github.com/lynndylanhurley/devise_token_auth/issues/326) - Error sending password reset email when not using confirmable \(reopened \#124\) [\#321](https://github.com/lynndylanhurley/devise_token_auth/issues/321) - Routing error / Preflight request / OPTIONS [\#320](https://github.com/lynndylanhurley/devise_token_auth/issues/320) - delete tokens after password change [\#318](https://github.com/lynndylanhurley/devise_token_auth/issues/318) -- Can't authorize \(user\_signed\_in? always show false\) [\#315](https://github.com/lynndylanhurley/devise_token_auth/issues/315) +- Can't authorize \(user_signed_in? always show false\) [\#315](https://github.com/lynndylanhurley/devise_token_auth/issues/315) - Warden::SessionSerializer - wrong number of arguments \(2 for 1\) [\#312](https://github.com/lynndylanhurley/devise_token_auth/issues/312) - The action 'twitter' could not be found for DeviseTokenAuth::OmniauthCallbacksController [\#309](https://github.com/lynndylanhurley/devise_token_auth/issues/309) - Having 401 Unauthorized only with mobile [\#305](https://github.com/lynndylanhurley/devise_token_auth/issues/305) @@ -2028,16 +2017,16 @@ - Getting 401's when making requests using iOS/Android clients [\#299](https://github.com/lynndylanhurley/devise_token_auth/issues/299) - undefined method `tokens' for \#\ [\#297](https://github.com/lynndylanhurley/devise_token_auth/issues/297) - Confirmation URL giving bad arguments [\#293](https://github.com/lynndylanhurley/devise_token_auth/issues/293) -- set\_user\_by\_token not called in overriden controller [\#291](https://github.com/lynndylanhurley/devise_token_auth/issues/291) -- Question: Should we send password reset instructions to unconfirmed emails? [\#287](https://github.com/lynndylanhurley/devise_token_auth/issues/287) +- set_user_by_token not called in overriden controller [\#291](https://github.com/lynndylanhurley/devise_token_auth/issues/291) +- Question: Should we send password reset instructions to unconfirmed emails? [\#287](https://github.com/lynndylanhurley/devise_token_auth/issues/287) - NoMethodError \(undefined method `\[\]' for nil:NilClass\): [\#286](https://github.com/lynndylanhurley/devise_token_auth/issues/286) - Facebook omniauth redirection is missing url when testing on localhost [\#285](https://github.com/lynndylanhurley/devise_token_auth/issues/285) - No route matches \[GET\] "/users/facebook/callback" [\#280](https://github.com/lynndylanhurley/devise_token_auth/issues/280) - No route matches \[GET\] "/omniauth/:provider" [\#278](https://github.com/lynndylanhurley/devise_token_auth/issues/278) - How to refresh token/expiry? [\#275](https://github.com/lynndylanhurley/devise_token_auth/issues/275) -- wrong number of arguments \(1 for 0\): in DeviseTokenAuth::RegistrationsController\#create [\#274](https://github.com/lynndylanhurley/devise_token_auth/issues/274) +- wrong number of arguments \(1 for 0\): in DeviseTokenAuth::RegistrationsController\#create [\#274](https://github.com/lynndylanhurley/devise_token_auth/issues/274) - Can not save a user with nil tokens attribute [\#271](https://github.com/lynndylanhurley/devise_token_auth/issues/271) -- Shouldn't validate\_token param be access-token, not auth\_token? [\#270](https://github.com/lynndylanhurley/devise_token_auth/issues/270) +- Shouldn't validate_token param be access-token, not auth_token? [\#270](https://github.com/lynndylanhurley/devise_token_auth/issues/270) - include associations on login [\#269](https://github.com/lynndylanhurley/devise_token_auth/issues/269) - Failure route not handled [\#262](https://github.com/lynndylanhurley/devise_token_auth/issues/262) - Getting Unauthorized error even after sending the correct token, uid and client [\#261](https://github.com/lynndylanhurley/devise_token_auth/issues/261) @@ -2045,20 +2034,20 @@ - undefined method `provider' for \#\ [\#257](https://github.com/lynndylanhurley/devise_token_auth/issues/257) - Custom Serializer like ActiveModel Serializer [\#249](https://github.com/lynndylanhurley/devise_token_auth/issues/249) - File download with query params [\#246](https://github.com/lynndylanhurley/devise_token_auth/issues/246) -- Info: is devise\_token\_auth compatible with rails 3.2.19? [\#245](https://github.com/lynndylanhurley/devise_token_auth/issues/245) +- Info: is devise_token_auth compatible with rails 3.2.19? [\#245](https://github.com/lynndylanhurley/devise_token_auth/issues/245) - Headers required for different methods [\#243](https://github.com/lynndylanhurley/devise_token_auth/issues/243) - Unpermitted parameters: format, session, lang [\#239](https://github.com/lynndylanhurley/devise_token_auth/issues/239) -- On sign\_in, devise\_token\_auth expects the uid to be the same as the email [\#237](https://github.com/lynndylanhurley/devise_token_auth/issues/237) -- Name conflict with inherited\_resources [\#236](https://github.com/lynndylanhurley/devise_token_auth/issues/236) -- sign\_in will not fetch the token [\#234](https://github.com/lynndylanhurley/devise_token_auth/issues/234) +- On sign_in, devise_token_auth expects the uid to be the same as the email [\#237](https://github.com/lynndylanhurley/devise_token_auth/issues/237) +- Name conflict with inherited_resources [\#236](https://github.com/lynndylanhurley/devise_token_auth/issues/236) +- sign_in will not fetch the token [\#234](https://github.com/lynndylanhurley/devise_token_auth/issues/234) - Remove \('\#'\) symbol when using html5mode in locationProvider [\#232](https://github.com/lynndylanhurley/devise_token_auth/issues/232) - Log in request 401 error [\#231](https://github.com/lynndylanhurley/devise_token_auth/issues/231) - User Registration - "email address already in use" when it is unique [\#230](https://github.com/lynndylanhurley/devise_token_auth/issues/230) - Devise email validation disabled...why? [\#229](https://github.com/lynndylanhurley/devise_token_auth/issues/229) -- confirm\_success\_url error not working [\#226](https://github.com/lynndylanhurley/devise_token_auth/issues/226) -- pending\_reconfirmation called when confirmable isn't used [\#224](https://github.com/lynndylanhurley/devise_token_auth/issues/224) -- omniauth\_success.html.erb JSON bug [\#221](https://github.com/lynndylanhurley/devise_token_auth/issues/221) -- Using devise\_token\_auth and ng\_token\_auth with angularJS in an Ionic Hybrid application [\#218](https://github.com/lynndylanhurley/devise_token_auth/issues/218) +- confirm_success_url error not working [\#226](https://github.com/lynndylanhurley/devise_token_auth/issues/226) +- pending_reconfirmation called when confirmable isn't used [\#224](https://github.com/lynndylanhurley/devise_token_auth/issues/224) +- omniauth_success.html.erb JSON bug [\#221](https://github.com/lynndylanhurley/devise_token_auth/issues/221) +- Using devise_token_auth and ng_token_auth with angularJS in an Ionic Hybrid application [\#218](https://github.com/lynndylanhurley/devise_token_auth/issues/218) - Where can I got token? [\#217](https://github.com/lynndylanhurley/devise_token_auth/issues/217) - URI fragment prevent to send params in Confirmation URL [\#213](https://github.com/lynndylanhurley/devise_token_auth/issues/213) - Generating many client tokens [\#210](https://github.com/lynndylanhurley/devise_token_auth/issues/210) @@ -2068,42 +2057,42 @@ - DELETE method becoming OPTIONS @ Heroku [\#197](https://github.com/lynndylanhurley/devise_token_auth/issues/197) - 40 Mb log file and 1 minute to have token with curl [\#195](https://github.com/lynndylanhurley/devise_token_auth/issues/195) - 401 unauthorized [\#193](https://github.com/lynndylanhurley/devise_token_auth/issues/193) -- GET requests to sign\_in shouldn't raise an exception [\#190](https://github.com/lynndylanhurley/devise_token_auth/issues/190) +- GET requests to sign_in shouldn't raise an exception [\#190](https://github.com/lynndylanhurley/devise_token_auth/issues/190) - Api not locked by default [\#189](https://github.com/lynndylanhurley/devise_token_auth/issues/189) -- Rails 4.1 [\#187](https://github.com/lynndylanhurley/devise_token_auth/issues/187) -- Unable to override OmniauthCallbacksController\#redirect\_callbacks [\#186](https://github.com/lynndylanhurley/devise_token_auth/issues/186) -- Devise and devise\_token\_auth omniauth callbacks [\#184](https://github.com/lynndylanhurley/devise_token_auth/issues/184) +- Rails 4.1 [\#187](https://github.com/lynndylanhurley/devise_token_auth/issues/187) +- Unable to override OmniauthCallbacksController\#redirect_callbacks [\#186](https://github.com/lynndylanhurley/devise_token_auth/issues/186) +- Devise and devise_token_auth omniauth callbacks [\#184](https://github.com/lynndylanhurley/devise_token_auth/issues/184) - Token based authentication with no sessions [\#183](https://github.com/lynndylanhurley/devise_token_auth/issues/183) -- undefined method `authenticate\_user!' [\#182](https://github.com/lynndylanhurley/devise_token_auth/issues/182) -- confirm\_success\_url shouldn't be a required param [\#176](https://github.com/lynndylanhurley/devise_token_auth/issues/176) +- undefined method `authenticate_user!' [\#182](https://github.com/lynndylanhurley/devise_token_auth/issues/182) +- confirm_success_url shouldn't be a required param [\#176](https://github.com/lynndylanhurley/devise_token_auth/issues/176) - Provide an OAuth implementation for native apps [\#175](https://github.com/lynndylanhurley/devise_token_auth/issues/175) - getting an argument error when trying to use omniauth [\#174](https://github.com/lynndylanhurley/devise_token_auth/issues/174) - Sign in via username doesn't seem to work correctly. [\#173](https://github.com/lynndylanhurley/devise_token_auth/issues/173) - Cannot use + sign in email address. [\#171](https://github.com/lynndylanhurley/devise_token_auth/issues/171) - How can i authenticate using curl and get private entries ! [\#167](https://github.com/lynndylanhurley/devise_token_auth/issues/167) - Pessimistic Locking produces ArgumentError [\#165](https://github.com/lynndylanhurley/devise_token_auth/issues/165) -- POTENTIAL SECURITY RISK: Setting confirm\_success\_url and redirect\_url via API [\#162](https://github.com/lynndylanhurley/devise_token_auth/issues/162) +- POTENTIAL SECURITY RISK: Setting confirm_success_url and redirect_url via API [\#162](https://github.com/lynndylanhurley/devise_token_auth/issues/162) - Sign out just on client side ? [\#161](https://github.com/lynndylanhurley/devise_token_auth/issues/161) -- Unpermitted parameter: redirect\_url [\#160](https://github.com/lynndylanhurley/devise_token_auth/issues/160) -- Issues using devise and devise\_token\_auth [\#159](https://github.com/lynndylanhurley/devise_token_auth/issues/159) +- Unpermitted parameter: redirect_url [\#160](https://github.com/lynndylanhurley/devise_token_auth/issues/160) +- Issues using devise and devise_token_auth [\#159](https://github.com/lynndylanhurley/devise_token_auth/issues/159) - Add role based authorization [\#158](https://github.com/lynndylanhurley/devise_token_auth/issues/158) - Not compatible with ActiveAdmin [\#156](https://github.com/lynndylanhurley/devise_token_auth/issues/156) -- \[Duplicate\] is devise\_invitable supported? [\#154](https://github.com/lynndylanhurley/devise_token_auth/issues/154) +- \[Duplicate\] is devise_invitable supported? [\#154](https://github.com/lynndylanhurley/devise_token_auth/issues/154) - User can register with a "false" email [\#149](https://github.com/lynndylanhurley/devise_token_auth/issues/149) -- /validate\_token [\#148](https://github.com/lynndylanhurley/devise_token_auth/issues/148) +- /validate_token [\#148](https://github.com/lynndylanhurley/devise_token_auth/issues/148) - Email confirmation link [\#147](https://github.com/lynndylanhurley/devise_token_auth/issues/147) - Tokens field on database [\#146](https://github.com/lynndylanhurley/devise_token_auth/issues/146) - Twitter OAuth always throughs CookieOverflow [\#145](https://github.com/lynndylanhurley/devise_token_auth/issues/145) - Is there a way to configure apiUrl for both dev and prod? [\#144](https://github.com/lynndylanhurley/devise_token_auth/issues/144) - Getting 401 unauthorized on login attempt [\#142](https://github.com/lynndylanhurley/devise_token_auth/issues/142) - Comparing with jwt [\#140](https://github.com/lynndylanhurley/devise_token_auth/issues/140) -- Can't get omniauth to work \(error in redirect\_callbacks\) [\#139](https://github.com/lynndylanhurley/devise_token_auth/issues/139) +- Can't get omniauth to work \(error in redirect_callbacks\) [\#139](https://github.com/lynndylanhurley/devise_token_auth/issues/139) - Change controller inheritance [\#138](https://github.com/lynndylanhurley/devise_token_auth/issues/138) - Reset Password call returns 400 for Not Found user [\#137](https://github.com/lynndylanhurley/devise_token_auth/issues/137) - The gem is too big. Please take care of it. [\#136](https://github.com/lynndylanhurley/devise_token_auth/issues/136) - Error when loging with facebook the second time without logout [\#135](https://github.com/lynndylanhurley/devise_token_auth/issues/135) -- OmniAuth redirect doesn't work if using the generated mount\_devise\_token route [\#133](https://github.com/lynndylanhurley/devise_token_auth/issues/133) -- Missing template /omniauth\_response [\#132](https://github.com/lynndylanhurley/devise_token_auth/issues/132) +- OmniAuth redirect doesn't work if using the generated mount_devise_token route [\#133](https://github.com/lynndylanhurley/devise_token_auth/issues/133) +- Missing template /omniauth_response [\#132](https://github.com/lynndylanhurley/devise_token_auth/issues/132) - Unpermitted parameter: session [\#130](https://github.com/lynndylanhurley/devise_token_auth/issues/130) - OAuth error: We're sorry, but something went wrong [\#129](https://github.com/lynndylanhurley/devise_token_auth/issues/129) - Would it be useful to integrate login with username ? [\#127](https://github.com/lynndylanhurley/devise_token_auth/issues/127) @@ -2111,10 +2100,10 @@ - Error sending password reset email when not using confirmable [\#124](https://github.com/lynndylanhurley/devise_token_auth/issues/124) - Using expired token for parallel calls [\#123](https://github.com/lynndylanhurley/devise_token_auth/issues/123) - User tokens don't properly deserialize [\#121](https://github.com/lynndylanhurley/devise_token_auth/issues/121) -- OmniauthCallbacksController\#omniauth\_success wrong number of arguments \(1 for 0\) [\#119](https://github.com/lynndylanhurley/devise_token_auth/issues/119) +- OmniauthCallbacksController\#omniauth_success wrong number of arguments \(1 for 0\) [\#119](https://github.com/lynndylanhurley/devise_token_auth/issues/119) - Could not load 'omniauth' [\#118](https://github.com/lynndylanhurley/devise_token_auth/issues/118) - bad argument \(expected URI object or URI string\) [\#116](https://github.com/lynndylanhurley/devise_token_auth/issues/116) -- devise\_token\_auth for public API, but devise for rest of app? [\#114](https://github.com/lynndylanhurley/devise_token_auth/issues/114) +- devise_token_auth for public API, but devise for rest of app? [\#114](https://github.com/lynndylanhurley/devise_token_auth/issues/114) - Omniauthable deleted on UsersConcern : Why ? [\#111](https://github.com/lynndylanhurley/devise_token_auth/issues/111) - Unrequired route [\#110](https://github.com/lynndylanhurley/devise_token_auth/issues/110) - raises NoMethodError instead of displaying error when email is missing [\#108](https://github.com/lynndylanhurley/devise_token_auth/issues/108) @@ -2131,60 +2120,60 @@ - API versioning the devise scope of token validation and ominiauth controller path will wrap up [\#96](https://github.com/lynndylanhurley/devise_token_auth/issues/96) - Overwriting default "from" email address [\#94](https://github.com/lynndylanhurley/devise_token_auth/issues/94) - uninitialized constant DeviseTokenAuth [\#92](https://github.com/lynndylanhurley/devise_token_auth/issues/92) -- change\_headers\_on\_each\_request not working expiry header empty [\#90](https://github.com/lynndylanhurley/devise_token_auth/issues/90) +- change_headers_on_each_request not working expiry header empty [\#90](https://github.com/lynndylanhurley/devise_token_auth/issues/90) - Gem render consistency [\#87](https://github.com/lynndylanhurley/devise_token_auth/issues/87) - Sample Sessions Controller for logging in via Rails View. [\#86](https://github.com/lynndylanhurley/devise_token_auth/issues/86) -- Change authorization key: Use phone\_number instead of email [\#84](https://github.com/lynndylanhurley/devise_token_auth/issues/84) -- Conflict with active\_admin gem [\#83](https://github.com/lynndylanhurley/devise_token_auth/issues/83) -- NoMethodError in DeviseTokenAuth::OmniauthCallbacksController\#redirect\_callbacks [\#82](https://github.com/lynndylanhurley/devise_token_auth/issues/82) +- Change authorization key: Use phone_number instead of email [\#84](https://github.com/lynndylanhurley/devise_token_auth/issues/84) +- Conflict with active_admin gem [\#83](https://github.com/lynndylanhurley/devise_token_auth/issues/83) +- NoMethodError in DeviseTokenAuth::OmniauthCallbacksController\#redirect_callbacks [\#82](https://github.com/lynndylanhurley/devise_token_auth/issues/82) - All the APIs are getting 'Authorized users only' [\#81](https://github.com/lynndylanhurley/devise_token_auth/issues/81) - Is Devise option Rememberable required ? [\#80](https://github.com/lynndylanhurley/devise_token_auth/issues/80) -- Problem with skip\_confirmation! [\#78](https://github.com/lynndylanhurley/devise_token_auth/issues/78) +- Problem with skip_confirmation! [\#78](https://github.com/lynndylanhurley/devise_token_auth/issues/78) - Cannot reset password if registered by omniauth [\#77](https://github.com/lynndylanhurley/devise_token_auth/issues/77) - NoMethodError at /omniauth/facebook/callback - undefined method `\[\]' for nil:NilClass [\#76](https://github.com/lynndylanhurley/devise_token_auth/issues/76) - Remove dependency on ActiveRecord [\#72](https://github.com/lynndylanhurley/devise_token_auth/issues/72) - Skipping Registrations Controller Altogether [\#70](https://github.com/lynndylanhurley/devise_token_auth/issues/70) -- Problem in validate\_token if the model is in a namespace [\#69](https://github.com/lynndylanhurley/devise_token_auth/issues/69) +- Problem in validate_token if the model is in a namespace [\#69](https://github.com/lynndylanhurley/devise_token_auth/issues/69) - Cannot send confirmation email if there is no 'User' model [\#68](https://github.com/lynndylanhurley/devise_token_auth/issues/68) - Better guidelines for contributors [\#65](https://github.com/lynndylanhurley/devise_token_auth/issues/65) - admin namespace [\#63](https://github.com/lynndylanhurley/devise_token_auth/issues/63) - Devise trackable module not working [\#62](https://github.com/lynndylanhurley/devise_token_auth/issues/62) -- Devise\_token\_auth without OmniAuth authentication [\#60](https://github.com/lynndylanhurley/devise_token_auth/issues/60) +- Devise_token_auth without OmniAuth authentication [\#60](https://github.com/lynndylanhurley/devise_token_auth/issues/60) - Reset Password error [\#59](https://github.com/lynndylanhurley/devise_token_auth/issues/59) - Confirmable - unconfirmed email [\#58](https://github.com/lynndylanhurley/devise_token_auth/issues/58) - Email Column Isn't Used for Database Authentication [\#56](https://github.com/lynndylanhurley/devise_token_auth/issues/56) - Unique Key for Provider and UID Combination [\#55](https://github.com/lynndylanhurley/devise_token_auth/issues/55) - User Info in separate table or removed [\#53](https://github.com/lynndylanhurley/devise_token_auth/issues/53) - rename @user to @resource [\#48](https://github.com/lynndylanhurley/devise_token_auth/issues/48) -- Active\_admin issue [\#47](https://github.com/lynndylanhurley/devise_token_auth/issues/47) +- Active_admin issue [\#47](https://github.com/lynndylanhurley/devise_token_auth/issues/47) - Possible Logout Issue [\#46](https://github.com/lynndylanhurley/devise_token_auth/issues/46) - Routes not appended to routes.rb [\#45](https://github.com/lynndylanhurley/devise_token_auth/issues/45) -- Return resource.errors.full\_messages in addition to resource.errors [\#44](https://github.com/lynndylanhurley/devise_token_auth/issues/44) -- Devise and Devise\_Token\_Auth in api namespace [\#43](https://github.com/lynndylanhurley/devise_token_auth/issues/43) +- Return resource.errors.full_messages in addition to resource.errors [\#44](https://github.com/lynndylanhurley/devise_token_auth/issues/44) +- Devise and Devise_Token_Auth in api namespace [\#43](https://github.com/lynndylanhurley/devise_token_auth/issues/43) - Trackable attributes are not being updated. [\#42](https://github.com/lynndylanhurley/devise_token_auth/issues/42) -- Avoid using respond\_to in application controller [\#41](https://github.com/lynndylanhurley/devise_token_auth/issues/41) -- devise\_token\_auth assumes you want the :confirmable functionality [\#40](https://github.com/lynndylanhurley/devise_token_auth/issues/40) +- Avoid using respond_to in application controller [\#41](https://github.com/lynndylanhurley/devise_token_auth/issues/41) +- devise_token_auth assumes you want the :confirmable functionality [\#40](https://github.com/lynndylanhurley/devise_token_auth/issues/40) - undefined method `match' for nil:NilClass [\#39](https://github.com/lynndylanhurley/devise_token_auth/issues/39) - Expired token aren't removed when session expires [\#38](https://github.com/lynndylanhurley/devise_token_auth/issues/38) -- sign\_up helper [\#37](https://github.com/lynndylanhurley/devise_token_auth/issues/37) -- self.tokens\[client\_id\]\['token'\] != token [\#30](https://github.com/lynndylanhurley/devise_token_auth/issues/30) +- sign_up helper [\#37](https://github.com/lynndylanhurley/devise_token_auth/issues/37) +- self.tokens\[client_id\]\['token'\] != token [\#30](https://github.com/lynndylanhurley/devise_token_auth/issues/30) - How is the uid generated for non-omniauth users? [\#29](https://github.com/lynndylanhurley/devise_token_auth/issues/29) -- Access to current\_user variable? [\#28](https://github.com/lynndylanhurley/devise_token_auth/issues/28) -- Filter chain halted as :require\_no\_authentication [\#27](https://github.com/lynndylanhurley/devise_token_auth/issues/27) +- Access to current_user variable? [\#28](https://github.com/lynndylanhurley/devise_token_auth/issues/28) +- Filter chain halted as :require_no_authentication [\#27](https://github.com/lynndylanhurley/devise_token_auth/issues/27) - Allow additional parameters for registration [\#25](https://github.com/lynndylanhurley/devise_token_auth/issues/25) -- Cannot add more parameters at sign\_up [\#22](https://github.com/lynndylanhurley/devise_token_auth/issues/22) +- Cannot add more parameters at sign_up [\#22](https://github.com/lynndylanhurley/devise_token_auth/issues/22) - Error on Registration [\#21](https://github.com/lynndylanhurley/devise_token_auth/issues/21) - Error with authentication [\#20](https://github.com/lynndylanhurley/devise_token_auth/issues/20) - Cascade of Issues with Omniauth\(?