├── test ├── dummy │ ├── log │ │ └── .keep │ ├── app │ │ ├── mailers │ │ │ └── .keep │ │ ├── models │ │ │ ├── .keep │ │ │ ├── concerns │ │ │ │ └── .keep │ │ │ └── user.rb │ │ ├── assets │ │ │ ├── images │ │ │ │ └── .keep │ │ │ ├── javascripts │ │ │ │ └── application.js │ │ │ └── stylesheets │ │ │ │ └── application.css │ │ ├── controllers │ │ │ ├── concerns │ │ │ │ └── .keep │ │ │ └── application_controller.rb │ │ ├── helpers │ │ │ └── application_helper.rb │ │ └── views │ │ │ └── layouts │ │ │ └── application.html.erb │ ├── lib │ │ └── assets │ │ │ └── .keep │ ├── public │ │ ├── favicon.ico │ │ ├── 500.html │ │ ├── 422.html │ │ └── 404.html │ ├── db │ │ ├── test.sqlite3 │ │ ├── development.sqlite3 │ │ ├── migrate │ │ │ ├── 20160509173624_add_users.rb │ │ │ └── 20160509174252_devise_create_user_sessions.rb │ │ └── schema.rb │ ├── bin │ │ ├── rake │ │ ├── bundle │ │ ├── rails │ │ └── setup │ ├── config.ru │ ├── config │ │ ├── initializers │ │ │ ├── cookies_serializer.rb │ │ │ ├── session_store.rb │ │ │ ├── mime_types.rb │ │ │ ├── filter_parameter_logging.rb │ │ │ ├── backtrace_silencers.rb │ │ │ ├── assets.rb │ │ │ ├── wrap_parameters.rb │ │ │ ├── inflections.rb │ │ │ └── devise.rb │ │ ├── environment.rb │ │ ├── boot.rb │ │ ├── database.yml │ │ ├── locales │ │ │ ├── en.yml │ │ │ └── devise.en.yml │ │ ├── secrets.yml │ │ ├── application.rb │ │ ├── environments │ │ │ ├── development.rb │ │ │ ├── test.rb │ │ │ └── production.rb │ │ └── routes.rb │ ├── Rakefile │ └── README.rdoc ├── test_helper.rb ├── model_test.rb └── devise_invalidatable_generator_test.rb ├── .gitignore ├── Gemfile ├── lib ├── devise_invalidatable │ ├── version.rb │ ├── model.rb │ └── hooks │ │ └── invalidatable.rb ├── generators │ └── devise_invalidatable │ │ ├── templates │ │ ├── user_session.rb │ │ └── migration.rb │ │ └── devise_invalidatable_generator.rb └── devise_invalidatable.rb ├── .travis.yml ├── Rakefile ├── devise_invalidatable.gemspec ├── README.md └── Gemfile.lock /test/dummy/log/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/dummy/app/mailers/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/dummy/app/models/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/dummy/lib/assets/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/dummy/public/favicon.ico: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/dummy/app/assets/images/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/dummy/app/models/concerns/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/dummy/app/controllers/concerns/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | log/*.log 2 | .idea 3 | test/dummy/log/*.log 4 | tmp/ 5 | -------------------------------------------------------------------------------- /test/dummy/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'http://rubygems.org' 2 | 3 | gem 'rails' 4 | gem 'sqlite3' 5 | gem 'devise' 6 | -------------------------------------------------------------------------------- /test/dummy/app/models/user.rb: -------------------------------------------------------------------------------- 1 | class User < ActiveRecord::Base 2 | devise :invalidatable 3 | end 4 | -------------------------------------------------------------------------------- /lib/devise_invalidatable/version.rb: -------------------------------------------------------------------------------- 1 | module DeviseInvalidatable 2 | VERSION = '0.0.2'.freeze 3 | end 4 | -------------------------------------------------------------------------------- /test/dummy/db/test.sqlite3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/workato/devise_invalidatable/master/test/dummy/db/test.sqlite3 -------------------------------------------------------------------------------- /test/dummy/bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require_relative '../config/boot' 3 | require 'rake' 4 | Rake.application.run 5 | -------------------------------------------------------------------------------- /test/dummy/db/development.sqlite3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/workato/devise_invalidatable/master/test/dummy/db/development.sqlite3 -------------------------------------------------------------------------------- /test/dummy/bin/bundle: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 3 | load Gem.bin_path('bundler', 'bundle') 4 | -------------------------------------------------------------------------------- /test/dummy/bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | APP_PATH = File.expand_path('../../config/application', __FILE__) 3 | require_relative '../config/boot' 4 | require 'rails/commands' 5 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: ruby 2 | rvm: 3 | - 2.2 4 | # uncomment and edit the following line if your project needs to run something other than `rake`: 5 | # script: bundle exec rspec spec 6 | -------------------------------------------------------------------------------- /test/dummy/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run Rails.application 5 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/cookies_serializer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails.application.config.action_dispatch.cookies_serializer = :json 4 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails.application.config.session_store :cookie_store, key: '_dummy_session' 4 | -------------------------------------------------------------------------------- /test/dummy/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the Rails application. 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the Rails application. 5 | Rails.application.initialize! 6 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | -------------------------------------------------------------------------------- /test/dummy/db/migrate/20160509173624_add_users.rb: -------------------------------------------------------------------------------- 1 | class AddUsers < ActiveRecord::Migration 2 | def up 3 | create_table :users 4 | end 5 | 6 | def down 7 | drop_table :users 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure sensitive parameters which will be filtered from the log file. 4 | Rails.application.config.filter_parameters += [:password] 5 | -------------------------------------------------------------------------------- /test/dummy/app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | # Prevent CSRF attacks by raising an exception. 3 | # For APIs, you may want to use :null_session instead. 4 | protect_from_forgery with: :exception 5 | end 6 | -------------------------------------------------------------------------------- /test/dummy/config/boot.rb: -------------------------------------------------------------------------------- 1 | # Set up gems listed in the Gemfile. 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__) 3 | 4 | require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) 5 | $LOAD_PATH.unshift File.expand_path('../../../../lib', __FILE__) 6 | -------------------------------------------------------------------------------- /test/dummy/Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require File.expand_path('../config/application', __FILE__) 5 | 6 | Rails.application.load_tasks 7 | -------------------------------------------------------------------------------- /test/test_helper.rb: -------------------------------------------------------------------------------- 1 | # Configure Rails Environment 2 | ENV['RAILS_ENV'] = 'test' 3 | 4 | require File.expand_path("../../test/dummy/config/environment.rb", __FILE__) 5 | 6 | require 'rails' 7 | require 'rails/test_help' 8 | 9 | # Filter out Minitest backtrace while allowing backtrace from other libraries 10 | # to be shown. 