\) [\#18](https://github.com/lynndylanhurley/devise_token_auth/issues/18) - Batch Requests Respond with Original Auth Token [\#17](https://github.com/lynndylanhurley/devise_token_auth/issues/17) - Sign out with email provider error [\#16](https://github.com/lynndylanhurley/devise_token_auth/issues/16) -- sessions\_controller.rb [\#12](https://github.com/lynndylanhurley/devise_token_auth/issues/12) +- sessions_controller.rb [\#12](https://github.com/lynndylanhurley/devise_token_auth/issues/12) - Github login in example is broken [\#10](https://github.com/lynndylanhurley/devise_token_auth/issues/10) - Facebook auth is broken [\#9](https://github.com/lynndylanhurley/devise_token_auth/issues/9) - Generator is not working [\#8](https://github.com/lynndylanhurley/devise_token_auth/issues/8) - Test ticket from Code Climate [\#6](https://github.com/lynndylanhurley/devise_token_auth/issues/6) - Test ticket from Code Climate [\#5](https://github.com/lynndylanhurley/devise_token_auth/issues/5) -- extending the devise\_token\_auth user model [\#4](https://github.com/lynndylanhurley/devise_token_auth/issues/4) +- extending the devise_token_auth user model [\#4](https://github.com/lynndylanhurley/devise_token_auth/issues/4) - A few ideas [\#3](https://github.com/lynndylanhurley/devise_token_auth/issues/3) - Google Oauth2 does not set cookies in production. [\#1](https://github.com/lynndylanhurley/devise_token_auth/issues/1) @@ -2193,20 +2182,20 @@ - Translate message: Authorized users only through devise [\#883](https://github.com/lynndylanhurley/devise_token_auth/pull/883) ([vincenzodev](https://github.com/vincenzodev)) - Updated generator test code to work with rails 5 [\#872](https://github.com/lynndylanhurley/devise_token_auth/pull/872) ([jrhee17](https://github.com/jrhee17)) - use URI::HTTPS to generate HTTPS redirects [\#864](https://github.com/lynndylanhurley/devise_token_auth/pull/864) ([cgc](https://github.com/cgc)) -- Rename find\_by methods [\#860](https://github.com/lynndylanhurley/devise_token_auth/pull/860) ([alex-lairan](https://github.com/alex-lairan)) +- Rename find_by methods [\#860](https://github.com/lynndylanhurley/devise_token_auth/pull/860) ([alex-lairan](https://github.com/alex-lairan)) - Support for Devise 4.2.1 [\#852](https://github.com/lynndylanhurley/devise_token_auth/pull/852) ([ckho](https://github.com/ckho)) - Add Albanian locale [\#842](https://github.com/lynndylanhurley/devise_token_auth/pull/842) ([fatosmorina](https://github.com/fatosmorina)) - Update german translation. [\#816](https://github.com/lynndylanhurley/devise_token_auth/pull/816) ([gobijan](https://github.com/gobijan)) - Prevent getting table info if not connected to db [\#814](https://github.com/lynndylanhurley/devise_token_auth/pull/814) ([cbliard](https://github.com/cbliard)) - Add support for italian locale [\#811](https://github.com/lynndylanhurley/devise_token_auth/pull/811) ([Chosko](https://github.com/Chosko)) - Fix privacy issue with password reset request [\#808](https://github.com/lynndylanhurley/devise_token_auth/pull/808) ([biomancer](https://github.com/biomancer)) -- Add missing parameter :redirect\_url, fixes \#805 [\#806](https://github.com/lynndylanhurley/devise_token_auth/pull/806) ([Rush](https://github.com/Rush)) +- Add missing parameter :redirect_url, fixes \#805 [\#806](https://github.com/lynndylanhurley/devise_token_auth/pull/806) ([Rush](https://github.com/Rush)) - Fix language errors in German locale [\#800](https://github.com/lynndylanhurley/devise_token_auth/pull/800) ([morgler](https://github.com/morgler)) - Don't send extra data on request password reset [\#798](https://github.com/lynndylanhurley/devise_token_auth/pull/798) ([Mrjaco12](https://github.com/Mrjaco12)) -- Travis: use the code\_climate addon config [\#786](https://github.com/lynndylanhurley/devise_token_auth/pull/786) ([olleolleolle](https://github.com/olleolleolle)) +- Travis: use the code_climate addon config [\#786](https://github.com/lynndylanhurley/devise_token_auth/pull/786) ([olleolleolle](https://github.com/olleolleolle)) - Update link [\#782](https://github.com/lynndylanhurley/devise_token_auth/pull/782) ([dijonkitchen](https://github.com/dijonkitchen)) -- Add index for confirmation\_token [\#767](https://github.com/lynndylanhurley/devise_token_auth/pull/767) ([dijonkitchen](https://github.com/dijonkitchen)) -- Fixes constructing redirect\_route [\#765](https://github.com/lynndylanhurley/devise_token_auth/pull/765) ([piotrkaczmarek](https://github.com/piotrkaczmarek)) +- Add index for confirmation_token [\#767](https://github.com/lynndylanhurley/devise_token_auth/pull/767) ([dijonkitchen](https://github.com/dijonkitchen)) +- Fixes constructing redirect_route [\#765](https://github.com/lynndylanhurley/devise_token_auth/pull/765) ([piotrkaczmarek](https://github.com/piotrkaczmarek)) - Use standart ActiveRecord error message for email uniqueness validation [\#746](https://github.com/lynndylanhurley/devise_token_auth/pull/746) ([mpugach](https://github.com/mpugach)) - Add Romanian locale. [\#743](https://github.com/lynndylanhurley/devise_token_auth/pull/743) ([razvanmitre](https://github.com/razvanmitre)) - Ruby syntax: replace and/not with &&/! [\#733](https://github.com/lynndylanhurley/devise_token_auth/pull/733) ([olleolleolle](https://github.com/olleolleolle)) @@ -2214,7 +2203,7 @@ - Add an extra line to the "contributing" list [\#720](https://github.com/lynndylanhurley/devise_token_auth/pull/720) ([jahammo2](https://github.com/jahammo2)) - Fix grammar [\#712](https://github.com/lynndylanhurley/devise_token_auth/pull/712) ([dijonkitchen](https://github.com/dijonkitchen)) - Added reference to Angular2-Token to README [\#710](https://github.com/lynndylanhurley/devise_token_auth/pull/710) ([neroniaky](https://github.com/neroniaky)) -- feat\(whitelist\): add wildcard support for redirect\_whitelist patterns [\#709](https://github.com/lynndylanhurley/devise_token_auth/pull/709) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- feat\(whitelist\): add wildcard support for redirect_whitelist patterns [\#709](https://github.com/lynndylanhurley/devise_token_auth/pull/709) ([booleanbetrayal](https://github.com/booleanbetrayal)) - Fix Migration Deprecation Warning [\#700](https://github.com/lynndylanhurley/devise_token_auth/pull/700) ([juddey](https://github.com/juddey)) - Apply `redirect\_whitelist` to OAuth redirect URI. [\#699](https://github.com/lynndylanhurley/devise_token_auth/pull/699) ([lynndylanhurley](https://github.com/lynndylanhurley)) - add zh-CN.yml [\#697](https://github.com/lynndylanhurley/devise_token_auth/pull/697) ([halfray](https://github.com/halfray)) @@ -2222,8 +2211,8 @@ - Fix for issue \#600 [\#674](https://github.com/lynndylanhurley/devise_token_auth/pull/674) ([milep](https://github.com/milep)) - Use lockable devise option and unlock controller overwrite [\#669](https://github.com/lynndylanhurley/devise_token_auth/pull/669) ([genaromadrid](https://github.com/genaromadrid)) - Fix setup config example in README [\#665](https://github.com/lynndylanhurley/devise_token_auth/pull/665) ([guich-wo](https://github.com/guich-wo)) -- added bypass\_sign\_in for next version of Devise [\#663](https://github.com/lynndylanhurley/devise_token_auth/pull/663) ([KendallPark](https://github.com/KendallPark)) -- fix method 'is\_json\_api' with active\_model\_serialier v 0.10.0 [\#651](https://github.com/lynndylanhurley/devise_token_auth/pull/651) ([woodcrust](https://github.com/woodcrust)) +- added bypass_sign_in for next version of Devise [\#663](https://github.com/lynndylanhurley/devise_token_auth/pull/663) ([KendallPark](https://github.com/KendallPark)) +- fix method 'is_json_api' with active_model_serialier v 0.10.0 [\#651](https://github.com/lynndylanhurley/devise_token_auth/pull/651) ([woodcrust](https://github.com/woodcrust)) - Tokens count overmuch fixed [\#650](https://github.com/lynndylanhurley/devise_token_auth/pull/650) ([JerryGreen](https://github.com/JerryGreen)) - updates config wrapper to conform with newer idiom [\#648](https://github.com/lynndylanhurley/devise_token_auth/pull/648) ([bvandgrift](https://github.com/bvandgrift)) - Adding support for devise 4.1.1 [\#642](https://github.com/lynndylanhurley/devise_token_auth/pull/642) ([iainmcg](https://github.com/iainmcg)) @@ -2231,7 +2220,7 @@ - Fix yields from controller actions [\#638](https://github.com/lynndylanhurley/devise_token_auth/pull/638) ([tiagojsag](https://github.com/tiagojsag)) - Fix generator to correctly inject content into the user model in rails 5 [\#636](https://github.com/lynndylanhurley/devise_token_auth/pull/636) ([ethangk](https://github.com/ethangk)) - fix spelling in comment on token auth concern [\#632](https://github.com/lynndylanhurley/devise_token_auth/pull/632) ([dandlezzz](https://github.com/dandlezzz)) -- fixed devise deprecation warning for config.email\_regexp [\#618](https://github.com/lynndylanhurley/devise_token_auth/pull/618) ([lemuelbarango](https://github.com/lemuelbarango)) +- fixed devise deprecation warning for config.email_regexp [\#618](https://github.com/lynndylanhurley/devise_token_auth/pull/618) ([lemuelbarango](https://github.com/lemuelbarango)) - Revert "Update readme for headers names" [\#592](https://github.com/lynndylanhurley/devise_token_auth/pull/592) ([ash1day](https://github.com/ash1day)) - Update readme for headers names [\#589](https://github.com/lynndylanhurley/devise_token_auth/pull/589) ([ash1day](https://github.com/ash1day)) - Add info to README [\#585](https://github.com/lynndylanhurley/devise_token_auth/pull/585) ([ghost](https://github.com/ghost)) @@ -2243,16 +2232,16 @@ - User concern: Ensure fallback is in place [\#564](https://github.com/lynndylanhurley/devise_token_auth/pull/564) ([olleolleolle](https://github.com/olleolleolle)) - Return resource with top-level 'type' member. [\#562](https://github.com/lynndylanhurley/devise_token_auth/pull/562) ([ruimiguelsantos](https://github.com/ruimiguelsantos)) - Fix devise mapping [\#540](https://github.com/lynndylanhurley/devise_token_auth/pull/540) ([merqlove](https://github.com/merqlove)) -- Make all json responses to be json\_api compliant [\#537](https://github.com/lynndylanhurley/devise_token_auth/pull/537) ([djsegal](https://github.com/djsegal)) +- Make all json responses to be json_api compliant [\#537](https://github.com/lynndylanhurley/devise_token_auth/pull/537) ([djsegal](https://github.com/djsegal)) - Avoid sending auth headers if while processing used token is cleared [\#531](https://github.com/lynndylanhurley/devise_token_auth/pull/531) ([virginia-rodriguez](https://github.com/virginia-rodriguez)) - Add Japanese locale and fix typo [\#530](https://github.com/lynndylanhurley/devise_token_auth/pull/530) ([metalunk](https://github.com/metalunk)) - Added omniauth post route [\#528](https://github.com/lynndylanhurley/devise_token_auth/pull/528) ([v3rtx](https://github.com/v3rtx)) - Extract model callbacks [\#525](https://github.com/lynndylanhurley/devise_token_auth/pull/525) ([merqlove](https://github.com/merqlove)) -- create token when no client\_id token [\#523](https://github.com/lynndylanhurley/devise_token_auth/pull/523) ([charlesdg](https://github.com/charlesdg)) -- Fix enable\_standard\_devise\_support in initializer [\#518](https://github.com/lynndylanhurley/devise_token_auth/pull/518) ([halilim](https://github.com/halilim)) -- Make render\_create\_success render valid json\_api [\#513](https://github.com/lynndylanhurley/devise_token_auth/pull/513) ([djsegal](https://github.com/djsegal)) -- Prevent raise of exception if set\_user\_by\_token not defined [\#511](https://github.com/lynndylanhurley/devise_token_auth/pull/511) ([jeryRazakarison](https://github.com/jeryRazakarison)) -- send\_on\_create\_confirmation\_instructions callback isn't defined \(rails 5\) [\#508](https://github.com/lynndylanhurley/devise_token_auth/pull/508) ([fivetwentysix](https://github.com/fivetwentysix)) +- create token when no client_id token [\#523](https://github.com/lynndylanhurley/devise_token_auth/pull/523) ([charlesdg](https://github.com/charlesdg)) +- Fix enable_standard_devise_support in initializer [\#518](https://github.com/lynndylanhurley/devise_token_auth/pull/518) ([halilim](https://github.com/halilim)) +- Make render_create_success render valid json_api [\#513](https://github.com/lynndylanhurley/devise_token_auth/pull/513) ([djsegal](https://github.com/djsegal)) +- Prevent raise of exception if set_user_by_token not defined [\#511](https://github.com/lynndylanhurley/devise_token_auth/pull/511) ([jeryRazakarison](https://github.com/jeryRazakarison)) +- send_on_create_confirmation_instructions callback isn't defined \(rails 5\) [\#508](https://github.com/lynndylanhurley/devise_token_auth/pull/508) ([fivetwentysix](https://github.com/fivetwentysix)) - \[REBASE\] Fix rails 5 deprecation and devise parameter sanitization [\#507](https://github.com/lynndylanhurley/devise_token_auth/pull/507) ([fivetwentysix](https://github.com/fivetwentysix)) - remove deprecations from RegistrationsController [\#506](https://github.com/lynndylanhurley/devise_token_auth/pull/506) ([fivetwentysix](https://github.com/fivetwentysix)) - Allow new devise version for rails 5 compatibility [\#499](https://github.com/lynndylanhurley/devise_token_auth/pull/499) ([djsegal](https://github.com/djsegal)) @@ -2273,7 +2262,7 @@ - limiting the number of concurrent devices [\#434](https://github.com/lynndylanhurley/devise_token_auth/pull/434) ([paulosoares86](https://github.com/paulosoares86)) - Raise error in controller method [\#430](https://github.com/lynndylanhurley/devise_token_auth/pull/430) ([ArneZsng](https://github.com/ArneZsng)) - feat\(enable-standard-devise\): allow configurable support of legacy Devise authentication [\#428](https://github.com/lynndylanhurley/devise_token_auth/pull/428) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Support for i18n in mailers views [\#427](https://github.com/lynndylanhurley/devise_token_auth/pull/427) ([ponyesteves](https://github.com/ponyesteves)) +- Support for i18n in mailers views [\#427](https://github.com/lynndylanhurley/devise_token_auth/pull/427) ([ponyesteves](https://github.com/ponyesteves)) - Fix omniauthredirection when under scopes [\#425](https://github.com/lynndylanhurley/devise_token_auth/pull/425) ([xjunior](https://github.com/xjunior)) - Translation to German [\#423](https://github.com/lynndylanhurley/devise_token_auth/pull/423) ([haslinger](https://github.com/haslinger)) - fix\(url\): preserve query parameters when building urls [\#421](https://github.com/lynndylanhurley/devise_token_auth/pull/421) ([nbrustein](https://github.com/nbrustein)) @@ -2303,24 +2292,24 @@ - feat\(improved-omniauth\): omniauth sameWindow and inAppBrowser flows [\#323](https://github.com/lynndylanhurley/devise_token_auth/pull/323) ([nbrustein](https://github.com/nbrustein)) - Fix invalid omniauth redirect [\#322](https://github.com/lynndylanhurley/devise_token_auth/pull/322) ([troggy](https://github.com/troggy)) - Old password check before password update [\#317](https://github.com/lynndylanhurley/devise_token_auth/pull/317) ([jakubrohleder](https://github.com/jakubrohleder)) -- Remove erroneous colon from before\_action callback [\#310](https://github.com/lynndylanhurley/devise_token_auth/pull/310) ([jmliu](https://github.com/jmliu)) +- Remove erroneous colon from before_action callback [\#310](https://github.com/lynndylanhurley/devise_token_auth/pull/310) ([jmliu](https://github.com/jmliu)) - Disabled serialization for JSON type columns [\#306](https://github.com/lynndylanhurley/devise_token_auth/pull/306) ([colavitam](https://github.com/colavitam)) - Set default provider to "email" in migration [\#302](https://github.com/lynndylanhurley/devise_token_auth/pull/302) ([colavitam](https://github.com/colavitam)) - Fix an issue for not :confirmable users [\#296](https://github.com/lynndylanhurley/devise_token_auth/pull/296) ([sebfie](https://github.com/sebfie)) - Update README.md [\#295](https://github.com/lynndylanhurley/devise_token_auth/pull/295) ([adisos](https://github.com/adisos)) -- Fix MOUNT\_PATH 'Read More' link [\#294](https://github.com/lynndylanhurley/devise_token_auth/pull/294) ([jmliu](https://github.com/jmliu)) +- Fix MOUNT_PATH 'Read More' link [\#294](https://github.com/lynndylanhurley/devise_token_auth/pull/294) ([jmliu](https://github.com/jmliu)) - Don't send password reset instructions to unconfirmed email [\#288](https://github.com/lynndylanhurley/devise_token_auth/pull/288) ([coryschires](https://github.com/coryschires)) - Feature/i18n support [\#283](https://github.com/lynndylanhurley/devise_token_auth/pull/283) ([sebfie](https://github.com/sebfie)) -- Update documentation for validate\_token [\#277](https://github.com/lynndylanhurley/devise_token_auth/pull/277) ([adamgall](https://github.com/adamgall)) +- Update documentation for validate_token [\#277](https://github.com/lynndylanhurley/devise_token_auth/pull/277) ([adamgall](https://github.com/adamgall)) - Added json support for tokens [\#276](https://github.com/lynndylanhurley/devise_token_auth/pull/276) ([shicholas](https://github.com/shicholas)) -- perf\(token\_is\_current?\): add simplistic cache to reduce overhead of redundant token checks during validation calls [\#272](https://github.com/lynndylanhurley/devise_token_auth/pull/272) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- perf\(update\_auth\_header\): only lock the resource if we are rotating tokens [\#267](https://github.com/lynndylanhurley/devise_token_auth/pull/267) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- fix\(email-validation\): Update in-use email validation message during registration to allow full\_message use [\#255](https://github.com/lynndylanhurley/devise_token_auth/pull/255) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- perf\(token_is_current?\): add simplistic cache to reduce overhead of redundant token checks during validation calls [\#272](https://github.com/lynndylanhurley/devise_token_auth/pull/272) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- perf\(update_auth_header\): only lock the resource if we are rotating tokens [\#267](https://github.com/lynndylanhurley/devise_token_auth/pull/267) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- fix\(email-validation\): Update in-use email validation message during registration to allow full_message use [\#255](https://github.com/lynndylanhurley/devise_token_auth/pull/255) ([booleanbetrayal](https://github.com/booleanbetrayal)) - fix\(session\#new\): fix unhandled 500 when logging in with valid user and bad password [\#254](https://github.com/lynndylanhurley/devise_token_auth/pull/254) ([mathemagica](https://github.com/mathemagica)) -- feat\(ominauth\): support json-formatted values in omniauth callback. [\#252](https://github.com/lynndylanhurley/devise_token_auth/pull/252) ([nbrustein](https://github.com/nbrustein)) -- fix\(sessions controller\): call reset\_session on destroy [\#251](https://github.com/lynndylanhurley/devise_token_auth/pull/251) ([nbrustein](https://github.com/nbrustein)) -- fix\(resource\_class\): support optional mapping property from set\_user\_by\_token [\#250](https://github.com/lynndylanhurley/devise_token_auth/pull/250) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Allow current\_password to be supplied when updating profile. [\#240](https://github.com/lynndylanhurley/devise_token_auth/pull/240) ([jasonswett](https://github.com/jasonswett)) +- feat\(ominauth\): support json-formatted values in omniauth callback. [\#252](https://github.com/lynndylanhurley/devise_token_auth/pull/252) ([nbrustein](https://github.com/nbrustein)) +- fix\(sessions controller\): call reset_session on destroy [\#251](https://github.com/lynndylanhurley/devise_token_auth/pull/251) ([nbrustein](https://github.com/nbrustein)) +- fix\(resource_class\): support optional mapping property from set_user_by_token [\#250](https://github.com/lynndylanhurley/devise_token_auth/pull/250) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- Allow current_password to be supplied when updating profile. [\#240](https://github.com/lynndylanhurley/devise_token_auth/pull/240) ([jasonswett](https://github.com/jasonswett)) - fixes password reset when not using confirmable [\#225](https://github.com/lynndylanhurley/devise_token_auth/pull/225) ([aesnyder](https://github.com/aesnyder)) - Fix error when email missing from registration params [\#220](https://github.com/lynndylanhurley/devise_token_auth/pull/220) ([iangreenleaf](https://github.com/iangreenleaf)) - URI fragment should appear at the end of URL [\#214](https://github.com/lynndylanhurley/devise_token_auth/pull/214) ([edymerchk](https://github.com/edymerchk)) @@ -2331,23 +2320,23 @@ - Return 422 \(was 500\) when empty body for sign up and account update [\#204](https://github.com/lynndylanhurley/devise_token_auth/pull/204) ([mchavarriagam](https://github.com/mchavarriagam)) - Users with allowed unconfirmed access can now log in successfully. [\#202](https://github.com/lynndylanhurley/devise_token_auth/pull/202) ([colavitam](https://github.com/colavitam)) - Authenticating an existing Warden/Devise User [\#200](https://github.com/lynndylanhurley/devise_token_auth/pull/200) ([nickL](https://github.com/nickL)) -- GET sign\_in should direct people to use POST sign\_in rather than raising exception [\#191](https://github.com/lynndylanhurley/devise_token_auth/pull/191) ([milesmatthias](https://github.com/milesmatthias)) +- GET sign_in should direct people to use POST sign_in rather than raising exception [\#191](https://github.com/lynndylanhurley/devise_token_auth/pull/191) ([milesmatthias](https://github.com/milesmatthias)) - Ignore 'extra' in Twitter auth response to avoid CookieOverflow. Fixes \#145. [\#179](https://github.com/lynndylanhurley/devise_token_auth/pull/179) ([tbloncar](https://github.com/tbloncar)) -- Some missing as\_json ? [\#152](https://github.com/lynndylanhurley/devise_token_auth/pull/152) ([nicolas-besnard](https://github.com/nicolas-besnard)) +- Some missing as_json ? [\#152](https://github.com/lynndylanhurley/devise_token_auth/pull/152) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Check email format on registration [\#150](https://github.com/lynndylanhurley/devise_token_auth/pull/150) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Actual header key uses dashes, not underscores. [\#143](https://github.com/lynndylanhurley/devise_token_auth/pull/143) ([ragaskar](https://github.com/ragaskar)) - Username register login [\#128](https://github.com/lynndylanhurley/devise_token_auth/pull/128) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Check if confirmable is active before skipping confirmation [\#125](https://github.com/lynndylanhurley/devise_token_auth/pull/125) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Fix links to section about controller integration. [\#117](https://github.com/lynndylanhurley/devise_token_auth/pull/117) ([Le6ow5k1](https://github.com/Le6ow5k1)) -- document GET for /validate\_token [\#113](https://github.com/lynndylanhurley/devise_token_auth/pull/113) ([lukaselmer](https://github.com/lukaselmer)) +- document GET for /validate_token [\#113](https://github.com/lynndylanhurley/devise_token_auth/pull/113) ([lukaselmer](https://github.com/lukaselmer)) - Fix small error in documentation. [\#91](https://github.com/lynndylanhurley/devise_token_auth/pull/91) ([edgarhenriquez](https://github.com/edgarhenriquez)) - Exclude devise modules [\#85](https://github.com/lynndylanhurley/devise_token_auth/pull/85) ([jartek](https://github.com/jartek)) - fix\(registration and update\): Ensure UID is updated alongside Email, and case-sensitivity is honored [\#71](https://github.com/lynndylanhurley/devise_token_auth/pull/71) ([booleanbetrayal](https://github.com/booleanbetrayal)) - Add better guidelines for contributors. [\#67](https://github.com/lynndylanhurley/devise_token_auth/pull/67) ([edgarhenriquez](https://github.com/edgarhenriquez)) -- Use resource\_class to override email confirmation. [\#64](https://github.com/lynndylanhurley/devise_token_auth/pull/64) ([edgarhenriquez](https://github.com/edgarhenriquez)) -- fix\(case-sensitivity\): support devise case\_insensitive\_keys for session ... [\#57](https://github.com/lynndylanhurley/devise_token_auth/pull/57) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- fix\(contention\): fix write contention in update\_auth\_headers and always ... [\#52](https://github.com/lynndylanhurley/devise_token_auth/pull/52) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Include resource.errors.full\_messages in error response. [\#50](https://github.com/lynndylanhurley/devise_token_auth/pull/50) ([jasonswett](https://github.com/jasonswett)) +- Use resource_class to override email confirmation. [\#64](https://github.com/lynndylanhurley/devise_token_auth/pull/64) ([edgarhenriquez](https://github.com/edgarhenriquez)) +- fix\(case-sensitivity\): support devise case_insensitive_keys for session ... [\#57](https://github.com/lynndylanhurley/devise_token_auth/pull/57) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- fix\(contention\): fix write contention in update_auth_headers and always ... [\#52](https://github.com/lynndylanhurley/devise_token_auth/pull/52) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- Include resource.errors.full_messages in error response. [\#50](https://github.com/lynndylanhurley/devise_token_auth/pull/50) ([jasonswett](https://github.com/jasonswett)) - fix\(expiry\): fix an issue where token expiration checks were too permissive [\#49](https://github.com/lynndylanhurley/devise_token_auth/pull/49) ([booleanbetrayal](https://github.com/booleanbetrayal)) - Update README with Example Generator Command [\#35](https://github.com/lynndylanhurley/devise_token_auth/pull/35) ([wwilkins](https://github.com/wwilkins)) - Remove OmniAuth dependency [\#26](https://github.com/lynndylanhurley/devise_token_auth/pull/26) ([hannahhoward](https://github.com/hannahhoward)) @@ -2359,19 +2348,19 @@ # Change Log ## [v0.1.40](https://github.com/lynndylanhurley/devise_token_auth/tree/v0.1.40) (2017-01-20) -[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.1.39...v0.1.40) +[Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.1.39...v0.1.40) **Closed issues:** - Support for multiple providers during same session [\#815](https://github.com/lynndylanhurley/devise_token_auth/issues/815) - not supporting for angular1.6 [\#810](https://github.com/lynndylanhurley/devise_token_auth/issues/810) - Add has one/belongs to assotiation [\#807](https://github.com/lynndylanhurley/devise_token_auth/issues/807) -- redirect\_url required but not permitted in strong parameters [\#805](https://github.com/lynndylanhurley/devise_token_auth/issues/805) +- redirect_url required but not permitted in strong parameters [\#805](https://github.com/lynndylanhurley/devise_token_auth/issues/805) - Rails 5 API Mode Not Authorizing [\#796](https://github.com/lynndylanhurley/devise_token_auth/issues/796) - wrong constant name user [\#784](https://github.com/lynndylanhurley/devise_token_auth/issues/784) -- current\_user returns nill [\#779](https://github.com/lynndylanhurley/devise_token_auth/issues/779) -- ActionController::RoutingError - undefined method `helper\_method' [\#776](https://github.com/lynndylanhurley/devise_token_auth/issues/776) +- current_user returns nill [\#779](https://github.com/lynndylanhurley/devise_token_auth/issues/779) +- ActionController::RoutingError - undefined method `helper_method' [\#776](https://github.com/lynndylanhurley/devise_token_auth/issues/776) - Minimum Limits on a token? [\#764](https://github.com/lynndylanhurley/devise_token_auth/issues/764) - Octopus throwing error when deleting expired tokens [\#761](https://github.com/lynndylanhurley/devise_token_auth/issues/761) - Only one User model return the correct headers [\#757](https://github.com/lynndylanhurley/devise_token_auth/issues/757) @@ -2379,37 +2368,37 @@ - Rails 5 API deployed as microservices [\#741](https://github.com/lynndylanhurley/devise_token_auth/issues/741) - Query params left in url after facebook login cause authentication to fail on refresh [\#734](https://github.com/lynndylanhurley/devise_token_auth/issues/734) - Can't permit parameters in rails engine [\#731](https://github.com/lynndylanhurley/devise_token_auth/issues/731) -- Cannot integrate with omniauth-facebook [\#729](https://github.com/lynndylanhurley/devise_token_auth/issues/729) +- Cannot integrate with omniauth-facebook [\#729](https://github.com/lynndylanhurley/devise_token_auth/issues/729) - Two models, one not working [\#726](https://github.com/lynndylanhurley/devise_token_auth/issues/726) -- API response bodies are empty when using active\_model\_serializers [\#715](https://github.com/lynndylanhurley/devise_token_auth/issues/715) -- /sign\_out route is returning 404 not found [\#713](https://github.com/lynndylanhurley/devise_token_auth/issues/713) +- API response bodies are empty when using active_model_serializers [\#715](https://github.com/lynndylanhurley/devise_token_auth/issues/715) +- /sign_out route is returning 404 not found [\#713](https://github.com/lynndylanhurley/devise_token_auth/issues/713) - Why is `tokens` field a json type and how to create a query based on inside values? [\#707](https://github.com/lynndylanhurley/devise_token_auth/issues/707) - Deprecation Error Message on 5.0 [\#698](https://github.com/lynndylanhurley/devise_token_auth/issues/698) - **Merged pull requests:** - Update german translation. [\#816](https://github.com/lynndylanhurley/devise_token_auth/pull/816) ([gobijan](https://github.com/gobijan)) - Add support for italian locale [\#811](https://github.com/lynndylanhurley/devise_token_auth/pull/811) ([Chosko](https://github.com/Chosko)) - Fix privacy issue with password reset request [\#808](https://github.com/lynndylanhurley/devise_token_auth/pull/808) ([biomancer](https://github.com/biomancer)) -- Add missing parameter :redirect\_url, fixes \#805 [\#806](https://github.com/lynndylanhurley/devise_token_auth/pull/806) ([Rush](https://github.com/Rush)) +- Add missing parameter :redirect_url, fixes \#805 [\#806](https://github.com/lynndylanhurley/devise_token_auth/pull/806) ([Rush](https://github.com/Rush)) - Fix language errors in German locale [\#800](https://github.com/lynndylanhurley/devise_token_auth/pull/800) ([morgler](https://github.com/morgler)) - Don't send extra data on request password reset [\#798](https://github.com/lynndylanhurley/devise_token_auth/pull/798) ([Mrjaco12](https://github.com/Mrjaco12)) -- Travis: use the code\_climate addon config [\#786](https://github.com/lynndylanhurley/devise_token_auth/pull/786) ([olleolleolle](https://github.com/olleolleolle)) +- Travis: use the code_climate addon config [\#786](https://github.com/lynndylanhurley/devise_token_auth/pull/786) ([olleolleolle](https://github.com/olleolleolle)) - Update link [\#782](https://github.com/lynndylanhurley/devise_token_auth/pull/782) ([dijonkitchen](https://github.com/dijonkitchen)) -- Add index for confirmation\_token [\#767](https://github.com/lynndylanhurley/devise_token_auth/pull/767) ([dijonkitchen](https://github.com/dijonkitchen)) -- Fixes constructing redirect\_route [\#765](https://github.com/lynndylanhurley/devise_token_auth/pull/765) ([piotrkaczmarek](https://github.com/piotrkaczmarek)) +- Add index for confirmation_token [\#767](https://github.com/lynndylanhurley/devise_token_auth/pull/767) ([dijonkitchen](https://github.com/dijonkitchen)) +- Fixes constructing redirect_route [\#765](https://github.com/lynndylanhurley/devise_token_auth/pull/765) ([piotrkaczmarek](https://github.com/piotrkaczmarek)) - Use standart ActiveRecord error message for email uniqueness validation [\#746](https://github.com/lynndylanhurley/devise_token_auth/pull/746) ([mpugach](https://github.com/mpugach)) - Add Romanian locale. [\#743](https://github.com/lynndylanhurley/devise_token_auth/pull/743) ([razvanmitre](https://github.com/razvanmitre)) - Update indexes on template [\#724](https://github.com/lynndylanhurley/devise_token_auth/pull/724) ([dijonkitchen](https://github.com/dijonkitchen)) - Add an extra line to the "contributing" list [\#720](https://github.com/lynndylanhurley/devise_token_auth/pull/720) ([jahammo2](https://github.com/jahammo2)) - Fix grammar [\#712](https://github.com/lynndylanhurley/devise_token_auth/pull/712) ([dijonkitchen](https://github.com/dijonkitchen)) - Added reference to Angular2-Token to README [\#710](https://github.com/lynndylanhurley/devise_token_auth/pull/710) ([neroniaky](https://github.com/neroniaky)) -- feat\(whitelist\): add wildcard support for redirect\_whitelist patterns [\#709](https://github.com/lynndylanhurley/devise_token_auth/pull/709) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- feat\(whitelist\): add wildcard support for redirect_whitelist patterns [\#709](https://github.com/lynndylanhurley/devise_token_auth/pull/709) ([booleanbetrayal](https://github.com/booleanbetrayal)) # Change Log ## [v0.1.39](https://github.com/lynndylanhurley/devise_token_auth/tree/v0.1.39) (2016-08-16) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.1.38...v0.1.39) **Closed issues:** @@ -2417,14 +2406,14 @@ - "Covert Redirect" Vulnerability [\#696](https://github.com/lynndylanhurley/devise_token_auth/issues/696) - No route matches \[POST\] "/api/v1/auth" [\#694](https://github.com/lynndylanhurley/devise_token_auth/issues/694) - Got this error with ActiveAdmin "wrong number of arguments \(1 for 0\)" [\#692](https://github.com/lynndylanhurley/devise_token_auth/issues/692) -- using devise\_token\_auth for API alongside standard devise gem for HTML view [\#689](https://github.com/lynndylanhurley/devise_token_auth/issues/689) -- No Headers after sign\_in for new Users created by Admin [\#685](https://github.com/lynndylanhurley/devise_token_auth/issues/685) -- NoMethodError \(undefined method `headers\_names' for DeviseTokenAuth:Module\) [\#684](https://github.com/lynndylanhurley/devise_token_auth/issues/684) +- using devise_token_auth for API alongside standard devise gem for HTML view [\#689](https://github.com/lynndylanhurley/devise_token_auth/issues/689) +- No Headers after sign_in for new Users created by Admin [\#685](https://github.com/lynndylanhurley/devise_token_auth/issues/685) +- NoMethodError \(undefined method `headers_names' for DeviseTokenAuth:Module\) [\#684](https://github.com/lynndylanhurley/devise_token_auth/issues/684) - Fast page refresh problem [\#683](https://github.com/lynndylanhurley/devise_token_auth/issues/683) -- IndexError: string not matched on User sign\_in [\#681](https://github.com/lynndylanhurley/devise_token_auth/issues/681) -- skip\_confirmation\_notification! not working [\#679](https://github.com/lynndylanhurley/devise_token_auth/issues/679) +- IndexError: string not matched on User sign_in [\#681](https://github.com/lynndylanhurley/devise_token_auth/issues/681) +- skip_confirmation_notification! not working [\#679](https://github.com/lynndylanhurley/devise_token_auth/issues/679) - Bump version to support devise 4.1.1 [\#659](https://github.com/lynndylanhurley/devise_token_auth/issues/659) -- not working with latest version of active\_model\_serializers [\#600](https://github.com/lynndylanhurley/devise_token_auth/issues/600) +- not working with latest version of active_model_serializers [\#600](https://github.com/lynndylanhurley/devise_token_auth/issues/600) **Merged pull requests:** @@ -2449,89 +2438,89 @@ **Closed issues:** -- rails g devise\_token\_auth:install User auth hangs and does nothing [\#671](https://github.com/lynndylanhurley/devise_token_auth/issues/671) -- callback :set\_user\_by\_token has not been defined [\#649](https://github.com/lynndylanhurley/devise_token_auth/issues/649) -- Issues with active\_model\_serializers [\#644](https://github.com/lynndylanhurley/devise_token_auth/issues/644) +- rails g devise_token_auth:install User auth hangs and does nothing [\#671](https://github.com/lynndylanhurley/devise_token_auth/issues/671) +- callback :set_user_by_token has not been defined [\#649](https://github.com/lynndylanhurley/devise_token_auth/issues/649) +- Issues with active_model_serializers [\#644](https://github.com/lynndylanhurley/devise_token_auth/issues/644) - Error with devise [\#643](https://github.com/lynndylanhurley/devise_token_auth/issues/643) -- undefined method `token\_validation\_response' [\#635](https://github.com/lynndylanhurley/devise_token_auth/issues/635) -- when password is reset from UI, all tokens must be removed if remove\_tokens\_after\_password\_reset is true [\#634](https://github.com/lynndylanhurley/devise_token_auth/issues/634) +- undefined method `token_validation_response' [\#635](https://github.com/lynndylanhurley/devise_token_auth/issues/635) +- when password is reset from UI, all tokens must be removed if remove_tokens_after_password_reset is true [\#634](https://github.com/lynndylanhurley/devise_token_auth/issues/634) - Relax devise dependency to allow 4.1 [\#631](https://github.com/lynndylanhurley/devise_token_auth/issues/631) - Rails 5 generator doesn't insert concern [\#627](https://github.com/lynndylanhurley/devise_token_auth/issues/627) -- NoMethodError \(undefined method `find\_by\_uid'\) in production. [\#625](https://github.com/lynndylanhurley/devise_token_auth/issues/625) -- Curl not working for sign\_in but works on ng-token-angular [\#620](https://github.com/lynndylanhurley/devise_token_auth/issues/620) +- NoMethodError \(undefined method `find_by_uid'\) in production. [\#625](https://github.com/lynndylanhurley/devise_token_auth/issues/625) +- Curl not working for sign_in but works on ng-token-angular [\#620](https://github.com/lynndylanhurley/devise_token_auth/issues/620) - After Sign-in success, The following requests on Angular side are unauthorized. [\#619](https://github.com/lynndylanhurley/devise_token_auth/issues/619) - Omniauth - Facebook app doesn't run callback url after successful Facebook authentication [\#615](https://github.com/lynndylanhurley/devise_token_auth/issues/615) -- :authenticate\_user! wired behaviour [\#614](https://github.com/lynndylanhurley/devise_token_auth/issues/614) -- current\_user is nil, request headers are all upcased and prefixed with HTML\_ [\#611](https://github.com/lynndylanhurley/devise_token_auth/issues/611) +- :authenticate_user! wired behaviour [\#614](https://github.com/lynndylanhurley/devise_token_auth/issues/614) +- current_user is nil, request headers are all upcased and prefixed with HTML\_ [\#611](https://github.com/lynndylanhurley/devise_token_auth/issues/611) - Problem