11 | Minitest.backtrace_filter = Minitest::BacktraceFilter.new 12 | -------------------------------------------------------------------------------- /test/dummy/app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Dummy 5 | <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %> 6 | <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %> 7 | <%= csrf_meta_tags %> 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /lib/generators/devise_invalidatable/templates/user_session.rb: -------------------------------------------------------------------------------- 1 | class UserSession 2 | include Mongoid::Document 3 | include Mongoid::Timestamps 4 | 5 | field :session_id, type: String 6 | field :ip, type: String 7 | field :user_agent, type: String 8 | 9 | belongs_to :<%= file_name %> 10 | 11 | index({ <%= file_name %>_id: 1 }) 12 | index({ session_id: 1 }, { unique: true }) 13 | 14 | def self.deactivate(session_id) 15 | where(session_id: session_id).delete_all 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | 3 | require 'rubygems' 4 | require 'bundler' 5 | begin 6 | Bundler.setup(:default, :development) 7 | rescue Bundler::BundlerError => e 8 | $stderr.puts e.message 9 | $stderr.puts 'Run `bundle install` to install missing gems' 10 | exit e.status_code 11 | end 12 | 13 | require 'rake/testtask' 14 | 15 | Rake::TestTask.new(:test) do |t| 16 | t.libs << 'lib' 17 | t.libs << 'test' 18 | t.pattern = 'test/**/*_test.rb' 19 | t.verbose = false 20 | end 21 | 22 | task default: :test 23 | -------------------------------------------------------------------------------- /lib/devise_invalidatable.rb: -------------------------------------------------------------------------------- 1 | unless defined?(Devise) 2 | require 'devise' 3 | end 4 | require 'devise_invalidatable' 5 | 6 | Devise.add_module(:invalidatable, 7 | model: 'devise_invalidatable/model') 8 | 9 | module DeviseInvalidatable 10 | end 11 | 12 | if defined?(ActiveRecord) 13 | class UserSession < ActiveRecord::Base 14 | belongs_to :sessionable, polymorphic: true 15 | def self.deactivate(session_id) 16 | where(session_id: session_id).delete_all 17 | end 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/assets.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Version of your assets, change this if you want to expire all your assets. 4 | Rails.application.config.assets.version = '1.0' 5 | 6 | # Add additional assets to the asset load path 7 | # Rails.application.config.assets.paths << Emoji.images_path 8 | 9 | # Precompile additional assets. 10 | # application.js, application.css, and all non-JS/CSS in app/assets folder are already added. 11 | # Rails.application.config.assets.precompile += %w( search.js ) 12 | -------------------------------------------------------------------------------- /test/dummy/db/migrate/20160509174252_devise_create_user_sessions.rb: -------------------------------------------------------------------------------- 1 | class DeviseCreateUserSessions < ActiveRecord::Migration 2 | @@table_name = :user_sessions 3 | @@column_name = :user_id 4 | 5 | def up 6 | create_table @@table_name do |t| 7 | t.references :sessionable, polymorphic: true, index: true 8 | t.string :session_id 9 | t.string :ip 10 | t.string :user_agent 11 | t.timestamps 12 | end 13 | add_index(@@table_name, :session_id, unique: true) 14 | end 15 | 16 | def down 17 | drop_table(@@table_name) 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /lib/generators/devise_invalidatable/templates/migration.rb: -------------------------------------------------------------------------------- 1 | class DeviseCreateUserSessions < ActiveRecord::Migration 2 | @@table_name = :user_sessions 3 | @@column_name = :<%= file_name %>_id 4 | 5 | def up 6 | create_table @@table_name do |t| 7 | t.references :sessionable, polymorphic: true, index: true 8 | t.string :session_id 9 | t.string :ip 10 | t.string :user_agent 11 | t.timestamps 12 | end 13 | add_index(@@table_name, :session_id, unique: true) 14 | end 15 | 16 | def down 17 | drop_table(@@table_name) 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/wrap_parameters.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # This file contains settings for ActionController::ParamsWrapper which 4 | # is enabled by default. 5 | 6 | # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. 7 | ActiveSupport.on_load(:action_controller) do 8 | wrap_parameters format: [:json] if respond_to?(:wrap_parameters) 9 | end 10 | 11 | # To enable root element in JSON for ActiveRecord objects. 12 | # ActiveSupport.on_load(:active_record) do 13 | # self.include_root_in_json = true 14 | # end 15 | -------------------------------------------------------------------------------- /test/dummy/README.rdoc: -------------------------------------------------------------------------------- 1 | == README 2 | 3 | This README would normally document whatever steps are necessary to get the 4 | application up and running. 5 | 6 | Things you may want to cover: 7 | 8 | * Ruby version 9 | 10 | * System dependencies 11 | 12 | * Configuration 13 | 14 | * Database creation 15 | 16 | * Database initialization 17 | 18 | * How to run the test suite 19 | 20 | * Services (job queues, cache servers, search engines, etc.) 21 | 22 | * Deployment instructions 23 | 24 | * ... 25 | 26 | 27 | Please feel free to use a different markup language if you do not plan to run 28 | rake doc:app. 29 | -------------------------------------------------------------------------------- /test/dummy/config/database.yml: -------------------------------------------------------------------------------- 1 | # SQLite version 3.x 2 | # gem install sqlite3 3 | # 4 | # Ensure the SQLite 3 gem is defined in your Gemfile 5 | # gem 'sqlite3' 6 | # 7 | default: &default 8 | adapter: sqlite3 9 | pool: 5 10 | timeout: 5000 11 | 12 | development: 13 | <<: *default 14 | database: db/development.sqlite3 15 | 16 | # Warning: The database defined as "test" will be erased and 17 | # re-generated from your development database when you run "rake". 18 | # Do not set this db to the same as development or production. 19 | test: 20 | <<: *default 21 | database: db/test.sqlite3 22 | 23 | production: 24 | <<: *default 25 | database: db/production.sqlite3 26 | -------------------------------------------------------------------------------- /test/dummy/app/assets/javascripts/application.js: -------------------------------------------------------------------------------- 1 | // This is a manifest file that'll be compiled into application.js, which will include all the files 2 | // listed below. 3 | // 4 | // Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts, 5 | // or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path. 6 | // 7 | // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the 8 | // compiled file. 9 | // 10 | // Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details 11 | // about supported directives. 12 | // 13 | //= require_tree . 