in generated routes [\#607](https://github.com/lynndylanhurley/devise_token_auth/issues/607) - Rails 5 API Mode - no headers in response [\#606](https://github.com/lynndylanhurley/devise_token_auth/issues/606) -- Filter chain halted as :authenticate\_user! rendered or redirected [\#603](https://github.com/lynndylanhurley/devise_token_auth/issues/603) +- Filter chain halted as :authenticate_user! rendered or redirected [\#603](https://github.com/lynndylanhurley/devise_token_auth/issues/603) - 422 Unprocessable Entity when using local IP address [\#601](https://github.com/lynndylanhurley/devise_token_auth/issues/601) -- overriding rendering methods in devise\_token\_auth [\#597](https://github.com/lynndylanhurley/devise_token_auth/issues/597) -- redirect\_url is missing in email instructions sent to the user for password reset [\#588](https://github.com/lynndylanhurley/devise_token_auth/issues/588) -- Unpermitted parameter: {"email":"mail@gmail.com","password":"abcdefgh","password\_confirmation":"abcdefgh"} [\#587](https://github.com/lynndylanhurley/devise_token_auth/issues/587) +- overriding rendering methods in devise_token_auth [\#597](https://github.com/lynndylanhurley/devise_token_auth/issues/597) +- redirect_url is missing in email instructions sent to the user for password reset [\#588](https://github.com/lynndylanhurley/devise_token_auth/issues/588) +- Unpermitted parameter: {"email":"mail@gmail.com","password":"abcdefgh","password_confirmation":"abcdefgh"} [\#587](https://github.com/lynndylanhurley/devise_token_auth/issues/587) - can't authenticate user when opening a new download tab [\#582](https://github.com/lynndylanhurley/devise_token_auth/issues/582) - Mails are not being sent [\#581](https://github.com/lynndylanhurley/devise_token_auth/issues/581) -- current\_user seems to be nil after doing requests from different tabs [\#579](https://github.com/lynndylanhurley/devise_token_auth/issues/579) -- Do we have any rspec helpers to sign\_in an user? [\#577](https://github.com/lynndylanhurley/devise_token_auth/issues/577) -- Cannot override json response of authenticate\_user! [\#575](https://github.com/lynndylanhurley/devise_token_auth/issues/575) -- return custom json data after sign\_in [\#567](https://github.com/lynndylanhurley/devise_token_auth/issues/567) -- /auth/validate\_token works but getting 401 unauthorized when sending request with auth headers [\#550](https://github.com/lynndylanhurley/devise_token_auth/issues/550) +- current_user seems to be nil after doing requests from different tabs [\#579](https://github.com/lynndylanhurley/devise_token_auth/issues/579) +- Do we have any rspec helpers to sign_in an user? [\#577](https://github.com/lynndylanhurley/devise_token_auth/issues/577) +- Cannot override json response of authenticate_user! [\#575](https://github.com/lynndylanhurley/devise_token_auth/issues/575) +- return custom json data after sign_in [\#567](https://github.com/lynndylanhurley/devise_token_auth/issues/567) +- /auth/validate_token works but getting 401 unauthorized when sending request with auth headers [\#550](https://github.com/lynndylanhurley/devise_token_auth/issues/550) - Where is the access key of omniauth provider? [\#549](https://github.com/lynndylanhurley/devise_token_auth/issues/549) - How this gem is different from a JWT system? [\#543](https://github.com/lynndylanhurley/devise_token_auth/issues/543) - Improper formatting for JSON API error/success responses [\#536](https://github.com/lynndylanhurley/devise_token_auth/issues/536) - Is it a hybrid authentication system? [\#527](https://github.com/lynndylanhurley/devise_token_auth/issues/527) -- check\_current\_password\_before\_update still requires password when resetting password [\#526](https://github.com/lynndylanhurley/devise_token_auth/issues/526) +- check_current_password_before_update still requires password when resetting password [\#526](https://github.com/lynndylanhurley/devise_token_auth/issues/526) - Manually authenticate for testing [\#521](https://github.com/lynndylanhurley/devise_token_auth/issues/521) - Support for STI [\#517](https://github.com/lynndylanhurley/devise_token_auth/issues/517) -- JSON responses don't fit JSON\_API requirements [\#512](https://github.com/lynndylanhurley/devise_token_auth/issues/512) +- JSON responses don't fit JSON_API requirements [\#512](https://github.com/lynndylanhurley/devise_token_auth/issues/512) - Not working with rails 5 and devise master [\#504](https://github.com/lynndylanhurley/devise_token_auth/issues/504) -- Unpermitted parameters: confirm\_success\_url, config\_name, registration [\#501](https://github.com/lynndylanhurley/devise_token_auth/issues/501) -- set\_user\_by\_token not defined in production for rails 5 [\#500](https://github.com/lynndylanhurley/devise_token_auth/issues/500) +- Unpermitted parameters: confirm_success_url, config_name, registration [\#501](https://github.com/lynndylanhurley/devise_token_auth/issues/501) +- set_user_by_token not defined in production for rails 5 [\#500](https://github.com/lynndylanhurley/devise_token_auth/issues/500) - Master branch no longer working with devise master branch \(version error\) [\#498](https://github.com/lynndylanhurley/devise_token_auth/issues/498) - uid is not getting set in git revision 996b9cf23a18 [\#497](https://github.com/lynndylanhurley/devise_token_auth/issues/497) -- ve\_model\_serializer namespace [\#492](https://github.com/lynndylanhurley/devise_token_auth/issues/492) -- User remains logged in when using devise and devise\_token\_auth in the same app [\#486](https://github.com/lynndylanhurley/devise_token_auth/issues/486) -- DEPRECATION WARNING: alias\_method\_chain is deprecated. Rails 5 [\#482](https://github.com/lynndylanhurley/devise_token_auth/issues/482) -- validate\_token - resource\_name - undefined method `name' for nil:NilClass [\#480](https://github.com/lynndylanhurley/devise_token_auth/issues/480) +- ve_model_serializer namespace [\#492](https://github.com/lynndylanhurley/devise_token_auth/issues/492) +- User remains logged in when using devise and devise_token_auth in the same app [\#486](https://github.com/lynndylanhurley/devise_token_auth/issues/486) +- DEPRECATION WARNING: alias_method_chain is deprecated. Rails 5 [\#482](https://github.com/lynndylanhurley/devise_token_auth/issues/482) +- validate_token - resource_name - undefined method `name' for nil:NilClass [\#480](https://github.com/lynndylanhurley/devise_token_auth/issues/480) - Helpers being loaded for Rails API's [\#468](https://github.com/lynndylanhurley/devise_token_auth/issues/468) - Unable to call `rails g devise\_token\_auth:install` within rails engine [\#465](https://github.com/lynndylanhurley/devise_token_auth/issues/465) - locales `errors.messages.already\_in\_use` seems broken [\#463](https://github.com/lynndylanhurley/devise_token_auth/issues/463) - It shows "An error occurred" after omniauth callback [\#445](https://github.com/lynndylanhurley/devise_token_auth/issues/445) - - [\#444](https://github.com/lynndylanhurley/devise_token_auth/issues/444) - Put Access Token in body [\#442](https://github.com/lynndylanhurley/devise_token_auth/issues/442) -- Unable to add a new param for sign up [\#440](https://github.com/lynndylanhurley/devise_token_auth/issues/440) -- Undefined method provider from devise\_toke\_auth concerns/user.rb [\#438](https://github.com/lynndylanhurley/devise_token_auth/issues/438) +- Unable to add a new param for sign up [\#440](https://github.com/lynndylanhurley/devise_token_auth/issues/440) +- Undefined method provider from devise_toke_auth concerns/user.rb [\#438](https://github.com/lynndylanhurley/devise_token_auth/issues/438) - Scoped DeviseToken but it still affects the original Omniauth redirects. [\#429](https://github.com/lynndylanhurley/devise_token_auth/issues/429) - Can't create user via api [\#422](https://github.com/lynndylanhurley/devise_token_auth/issues/422) -- Password Reset question, do I need my own form? [\#418](https://github.com/lynndylanhurley/devise_token_auth/issues/418) +- Password Reset question, do I need my own form? [\#418](https://github.com/lynndylanhurley/devise_token_auth/issues/418) - Large Size on Disk [\#415](https://github.com/lynndylanhurley/devise_token_auth/issues/415) -- The validate\_token function in the readme is missing a parameter [\#413](https://github.com/lynndylanhurley/devise_token_auth/issues/413) +- The validate_token function in the readme is missing a parameter [\#413](https://github.com/lynndylanhurley/devise_token_auth/issues/413) - Cannot migrate database: NoMethodError: undefined method `new' for DeviseTokenAuth:Module [\#406](https://github.com/lynndylanhurley/devise_token_auth/issues/406) -- change\_headers\_on\_each\_request and batch requests [\#403](https://github.com/lynndylanhurley/devise_token_auth/issues/403) +- change_headers_on_each_request and batch requests [\#403](https://github.com/lynndylanhurley/devise_token_auth/issues/403) - Multiple users, returning\(and creating\) wrong model's auth token [\#399](https://github.com/lynndylanhurley/devise_token_auth/issues/399) - Can't verify CSRF token authenticity [\#398](https://github.com/lynndylanhurley/devise_token_auth/issues/398) - uninitialized constant DeviseTokenAuth::OmniauthCallbacksController::BCrypt [\#393](https://github.com/lynndylanhurley/devise_token_auth/issues/393) - Sign in not success. [\#388](https://github.com/lynndylanhurley/devise_token_auth/issues/388) -- password length [\#380](https://github.com/lynndylanhurley/devise_token_auth/issues/380) +- password length [\#380](https://github.com/lynndylanhurley/devise_token_auth/issues/380) - Devise token auth not found routing error [\#379](https://github.com/lynndylanhurley/devise_token_auth/issues/379) - Defining a custom primary key [\#378](https://github.com/lynndylanhurley/devise_token_auth/issues/378) - seeing other users data after login/out with different users on ionic [\#375](https://github.com/lynndylanhurley/devise_token_auth/issues/375) - omniauth: when redirecting, user object should not be serialized into url [\#368](https://github.com/lynndylanhurley/devise_token_auth/issues/368) -- getting ng-token-auth and devise\_token\_auth to work with OAuth in ionic InAppBrowser [\#367](https://github.com/lynndylanhurley/devise_token_auth/issues/367) +- getting ng-token-auth and devise_token_auth to work with OAuth in ionic InAppBrowser [\#367](https://github.com/lynndylanhurley/devise_token_auth/issues/367) - omniauth callback redirect not working properly when using namespace/scope [\#362](https://github.com/lynndylanhurley/devise_token_auth/issues/362) -- invalid token in method set\_user\_by\_token on RegistrationsController\#update [\#357](https://github.com/lynndylanhurley/devise_token_auth/issues/357) +- invalid token in method set_user_by_token on RegistrationsController\#update [\#357](https://github.com/lynndylanhurley/devise_token_auth/issues/357) - Allow devise patch version updates [\#351](https://github.com/lynndylanhurley/devise_token_auth/issues/351) - Error validating token [\#348](https://github.com/lynndylanhurley/devise_token_auth/issues/348) - Allow for HTTP Basic Auth ? [\#337](https://github.com/lynndylanhurley/devise_token_auth/issues/337) - Allow Omniauth user reset password [\#335](https://github.com/lynndylanhurley/devise_token_auth/issues/335) - NameError \(uninitialized constant DeviseTokenAuth::Concerns::User::BCrypt\) [\#333](https://github.com/lynndylanhurley/devise_token_auth/issues/333) - Unpermitted parameters: format, session [\#328](https://github.com/lynndylanhurley/devise_token_auth/issues/328) -- devise token auth + Save Facebook auth\_hash info in database [\#326](https://github.com/lynndylanhurley/devise_token_auth/issues/326) +- devise token auth + Save Facebook auth_hash info in database [\#326](https://github.com/lynndylanhurley/devise_token_auth/issues/326) - Error sending password reset email when not using confirmable \(reopened \#124\) [\#321](https://github.com/lynndylanhurley/devise_token_auth/issues/321) - Routing error / Preflight request / OPTIONS [\#320](https://github.com/lynndylanhurley/devise_token_auth/issues/320) - delete tokens after password change [\#318](https://github.com/lynndylanhurley/devise_token_auth/issues/318) -- Can't authorize \(user\_signed\_in? always show false\) [\#315](https://github.com/lynndylanhurley/devise_token_auth/issues/315) +- Can't authorize \(user_signed_in? always show false\) [\#315](https://github.com/lynndylanhurley/devise_token_auth/issues/315) - Warden::SessionSerializer - wrong number of arguments \(2 for 1\) [\#312](https://github.com/lynndylanhurley/devise_token_auth/issues/312) - The action 'twitter' could not be found for DeviseTokenAuth::OmniauthCallbacksController [\#309](https://github.com/lynndylanhurley/devise_token_auth/issues/309) - Having 401 Unauthorized only with mobile [\#305](https://github.com/lynndylanhurley/devise_token_auth/issues/305) @@ -2540,16 +2529,16 @@ - Getting 401's when making requests using iOS/Android clients [\#299](https://github.com/lynndylanhurley/devise_token_auth/issues/299) - undefined method `tokens' for \#\ [\#297](https://github.com/lynndylanhurley/devise_token_auth/issues/297) - Confirmation URL giving bad arguments [\#293](https://github.com/lynndylanhurley/devise_token_auth/issues/293) -- set\_user\_by\_token not called in overriden controller [\#291](https://github.com/lynndylanhurley/devise_token_auth/issues/291) -- Question: Should we send password reset instructions to unconfirmed emails? [\#287](https://github.com/lynndylanhurley/devise_token_auth/issues/287) +- set_user_by_token not called in overriden controller [\#291](https://github.com/lynndylanhurley/devise_token_auth/issues/291) +- Question: Should we send password reset instructions to unconfirmed emails? [\#287](https://github.com/lynndylanhurley/devise_token_auth/issues/287) - NoMethodError \(undefined method `\[\]' for nil:NilClass\): [\#286](https://github.com/lynndylanhurley/devise_token_auth/issues/286) - Facebook omniauth redirection is missing url when testing on localhost [\#285](https://github.com/lynndylanhurley/devise_token_auth/issues/285) - No route matches \[GET\] "/users/facebook/callback" [\#280](https://github.com/lynndylanhurley/devise_token_auth/issues/280) - No route matches \[GET\] "/omniauth/:provider" [\#278](https://github.com/lynndylanhurley/devise_token_auth/issues/278) - How to refresh token/expiry? [\#275](https://github.com/lynndylanhurley/devise_token_auth/issues/275) -- wrong number of arguments \(1 for 0\): in DeviseTokenAuth::RegistrationsController\#create [\#274](https://github.com/lynndylanhurley/devise_token_auth/issues/274) +- wrong number of arguments \(1 for 0\): in DeviseTokenAuth::RegistrationsController\#create [\#274](https://github.com/lynndylanhurley/devise_token_auth/issues/274) - Can not save a user with nil tokens attribute [\#271](https://github.com/lynndylanhurley/devise_token_auth/issues/271) -- Shouldn't validate\_token param be access-token, not auth\_token? [\#270](https://github.com/lynndylanhurley/devise_token_auth/issues/270) +- Shouldn't validate_token param be access-token, not auth_token? [\#270](https://github.com/lynndylanhurley/devise_token_auth/issues/270) - include associations on login [\#269](https://github.com/lynndylanhurley/devise_token_auth/issues/269) - Failure route not handled [\#262](https://github.com/lynndylanhurley/devise_token_auth/issues/262) - Getting Unauthorized error even after sending the correct token, uid and client [\#261](https://github.com/lynndylanhurley/devise_token_auth/issues/261) @@ -2557,20 +2546,20 @@ - undefined method `provider' for \#\ [\#257](https://github.com/lynndylanhurley/devise_token_auth/issues/257) - Custom Serializer like ActiveModel Serializer [\#249](https://github.com/lynndylanhurley/devise_token_auth/issues/249) - File download with query params [\#246](https://github.com/lynndylanhurley/devise_token_auth/issues/246) -- Info: is devise\_token\_auth compatible with rails 3.2.19? [\#245](https://github.com/lynndylanhurley/devise_token_auth/issues/245) +- Info: is devise_token_auth compatible with rails 3.2.19? [\#245](https://github.com/lynndylanhurley/devise_token_auth/issues/245) - Headers required for different methods [\#243](https://github.com/lynndylanhurley/devise_token_auth/issues/243) - Unpermitted parameters: format, session, lang [\#239](https://github.com/lynndylanhurley/devise_token_auth/issues/239) -- On sign\_in, devise\_token\_auth expects the uid to be the same as the email [\#237](https://github.com/lynndylanhurley/devise_token_auth/issues/237) -- Name conflict with inherited\_resources [\#236](https://github.com/lynndylanhurley/devise_token_auth/issues/236) -- sign\_in will not fetch the token [\#234](https://github.com/lynndylanhurley/devise_token_auth/issues/234) +- On sign_in, devise_token_auth expects the uid to be the same as the email [\#237](https://github.com/lynndylanhurley/devise_token_auth/issues/237) +- Name conflict with inherited_resources [\#236](https://github.com/lynndylanhurley/devise_token_auth/issues/236) +- sign_in will not fetch the token [\#234](https://github.com/lynndylanhurley/devise_token_auth/issues/234) - Remove \('\#'\) symbol when using html5mode in locationProvider [\#232](https://github.com/lynndylanhurley/devise_token_auth/issues/232) - Log in request 401 error [\#231](https://github.com/lynndylanhurley/devise_token_auth/issues/231) - User Registration - "email address already in use" when it is unique [\#230](https://github.com/lynndylanhurley/devise_token_auth/issues/230) - Devise email validation disabled...why? [\#229](https://github.com/lynndylanhurley/devise_token_auth/issues/229) -- confirm\_success\_url error not working [\#226](https://github.com/lynndylanhurley/devise_token_auth/issues/226) -- pending\_reconfirmation called when confirmable isn't used [\#224](https://github.com/lynndylanhurley/devise_token_auth/issues/224) -- omniauth\_success.html.erb JSON bug [\#221](https://github.com/lynndylanhurley/devise_token_auth/issues/221) -- Using devise\_token\_auth and ng\_token\_auth with angularJS in an Ionic Hybrid application [\#218](https://github.com/lynndylanhurley/devise_token_auth/issues/218) +- confirm_success_url error not working [\#226](https://github.com/lynndylanhurley/devise_token_auth/issues/226) +- pending_reconfirmation called when confirmable isn't used [\#224](https://github.com/lynndylanhurley/devise_token_auth/issues/224) +- omniauth_success.html.erb JSON bug [\#221](https://github.com/lynndylanhurley/devise_token_auth/issues/221) +- Using devise_token_auth and ng_token_auth with angularJS in an Ionic Hybrid application [\#218](https://github.com/lynndylanhurley/devise_token_auth/issues/218) - Where can I got token? [\#217](https://github.com/lynndylanhurley/devise_token_auth/issues/217) - URI fragment prevent to send params in Confirmation URL [\#213](https://github.com/lynndylanhurley/devise_token_auth/issues/213) - Generating many client tokens [\#210](https://github.com/lynndylanhurley/devise_token_auth/issues/210) @@ -2580,41 +2569,41 @@ - DELETE method becoming OPTIONS @ Heroku [\#197](https://github.com/lynndylanhurley/devise_token_auth/issues/197) - 40 Mb log file and 1 minute to have token with curl [\#195](https://github.com/lynndylanhurley/devise_token_auth/issues/195) - 401 unauthorized [\#193](https://github.com/lynndylanhurley/devise_token_auth/issues/193) -- GET requests to sign\_in shouldn't raise an exception [\#190](https://github.com/lynndylanhurley/devise_token_auth/issues/190) +- GET requests to sign_in shouldn't raise an exception [\#190](https://github.com/lynndylanhurley/devise_token_auth/issues/190) - Api not locked by default [\#189](https://github.com/lynndylanhurley/devise_token_auth/issues/189) -- Rails 4.1 [\#187](https://github.com/lynndylanhurley/devise_token_auth/issues/187) -- Unable to override OmniauthCallbacksController\#redirect\_callbacks [\#186](https://github.com/lynndylanhurley/devise_token_auth/issues/186) +- Rails 4.1 [\#187](https://github.com/lynndylanhurley/devise_token_auth/issues/187) +- Unable to override OmniauthCallbacksController\#redirect_callbacks [\#186](https://github.com/lynndylanhurley/devise_token_auth/issues/186) - Token based authentication with no sessions [\#183](https://github.com/lynndylanhurley/devise_token_auth/issues/183) -- undefined method `authenticate\_user!' [\#182](https://github.com/lynndylanhurley/devise_token_auth/issues/182) -- confirm\_success\_url shouldn't be a required param [\#176](https://github.com/lynndylanhurley/devise_token_auth/issues/176) +- undefined method `authenticate_user!' [\#182](https://github.com/lynndylanhurley/devise_token_auth/issues/182) +- confirm_success_url shouldn't be a required param [\#176](https://github.com/lynndylanhurley/devise_token_auth/issues/176) - Provide an OAuth implementation for native apps [\#175](https://github.com/lynndylanhurley/devise_token_auth/issues/175) - getting an argument error when trying to use omniauth [\#174](https://github.com/lynndylanhurley/devise_token_auth/issues/174) - Sign in via username doesn't seem to work correctly. [\#173](https://github.com/lynndylanhurley/devise_token_auth/issues/173) - Cannot use + sign in email address. [\#171](https://github.com/lynndylanhurley/devise_token_auth/issues/171) - How can i authenticate using curl and get private entries ! [\#167](https://github.com/lynndylanhurley/devise_token_auth/issues/167) - Pessimistic Locking produces ArgumentError [\#165](https://github.com/lynndylanhurley/devise_token_auth/issues/165) -- POTENTIAL SECURITY RISK: Setting confirm\_success\_url and redirect\_url via API [\#162](https://github.com/lynndylanhurley/devise_token_auth/issues/162) +- POTENTIAL SECURITY RISK: Setting confirm_success_url and redirect_url via API [\#162](https://github.com/lynndylanhurley/devise_token_auth/issues/162) - Sign out just on client side ? [\#161](https://github.com/lynndylanhurley/devise_token_auth/issues/161) -- Unpermitted parameter: redirect\_url [\#160](https://github.com/lynndylanhurley/devise_token_auth/issues/160) -- Issues using devise and devise\_token\_auth [\#159](https://github.com/lynndylanhurley/devise_token_auth/issues/159) +- Unpermitted parameter: redirect_url [\#160](https://github.com/lynndylanhurley/devise_token_auth/issues/160) +- Issues using devise and devise_token_auth [\#159](https://github.com/lynndylanhurley/devise_token_auth/issues/159) - Add role based authorization [\#158](https://github.com/lynndylanhurley/devise_token_auth/issues/158) - Not compatible with ActiveAdmin [\#156](https://github.com/lynndylanhurley/devise_token_auth/issues/156) -- \[Duplicate\] is devise\_invitable supported? [\#154](https://github.com/lynndylanhurley/devise_token_auth/issues/154) +- \[Duplicate\] is devise_invitable supported? [\#154](https://github.com/lynndylanhurley/devise_token_auth/issues/154) - User can register with a "false" email [\#149](https://github.com/lynndylanhurley/devise_token_auth/issues/149) -- /validate\_token [\#148](https://github.com/lynndylanhurley/devise_token_auth/issues/148) +- /validate_token [\#148](https://github.com/lynndylanhurley/devise_token_auth/issues/148) - Email confirmation link [\#147](https://github.com/lynndylanhurley/devise_token_auth/issues/147) - Tokens field on database [\#146](https://github.com/lynndylanhurley/devise_token_auth/issues/146) - Twitter OAuth always throughs CookieOverflow [\#145](https://github.com/lynndylanhurley/devise_token_auth/issues/145) - Is there a way to configure apiUrl for both dev and prod? [\#144](https://github.com/lynndylanhurley/devise_token_auth/issues/144) - Getting 401 unauthorized on login attempt [\#142](https://github.com/lynndylanhurley/devise_token_auth/issues/142) - Comparing with jwt [\#140](https://github.com/lynndylanhurley/devise_token_auth/issues/140) -- Can't get omniauth to work \(error in redirect\_callbacks\) [\#139](https://github.com/lynndylanhurley/devise_token_auth/issues/139) +- Can't get omniauth to work \(error in redirect_callbacks\) [\#139](https://github.com/lynndylanhurley/devise_token_auth/issues/139) - Change controller inheritance [\#138](https://github.com/lynndylanhurley/devise_token_auth/issues/138) - Reset Password call returns 400 for Not Found user [\#137](https://github.com/lynndylanhurley/devise_token_auth/issues/137) - The gem is too big. Please take care of it. [\#136](https://github.com/lynndylanhurley/devise_token_auth/issues/136) - Error when loging with facebook the second time without logout [\#135](https://github.com/lynndylanhurley/devise_token_auth/issues/135) -- OmniAuth redirect doesn't work if using the generated mount\_devise\_token route [\#133](https://github.com/lynndylanhurley/devise_token_auth/issues/133) -- Missing template /omniauth\_response [\#132](https://github.com/lynndylanhurley/devise_token_auth/issues/132) +- OmniAuth redirect doesn't work if using the generated mount_devise_token route [\#133](https://github.com/lynndylanhurley/devise_token_auth/issues/133) +- Missing template /omniauth_response [\#132](https://github.com/lynndylanhurley/devise_token_auth/issues/132) - Unpermitted parameter: session [\#130](https://github.com/lynndylanhurley/devise_token_auth/issues/130) - OAuth error: We're sorry, but something went wrong [\#129](https://github.com/lynndylanhurley/devise_token_auth/issues/129) - Would it be useful to integrate login with username ? [\#127](https://github.com/lynndylanhurley/devise_token_auth/issues/127) @@ -2624,7 +2613,7 @@ - User tokens don't properly deserialize [\#121](https://github.com/lynndylanhurley/devise_token_auth/issues/121) - Could not load 'omniauth' [\#118](https://github.com/lynndylanhurley/devise_token_auth/issues/118) - bad argument \(expected URI object or URI string\) [\#116](https://github.com/lynndylanhurley/devise_token_auth/issues/116) -- devise\_token\_auth for public API, but devise for rest of app? [\#114](https://github.com/lynndylanhurley/devise_token_auth/issues/114) +- devise_token_auth for public API, but devise for rest of app? [\#114](https://github.com/lynndylanhurley/devise_token_auth/issues/114) - Omniauthable deleted on UsersConcern : Why ? [\#111](https://github.com/lynndylanhurley/devise_token_auth/issues/111) - Unrequired route [\#110](https://github.com/lynndylanhurley/devise_token_auth/issues/110) - raises NoMethodError instead of displaying error when email is missing [\#108](https://github.com/lynndylanhurley/devise_token_auth/issues/108) @@ -2641,60 +2630,60 @@ - API versioning the devise scope of token validation and ominiauth controller path will wrap up [\#96](https://github.com/lynndylanhurley/devise_token_auth/issues/96) - Overwriting default "from" email address [\#94](https://github.com/lynndylanhurley/devise_token_auth/issues/94) - uninitialized constant DeviseTokenAuth [\#92](https://github.com/lynndylanhurley/devise_token_auth/issues/92) -- change\_headers\_on\_each\_request not working expiry header empty [\#90](https://github.com/lynndylanhurley/devise_token_auth/issues/90) +- change_headers_on_each_request not working expiry header empty [\#90](https://github.com/lynndylanhurley/devise_token_auth/issues/90) - Gem render consistency [\#87](https://github.com/lynndylanhurley/devise_token_auth/issues/87) - Sample Sessions Controller for logging in via Rails View. [\#86](https://github.com/lynndylanhurley/devise_token_auth/issues/86) -- Change authorization key: Use phone\_number instead of email [\#84](https://github.com/lynndylanhurley/devise_token_auth/issues/84) -- Conflict with active\_admin gem [\#83](https://github.com/lynndylanhurley/devise_token_auth/issues/83) -- NoMethodError in DeviseTokenAuth::OmniauthCallbacksController\#redirect\_callbacks [\#82](https://github.com/lynndylanhurley/devise_token_auth/issues/82) +- Change authorization key: Use phone_number instead of email [\#84](https://github.com/lynndylanhurley/devise_token_auth/issues/84) +- Conflict with active_admin gem [\#83](https://github.com/lynndylanhurley/devise_token_auth/issues/83) +- NoMethodError in DeviseTokenAuth::OmniauthCallbacksController\#redirect_callbacks [\#82](https://github.com/lynndylanhurley/devise_token_auth/issues/82) - All the APIs are getting 'Authorized users only' [\#81](https://github.com/lynndylanhurley/devise_token_auth/issues/81) - Is Devise option Rememberable required ? [\#80](https://github.com/lynndylanhurley/devise_token_auth/issues/80) -- Problem with skip\_confirmation! [\#78](https://github.com/lynndylanhurley/devise_token_auth/issues/78) +- Problem with skip_confirmation! [\#78](https://github.com/lynndylanhurley/devise_token_auth/issues/78) - Cannot reset password if registered by omniauth [\#77](https://github.com/lynndylanhurley/devise_token_auth/issues/77) - NoMethodError at /omniauth/facebook/callback - undefined method `\[\]' for nil:NilClass [\#76](https://github.com/lynndylanhurley/devise_token_auth/issues/76) - Remove dependency on ActiveRecord [\#72](https://github.com/lynndylanhurley/devise_token_auth/issues/72) - Skipping Registrations Controller Altogether [\#70](https://github.com/lynndylanhurley/devise_token_auth/issues/70) -- Problem in validate\_token if the model is in a namespace [\#69](https://github.com/lynndylanhurley/devise_token_auth/issues/69) +- Problem in validate_token if the model is in a namespace [\#69](https://github.com/lynndylanhurley/devise_token_auth/issues/69) - Cannot send confirmation email if there is no 'User' model [\#68](https://github.com/lynndylanhurley/devise_token_auth/issues/68) - Better guidelines for contributors [\#65](https://github.com/lynndylanhurley/devise_token_auth/issues/65) - admin namespace [\#63](https://github.com/lynndylanhurley/devise_token_auth/issues/63) - Devise trackable module not working [\#62](https://github.com/lynndylanhurley/devise_token_auth/issues/62) -- Devise\_token\_auth without OmniAuth authentication [\#60](https://github.com/lynndylanhurley/devise_token_auth/issues/60) +- Devise_token_auth without OmniAuth authentication [\#60](https://github.com/lynndylanhurley/devise_token_auth/issues/60) - Reset Password error [\#59](https://github.com/lynndylanhurley/devise_token_auth/issues/59) - Confirmable - unconfirmed email [\#58](https://github.com/lynndylanhurley/devise_token_auth/issues/58) - Email Column Isn't Used for Database Authentication [\#56](https://github.com/lynndylanhurley/devise_token_auth/issues/56) - Unique Key for Provider and UID Combination [\#55](https://github.com/lynndylanhurley/devise_token_auth/issues/55) - User Info in separate table or removed [\#53](https://github.com/lynndylanhurley/devise_token_auth/issues/53) - rename @user to @resource [\#48](https://github.com/lynndylanhurley/devise_token_auth/issues/48) -- Active\_admin issue [\#47](https://github.com/lynndylanhurley/devise_token_auth/issues/47) +- Active_admin issue [\#47](https://github.com/lynndylanhurley/devise_token_auth/issues/47) - Possible Logout Issue [\#46](https://github.com/lynndylanhurley/devise_token_auth/issues/46) - Routes not appended to routes.rb [\#45](https://github.com/lynndylanhurley/devise_token_auth/issues/45) -- Return resource.errors.full\_messages in addition to resource.errors [\#44](https://github.com/lynndylanhurley/devise_token_auth/issues/44) -- Devise and Devise\_Token\_Auth in api namespace [\#43](https://github.com/lynndylanhurley/devise_token_auth/issues/43) +- Return resource.errors.full_messages in addition to resource.errors [\#44](https://github.com/lynndylanhurley/devise_token_auth/issues/44) +- Devise and Devise_Token_Auth in api namespace [\#43](https://github.com/lynndylanhurley/devise_token_auth/issues/43) - Trackable attributes are not being updated. [\#42](https://github.com/lynndylanhurley/devise_token_auth/issues/42) -- Avoid using respond\_to in application controller [\#41](https://github.com/lynndylanhurley/devise_token_auth/issues/41) -- devise\_token\_auth assumes you want the :confirmable functionality [\#40](https://github.com/lynndylanhurley/devise_token_auth/issues/40) +- Avoid using respond_to in application controller [\#41](https://github.com/lynndylanhurley/devise_token_auth/issues/41) +- devise_token_auth assumes you want the :confirmable functionality [\#40](https://github.com/lynndylanhurley/devise_token_auth/issues/40) - undefined method `match' for nil:NilClass [\#39](https://github.com/lynndylanhurley/devise_token_auth/issues/39) - Expired token aren't removed when session expires [\#38](https://github.com/lynndylanhurley/devise_token_auth/issues/38) -- sign\_up helper [\#37](https://github.com/lynndylanhurley/devise_token_auth/issues/37) -- self.tokens\[client\_id\]\['token'\] != token [\#30](https://github.com/lynndylanhurley/devise_token_auth/issues/30) +- sign_up helper [\#37](https://github.com/lynndylanhurley/devise_token_auth/issues/37) +- self.tokens\[client_id\]\['token'\] != token [\#30](https://github.com/lynndylanhurley/devise_token_auth/issues/30) - How is the uid generated for non-omniauth users? [\#29](https://github.com/lynndylanhurley/devise_token_auth/issues/29) -- Access to current\_user variable? [\#28](https://github.com/lynndylanhurley/devise_token_auth/issues/28) -- Filter chain halted as :require\_no\_authentication [\#27](https://github.com/lynndylanhurley/devise_token_auth/issues/27) +- Access to current_user variable? [\#28](https://github.com/lynndylanhurley/devise_token_auth/issues/28) +- Filter chain halted as :require_no_authentication [\#27](https://github.com/lynndylanhurley/devise_token_auth/issues/27) - Allow additional parameters for registration [\#25](https://github.com/lynndylanhurley/devise_token_auth/issues/25) -- Cannot add more parameters at sign\_up [\#22](https://github.com/lynndylanhurley/devise_token_auth/issues/22) +- Cannot add more parameters at sign_up [\#22](https://github.com/lynndylanhurley/devise_token_auth/issues/22) - Error on Registration [\#21](https://github.com/lynndylanhurley/devise_token_auth/issues/21) - Error with authentication [\#20](https://github.com/lynndylanhurley/devise_token_auth/issues/20) - Cascade of Issues with Omniauth\(?\) [\#18](https://github.com/lynndylanhurley/devise_token_auth/issues/18) - Batch Requests Respond with Original Auth Token [\#17](https://github.com/lynndylanhurley/devise_token_auth/issues/17) - Sign out with email provider error [\#16](https://github.com/lynndylanhurley/devise_token_auth/issues/16) -- sessions\_controller.rb [\#12](https://github.com/lynndylanhurley/devise_token_auth/issues/12) +- sessions_controller.rb [\#12](https://github.com/lynndylanhurley/devise_token_auth/issues/12) - Github login in example is broken [\#10](https://github.com/lynndylanhurley/devise_token_auth/issues/10) - Facebook auth is broken [\#9](https://github.com/lynndylanhurley/devise_token_auth/issues/9) - Generator is not working [\#8](https://github.com/lynndylanhurley/devise_token_auth/issues/8) - Test ticket from Code Climate [\#6](https://github.com/lynndylanhurley/devise_token_auth/issues/6) - Test ticket from Code Climate [\#5](https://github.com/lynndylanhurley/devise_token_auth/issues/5) -- extending the devise\_token\_auth user model [\#4](https://github.com/lynndylanhurley/devise_token_auth/issues/4) +- extending the devise_token_auth user model [\#4](https://github.com/lynndylanhurley/devise_token_auth/issues/4) - A few ideas [\#3](https://github.com/lynndylanhurley/devise_token_auth/issues/3) - Google Oauth2 does not set cookies in production. [\#1](https://github.com/lynndylanhurley/devise_token_auth/issues/1) @@ -2702,8 +2691,8 @@ - Fix for issue \#600 [\#674](https://github.com/lynndylanhurley/devise_token_auth/pull/674) ([milep](https://github.com/milep)) - Fix setup config example in README [\#665](https://github.com/lynndylanhurley/devise_token_auth/pull/665) ([guich-wo](https://github.com/guich-wo)) -- added bypass\_sign\_in for next version of Devise [\#663](https://github.com/lynndylanhurley/devise_token_auth/pull/663) ([KendallPark](https://github.com/KendallPark)) -- fix method 'is\_json\_api' with active\_model\_serialier v 0.10.0 [\#651](https://github.com/lynndylanhurley/devise_token_auth/pull/651) ([woodcrust](https://github.com/woodcrust)) +- added bypass_sign_in for next version of Devise [\#663](https://github.com/lynndylanhurley/devise_token_auth/pull/663) ([KendallPark](https://github.com/KendallPark)) +- fix method 'is_json_api' with active_model_serialier v 0.10.0 [\#651](https://github.com/lynndylanhurley/devise_token_auth/pull/651) ([woodcrust](https://github.com/woodcrust)) - Tokens count overmuch fixed [\#650](https://github.com/lynndylanhurley/devise_token_auth/pull/650) ([JerryGreen](https://github.com/JerryGreen)) - updates config wrapper to conform with newer idiom [\#648](https://github.com/lynndylanhurley/devise_token_auth/pull/648) ([bvandgrift](https://github.com/bvandgrift)) - Adding support for devise 4.1.1 [\#642](https://github.com/lynndylanhurley/devise_token_auth/pull/642) ([iainmcg](https://github.com/iainmcg)) @@ -2711,7 +2700,7 @@ - Fix yields from controller actions [\#638](https://github.com/lynndylanhurley/devise_token_auth/pull/638) ([tiagojsag](https://github.com/tiagojsag)) - Fix generator to correctly inject content into the user model in rails 5 [\#636](https://github.com/lynndylanhurley/devise_token_auth/pull/636) ([ethangk](https://github.com/ethangk)) - fix spelling in comment on token auth concern [\#632](https://github.com/lynndylanhurley/devise_token_auth/pull/632) ([dandlezzz](https://github.com/dandlezzz)) -- fixed devise deprecation warning for config.email\_regexp [\#618](https://github.com/lynndylanhurley/devise_token_auth/pull/618) ([lemuelbarango](https://github.com/lemuelbarango)) +- fixed devise deprecation warning for config.email_regexp [\#618](https://github.com/lynndylanhurley/devise_token_auth/pull/618) ([lemuelbarango](https://github.com/lemuelbarango)) - Revert "Update readme for headers names" [\#592](https://github.com/lynndylanhurley/devise_token_auth/pull/592) ([y4ashida](https://github.com/y4ashida)) - Update readme for headers names [\#589](https://github.com/lynndylanhurley/devise_token_auth/pull/589) ([y4ashida](https://github.com/y4ashida)) - Add info to README [\#585](https://github.com/lynndylanhurley/devise_token_auth/pull/585) ([ghost](https://github.com/ghost)) @@ -2723,16 +2712,16 @@ - User concern: Ensure fallback is in place [\#564](https://github.com/lynndylanhurley/devise_token_auth/pull/564) ([olleolleolle](https://github.com/olleolleolle)) - Return resource with top-level 'type' member. [\#562](https://github.com/lynndylanhurley/devise_token_auth/pull/562) ([ruimiguelsantos](https://github.com/ruimiguelsantos)) - Fix devise mapping [\#540](https://github.com/lynndylanhurley/devise_token_auth/pull/540) ([merqlove](https://github.com/merqlove)) -- Make all json responses to be json\_api compliant [\#537](https://github.com/lynndylanhurley/devise_token_auth/pull/537) ([djsegal](https://github.com/djsegal)) +- Make all json responses to be json_api compliant [\#537](https://github.com/lynndylanhurley/devise_token_auth/pull/537) ([djsegal](https://github.com/djsegal)) - Avoid sending auth headers if while processing used token is cleared [\#531](https://github.com/lynndylanhurley/devise_token_auth/pull/531) ([virginia-rodriguez](https://github.com/virginia-rodriguez)) - Add Japanese locale and fix typo [\#530](https://github.com/lynndylanhurley/devise_token_auth/pull/530) ([metalunk](https://github.com/metalunk)) - Added omniauth post route [\#528](https://github.com/lynndylanhurley/devise_token_auth/pull/528) ([v3rtx](https://github.com/v3rtx)) - Extract model callbacks [\#525](https://github.com/lynndylanhurley/devise_token_auth/pull/525) ([merqlove](https://github.com/merqlove)) -- create token when no client\_id token [\#523](https://github.com/lynndylanhurley/devise_token_auth/pull/523) ([charlesdg](https://github.com/charlesdg)) -- Fix enable\_standard\_devise\_support in initializer [\#518](https://github.com/lynndylanhurley/devise_token_auth/pull/518) ([halilim](https://github.com/halilim)) -- Make render\_create\_success render valid json\_api [\#513](https://github.com/lynndylanhurley/devise_token_auth/pull/513) ([djsegal](https://github.com/djsegal)) -- Prevent raise of exception if set\_user\_by\_token not defined [\#511](https://github.com/lynndylanhurley/devise_token_auth/pull/511) ([jeryRazakarison](https://github.com/jeryRazakarison)) -- send\_on\_create\_confirmation\_instructions callback isn't defined \(rails 5\) [\#508](https://github.com/lynndylanhurley/devise_token_auth/pull/508) ([fivetwentysix](https://github.com/fivetwentysix)) +- create token when no client_id token [\#523](https://github.com/lynndylanhurley/devise_token_auth/pull/523) ([charlesdg](https://github.com/charlesdg)) +- Fix enable_standard_devise_support in initializer [\#518](https://github.com/lynndylanhurley/devise_token_auth/pull/518) ([halilim](https://github.com/halilim)) +- Make render_create_success render valid json_api [\#513](https://github.com/lynndylanhurley/devise_token_auth/pull/513) ([djsegal](https://github.com/djsegal)) +- Prevent