14 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format. Inflections 4 | # are locale specific, and you may define rules for as many different 5 | # locales as you wish. All of these examples are active by default: 6 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 7 | # inflect.plural /^(ox)$/i, '\1en' 8 | # inflect.singular /^(ox)en/i, '\1' 9 | # inflect.irregular 'person', 'people' 10 | # inflect.uncountable %w( fish sheep ) 11 | # end 12 | 13 | # These inflection rules are supported but not enabled by default: 14 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 15 | # inflect.acronym 'RESTful' 16 | # end 17 | -------------------------------------------------------------------------------- /test/dummy/config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Files in the config/locales directory are used for internationalization 2 | # and are automatically loaded by Rails. If you want to use locales other 3 | # than English, add the necessary files in this directory. 4 | # 5 | # To use the locales, use `I18n.t`: 6 | # 7 | # I18n.t 'hello' 8 | # 9 | # In views, this is aliased to just `t`: 10 | # 11 | # <%= t('hello') %> 12 | # 13 | # To use a different locale, set it with `I18n.locale`: 14 | # 15 | # I18n.locale = :es 16 | # 17 | # This would use the information in config/locales/es.yml. 18 | # 19 | # To learn more, please read the Rails Internationalization guide 20 | # available at http://guides.rubyonrails.org/i18n.html. 21 | 22 | en: 23 | hello: "Hello world" 24 | -------------------------------------------------------------------------------- /devise_invalidatable.gemspec: -------------------------------------------------------------------------------- 1 | $:.push File.expand_path('../lib', __FILE__) 2 | require 'devise_invalidatable/version' 3 | 4 | Gem::Specification.new do |s| 5 | s.name = 'devise_invalidatable' 6 | s.version = DeviseInvalidatable::VERSION.dup 7 | s.platform = Gem::Platform::RUBY 8 | s.licenses = ['MIT'] 9 | s.summary = 'Adds the ability to invalidate a session with Devise' 10 | s.email = 'mdadki@gmail.com' 11 | s.homepage = 'https://github.com/madkins/devise_invalidatable' 12 | s.description = 'Adds the ability to invalidate a session with Devise' 13 | s.authors = ['Michael Adkins'] 14 | 15 | s.files = Dir['lib/**/*.rb'] 16 | s.require_paths = ['lib'] 17 | 18 | s.add_runtime_dependency 'rails' 19 | s.add_runtime_dependency 'devise' 20 | end -------------------------------------------------------------------------------- /test/dummy/app/assets/stylesheets/application.css: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a manifest file that'll be compiled into application.css, which will include all the files 3 | * listed below. 4 | * 5 | * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets, 6 | * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path. 7 | * 8 | * You're free to add application-wide styles to this file and they'll appear at the bottom of the 9 | * compiled file so the styles you add here take precedence over styles defined in any styles 10 | * defined in the other CSS/SCSS files in this directory. It is generally better to create a new 11 | * file per style scope. 12 | * 13 | *= require_tree . 14 | *= require_self 15 | */ 16 | -------------------------------------------------------------------------------- /test/dummy/bin/setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'pathname' 3 | 4 | # path to your application root. 5 | APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) 6 | 7 | Dir.chdir APP_ROOT do 8 | # This script is a starting point to setup your application. 9 | # Add necessary setup steps to this file: 10 | 11 | puts "== Installing dependencies ==" 12 | system "gem install bundler --conservative" 13 | system "bundle check || bundle install" 14 | 15 | # puts "\n== Copying sample files ==" 16 | # unless File.exist?("config/database.yml") 17 | # system "cp config/database.yml.sample config/database.yml" 18 | # end 19 | 20 | puts "\n== Preparing database ==" 21 | system "bin/rake db:setup" 22 | 23 | puts "\n== Removing old logs and tempfiles ==" 24 | system "rm -f log/*" 25 | system "rm -rf tmp/cache" 26 | 27 | puts "\n== Restarting application server ==" 28 | system "touch tmp/restart.txt" 29 | end 30 | -------------------------------------------------------------------------------- /test/dummy/config/secrets.yml: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Your secret key is used for verifying the integrity of signed cookies. 4 | # If you change this key, all old signed cookies will become invalid! 5 | 6 | # Make sure the secret is at least 30 characters and all random, 7 | # no regular words or you'll be exposed to dictionary attacks. 8 | # You can use `rake secret` to generate a secure secret key. 9 | 10 | # Make sure the secrets in this file are kept private 11 | # if you're sharing your code publicly. 12 | 13 | development: 14 | secret_key_base: 4c2f629199f28e1f54f13f3ef0fbc97236e0614f5dd07be214358db9b2f0227682cc8a96ca42f81084c3949566713040dbb6dcfaae12c08ecc348d3a5d8191b2 15 | 16 | test: 17 | secret_key_base: 2035f6aa2d07b4f1bf0eea7d56f1757d712ba6bcd54eee7eda04e3873899eb52b78239d4627b90addd5a5c300924733e4dfe821e25cea0744a026ce2498f40e8 18 | 19 | # Do not keep production secrets in the repository, 20 | # instead read values from the environment. 21 | production: 22 | secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> 23 | -------------------------------------------------------------------------------- /test/dummy/config/application.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path('../boot', __FILE__) 2 | 3 | require 'rails/all' 4 | 5 | Bundler.require(*Rails.groups) 6 | require 'devise_invalidatable' 7 | 8 | module Dummy 9 | class Application < Rails::Application 10 | # Settings in config/environments/* take precedence over those specified here. 11 | # Application configuration should go into files in config/initializers 12 | # -- all .rb files in that directory are automatically loaded. 13 | 14 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. 15 | # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. 16 | # config.time_zone = 'Central Time (US & Canada)' 17 | 18 | # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. 19 | # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] 20 | # config.i18n.default_locale = :de 21 | 22 | # Do not swallow errors in after_commit/after_rollback callbacks. 23 | config.active_record.raise_in_transactional_callbacks = true 24 | end 25 | end 26 | 27 | -------------------------------------------------------------------------------- /lib/devise_invalidatable/model.rb: -------------------------------------------------------------------------------- 1 | require 'devise_invalidatable/hooks/invalidatable' 2 | 3 | module Devise 4 | module Models 5 | module Invalidatable 6 | extend ActiveSupport::Concern 7 | 8 | included do 9 | has_many :user_sessions, 10 | as: 'sessionable', 11 | dependent: :destroy 12 | end 13 | 14 | def activate_session(warden, options) 15 | new_session = user_sessions.new 16 | new_session.session_id = SecureRandom.hex(127) 17 | new_session.ip = warden.request.remote_ip 18 | new_session.user_agent = warden.request.user_agent 19 | new_session.save 20 | purge_old_sessions 21 | new_session.session_id 22 | end 23 | 24 | def exclusive_session(session_id) 25 | user_sessions.where('session_id != ?', session_id).delete_all 26 | end 27 | 28 | def session_active?(session_id) 29 | user_sessions.where(session_id: session_id).exists? 30 | end 31 | 32 | def purge_old_sessions 33 | user_sessions.order('created_at desc').offset(10).destroy_all 34 | end 35 | end 36 | end 37 | end 38 | -------------------------------------------------------------------------------- /test/dummy/db/schema.rb: -------------------------------------------------------------------------------- 1 | # encoding: UTF-8 2 | # This file is auto-generated from the current state of the database. Instead 3 | # of editing this file, please use the migrations feature of Active Record to 4 | # incrementally modify your database, and then regenerate this schema definition. 5 | # 6 | # Note that this schema.rb definition is the authoritative source for your 7 | # database schema. If you need to create the application database on another 8 | # system, you should be using db:schema:load, not running all the migrations 9 | # from scratch. The latter is a flawed and unsustainable approach (the more migrations 10 | # you'll amass, the slower it'll run and the greater likelihood for issues). 11 | # 12 | # It's strongly recommended that you check this file into your version control system. 13 | 14 | ActiveRecord::Schema.define(version: 20160509174252) do 15 | 16 | create_table "user_sessions", force: :cascade do |t| 17 | t.integer "sessionable_id" 18 | t.string "sessionable_type" 19 | t.string "session_id" 20 | t.string "ip" 21 | t.string "user_agent" 22 | t.datetime "created_at" 23 | t.datetime "updated_at" 24 | end 25 | 26 | add_index "user_sessions", ["session_id"], name: "index_user_sessions_on_session_id", unique: true 27 | add_index "user_sessions", ["sessionable_type", "sessionable_id"], name: "index_user_sessions_on_sessionable_type_and_sessionable_id" 28 | 29 | create_table "users", force: :cascade do |t| 30 | end 31 | 32 | end 33 | -------------------------------------------------------------------------------- /lib/devise_invalidatable/hooks/invalidatable.rb: -------------------------------------------------------------------------------- 1 | # After authenticating, we’re removing any session activation that may already 2 | # exist, and creating a new session# activation. We generate our own random id 3 | # (in User#activate_session) and store it in the auth_id key. There is already 4 | # a session_id key, but the session gets renewed (and the session id changes) 5 | # after authentication in order to avoid session fixation attacks. So it’s 6 | # easier to just use our own id. 7 | Warden::Manager.after_set_user except: :fetch do |user, warden, options| 8 | auth_id = "#{options[:scope]}_auth_id" 9 | UserSession.deactivate(warden.raw_session[auth_id]) 10 | warden.raw_session[auth_id] = user.activate_session(warden, options) 11 | end 12 | 13 | # After fetching a user from the session, we check that the session is marked 14 | # as active for that user. If it’s not we log the user out. 15 | Warden::Manager.after_fetch do |user, warden, options| 16 | auth_id = "#{options[:scope]}_auth_id" 17 | user_session = user.user_sessions.find_by(session_id: warden.raw_session[auth_id]) 18 | if user_session.present? 19 | # update activity timestamp every hour 20 | user_session.touch if user_session.updated_at < 1.hour.ago 21 | else 22 | warden.logout(options[:scope]) 23 | throw :warden, message: :unauthenticated 24 | end 25 | end 26 | 27 | # When logging out, we deactivate the current session. This ensures that the 28 | # session cookie can’t be reused afterwards. 29 | Warden::Manager.before_logout do |_, warden, options| 30 | auth_id = "#{options[:scope]}_auth_id" 31 | UserSession.deactivate(warden.raw_session[auth_id]) 32 | end 33 | -------------------------------------------------------------------------------- /test/dummy/public/500.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | We're sorry, but something went wrong (500) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

We're sorry, but something went wrong.

62 |
63 |

If you are the application owner check the logs for more information.

64 |
65 | 66 | 67 | -------------------------------------------------------------------------------- /test/dummy/config/environments/development.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # In the development environment your application's code is reloaded on 5 | # every request. This slows down response time but is perfect for development 6 | # since you don't have to restart the web server when you make code changes. 7 | config.cache_classes = false 8 | 9 | # Do not eager load code on boot. 10 | config.eager_load = false 11 | 12 | # Show full error reports and disable caching. 13 | config.consider_all_requests_local = true 14 | config.action_controller.perform_caching = false 15 | 16 | # Don't care if the mailer can't send. 17 | config.action_mailer.raise_delivery_errors = false 18 | 19 | # Print deprecation notices to the Rails logger. 20 | config.active_support.deprecation = :log 21 | 22 | # Raise an error on page load if there are pending migrations. 23 | config.active_record.migration_error = :page_load 24 | 25 | # Debug mode disables concatenation and preprocessing of assets. 26 | # This option may cause significant delays in view rendering with a large 27 | # number of complex assets. 28 | config.assets.debug = true 29 | 30 | # Asset digests allow you to set far-future HTTP expiration dates on all assets, 31 | # yet still be able to expire them through the digest params. 32 | config.assets.digest = true 33 | 34 | # Adds additional error checking when serving assets at runtime. 35 | # Checks for improperly declared sprockets dependencies. 36 | # Raises helpful error messages. 37 | config.assets.raise_runtime_errors = true 38 | 39 | # Raises error for missing translations 40 | # config.action_view.raise_on_missing_translations = true 41 | end 42 | -------------------------------------------------------------------------------- /test/dummy/config/routes.rb: -------------------------------------------------------------------------------- 1 | Rails.application.routes.draw do 2 | # The priority is based upon order of creation: first created -> highest priority. 3 | # See how all your routes lay out with "rake routes". 4 | 5 | # You can have the root of your site routed with "root" 6 | # root 'welcome#index' 7 | 8 | # Example of regular route: 9 | # get 'products/:id' => 'catalog#view' 10 | 11 | # Example of named route that can be invoked with purchase_url(id: product.id) 12 | # get 'products/:id/purchase' => 'catalog#purchase', as: :purchase 13 | 14 | # Example resource route (maps HTTP verbs to controller actions automatically): 15 | # resources :products 16 | 17 | # Example resource route with options: 18 | # resources :products do 19 | # member do 20 | # get 'short' 21 | # post 'toggle' 22 | # end 23 | # 24 | # collection do 25 | # get 'sold' 26 | # end 27 | # end 28 | 29 | # Example resource route with sub-resources: 30 | # resources :products do 31 | # resources :comments, :sales 32 | # resource :seller 33 | # end 34 | 35 | # Example resource route with more complex sub-resources: 36 | # resources :products do 37 | # resources :comments 38 | # resources :sales do 39 | # get 'recent', on: :collection 40 | # end 41 | # end 42 | 43 | # Example resource route with concerns: 44 | # concern :toggleable do 45 | # post 'toggle' 46 | # end 47 | # resources :posts, concerns: :toggleable 48 | # resources :photos, concerns: :toggleable 49 | 50 | # Example resource route within a namespace: 51 | # namespace :admin do 52 | # # Directs /admin/products/* to Admin::ProductsController 53 | # # (app/controllers/admin/products_controller.rb) 54 | # resources :products 55 | # end 56 | end 57 | -------------------------------------------------------------------------------- /test/dummy/public/422.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The change you wanted was rejected (422) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The change you wanted was rejected.