raise of exception if set_user_by_token not defined [\#511](https://github.com/lynndylanhurley/devise_token_auth/pull/511) ([jeryRazakarison](https://github.com/jeryRazakarison)) +- send_on_create_confirmation_instructions callback isn't defined \(rails 5\) [\#508](https://github.com/lynndylanhurley/devise_token_auth/pull/508) ([fivetwentysix](https://github.com/fivetwentysix)) - \[REBASE\] Fix rails 5 deprecation and devise parameter sanitization [\#507](https://github.com/lynndylanhurley/devise_token_auth/pull/507) ([fivetwentysix](https://github.com/fivetwentysix)) - remove deprecations from RegistrationsController [\#506](https://github.com/lynndylanhurley/devise_token_auth/pull/506) ([fivetwentysix](https://github.com/fivetwentysix)) - Allow new devise version for rails 5 compatibility [\#499](https://github.com/lynndylanhurley/devise_token_auth/pull/499) ([djsegal](https://github.com/djsegal)) @@ -2753,7 +2742,7 @@ - limiting the number of concurrent devices [\#434](https://github.com/lynndylanhurley/devise_token_auth/pull/434) ([paulosoares86](https://github.com/paulosoares86)) - Raise error in controller method [\#430](https://github.com/lynndylanhurley/devise_token_auth/pull/430) ([ArneZsng](https://github.com/ArneZsng)) - feat\(enable-standard-devise\): allow configurable support of legacy Devise authentication [\#428](https://github.com/lynndylanhurley/devise_token_auth/pull/428) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Support for i18n in mailers views [\#427](https://github.com/lynndylanhurley/devise_token_auth/pull/427) ([ponyesteves](https://github.com/ponyesteves)) +- Support for i18n in mailers views [\#427](https://github.com/lynndylanhurley/devise_token_auth/pull/427) ([ponyesteves](https://github.com/ponyesteves)) - Fix omniauthredirection when under scopes [\#425](https://github.com/lynndylanhurley/devise_token_auth/pull/425) ([xjunior](https://github.com/xjunior)) - Translation to German [\#423](https://github.com/lynndylanhurley/devise_token_auth/pull/423) ([haslinger](https://github.com/haslinger)) - fix\(url\): preserve query parameters when building urls [\#421](https://github.com/lynndylanhurley/devise_token_auth/pull/421) ([nbrustein](https://github.com/nbrustein)) @@ -2783,24 +2772,24 @@ - feat\(improved-omniauth\): omniauth sameWindow and inAppBrowser flows [\#323](https://github.com/lynndylanhurley/devise_token_auth/pull/323) ([nbrustein](https://github.com/nbrustein)) - Fix invalid omniauth redirect [\#322](https://github.com/lynndylanhurley/devise_token_auth/pull/322) ([troggy](https://github.com/troggy)) - Old password check before password update [\#317](https://github.com/lynndylanhurley/devise_token_auth/pull/317) ([jakubrohleder](https://github.com/jakubrohleder)) -- Remove erroneous colon from before\_action callback [\#310](https://github.com/lynndylanhurley/devise_token_auth/pull/310) ([jmliu](https://github.com/jmliu)) +- Remove erroneous colon from before_action callback [\#310](https://github.com/lynndylanhurley/devise_token_auth/pull/310) ([jmliu](https://github.com/jmliu)) - Disabled serialization for JSON type columns [\#306](https://github.com/lynndylanhurley/devise_token_auth/pull/306) ([colavitam](https://github.com/colavitam)) - Set default provider to "email" in migration [\#302](https://github.com/lynndylanhurley/devise_token_auth/pull/302) ([colavitam](https://github.com/colavitam)) - Fix an issue for not :confirmable users [\#296](https://github.com/lynndylanhurley/devise_token_auth/pull/296) ([sebfie](https://github.com/sebfie)) - Update README.md [\#295](https://github.com/lynndylanhurley/devise_token_auth/pull/295) ([adisos](https://github.com/adisos)) -- Fix MOUNT\_PATH 'Read More' link [\#294](https://github.com/lynndylanhurley/devise_token_auth/pull/294) ([jmliu](https://github.com/jmliu)) +- Fix MOUNT_PATH 'Read More' link [\#294](https://github.com/lynndylanhurley/devise_token_auth/pull/294) ([jmliu](https://github.com/jmliu)) - Don't send password reset instructions to unconfirmed email [\#288](https://github.com/lynndylanhurley/devise_token_auth/pull/288) ([coryschires](https://github.com/coryschires)) - Feature/i18n support [\#283](https://github.com/lynndylanhurley/devise_token_auth/pull/283) ([sebfie](https://github.com/sebfie)) -- Update documentation for validate\_token [\#277](https://github.com/lynndylanhurley/devise_token_auth/pull/277) ([adamgall](https://github.com/adamgall)) +- Update documentation for validate_token [\#277](https://github.com/lynndylanhurley/devise_token_auth/pull/277) ([adamgall](https://github.com/adamgall)) - Added json support for tokens [\#276](https://github.com/lynndylanhurley/devise_token_auth/pull/276) ([shicholas](https://github.com/shicholas)) -- perf\(token\_is\_current?\): add simplistic cache to reduce overhead of redundant token checks during validation calls [\#272](https://github.com/lynndylanhurley/devise_token_auth/pull/272) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- perf\(update\_auth\_header\): only lock the resource if we are rotating tokens [\#267](https://github.com/lynndylanhurley/devise_token_auth/pull/267) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- fix\(email-validation\): Update in-use email validation message during registration to allow full\_message use [\#255](https://github.com/lynndylanhurley/devise_token_auth/pull/255) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- perf\(token_is_current?\): add simplistic cache to reduce overhead of redundant token checks during validation calls [\#272](https://github.com/lynndylanhurley/devise_token_auth/pull/272) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- perf\(update_auth_header\): only lock the resource if we are rotating tokens [\#267](https://github.com/lynndylanhurley/devise_token_auth/pull/267) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- fix\(email-validation\): Update in-use email validation message during registration to allow full_message use [\#255](https://github.com/lynndylanhurley/devise_token_auth/pull/255) ([booleanbetrayal](https://github.com/booleanbetrayal)) - fix\(session\#new\): fix unhandled 500 when logging in with valid user and bad password [\#254](https://github.com/lynndylanhurley/devise_token_auth/pull/254) ([mathemagica](https://github.com/mathemagica)) -- feat\(ominauth\): support json-formatted values in omniauth callback. [\#252](https://github.com/lynndylanhurley/devise_token_auth/pull/252) ([nbrustein](https://github.com/nbrustein)) -- fix\(sessions controller\): call reset\_session on destroy [\#251](https://github.com/lynndylanhurley/devise_token_auth/pull/251) ([nbrustein](https://github.com/nbrustein)) -- fix\(resource\_class\): support optional mapping property from set\_user\_by\_token [\#250](https://github.com/lynndylanhurley/devise_token_auth/pull/250) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Allow current\_password to be supplied when updating profile. [\#240](https://github.com/lynndylanhurley/devise_token_auth/pull/240) ([jasonswett](https://github.com/jasonswett)) +- feat\(ominauth\): support json-formatted values in omniauth callback. [\#252](https://github.com/lynndylanhurley/devise_token_auth/pull/252) ([nbrustein](https://github.com/nbrustein)) +- fix\(sessions controller\): call reset_session on destroy [\#251](https://github.com/lynndylanhurley/devise_token_auth/pull/251) ([nbrustein](https://github.com/nbrustein)) +- fix\(resource_class\): support optional mapping property from set_user_by_token [\#250](https://github.com/lynndylanhurley/devise_token_auth/pull/250) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- Allow current_password to be supplied when updating profile. [\#240](https://github.com/lynndylanhurley/devise_token_auth/pull/240) ([jasonswett](https://github.com/jasonswett)) - fixes password reset when not using confirmable [\#225](https://github.com/lynndylanhurley/devise_token_auth/pull/225) ([aesnyder](https://github.com/aesnyder)) - Fix error when email missing from registration params [\#220](https://github.com/lynndylanhurley/devise_token_auth/pull/220) ([iangreenleaf](https://github.com/iangreenleaf)) - URI fragment should appear at the end of URL [\#214](https://github.com/lynndylanhurley/devise_token_auth/pull/214) ([edymerchk](https://github.com/edymerchk)) @@ -2811,23 +2800,23 @@ - Return 422 \(was 500\) when empty body for sign up and account update [\#204](https://github.com/lynndylanhurley/devise_token_auth/pull/204) ([mchavarriagam](https://github.com/mchavarriagam)) - Users with allowed unconfirmed access can now log in successfully. [\#202](https://github.com/lynndylanhurley/devise_token_auth/pull/202) ([colavitam](https://github.com/colavitam)) - Authenticating an existing Warden/Devise User [\#200](https://github.com/lynndylanhurley/devise_token_auth/pull/200) ([nickL](https://github.com/nickL)) -- GET sign\_in should direct people to use POST sign\_in rather than raising exception [\#191](https://github.com/lynndylanhurley/devise_token_auth/pull/191) ([milesmatthias](https://github.com/milesmatthias)) +- GET sign_in should direct people to use POST sign_in rather than raising exception [\#191](https://github.com/lynndylanhurley/devise_token_auth/pull/191) ([milesmatthias](https://github.com/milesmatthias)) - Ignore 'extra' in Twitter auth response to avoid CookieOverflow. Fixes \#145. [\#179](https://github.com/lynndylanhurley/devise_token_auth/pull/179) ([tbloncar](https://github.com/tbloncar)) -- Some missing as\_json ? [\#152](https://github.com/lynndylanhurley/devise_token_auth/pull/152) ([nicolas-besnard](https://github.com/nicolas-besnard)) +- Some missing as_json ? [\#152](https://github.com/lynndylanhurley/devise_token_auth/pull/152) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Check email format on registration [\#150](https://github.com/lynndylanhurley/devise_token_auth/pull/150) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Actual header key uses dashes, not underscores. [\#143](https://github.com/lynndylanhurley/devise_token_auth/pull/143) ([ragaskar](https://github.com/ragaskar)) - Username register login [\#128](https://github.com/lynndylanhurley/devise_token_auth/pull/128) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Check if confirmable is active before skipping confirmation [\#125](https://github.com/lynndylanhurley/devise_token_auth/pull/125) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Fix links to section about controller integration. [\#117](https://github.com/lynndylanhurley/devise_token_auth/pull/117) ([Le6ow5k1](https://github.com/Le6ow5k1)) -- document GET for /validate\_token [\#113](https://github.com/lynndylanhurley/devise_token_auth/pull/113) ([lukaselmer](https://github.com/lukaselmer)) +- document GET for /validate_token [\#113](https://github.com/lynndylanhurley/devise_token_auth/pull/113) ([lukaselmer](https://github.com/lukaselmer)) - Fix small error in documentation. [\#91](https://github.com/lynndylanhurley/devise_token_auth/pull/91) ([edgarhenriquez](https://github.com/edgarhenriquez)) - Exclude devise modules [\#85](https://github.com/lynndylanhurley/devise_token_auth/pull/85) ([jartek](https://github.com/jartek)) - fix\(registration and update\): Ensure UID is updated alongside Email, and case-sensitivity is honored [\#71](https://github.com/lynndylanhurley/devise_token_auth/pull/71) ([booleanbetrayal](https://github.com/booleanbetrayal)) - Add better guidelines for contributors. [\#67](https://github.com/lynndylanhurley/devise_token_auth/pull/67) ([edgarhenriquez](https://github.com/edgarhenriquez)) -- Use resource\_class to override email confirmation. [\#64](https://github.com/lynndylanhurley/devise_token_auth/pull/64) ([edgarhenriquez](https://github.com/edgarhenriquez)) -- fix\(case-sensitivity\): support devise case\_insensitive\_keys for session ... [\#57](https://github.com/lynndylanhurley/devise_token_auth/pull/57) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- fix\(contention\): fix write contention in update\_auth\_headers and always ... [\#52](https://github.com/lynndylanhurley/devise_token_auth/pull/52) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Include resource.errors.full\_messages in error response. [\#50](https://github.com/lynndylanhurley/devise_token_auth/pull/50) ([jasonswett](https://github.com/jasonswett)) +- Use resource_class to override email confirmation. [\#64](https://github.com/lynndylanhurley/devise_token_auth/pull/64) ([edgarhenriquez](https://github.com/edgarhenriquez)) +- fix\(case-sensitivity\): support devise case_insensitive_keys for session ... [\#57](https://github.com/lynndylanhurley/devise_token_auth/pull/57) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- fix\(contention\): fix write contention in update_auth_headers and always ... [\#52](https://github.com/lynndylanhurley/devise_token_auth/pull/52) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- Include resource.errors.full_messages in error response. [\#50](https://github.com/lynndylanhurley/devise_token_auth/pull/50) ([jasonswett](https://github.com/jasonswett)) - fix\(expiry\): fix an issue where token expiration checks were too permissive [\#49](https://github.com/lynndylanhurley/devise_token_auth/pull/49) ([booleanbetrayal](https://github.com/booleanbetrayal)) - Update README with Example Generator Command [\#35](https://github.com/lynndylanhurley/devise_token_auth/pull/35) ([wwilkins](https://github.com/wwilkins)) - Remove OmniAuth dependency [\#26](https://github.com/lynndylanhurley/devise_token_auth/pull/26) ([hannahhoward](https://github.com/hannahhoward)) @@ -2845,13 +2834,13 @@ **Closed issues:** - Not working with rails 5 and devise master [\#504](https://github.com/lynndylanhurley/devise_token_auth/issues/504) -- Unpermitted parameters: confirm\_success\_url, config\_name, registration [\#501](https://github.com/lynndylanhurley/devise_token_auth/issues/501) +- Unpermitted parameters: confirm_success_url, config_name, registration [\#501](https://github.com/lynndylanhurley/devise_token_auth/issues/501) - Master branch no longer working with devise master branch \(version error\) [\#498](https://github.com/lynndylanhurley/devise_token_auth/issues/498) - uid is not getting set in git revision 996b9cf23a18 [\#497](https://github.com/lynndylanhurley/devise_token_auth/issues/497) -- ve\_model\_serializer namespace [\#492](https://github.com/lynndylanhurley/devise_token_auth/issues/492) -- User remains logged in when using devise and devise\_token\_auth in the same app [\#486](https://github.com/lynndylanhurley/devise_token_auth/issues/486) -- DEPRECATION WARNING: alias\_method\_chain is deprecated. Rails 5 [\#482](https://github.com/lynndylanhurley/devise_token_auth/issues/482) -- validate\_token - resource\_name - undefined method `name' for nil:NilClass [\#480](https://github.com/lynndylanhurley/devise_token_auth/issues/480) +- ve_model_serializer namespace [\#492](https://github.com/lynndylanhurley/devise_token_auth/issues/492) +- User remains logged in when using devise and devise_token_auth in the same app [\#486](https://github.com/lynndylanhurley/devise_token_auth/issues/486) +- DEPRECATION WARNING: alias_method_chain is deprecated. Rails 5 [\#482](https://github.com/lynndylanhurley/devise_token_auth/issues/482) +- validate_token - resource_name - undefined method `name' for nil:NilClass [\#480](https://github.com/lynndylanhurley/devise_token_auth/issues/480) - Helpers being loaded for Rails API's [\#468](https://github.com/lynndylanhurley/devise_token_auth/issues/468) - locales `errors.messages.already\_in\_use` seems broken [\#463](https://github.com/lynndylanhurley/devise_token_auth/issues/463) - omniauth callback redirect not working properly when using namespace/scope [\#362](https://github.com/lynndylanhurley/devise_token_auth/issues/362) @@ -2859,7 +2848,7 @@ **Merged pull requests:** -- send\_on\_create\_confirmation\_instructions callback isn't defined \(rails 5\) [\#508](https://github.com/lynndylanhurley/devise_token_auth/pull/508) ([fivetwentysix](https://github.com/fivetwentysix)) +- send_on_create_confirmation_instructions callback isn't defined \(rails 5\) [\#508](https://github.com/lynndylanhurley/devise_token_auth/pull/508) ([fivetwentysix](https://github.com/fivetwentysix)) - \[REBASE\] Fix rails 5 deprecation and devise parameter sanitization [\#507](https://github.com/lynndylanhurley/devise_token_auth/pull/507) ([fivetwentysix](https://github.com/fivetwentysix)) - remove deprecations from RegistrationsController [\#506](https://github.com/lynndylanhurley/devise_token_auth/pull/506) ([fivetwentysix](https://github.com/fivetwentysix)) - Allow new devise version for rails 5 compatibility [\#499](https://github.com/lynndylanhurley/devise_token_auth/pull/499) ([djsegal](https://github.com/djsegal)) @@ -2877,6 +2866,7 @@ - Fix omniauthredirection when under scopes [\#425](https://github.com/lynndylanhurley/devise_token_auth/pull/425) ([xjunior](https://github.com/xjunior)) ## [v0.1.37.beta4](https://github.com/lynndylanhurley/devise_token_auth/tree/v0.1.37.beta4) (2015-12-10) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.1.37.beta3...v0.1.37.beta4) **Closed issues:** @@ -2884,12 +2874,12 @@ - It shows "An error occurred" after omniauth callback [\#445](https://github.com/lynndylanhurley/devise_token_auth/issues/445) - - [\#444](https://github.com/lynndylanhurley/devise_token_auth/issues/444) - Put Access Token in body [\#442](https://github.com/lynndylanhurley/devise_token_auth/issues/442) -- Unable to add a new param for sign up [\#440](https://github.com/lynndylanhurley/devise_token_auth/issues/440) -- Undefined method provider from devise\_toke\_auth concerns/user.rb [\#438](https://github.com/lynndylanhurley/devise_token_auth/issues/438) +- Unable to add a new param for sign up [\#440](https://github.com/lynndylanhurley/devise_token_auth/issues/440) +- Undefined method provider from devise_toke_auth concerns/user.rb [\#438](https://github.com/lynndylanhurley/devise_token_auth/issues/438) - Scoped DeviseToken but it still affects the original Omniauth redirects. [\#429](https://github.com/lynndylanhurley/devise_token_auth/issues/429) - Can't create user via api [\#422](https://github.com/lynndylanhurley/devise_token_auth/issues/422) -- change\_headers\_on\_each\_request and batch requests [\#403](https://github.com/lynndylanhurley/devise_token_auth/issues/403) -- password length [\#380](https://github.com/lynndylanhurley/devise_token_auth/issues/380) +- change_headers_on_each_request and batch requests [\#403](https://github.com/lynndylanhurley/devise_token_auth/issues/403) +- password length [\#380](https://github.com/lynndylanhurley/devise_token_auth/issues/380) - The action 'twitter' could not be found for DeviseTokenAuth::OmniauthCallbacksController [\#309](https://github.com/lynndylanhurley/devise_token_auth/issues/309) - undefined method `tokens' for \#\ [\#297](https://github.com/lynndylanhurley/devise_token_auth/issues/297) - Generating many client tokens [\#210](https://github.com/lynndylanhurley/devise_token_auth/issues/210) @@ -2901,25 +2891,27 @@ - limiting the number of concurrent devices [\#434](https://github.com/lynndylanhurley/devise_token_auth/pull/434) ([paulosoares86](https://github.com/paulosoares86)) - Raise error in controller method [\#430](https://github.com/lynndylanhurley/devise_token_auth/pull/430) ([ArneZsng](https://github.com/ArneZsng)) - feat\(enable-standard-devise\): allow configurable support of legacy Devise authentication [\#428](https://github.com/lynndylanhurley/devise_token_auth/pull/428) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Support for i18n in mailers views [\#427](https://github.com/lynndylanhurley/devise_token_auth/pull/427) ([ponyesteves](https://github.com/ponyesteves)) +- Support for i18n in mailers views [\#427](https://github.com/lynndylanhurley/devise_token_auth/pull/427) ([ponyesteves](https://github.com/ponyesteves)) - Translation to German [\#423](https://github.com/lynndylanhurley/devise_token_auth/pull/423) ([haslinger](https://github.com/haslinger)) - fix\(url\): preserve query parameters when building urls [\#421](https://github.com/lynndylanhurley/devise_token_auth/pull/421) ([nbrustein](https://github.com/nbrustein)) - Fallback to ActiveModel translations in EmailValidator [\#369](https://github.com/lynndylanhurley/devise_token_auth/pull/369) ([yivo](https://github.com/yivo)) ## [v0.1.37.beta3](https://github.com/lynndylanhurley/devise_token_auth/tree/v0.1.37.beta3) (2015-10-27) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.1.37.beta2...v0.1.37.beta3) **Closed