62 |

Maybe you tried to change something you didn't have access to.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /lib/generators/devise_invalidatable/devise_invalidatable_generator.rb: -------------------------------------------------------------------------------- 1 | require 'rails/generators' 2 | 3 | class DeviseInvalidatableGenerator < Rails::Generators::NamedBase 4 | if defined?(ActiveRecord) 5 | include Rails::Generators::Migration 6 | end 7 | 8 | desc 'Creates a migration to add the required attributes to NAME, and adds ' \ 9 | 'the necessary Devise directives to the model' 10 | class_option :mongoid, type: :boolean, group: :runtime, 11 | desc: 'Create mongoid user session model' 12 | 13 | def self.source_root 14 | @_devise_source_root ||= File.expand_path('../templates', __FILE__) 15 | end 16 | 17 | def self.next_migration_number(dirname) 18 | if ActiveRecord::Base.timestamped_migrations 19 | Time.now.utc.strftime('%Y%m%d%H%M%S') 20 | else 21 | '%.3d' % (current_migration_number(dirname) + 1) 22 | end 23 | end 24 | 25 | def generate 26 | if options['mongoid'] 27 | create_session_model 28 | else 29 | create_migration_file 30 | end 31 | 32 | inject_devise_directives_into_model 33 | end 34 | 35 | private 36 | 37 | def create_migration_file 38 | migration_template 'migration.rb', 'db/migrate/devise_create_user_sessions.rb' 39 | end 40 | 41 | def create_session_model 42 | model_path = File.join('app', 'models', 'user_session.rb') 43 | template('user_session.rb', model_path) 44 | end 45 | 46 | def inject_devise_directives_into_model 47 | model_path = File.join('app', 'models', "#{file_path}.rb") 48 | class_path = namespaced? ? class_name.to_s.split('::') : [class_name] 49 | indent_depth = class_path.size 50 | 51 | content = ['devise :invalidatable'] 52 | content = content.map { |line| ' ' * indent_depth + line }.join("\n") << "\n" 53 | 54 | inject_into_class(model_path, class_path.last, content) 55 | end 56 | end 57 | -------------------------------------------------------------------------------- /test/dummy/public/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The page you were looking for doesn't exist (404) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The page you were looking for doesn't exist.

62 |

You may have mistyped the address or the page may have moved.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /test/dummy/config/environments/test.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # The test environment is used exclusively to run your application's 5 | # test suite. You never need to work with it otherwise. Remember that 6 | # your test database is "scratch space" for the test suite and is wiped 7 | # and recreated between test runs. Don't rely on the data there! 8 | config.cache_classes = true 9 | 10 | # Do not eager load code on boot. This avoids loading your whole application 11 | # just for the purpose of running a single test. If you are using a tool that 12 | # preloads Rails for running tests, you may have to set it to true. 13 | config.eager_load = false 14 | 15 | # Configure static file server for tests with Cache-Control for performance. 16 | config.serve_static_files = true 17 | config.static_cache_control = 'public, max-age=3600' 18 | 19 | # Show full error reports and disable caching. 20 | config.consider_all_requests_local = true 21 | config.action_controller.perform_caching = false 22 | 23 | # Raise exceptions instead of rendering exception templates. 24 | config.action_dispatch.show_exceptions = false 25 | 26 | # Disable request forgery protection in test environment. 27 | config.action_controller.allow_forgery_protection = false 28 | 29 | # Tell Action Mailer not to deliver emails to the real world. 30 | # The :test delivery method accumulates sent emails in the 31 | # ActionMailer::Base.deliveries array. 32 | config.action_mailer.delivery_method = :test 33 | 34 | # Randomize the order test cases are executed. 35 | config.active_support.test_order = :random 36 | 37 | # Print deprecation notices to the stderr. 38 | config.active_support.deprecation = :stderr 39 | 40 | # Raises error for missing translations 41 | # config.action_view.raise_on_missing_translations = true 42 | end 43 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # devise_invalidatable 2 | 3 | Adds support for [Devise](http://github.com/plataformatec/devise) to manually invalidate sessions on the server-side. 4 | 5 | The core logic was shamelessly copied from [this](http://www.jonathanleighton.com/articles/2013/revocable-sessions-with-devise/) blog post by [@jonleighton](https://github.com/jonleighton). I just packaged it into a Devise extension for easy use. 6 | 7 | ## Installation 8 | 9 | Add `devise_invalidatable` to your Gemfile and install 10 | ``` 11 | gem 'devise_invalidatable` 12 | ``` 13 | ``` 14 | bundle install 15 | ``` 16 | Run the generator with the name of your Devise resource (e.g. User) 17 | ``` 18 | rails g devise_invalidatable User 19 | ``` 20 | This will add the directive to the resource's model and create a migration for the sessions table. 21 | 22 | If using Mongoid, run the generator with `--mongoid` 23 | ``` 24 | rails g devise_invalidatable User --mongoid 25 | ``` 26 | This will add the directive to the resource's model and create a user session model. 27 | 28 | ## Copyright 29 | 30 | MIT License (MIT) 31 | 32 | Copyright 2015 Michael Adkins 33 | 34 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 35 | 36 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 37 | 38 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 39 | -------------------------------------------------------------------------------- /test/model_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class ModelTest < ActiveSupport::TestCase 4 | test 'responds to user_sessions' do 5 | user = User.new 6 | assert_respond_to user, :user_sessions 7 | end 8 | 9 | test 'activate_session sets session_id' do 10 | warden = MockWarden.new 11 | user = User.new 12 | user.activate_session(warden) 13 | 14 | assert_not_nil user.user_sessions.first.session_id 15 | end 16 | 17 | test 'activate_session sets ip' do 18 | warden = MockWarden.new('REMOTE_ADDR' => '10.0.0.1') 19 | user = User.new 20 | user.activate_session(warden) 21 | 22 | assert_equal '10.0.0.1', user.user_sessions.first.ip 23 | end 24 | 25 | test 'activate_session sets user_agent' do 26 | warden = MockWarden.new('HTTP_USER_AGENT' => 'Mozilla/5.0') 27 | user = User.new 28 | user.activate_session(warden) 29 | 30 | assert_equal 'Mozilla/5.0', user.user_sessions.first.user_agent 31 | end 32 | 33 | test 'exclusive_session deletes all other sessions' do 34 | warden = MockWarden.new 35 | user = User.new(id: 1) 36 | user.activate_session(warden) # session #1 37 | session_id = user.activate_session(warden) # session #2 38 | 39 | assert_equal 2, user.user_sessions.count 40 | user.exclusive_session(session_id) 41 | assert_equal 1, user.user_sessions.count 42 | end 43 | 44 | test 'session_active? returns true when exists' do 45 | warden = MockWarden.new 46 | user = User.new(id: 1) 47 | session_id = user.activate_session(warden) 48 | 49 | assert_equal true, user.session_active?(session_id) 50 | end 51 | 52 | test 'session_active? returns false when does not exists' do 53 | warden = MockWarden.new 54 | user = User.new(id: 1) 55 | user.activate_session(warden) 56 | 57 | assert_equal false, user.session_active?('not-found') 58 | end 59 | 60 | test 'ensures only last 10 sessions kept' do 61 | warden = MockWarden.new 62 | user = User.new(id: 1) 63 | 12.times { user.activate_session(warden) } 64 | 65 | assert_equal 10, user.user_sessions.count 66 | end 67 | 68 | private 69 | 70 | class MockWarden 71 | def initialize(env = {}) 72 | @request = ActionDispatch::Request.new(env) 73 | end 74 | 75 | def request 76 | @request 77 | end 78 | end 79 | end 80 | -------------------------------------------------------------------------------- /test/devise_invalidatable_generator_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | require 'generators/devise_invalidatable/devise_invalidatable_generator' 3 | 4 | class DeviseInvalidatableGeneratorTest < Rails::Generators::TestCase 5 | tests DeviseInvalidatableGenerator 6 | destination File.expand_path('../tmp', File.dirname(__FILE__)) 7 | setup do 8 | prepare_destination 9 | 10 | model_destination = File.join(destination_root, 'app', 'models') 11 | 12 | # create model destination 13 | rm_rf(model_destination) 14 | mkdir_p(model_destination) 15 | 16 | # copy user model to tmp 17 | app_root = File.expand_path('dummy', File.dirname(__FILE__)) 18 | user_model = File.join(app_root, 'app', 'models', 'user.rb') 19 | cp(user_model, model_destination) 20 | end 21 | 22 | test 'creates migration' do 23 | run_generator %w(User) 24 | assert_migration 'db/migrate/devise_create_user_sessions.rb' 25 | end 26 | 27 | test 'migration adds column user_id' do 28 | run_generator %w(User) 29 | assert_migration 'db/migrate/devise_create_user_sessions.rb' do |migration| 30 | assert_match(/column_name = :user_id/, migration) 31 | end 32 | end 33 | 34 | test 'migration adds column ip' do 35 | run_generator %w(User) 36 | assert_migration 'db/migrate/devise_create_user_sessions.rb' do |migration| 37 | assert_match(/string :ip/, migration) 38 | end 39 | end 40 | 41 | test 'migration adds column user_agent' do 42 | run_generator %w(User) 43 | assert_migration 'db/migrate/devise_create_user_sessions.rb' do |migration| 44 | assert_match(/string :user_agent/, migration) 45 | end 46 | end 47 | 48 | test 'does not create migration when using mongoid' do 49 | run_generator %w(User --mongoid) 50 | assert_no_migration 'db/migrate/devise_create_user_sessions.rb' 51 | end 52 | 53 | test 'creates user_session.rb when using mongoid' do 54 | run_generator %w(User --mongoid) 55 | assert_file 'app/models/user_session.rb' 56 | end 57 | 58 | test 'user_session.rb belongs to user' do 59 | run_generator %w(User --mongoid) 60 | assert_file 'app/models/user_session.rb' do |file| 61 | assert_match(/belongs_to :user/, file) 62 | end 63 | end 64 | 65 | test 'user_session.rb has ip field' do 66 | run_generator %w(User --mongoid) 67 | assert_file 'app/models/user_session.rb' do |file| 68 | assert_match(/field :ip/, file) 69 | end 70 | end 71 | 72 | test 'user_session.rb has user_agent field' do 73 | run_generator %w(User --mongoid) 74 | assert_file 'app/models/user_session.rb' do |file| 75 | assert_match(/field :user_agent/, file) 76 | end 77 | end 78 | 79 | test 'user_session.rb has index on user_id' do 80 | run_generator %w(User --mongoid) 81 | assert_file 'app/models/user_session.rb' do |file| 82 | assert_match(/index\(\{ user_id: 1 \}\)/, file) 83 | end 84 | end 85 | end 86 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: http://rubygems.org/ 3 | specs: 4 | actionmailer (4.2.0) 5 | actionpack (= 4.2.0) 6 | actionview (= 4.2.0) 7 | activejob (= 4.2.0) 8 | mail (~> 2.5, >= 2.5.4) 9 | rails-dom-testing (~> 1.0, >= 1.0.5) 10 | actionpack (4.2.0) 11 | actionview (= 4.2.0) 12 | activesupport (= 4.2.0) 13 | rack (~> 1.6.0) 14 | rack-test (~> 0.6.2) 15 | rails-dom-testing (~> 1.0, >= 1.0.5) 16 | rails-html-sanitizer (~> 1.0, >= 1.0.1) 17 | actionview (4.2.0) 18 | activesupport (= 4.2.0) 19 | builder (~> 3.1) 20 | erubis (~> 2.7.0) 21 | rails-dom-testing (~> 1.0, >= 1.0.5) 22 | rails-html-sanitizer (~> 1.0, >= 1.0.1) 23 | activejob (4.2.0) 24 | activesupport (= 4.2.0) 25 | globalid (>= 0.3.0) 26 | activemodel (4.2.0) 27 | activesupport (= 4.2.0) 28 | builder (~> 3.1) 29 | activerecord (4.2.0) 30 | activemodel (= 4.2.0) 31 | activesupport (= 4.2.0) 32 | arel (~> 6.0) 33 | activesupport (4.2.0) 34 | i18n (~> 0.7) 35 | json (~> 1.7, >= 1.7.7) 36 | minitest (~> 5.1) 37 | thread_safe (~> 0.3, >= 0.3.4) 38 | tzinfo (~> 1.1) 39 | arel (6.0.3) 40 | bcrypt (3.1.10) 41 | builder (3.2.2) 42 | devise (3.5.2) 43 | bcrypt (~> 3.0) 44 | orm_adapter (~> 0.1) 45 | railties (>= 3.2.6, < 5) 46 | responders 47 | thread_safe (~> 0.1) 48 | warden (~> 1.2.3) 49 | erubis (2.7.0) 50 | globalid (0.3.6) 51 | activesupport (>= 4.1.0) 52 | i18n (0.7.0) 53 | json (1.8.3) 54 | loofah (2.0.3) 55 | nokogiri (>= 1.5.9) 56 | mail (2.6.3) 57 | mime-types (>= 1.16, < 3) 58 | mime-types (2.6.1) 59 | mini_portile (0.6.2) 60 | minitest (5.8.0) 61 | nokogiri (1.6.6.2) 62 | mini_portile (~> 0.6.0) 63 | orm_adapter (0.5.0) 64 | rack (1.6.4) 65 | rack-test (0.6.3) 66 | rack (>= 1.0) 67 | rails (4.2.0) 68 | actionmailer (= 4.2.0) 69 | actionpack (= 4.2.0) 70 | actionview (= 4.2.0) 71 | activejob (= 4.2.0) 72 | activemodel (= 4.2.0) 73 | activerecord (= 4.2.0) 74 | activesupport (= 4.2.0) 75 | bundler (>= 1.3.0, < 2.0) 76 | railties (= 4.2.0) 77 | sprockets-rails 78 | rails-deprecated_sanitizer (1.0.3) 79 | activesupport (>= 4.2.0.alpha) 80 | rails-dom-testing (1.0.7) 81 | activesupport (>= 4.2.0.beta, < 5.0) 82 | nokogiri (~> 1.6.0) 83 | rails-deprecated_sanitizer (>= 1.0.1) 84 | rails-html-sanitizer (1.0.2) 85 | loofah (~> 2.0) 86 | railties (4.2.0) 87 | actionpack (= 4.2.0) 88 | activesupport (= 4.2.0) 89 | rake (>= 0.8.7) 90 | thor (>= 0.18.1, < 2.0) 91 | rake (10.4.2) 92 | responders (2.1.0) 93 | railties (>= 4.2.0, < 5) 94 | sprockets (3.3.4) 95 | rack (~> 1.0) 96 | sprockets-rails (2.3.3) 97 | actionpack (>= 3.0) 98 | activesupport (>= 3.0) 99 | sprockets (>= 2.8, < 4.0) 100 | sqlite3 (1.3.11) 101 | thor (0.19.1) 102 | thread_safe (0.3.5) 103 | tzinfo (1.2.2) 104 | thread_safe (~> 0.1) 105 | warden (1.2.3) 106 | rack (>= 1.0) 107 | 108 | PLATFORMS 109 | ruby 110 | 111 | DEPENDENCIES 112 | devise 113 | rails 114 | sqlite3 115 | 116 | BUNDLED WITH 117 | 1.11.2 118 | -------------------------------------------------------------------------------- /test/dummy/config/environments/production.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # Code is not reloaded between requests. 5 | config.cache_classes = true 6 | 7 | # Eager load code on boot. This eager loads most of Rails and 8 | # your application in memory, allowing both threaded web servers 9 | # and those relying on copy on write to perform better. 10 | # Rake tasks automatically ignore this option for performance. 11 | config.eager_load = true 12 | 13 | # Full error reports are disabled and caching is turned on. 14 | config.consider_all_requests_local = false 15 | config.action_controller.perform_caching = true 16 | 17 | # Enable Rack::Cache to put a simple HTTP cache in front of your application 18 | # Add `rack-cache` to your Gemfile before enabling this. 19 | # For large-scale production use, consider using a caching reverse proxy like 20 | # NGINX, varnish or squid. 