issues:** -- Password Reset question, do I need my own form? [\#418](https://github.com/lynndylanhurley/devise_token_auth/issues/418) +- Password Reset question, do I need my own form? [\#418](https://github.com/lynndylanhurley/devise_token_auth/issues/418) - seeing other users data after login/out with different users on ionic [\#375](https://github.com/lynndylanhurley/devise_token_auth/issues/375) ## [v0.1.37.beta2](https://github.com/lynndylanhurley/devise_token_auth/tree/v0.1.37.beta2) (2015-10-25) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.1.37.beta1...v0.1.37.beta2) **Closed issues:** -- The validate\_token function in the readme is missing a parameter [\#413](https://github.com/lynndylanhurley/devise_token_auth/issues/413) +- The validate_token function in the readme is missing a parameter [\#413](https://github.com/lynndylanhurley/devise_token_auth/issues/413) **Merged pull requests:** @@ -2928,6 +2920,7 @@ - 404 for invalid link with password reset token [\#411](https://github.com/lynndylanhurley/devise_token_auth/pull/411) ([rmvenancio](https://github.com/rmvenancio)) ## [v0.1.37.beta1](https://github.com/lynndylanhurley/devise_token_auth/tree/v0.1.37.beta1) (2015-10-25) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.1.36...v0.1.37.beta1) **Closed issues:** @@ -2946,9 +2939,11 @@ - Feature/password reset with check fix [\#374](https://github.com/lynndylanhurley/devise_token_auth/pull/374) ([jakubrohleder](https://github.com/jakubrohleder)) ## [v0.1.36](https://github.com/lynndylanhurley/devise_token_auth/tree/v0.1.36) (2015-10-13) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.1.35...v0.1.36) ## [v0.1.35](https://github.com/lynndylanhurley/devise_token_auth/tree/v0.1.35) (2015-10-13) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.1.34...v0.1.35) **Fixed bugs:** @@ -2961,19 +2956,19 @@ - Sign in not success. [\#388](https://github.com/lynndylanhurley/devise_token_auth/issues/388) - Defining a custom primary key [\#378](https://github.com/lynndylanhurley/devise_token_auth/issues/378) - omniauth: when redirecting, user object should not be serialized into url [\#368](https://github.com/lynndylanhurley/devise_token_auth/issues/368) -- getting ng-token-auth and devise\_token\_auth to work with OAuth in ionic InAppBrowser [\#367](https://github.com/lynndylanhurley/devise_token_auth/issues/367) -- invalid token in method set\_user\_by\_token on RegistrationsController\#update [\#357](https://github.com/lynndylanhurley/devise_token_auth/issues/357) +- getting ng-token-auth and devise_token_auth to work with OAuth in ionic InAppBrowser [\#367](https://github.com/lynndylanhurley/devise_token_auth/issues/367) +- invalid token in method set_user_by_token on RegistrationsController\#update [\#357](https://github.com/lynndylanhurley/devise_token_auth/issues/357) - Allow devise patch version updates [\#351](https://github.com/lynndylanhurley/devise_token_auth/issues/351) - Error validating token [\#348](https://github.com/lynndylanhurley/devise_token_auth/issues/348) - Allow for HTTP Basic Auth ? [\#337](https://github.com/lynndylanhurley/devise_token_auth/issues/337) - Allow Omniauth user reset password [\#335](https://github.com/lynndylanhurley/devise_token_auth/issues/335) - NameError \(uninitialized constant DeviseTokenAuth::Concerns::User::BCrypt\) [\#333](https://github.com/lynndylanhurley/devise_token_auth/issues/333) - Unpermitted parameters: format, session [\#328](https://github.com/lynndylanhurley/devise_token_auth/issues/328) -- devise token auth + Save Facebook auth\_hash info in database [\#326](https://github.com/lynndylanhurley/devise_token_auth/issues/326) +- devise token auth + Save Facebook auth_hash info in database [\#326](https://github.com/lynndylanhurley/devise_token_auth/issues/326) - Error sending password reset email when not using confirmable \(reopened \#124\) [\#321](https://github.com/lynndylanhurley/devise_token_auth/issues/321) - Facebook omniauth redirection is missing url when testing on localhost [\#285](https://github.com/lynndylanhurley/devise_token_auth/issues/285) - Failure route not handled [\#262](https://github.com/lynndylanhurley/devise_token_auth/issues/262) -- Unable to override OmniauthCallbacksController\#redirect\_callbacks [\#186](https://github.com/lynndylanhurley/devise_token_auth/issues/186) +- Unable to override OmniauthCallbacksController\#redirect_callbacks [\#186](https://github.com/lynndylanhurley/devise_token_auth/issues/186) **Merged pull requests:** @@ -2992,6 +2987,7 @@ - Fix invalid omniauth redirect [\#322](https://github.com/lynndylanhurley/devise_token_auth/pull/322) ([troggy](https://github.com/troggy)) ## [v0.1.34](https://github.com/lynndylanhurley/devise_token_auth/tree/v0.1.34) (2015-08-10) + [Full Changelog](https://github.com/lynndylanhurley/devise_token_auth/compare/v0.1.33...v0.1.34) **Implemented enhancements:** @@ -3006,39 +3002,39 @@ **Closed issues:** - Routing error / Preflight request / OPTIONS [\#320](https://github.com/lynndylanhurley/devise_token_auth/issues/320) -- Can't authorize \(user\_signed\_in? always show false\) [\#315](https://github.com/lynndylanhurley/devise_token_auth/issues/315) +- Can't authorize \(user_signed_in? always show false\) [\#315](https://github.com/lynndylanhurley/devise_token_auth/issues/315) - Warden::SessionSerializer - wrong number of arguments \(2 for 1\) [\#312](https://github.com/lynndylanhurley/devise_token_auth/issues/312) - Having 401 Unauthorized only with mobile [\#305](https://github.com/lynndylanhurley/devise_token_auth/issues/305) - remove unused nickname, image from user object [\#304](https://github.com/lynndylanhurley/devise_token_auth/issues/304) - HI, This is more of a doubt since I could not finding anything related to this in your documentation. [\#300](https://github.com/lynndylanhurley/devise_token_auth/issues/300) - Getting 401's when making requests using iOS/Android clients [\#299](https://github.com/lynndylanhurley/devise_token_auth/issues/299) - Confirmation URL giving bad arguments [\#293](https://github.com/lynndylanhurley/devise_token_auth/issues/293) -- set\_user\_by\_token not called in overriden controller [\#291](https://github.com/lynndylanhurley/devise_token_auth/issues/291) -- Question: Should we send password reset instructions to unconfirmed emails? [\#287](https://github.com/lynndylanhurley/devise_token_auth/issues/287) +- set_user_by_token not called in overriden controller [\#291](https://github.com/lynndylanhurley/devise_token_auth/issues/291) +- Question: Should we send password reset instructions to unconfirmed emails? [\#287](https://github.com/lynndylanhurley/devise_token_auth/issues/287) - No route matches \[GET\] "/users/facebook/callback" [\#280](https://github.com/lynndylanhurley/devise_token_auth/issues/280) - No route matches \[GET\] "/omniauth/:provider" [\#278](https://github.com/lynndylanhurley/devise_token_auth/issues/278) - How to refresh token/expiry? [\#275](https://github.com/lynndylanhurley/devise_token_auth/issues/275) -- wrong number of arguments \(1 for 0\): in DeviseTokenAuth::RegistrationsController\#create [\#274](https://github.com/lynndylanhurley/devise_token_auth/issues/274) +- wrong number of arguments \(1 for 0\): in DeviseTokenAuth::RegistrationsController\#create [\#274](https://github.com/lynndylanhurley/devise_token_auth/issues/274) - Can not save a user with nil tokens attribute [\#271](https://github.com/lynndylanhurley/devise_token_auth/issues/271) -- Shouldn't validate\_token param be access-token, not auth\_token? [\#270](https://github.com/lynndylanhurley/devise_token_auth/issues/270) +- Shouldn't validate_token param be access-token, not auth_token? [\#270](https://github.com/lynndylanhurley/devise_token_auth/issues/270) - include associations on login [\#269](https://github.com/lynndylanhurley/devise_token_auth/issues/269) - Getting Unauthorized error even after sending the correct token, uid and client [\#261](https://github.com/lynndylanhurley/devise_token_auth/issues/261) - Weird error message [\#259](https://github.com/lynndylanhurley/devise_token_auth/issues/259) - undefined method `provider' for \#\ [\#257](https://github.com/lynndylanhurley/devise_token_auth/issues/257) - File download with query params [\#246](https://github.com/lynndylanhurley/devise_token_auth/issues/246) -- Info: is devise\_token\_auth compatible with rails 3.2.19? [\#245](https://github.com/lynndylanhurley/devise_token_auth/issues/245) +- Info: is devise_token_auth compatible with rails 3.2.19? [\#245](https://github.com/lynndylanhurley/devise_token_auth/issues/245) - Headers required for different methods [\#243](https://github.com/lynndylanhurley/devise_token_auth/issues/243) - Unpermitted parameters: format, session, lang [\#239](https://github.com/lynndylanhurley/devise_token_auth/issues/239) -- On sign\_in, devise\_token\_auth expects the uid to be the same as the email [\#237](https://github.com/lynndylanhurley/devise_token_auth/issues/237) -- Name conflict with inherited\_resources [\#236](https://github.com/lynndylanhurley/devise_token_auth/issues/236) -- sign\_in will not fetch the token [\#234](https://github.com/lynndylanhurley/devise_token_auth/issues/234) +- On sign_in, devise_token_auth expects the uid to be the same as the email [\#237](https://github.com/lynndylanhurley/devise_token_auth/issues/237) +- Name conflict with inherited_resources [\#236](https://github.com/lynndylanhurley/devise_token_auth/issues/236) +- sign_in will not fetch the token [\#234](https://github.com/lynndylanhurley/devise_token_auth/issues/234) - Log in request 401 error [\#231](https://github.com/lynndylanhurley/devise_token_auth/issues/231) - User Registration - "email address already in use" when it is unique [\#230](https://github.com/lynndylanhurley/devise_token_auth/issues/230) - Devise email validation disabled...why? [\#229](https://github.com/lynndylanhurley/devise_token_auth/issues/229) -- confirm\_success\_url error not working [\#226](https://github.com/lynndylanhurley/devise_token_auth/issues/226) -- pending\_reconfirmation called when confirmable isn't used [\#224](https://github.com/lynndylanhurley/devise_token_auth/issues/224) -- omniauth\_success.html.erb JSON bug [\#221](https://github.com/lynndylanhurley/devise_token_auth/issues/221) -- Using devise\_token\_auth and ng\_token\_auth with angularJS in an Ionic Hybrid application [\#218](https://github.com/lynndylanhurley/devise_token_auth/issues/218) +- confirm_success_url error not working [\#226](https://github.com/lynndylanhurley/devise_token_auth/issues/226) +- pending_reconfirmation called when confirmable isn't used [\#224](https://github.com/lynndylanhurley/devise_token_auth/issues/224) +- omniauth_success.html.erb JSON bug [\#221](https://github.com/lynndylanhurley/devise_token_auth/issues/221) +- Using devise_token_auth and ng_token_auth with angularJS in an Ionic Hybrid application [\#218](https://github.com/lynndylanhurley/devise_token_auth/issues/218) - Where can I got token? [\#217](https://github.com/lynndylanhurley/devise_token_auth/issues/217) - URI fragment prevent to send params in Confirmation URL [\#213](https://github.com/lynndylanhurley/devise_token_auth/issues/213) - Limit tokens hash? [\#208](https://github.com/lynndylanhurley/devise_token_auth/issues/208) @@ -3046,40 +3042,40 @@ - DELETE method becoming OPTIONS @ Heroku [\#197](https://github.com/lynndylanhurley/devise_token_auth/issues/197) - 40 Mb log file and 1 minute to have token with curl [\#195](https://github.com/lynndylanhurley/devise_token_auth/issues/195) - 401 unauthorized [\#193](https://github.com/lynndylanhurley/devise_token_auth/issues/193) -- GET requests to sign\_in shouldn't raise an exception [\#190](https://github.com/lynndylanhurley/devise_token_auth/issues/190) +- GET requests to sign_in shouldn't raise an exception [\#190](https://github.com/lynndylanhurley/devise_token_auth/issues/190) - Api not locked by default [\#189](https://github.com/lynndylanhurley/devise_token_auth/issues/189) -- Rails 4.1 [\#187](https://github.com/lynndylanhurley/devise_token_auth/issues/187) +- Rails 4.1 [\#187](https://github.com/lynndylanhurley/devise_token_auth/issues/187) - Token based authentication with no sessions [\#183](https://github.com/lynndylanhurley/devise_token_auth/issues/183) -- undefined method `authenticate\_user!' [\#182](https://github.com/lynndylanhurley/devise_token_auth/issues/182) -- confirm\_success\_url shouldn't be a required param [\#176](https://github.com/lynndylanhurley/devise_token_auth/issues/176) +- undefined method `authenticate_user!' [\#182](https://github.com/lynndylanhurley/devise_token_auth/issues/182) +- confirm_success_url shouldn't be a required param [\#176](https://github.com/lynndylanhurley/devise_token_auth/issues/176) - Provide an OAuth implementation for native apps [\#175](https://github.com/lynndylanhurley/devise_token_auth/issues/175) - getting an argument error when trying to use omniauth [\#174](https://github.com/lynndylanhurley/devise_token_auth/issues/174) - Sign in via username doesn't seem to work correctly. [\#173](https://github.com/lynndylanhurley/devise_token_auth/issues/173) - Cannot use + sign in email address. [\#171](https://github.com/lynndylanhurley/devise_token_auth/issues/171) - How can i authenticate using curl and get private entries ! [\#167](https://github.com/lynndylanhurley/devise_token_auth/issues/167) - Pessimistic Locking produces ArgumentError [\#165](https://github.com/lynndylanhurley/devise_token_auth/issues/165) -- POTENTIAL SECURITY RISK: Setting confirm\_success\_url and redirect\_url via API [\#162](https://github.com/lynndylanhurley/devise_token_auth/issues/162) +- POTENTIAL SECURITY RISK: Setting confirm_success_url and redirect_url via API [\#162](https://github.com/lynndylanhurley/devise_token_auth/issues/162) - Sign out just on client side ? [\#161](https://github.com/lynndylanhurley/devise_token_auth/issues/161) -- Unpermitted parameter: redirect\_url [\#160](https://github.com/lynndylanhurley/devise_token_auth/issues/160) -- Issues using devise and devise\_token\_auth [\#159](https://github.com/lynndylanhurley/devise_token_auth/issues/159) +- Unpermitted parameter: redirect_url [\#160](https://github.com/lynndylanhurley/devise_token_auth/issues/160) +- Issues using devise and devise_token_auth [\#159](https://github.com/lynndylanhurley/devise_token_auth/issues/159) - Add role based authorization [\#158](https://github.com/lynndylanhurley/devise_token_auth/issues/158) - Not compatible with ActiveAdmin [\#156](https://github.com/lynndylanhurley/devise_token_auth/issues/156) -- \[Duplicate\] is devise\_invitable supported? [\#154](https://github.com/lynndylanhurley/devise_token_auth/issues/154) +- \[Duplicate\] is devise_invitable supported? [\#154](https://github.com/lynndylanhurley/devise_token_auth/issues/154) - User can register with a "false" email [\#149](https://github.com/lynndylanhurley/devise_token_auth/issues/149) -- /validate\_token [\#148](https://github.com/lynndylanhurley/devise_token_auth/issues/148) +- /validate_token [\#148](https://github.com/lynndylanhurley/devise_token_auth/issues/148) - Email confirmation link [\#147](https://github.com/lynndylanhurley/devise_token_auth/issues/147) - Tokens field on database [\#146](https://github.com/lynndylanhurley/devise_token_auth/issues/146) - Twitter OAuth always throughs CookieOverflow [\#145](https://github.com/lynndylanhurley/devise_token_auth/issues/145) - Is there a way to configure apiUrl for both dev and prod? [\#144](https://github.com/lynndylanhurley/devise_token_auth/issues/144) - Getting 401 unauthorized on login attempt [\#142](https://github.com/lynndylanhurley/devise_token_auth/issues/142) - Comparing with jwt [\#140](https://github.com/lynndylanhurley/devise_token_auth/issues/140) -- Can't get omniauth to work \(error in redirect\_callbacks\) [\#139](https://github.com/lynndylanhurley/devise_token_auth/issues/139) +- Can't get omniauth to work \(error in redirect_callbacks\) [\#139](https://github.com/lynndylanhurley/devise_token_auth/issues/139) - Change controller inheritance [\#138](https://github.com/lynndylanhurley/devise_token_auth/issues/138) - Reset Password call returns 400 for Not Found user [\#137](https://github.com/lynndylanhurley/devise_token_auth/issues/137) - The gem is too big. Please take care of it. [\#136](https://github.com/lynndylanhurley/devise_token_auth/issues/136) - Error when loging with facebook the second time without logout [\#135](https://github.com/lynndylanhurley/devise_token_auth/issues/135) -- OmniAuth redirect doesn't work if using the generated mount\_devise\_token route [\#133](https://github.com/lynndylanhurley/devise_token_auth/issues/133) -- Missing template /omniauth\_response [\#132](https://github.com/lynndylanhurley/devise_token_auth/issues/132) +- OmniAuth redirect doesn't work if using the generated mount_devise_token route [\#133](https://github.com/lynndylanhurley/devise_token_auth/issues/133) +- Missing template /omniauth_response [\#132](https://github.com/lynndylanhurley/devise_token_auth/issues/132) - Unpermitted parameter: session [\#130](https://github.com/lynndylanhurley/devise_token_auth/issues/130) - OAuth error: We're sorry, but something went wrong [\#129](https://github.com/lynndylanhurley/devise_token_auth/issues/129) - Would it be useful to integrate login with username ? [\#127](https://github.com/lynndylanhurley/devise_token_auth/issues/127) @@ -3089,7 +3085,7 @@ - User tokens don't properly deserialize [\#121](https://github.com/lynndylanhurley/devise_token_auth/issues/121) - Could not load 'omniauth' [\#118](https://github.com/lynndylanhurley/devise_token_auth/issues/118) - bad argument \(expected URI object or URI string\) [\#116](https://github.com/lynndylanhurley/devise_token_auth/issues/116) -- devise\_token\_auth for public API, but devise for rest of app? [\#114](https://github.com/lynndylanhurley/devise_token_auth/issues/114) +- devise_token_auth for public API, but devise for rest of app? [\#114](https://github.com/lynndylanhurley/devise_token_auth/issues/114) - Omniauthable deleted on UsersConcern : Why ? [\#111](https://github.com/lynndylanhurley/devise_token_auth/issues/111) - Unrequired route [\#110](https://github.com/lynndylanhurley/devise_token_auth/issues/110) - raises NoMethodError instead of displaying error when email is missing [\#108](https://github.com/lynndylanhurley/devise_token_auth/issues/108) @@ -3106,59 +3102,59 @@ - API versioning the devise scope of token validation and ominiauth controller path will wrap up [\#96](https://github.com/lynndylanhurley/devise_token_auth/issues/96) - Overwriting default "from" email address [\#94](https://github.com/lynndylanhurley/devise_token_auth/issues/94) - uninitialized constant DeviseTokenAuth [\#92](https://github.com/lynndylanhurley/devise_token_auth/issues/92) -- change\_headers\_on\_each\_request not working expiry header empty [\#90](https://github.com/lynndylanhurley/devise_token_auth/issues/90) +- change_headers_on_each_request not working expiry header empty [\#90](https://github.com/lynndylanhurley/devise_token_auth/issues/90) - Gem render consistency [\#87](https://github.com/lynndylanhurley/devise_token_auth/issues/87) - Sample Sessions Controller for logging in via Rails View. [\#86](https://github.com/lynndylanhurley/devise_token_auth/issues/86) -- Change authorization key: Use phone\_number instead of email [\#84](https://github.com/lynndylanhurley/devise_token_auth/issues/84) -- Conflict with active\_admin gem [\#83](https://github.com/lynndylanhurley/devise_token_auth/issues/83) -- NoMethodError in DeviseTokenAuth::OmniauthCallbacksController\#redirect\_callbacks [\#82](https://github.com/lynndylanhurley/devise_token_auth/issues/82) +- Change authorization key: Use phone_number instead of email [\#84](https://github.com/lynndylanhurley/devise_token_auth/issues/84) +- Conflict with active_admin gem [\#83](https://github.com/lynndylanhurley/devise_token_auth/issues/83) +- NoMethodError in DeviseTokenAuth::OmniauthCallbacksController\#redirect_callbacks [\#82](https://github.com/lynndylanhurley/devise_token_auth/issues/82) - All the APIs are getting 'Authorized users only' [\#81](https://github.com/lynndylanhurley/devise_token_auth/issues/81) - Is Devise option Rememberable required ? [\#80](https://github.com/lynndylanhurley/devise_token_auth/issues/80) -- Problem with skip\_confirmation! [\#78](https://github.com/lynndylanhurley/devise_token_auth/issues/78) +- Problem with