21 | # config.action_dispatch.rack_cache = true 22 | 23 | # Disable serving static files from the `/public` folder by default since 24 | # Apache or NGINX already handles this. 25 | config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'].present? 26 | 27 | # Compress JavaScripts and CSS. 28 | config.assets.js_compressor = :uglifier 29 | # config.assets.css_compressor = :sass 30 | 31 | # Do not fallback to assets pipeline if a precompiled asset is missed. 32 | config.assets.compile = false 33 | 34 | # Asset digests allow you to set far-future HTTP expiration dates on all assets, 35 | # yet still be able to expire them through the digest params. 36 | config.assets.digest = true 37 | 38 | # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb 39 | 40 | # Specifies the header that your server uses for sending files. 41 | # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache 42 | # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX 43 | 44 | # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. 45 | # config.force_ssl = true 46 | 47 | # Use the lowest log level to ensure availability of diagnostic information 48 | # when problems arise. 49 | config.log_level = :debug 50 | 51 | # Prepend all log lines with the following tags. 52 | # config.log_tags = [ :subdomain, :uuid ] 53 | 54 | # Use a different logger for distributed setups. 55 | # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) 56 | 57 | # Use a different cache store in production. 58 | # config.cache_store = :mem_cache_store 59 | 60 | # Enable serving of images, stylesheets, and JavaScripts from an asset server. 61 | # config.action_controller.asset_host = 'http://assets.example.com' 62 | 63 | # Ignore bad email addresses and do not raise email delivery errors. 64 | # Set this to true and configure the email server for immediate delivery to raise delivery errors. 65 | # config.action_mailer.raise_delivery_errors = false 66 | 67 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to 68 | # the I18n.default_locale when a translation cannot be found). 69 | config.i18n.fallbacks = true 70 | 71 | # Send deprecation notices to registered listeners. 72 | config.active_support.deprecation = :notify 73 | 74 | # Use default logging formatter so that PID and timestamp are not suppressed. 75 | config.log_formatter = ::Logger::Formatter.new 76 | 77 | # Do not dump schema after migrations. 78 | config.active_record.dump_schema_after_migration = false 79 | end 80 | -------------------------------------------------------------------------------- /test/dummy/config/locales/devise.en.yml: -------------------------------------------------------------------------------- 1 | # Additional translations at https://github.com/plataformatec/devise/wiki/I18n 2 | 3 | en: 4 | devise: 5 | confirmations: 6 | confirmed: "Your email address has been successfully confirmed." 7 | send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes." 8 | send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." 9 | failure: 10 | already_authenticated: "You are already signed in." 11 | inactive: "Your account is not activated yet." 12 | invalid: "Invalid %{authentication_keys} or password." 13 | locked: "Your account is locked." 14 | last_attempt: "You have one more attempt before your account is locked." 15 | not_found_in_database: "Invalid %{authentication_keys} or password." 16 | timeout: "Your session expired. Please sign in again to continue." 17 | unauthenticated: "You need to sign in or sign up before continuing." 18 | unconfirmed: "You have to confirm your email address before continuing." 19 | mailer: 20 | confirmation_instructions: 21 | subject: "Confirmation instructions" 22 | reset_password_instructions: 23 | subject: "Reset password instructions" 24 | unlock_instructions: 25 | subject: "Unlock instructions" 26 | omniauth_callbacks: 27 | failure: "Could not authenticate you from %{kind} because \"%{reason}\"." 28 | success: "Successfully authenticated from %{kind} account." 29 | passwords: 30 | no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." 31 | send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." 32 | send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." 33 | updated: "Your password has been changed successfully. You are now signed in." 34 | updated_not_active: "Your password has been changed successfully." 35 | registrations: 36 | destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon." 37 | signed_up: "Welcome! You have signed up successfully." 38 | signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." 39 | signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." 40 | signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." 41 | update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." 42 | updated: "Your account has been updated successfully." 43 | sessions: 44 | signed_in: "Signed in successfully." 45 | signed_out: "Signed out successfully." 46 | already_signed_out: "Signed out successfully." 47 | unlocks: 48 | send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes." 49 | send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." 50 | unlocked: "Your account has been unlocked successfully. Please sign in to continue." 51 | errors: 52 | messages: 53 | already_confirmed: "was already confirmed, please try signing in" 54 | confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one" 55 | expired: "has expired, please request a new one" 56 | not_found: "not found" 57 | not_locked: "was not locked" 58 | not_saved: 59 | one: "1 error prohibited this %{resource} from being saved:" 60 | other: "%{count} errors prohibited this %{resource} from being saved:" 61 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/devise.rb: -------------------------------------------------------------------------------- 1 | # Use this hook to configure devise mailer, warden hooks and so forth. 2 | # Many of these configuration options can be set straight in your model. 3 | Devise.setup do |config| 4 | # The secret key used by Devise. Devise uses this key to generate 5 | # random tokens. Changing this key will render invalid all existing 6 | # confirmation, reset password and unlock tokens in the database. 7 | # Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key` 8 | # by default. You can change it below and use your own secret key. 9 | # config.secret_key = 'c6af094f6c3128881741ecab2a781372debe01cb705068087817384d21a193c17ab5f61bb5dfc83f40af500f14dbab9a6ee77dcd3f962cf0045165ed623e639d' 10 | 11 | # ==> Mailer Configuration 12 | # Configure the e-mail address which will be shown in Devise::Mailer, 13 | # note that it will be overwritten if you use your own mailer class 14 | # with default "from" parameter. 15 | config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com' 16 | 17 | # Configure the class responsible to send e-mails. 18 | # config.mailer = 'Devise::Mailer' 19 | 20 | # ==> ORM configuration 21 | # Load and configure the ORM. Supports :active_record (default) and 22 | # :mongoid (bson_ext recommended) by default. Other ORMs may be 23 | # available as additional gems. 24 | require 'devise/orm/active_record' 25 | 26 | # ==> Configuration for any authentication mechanism 27 | # Configure which keys are used when authenticating a user. The default is 28 | # just :email. You can configure it to use [:username, :subdomain], so for 29 | # authenticating a user, both parameters are required. Remember that those 30 | # parameters are used only when authenticating and not when retrieving from 31 | # session. If you need permissions, you should implement that in a before filter. 