skip_confirmation! [\#78](https://github.com/lynndylanhurley/devise_token_auth/issues/78) - Cannot reset password if registered by omniauth [\#77](https://github.com/lynndylanhurley/devise_token_auth/issues/77) - NoMethodError at /omniauth/facebook/callback - undefined method `\[\]' for nil:NilClass [\#76](https://github.com/lynndylanhurley/devise_token_auth/issues/76) - Skipping Registrations Controller Altogether [\#70](https://github.com/lynndylanhurley/devise_token_auth/issues/70) -- Problem in validate\_token if the model is in a namespace [\#69](https://github.com/lynndylanhurley/devise_token_auth/issues/69) +- Problem in validate_token if the model is in a namespace [\#69](https://github.com/lynndylanhurley/devise_token_auth/issues/69) - Cannot send confirmation email if there is no 'User' model [\#68](https://github.com/lynndylanhurley/devise_token_auth/issues/68) - Better guidelines for contributors [\#65](https://github.com/lynndylanhurley/devise_token_auth/issues/65) - admin namespace [\#63](https://github.com/lynndylanhurley/devise_token_auth/issues/63) - Devise trackable module not working [\#62](https://github.com/lynndylanhurley/devise_token_auth/issues/62) -- Devise\_token\_auth without OmniAuth authentication [\#60](https://github.com/lynndylanhurley/devise_token_auth/issues/60) +- Devise_token_auth without OmniAuth authentication [\#60](https://github.com/lynndylanhurley/devise_token_auth/issues/60) - Reset Password error [\#59](https://github.com/lynndylanhurley/devise_token_auth/issues/59) - Confirmable - unconfirmed email [\#58](https://github.com/lynndylanhurley/devise_token_auth/issues/58) - Email Column Isn't Used for Database Authentication [\#56](https://github.com/lynndylanhurley/devise_token_auth/issues/56) - Unique Key for Provider and UID Combination [\#55](https://github.com/lynndylanhurley/devise_token_auth/issues/55) - User Info in separate table or removed [\#53](https://github.com/lynndylanhurley/devise_token_auth/issues/53) - rename @user to @resource [\#48](https://github.com/lynndylanhurley/devise_token_auth/issues/48) -- Active\_admin issue [\#47](https://github.com/lynndylanhurley/devise_token_auth/issues/47) +- Active_admin issue [\#47](https://github.com/lynndylanhurley/devise_token_auth/issues/47) - Possible Logout Issue [\#46](https://github.com/lynndylanhurley/devise_token_auth/issues/46) - Routes not appended to routes.rb [\#45](https://github.com/lynndylanhurley/devise_token_auth/issues/45) -- Return resource.errors.full\_messages in addition to resource.errors [\#44](https://github.com/lynndylanhurley/devise_token_auth/issues/44) -- Devise and Devise\_Token\_Auth in api namespace [\#43](https://github.com/lynndylanhurley/devise_token_auth/issues/43) +- Return resource.errors.full_messages in addition to resource.errors [\#44](https://github.com/lynndylanhurley/devise_token_auth/issues/44) +- Devise and Devise_Token_Auth in api namespace [\#43](https://github.com/lynndylanhurley/devise_token_auth/issues/43) - Trackable attributes are not being updated. [\#42](https://github.com/lynndylanhurley/devise_token_auth/issues/42) -- Avoid using respond\_to in application controller [\#41](https://github.com/lynndylanhurley/devise_token_auth/issues/41) -- devise\_token\_auth assumes you want the :confirmable functionality [\#40](https://github.com/lynndylanhurley/devise_token_auth/issues/40) +- Avoid using respond_to in application controller [\#41](https://github.com/lynndylanhurley/devise_token_auth/issues/41) +- devise_token_auth assumes you want the :confirmable functionality [\#40](https://github.com/lynndylanhurley/devise_token_auth/issues/40) - undefined method `match' for nil:NilClass [\#39](https://github.com/lynndylanhurley/devise_token_auth/issues/39) - Expired token aren't removed when session expires [\#38](https://github.com/lynndylanhurley/devise_token_auth/issues/38) -- sign\_up helper [\#37](https://github.com/lynndylanhurley/devise_token_auth/issues/37) -- self.tokens\[client\_id\]\['token'\] != token [\#30](https://github.com/lynndylanhurley/devise_token_auth/issues/30) +- sign_up helper [\#37](https://github.com/lynndylanhurley/devise_token_auth/issues/37) +- self.tokens\[client_id\]\['token'\] != token [\#30](https://github.com/lynndylanhurley/devise_token_auth/issues/30) - How is the uid generated for non-omniauth users? [\#29](https://github.com/lynndylanhurley/devise_token_auth/issues/29) -- Access to current\_user variable? [\#28](https://github.com/lynndylanhurley/devise_token_auth/issues/28) -- Filter chain halted as :require\_no\_authentication [\#27](https://github.com/lynndylanhurley/devise_token_auth/issues/27) +- Access to current_user variable? [\#28](https://github.com/lynndylanhurley/devise_token_auth/issues/28) +- Filter chain halted as :require_no_authentication [\#27](https://github.com/lynndylanhurley/devise_token_auth/issues/27) - Allow additional parameters for registration [\#25](https://github.com/lynndylanhurley/devise_token_auth/issues/25) -- Cannot add more parameters at sign\_up [\#22](https://github.com/lynndylanhurley/devise_token_auth/issues/22) +- Cannot add more parameters at sign_up [\#22](https://github.com/lynndylanhurley/devise_token_auth/issues/22) - Error on Registration [\#21](https://github.com/lynndylanhurley/devise_token_auth/issues/21) - Error with authentication [\#20](https://github.com/lynndylanhurley/devise_token_auth/issues/20) - Cascade of Issues with Omniauth\(?\) [\#18](https://github.com/lynndylanhurley/devise_token_auth/issues/18) - Batch Requests Respond with Original Auth Token [\#17](https://github.com/lynndylanhurley/devise_token_auth/issues/17) - Sign out with email provider error [\#16](https://github.com/lynndylanhurley/devise_token_auth/issues/16) -- sessions\_controller.rb [\#12](https://github.com/lynndylanhurley/devise_token_auth/issues/12) +- sessions_controller.rb [\#12](https://github.com/lynndylanhurley/devise_token_auth/issues/12) - Github login in example is broken [\#10](https://github.com/lynndylanhurley/devise_token_auth/issues/10) - Facebook auth is broken [\#9](https://github.com/lynndylanhurley/devise_token_auth/issues/9) - Generator is not working [\#8](https://github.com/lynndylanhurley/devise_token_auth/issues/8) - Test ticket from Code Climate [\#6](https://github.com/lynndylanhurley/devise_token_auth/issues/6) - Test ticket from Code Climate [\#5](https://github.com/lynndylanhurley/devise_token_auth/issues/5) -- extending the devise\_token\_auth user model [\#4](https://github.com/lynndylanhurley/devise_token_auth/issues/4) +- extending the devise_token_auth user model [\#4](https://github.com/lynndylanhurley/devise_token_auth/issues/4) - A few ideas [\#3](https://github.com/lynndylanhurley/devise_token_auth/issues/3) - Google Oauth2 does not set cookies in production. [\#1](https://github.com/lynndylanhurley/devise_token_auth/issues/1) @@ -3169,24 +3165,24 @@ - Fixed error when using standard devise authentication [\#329](https://github.com/lynndylanhurley/devise_token_auth/pull/329) ([colavitam](https://github.com/colavitam)) - feat\(improved-omniauth\): omniauth sameWindow and inAppBrowser flows [\#323](https://github.com/lynndylanhurley/devise_token_auth/pull/323) ([nbrustein](https://github.com/nbrustein)) - Old password check before password update [\#317](https://github.com/lynndylanhurley/devise_token_auth/pull/317) ([jakubrohleder](https://github.com/jakubrohleder)) -- Remove erroneous colon from before\_action callback [\#310](https://github.com/lynndylanhurley/devise_token_auth/pull/310) ([jmliu](https://github.com/jmliu)) +- Remove erroneous colon from before_action callback [\#310](https://github.com/lynndylanhurley/devise_token_auth/pull/310) ([jmliu](https://github.com/jmliu)) - Disabled serialization for JSON type columns [\#306](https://github.com/lynndylanhurley/devise_token_auth/pull/306) ([colavitam](https://github.com/colavitam)) - Set default provider to "email" in migration [\#302](https://github.com/lynndylanhurley/devise_token_auth/pull/302) ([colavitam](https://github.com/colavitam)) - Fix an issue for not :confirmable users [\#296](https://github.com/lynndylanhurley/devise_token_auth/pull/296) ([sebfie](https://github.com/sebfie)) - Update README.md [\#295](https://github.com/lynndylanhurley/devise_token_auth/pull/295) ([adisos](https://github.com/adisos)) -- Fix MOUNT\_PATH 'Read More' link [\#294](https://github.com/lynndylanhurley/devise_token_auth/pull/294) ([jmliu](https://github.com/jmliu)) +- Fix MOUNT_PATH 'Read More' link [\#294](https://github.com/lynndylanhurley/devise_token_auth/pull/294) ([jmliu](https://github.com/jmliu)) - Don't send password reset instructions to unconfirmed email [\#288](https://github.com/lynndylanhurley/devise_token_auth/pull/288) ([coryschires](https://github.com/coryschires)) - Feature/i18n support [\#283](https://github.com/lynndylanhurley/devise_token_auth/pull/283) ([sebfie](https://github.com/sebfie)) -- Update documentation for validate\_token [\#277](https://github.com/lynndylanhurley/devise_token_auth/pull/277) ([adamgall](https://github.com/adamgall)) +- Update documentation for validate_token [\#277](https://github.com/lynndylanhurley/devise_token_auth/pull/277) ([adamgall](https://github.com/adamgall)) - Added json support for tokens [\#276](https://github.com/lynndylanhurley/devise_token_auth/pull/276) ([shicholas](https://github.com/shicholas)) -- perf\(token\_is\_current?\): add simplistic cache to reduce overhead of redundant token checks during validation calls [\#272](https://github.com/lynndylanhurley/devise_token_auth/pull/272) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- perf\(update\_auth\_header\): only lock the resource if we are rotating tokens [\#267](https://github.com/lynndylanhurley/devise_token_auth/pull/267) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- fix\(email-validation\): Update in-use email validation message during registration to allow full\_message use [\#255](https://github.com/lynndylanhurley/devise_token_auth/pull/255) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- perf\(token_is_current?\): add simplistic cache to reduce overhead of redundant token checks during validation calls [\#272](https://github.com/lynndylanhurley/devise_token_auth/pull/272) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- perf\(update_auth_header\): only lock the resource if we are rotating tokens [\#267](https://github.com/lynndylanhurley/devise_token_auth/pull/267) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- fix\(email-validation\): Update in-use email validation message during registration to allow full_message use [\#255](https://github.com/lynndylanhurley/devise_token_auth/pull/255) ([booleanbetrayal](https://github.com/booleanbetrayal)) - fix\(session\#new\): fix unhandled 500 when logging in with valid user and bad password [\#254](https://github.com/lynndylanhurley/devise_token_auth/pull/254) ([mathemagica](https://github.com/mathemagica)) -- feat\(ominauth\): support json-formatted values in omniauth callback. [\#252](https://github.com/lynndylanhurley/devise_token_auth/pull/252) ([nbrustein](https://github.com/nbrustein)) -- fix\(sessions controller\): call reset\_session on destroy [\#251](https://github.com/lynndylanhurley/devise_token_auth/pull/251) ([nbrustein](https://github.com/nbrustein)) -- fix\(resource\_class\): support optional mapping property from set\_user\_by\_token [\#250](https://github.com/lynndylanhurley/devise_token_auth/pull/250) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Allow current\_password to be supplied when updating profile. [\#240](https://github.com/lynndylanhurley/devise_token_auth/pull/240) ([jasonswett](https://github.com/jasonswett)) +- feat\(ominauth\): support json-formatted values in omniauth callback. [\#252](https://github.com/lynndylanhurley/devise_token_auth/pull/252) ([nbrustein](https://github.com/nbrustein)) +- fix\(sessions controller\): call reset_session on destroy [\#251](https://github.com/lynndylanhurley/devise_token_auth/pull/251) ([nbrustein](https://github.com/nbrustein)) +- fix\(resource_class\): support optional mapping property from set_user_by_token [\#250](https://github.com/lynndylanhurley/devise_token_auth/pull/250) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- Allow current_password to be supplied when updating profile. [\#240](https://github.com/lynndylanhurley/devise_token_auth/pull/240) ([jasonswett](https://github.com/jasonswett)) - fixes password reset when not using confirmable [\#225](https://github.com/lynndylanhurley/devise_token_auth/pull/225) ([aesnyder](https://github.com/aesnyder)) - Fix error when email missing from registration params [\#220](https://github.com/lynndylanhurley/devise_token_auth/pull/220) ([iangreenleaf](https://github.com/iangreenleaf)) - URI fragment should appear at the end of URL [\#214](https://github.com/lynndylanhurley/devise_token_auth/pull/214) ([edymerchk](https://github.com/edymerchk)) @@ -3197,23 +3193,23 @@ - Return 422 \(was 500\) when empty body for sign up and account update [\#204](https://github.com/lynndylanhurley/devise_token_auth/pull/204) ([mchavarriagam](https://github.com/mchavarriagam)) - Users with allowed unconfirmed access can now log in successfully. [\#202](https://github.com/lynndylanhurley/devise_token_auth/pull/202) ([colavitam](https://github.com/colavitam)) - Authenticating an existing Warden/Devise User [\#200](https://github.com/lynndylanhurley/devise_token_auth/pull/200) ([nickL](https://github.com/nickL)) -- GET sign\_in should direct people to use POST sign\_in rather than raising exception [\#191](https://github.com/lynndylanhurley/devise_token_auth/pull/191) ([milesmatthias](https://github.com/milesmatthias)) +- GET sign_in should direct people to use POST sign_in rather than raising exception [\#191](https://github.com/lynndylanhurley/devise_token_auth/pull/191) ([milesmatthias](https://github.com/milesmatthias)) - Ignore 'extra' in Twitter auth response to avoid CookieOverflow. Fixes \#145. [\#179](https://github.com/lynndylanhurley/devise_token_auth/pull/179) ([tbloncar](https://github.com/tbloncar)) -- Some missing as\_json ? [\#152](https://github.com/lynndylanhurley/devise_token_auth/pull/152) ([nicolas-besnard](https://github.com/nicolas-besnard)) +- Some missing as_json ? [\#152](https://github.com/lynndylanhurley/devise_token_auth/pull/152) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Check email format on registration [\#150](https://github.com/lynndylanhurley/devise_token_auth/pull/150) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Actual header key uses dashes, not underscores. [\#143](https://github.com/lynndylanhurley/devise_token_auth/pull/143) ([ragaskar](https://github.com/ragaskar)) - Username register login [\#128](https://github.com/lynndylanhurley/devise_token_auth/pull/128) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Check if confirmable is active before skipping confirmation [\#125](https://github.com/lynndylanhurley/devise_token_auth/pull/125) ([nicolas-besnard](https://github.com/nicolas-besnard)) - Fix links to section about controller integration. [\#117](https://github.com/lynndylanhurley/devise_token_auth/pull/117) ([Le6ow5k1](https://github.com/Le6ow5k1)) -- document GET for /validate\_token [\#113](https://github.com/lynndylanhurley/devise_token_auth/pull/113) ([lukaselmer](https://github.com/lukaselmer)) +- document GET for /validate_token [\#113](https://github.com/lynndylanhurley/devise_token_auth/pull/113) ([lukaselmer](https://github.com/lukaselmer)) - Fix small error in documentation. [\#91](https://github.com/lynndylanhurley/devise_token_auth/pull/91) ([edgarhenriquez](https://github.com/edgarhenriquez)) - Exclude devise modules [\#85](https://github.com/lynndylanhurley/devise_token_auth/pull/85) ([jartek](https://github.com/jartek)) - fix\(registration and update\): Ensure UID is updated alongside Email, and case-sensitivity is honored [\#71](https://github.com/lynndylanhurley/devise_token_auth/pull/71) ([booleanbetrayal](https://github.com/booleanbetrayal)) - Add better guidelines for contributors. [\#67](https://github.com/lynndylanhurley/devise_token_auth/pull/67) ([edgarhenriquez](https://github.com/edgarhenriquez)) -- Use resource\_class to override email confirmation. [\#64](https://github.com/lynndylanhurley/devise_token_auth/pull/64) ([edgarhenriquez](https://github.com/edgarhenriquez)) -- fix\(case-sensitivity\): support devise case\_insensitive\_keys for session ... [\#57](https://github.com/lynndylanhurley/devise_token_auth/pull/57) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- fix\(contention\): fix write contention in update\_auth\_headers and always ... [\#52](https://github.com/lynndylanhurley/devise_token_auth/pull/52) ([booleanbetrayal](https://github.com/booleanbetrayal)) -- Include resource.errors.full\_messages in error response. [\#50](https://github.com/lynndylanhurley/devise_token_auth/pull/50) ([jasonswett](https://github.com/jasonswett)) +- Use resource_class to override email confirmation. [\#64](https://github.com/lynndylanhurley/devise_token_auth/pull/64) ([edgarhenriquez](https://github.com/edgarhenriquez)) +- fix\(case-sensitivity\): support devise case_insensitive_keys for session ... [\#57](https://github.com/lynndylanhurley/devise_token_auth/pull/57) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- fix\(contention\): fix write contention in update_auth_headers and always ... [\#52](https://github.com/lynndylanhurley/devise_token_auth/pull/52) ([booleanbetrayal](https://github.com/booleanbetrayal)) +- Include resource.errors.full_messages in error response. [\#50](https://github.com/lynndylanhurley/devise_token_auth/pull/50) ([jasonswett](https://github.com/jasonswett)) - fix\(expiry\): fix an issue where token expiration checks were too permissive [\#49](https://github.com/lynndylanhurley/devise_token_auth/pull/49) ([booleanbetrayal](https://github.com/booleanbetrayal)) - Update README with Example Generator Command [\#35](https://github.com/lynndylanhurley/devise_token_auth/pull/35) ([wwilkins](https://github.com/wwilkins)) - Remove OmniAuth dependency [\#26](https://github.com/lynndylanhurley/devise_token_auth/pull/26) ([hannahhoward](https://github.com/hannahhoward)) @@ -3222,11 +3218,4 @@ - Fix expiry data type [\#11](https://github.com/lynndylanhurley/devise_token_auth/pull/11) ([lonre](https://github.com/lonre)) - README and travis config tweaks [\#7](https://github.com/lynndylanhurley/devise_token_auth/pull/7) ([guilhermesimoes](https://github.com/guilhermesimoes)) - -\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* - -\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* - -\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* +\* _This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)_ diff --git a/lib/devise_token_auth/version.rb b/lib/devise_token_auth/version.rb index 4bde5dfbc..244b4c1f1 100644 --- a/lib/devise_token_auth/version.rb +++ b/lib/devise_token_auth/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module DeviseTokenAuth - VERSION = '1.2.4'.freeze + VERSION = '1.2.5'.freeze end From 9690370659b319b4813c25be984a1941c815232e Mon Sep 17 00:00:00 2001 From: Maicol Bentancor Date: Mon, 6 Jan 2025 16:45:26 -0300 Subject: [PATCH 64/65] Setup missing sqlite (#1646) --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 14ec6ec67..8041ae48e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -116,6 +116,8 @@ jobs: - name: Setup Bundler 1.x for Rails 4.x if: ${{ matrix.gemfile == 'gemfiles/rails_4_2.gemfile' || matrix.gemfile == 'gemfiles/rails_4_2_mongoid_5.gemfile' }} run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV + - name: Setup SQLite + run: sudo apt-get install libsqlite3-dev - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} From aedef3ca68d4e69bdc4a3e8987fa9d5f45420eec Mon Sep 17 00:00:00 2001 From: Bruno Tagliani Date: Fri, 10 Jan 2025 20:14:00 -0300 Subject: [PATCH 65/65] fix: Prevent lock with unsaved changes (#1640) --- app/controllers/devise_token_auth/sessions_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_token_auth/sessions_controller.rb b/app/controllers/devise_token_auth/sessions_controller.rb index 31286412d..6dda4f049 100644 --- a/app/controllers/devise_token_auth/sessions_controller.rb +++ b/app/controllers/devise_token_auth/sessions_controller.rb @@ -131,7 +131,7 @@ def resource_params end def create_and_assign_token - if @resource.respond_to?(:with_lock) + if @resource.respond_to?(:with_lock) && !@resource.changed? @resource.with_lock do @token = @resource.create_token @resource.save!