32 | # You can also supply a hash where the value is a boolean determining whether 33 | # or not authentication should be aborted when the value is not present. 34 | # config.authentication_keys = [:email] 35 | 36 | # Configure parameters from the request object used for authentication. Each entry 37 | # given should be a request method and it will automatically be passed to the 38 | # find_for_authentication method and considered in your model lookup. For instance, 39 | # if you set :request_keys to [:subdomain], :subdomain will be used on authentication. 40 | # The same considerations mentioned for authentication_keys also apply to request_keys. 41 | # config.request_keys = [] 42 | 43 | # Configure which authentication keys should be case-insensitive. 44 | # These keys will be downcased upon creating or modifying a user and when used 45 | # to authenticate or find a user. Default is :email. 46 | config.case_insensitive_keys = [:email] 47 | 48 | # Configure which authentication keys should have whitespace stripped. 49 | # These keys will have whitespace before and after removed upon creating or 50 | # modifying a user and when used to authenticate or find a user. Default is :email. 51 | config.strip_whitespace_keys = [:email] 52 | 53 | # Tell if authentication through request.params is enabled. True by default. 54 | # It can be set to an array that will enable params authentication only for the 55 | # given strategies, for example, `config.params_authenticatable = [:database]` will 56 | # enable it only for database (email + password) authentication. 57 | # config.params_authenticatable = true 58 | 59 | # Tell if authentication through HTTP Auth is enabled. False by default. 60 | # It can be set to an array that will enable http authentication only for the 61 | # given strategies, for example, `config.http_authenticatable = [:database]` will 62 | # enable it only for database authentication. The supported strategies are: 63 | # :database = Support basic authentication with authentication key + password 64 | # config.http_authenticatable = false 65 | 66 | # If 401 status code should be returned for AJAX requests. True by default. 67 | # config.http_authenticatable_on_xhr = true 68 | 69 | # The realm used in Http Basic Authentication. 'Application' by default. 70 | # config.http_authentication_realm = 'Application' 71 | 72 | # It will change confirmation, password recovery and other workflows 73 | # to behave the same regardless if the e-mail provided was right or wrong. 74 | # Does not affect registerable. 75 | # config.paranoid = true 76 | 77 | # By default Devise will store the user in session. You can skip storage for 78 | # particular strategies by setting this option. 79 | # Notice that if you are skipping storage for all authentication paths, you 80 | # may want to disable generating routes to Devise's sessions controller by 81 | # passing skip: :sessions to `devise_for` in your config/routes.rb 82 | config.skip_session_storage = [:http_auth] 83 | 84 | # By default, Devise cleans up the CSRF token on authentication to 85 | # avoid CSRF token fixation attacks. This means that, when using AJAX 86 | # requests for sign in and sign up, you need to get a new CSRF token 87 | # from the server. You can disable this option at your own risk. 88 | # config.clean_up_csrf_token_on_authentication = true 89 | 90 | # ==> Configuration for :database_authenticatable 91 | # For bcrypt, this is the cost for hashing the password and defaults to 10. If 92 | # using other encryptors, it sets how many times you want the password re-encrypted. 93 | # 94 | # Limiting the stretches to just one in testing will increase the performance of 95 | # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use 96 | # a value less than 10 in other environments. Note that, for bcrypt (the default 97 | # encryptor), the cost increases exponentially with the number of stretches (e.g. 98 | # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). 99 | config.stretches = Rails.env.test? ? 1 : 10 100 | 101 | # Setup a pepper to generate the encrypted password. 102 | # config.pepper = '3442fe4181402928ce137f904888499f4b7383100665322d238efef839c67ba79e696ffb3b5367d2e3011d84b72bdf9af3256ade092340444978439cec52240a' 103 | 104 | # ==> Configuration for :confirmable 105 | # A period that the user is allowed to access the website even without 106 | # confirming their account. For instance, if set to 2.days, the user will be 107 | # able to access the website for two days without confirming their account, 108 | # access will be blocked just in the third day. Default is 0.days, meaning 109 | # the user cannot access the website without confirming their account. 110 | # config.allow_unconfirmed_access_for = 2.days 111 | 112 | # A period that the user is allowed to confirm their account before their 113 | # token becomes invalid. For example, if set to 3.days, the user can confirm 114 | # their account within 3 days after the mail was sent, but on the fourth day 115 | # their account can't be confirmed with the token any more. 116 | # Default is nil, meaning there is no restriction on how long a user can take 117 | # before confirming their account. 118 | # config.confirm_within = 3.days 119 | 120 | # If true, requires any email changes to be confirmed (exactly the same way as 121 | # initial account confirmation) to be applied. Requires additional unconfirmed_email 122 | # db field (see migrations). Until confirmed, new email is stored in 123 | # unconfirmed_email column, and copied to email column on successful confirmation. 124 | config.reconfirmable = true 125 | 126 | # Defines which key will be used when confirming an account 127 | # config.confirmation_keys = [:email] 128 | 129 | # ==> Configuration for :rememberable 130 | # The time the user will be remembered without asking for credentials again. 131 | # config.remember_for = 2.weeks 132 | 133 | # Invalidates all the remember me tokens when the user signs out. 134 | config.expire_all_remember_me_on_sign_out = true 135 | 136 | # If true, extends the user's remember period when remembered via cookie. 137 | # config.extend_remember_period = false 138 | 139 | # Options to be passed to the created cookie. For instance, you can set 140 | # secure: true in order to force SSL only cookies. 141 | # config.rememberable_options = {} 142 | 143 | # ==> Configuration for :validatable 144 | # Range for password length. 145 | config.password_length = 8..72 146 | 147 | # Email regex used to validate email formats. It simply asserts that 148 | # one (and only one) @ exists in the given string. This is mainly 149 | # to give user feedback and not to assert the e-mail validity. 150 | # config.email_regexp = /\A[^@]+@[^@]+\z/ 151 | 152 | # ==> Configuration for :timeoutable 153 | # The time you want to timeout the user session without activity. After this 154 | # time the user will be asked for credentials again. Default is 30 minutes. 155 | # config.timeout_in = 30.minutes 156 | 157 | # ==> Configuration for :lockable 158 | # Defines which strategy will be used to lock an account. 159 | # :failed_attempts = Locks an account after a number of failed attempts to sign in. 160 | # :none = No lock strategy. You should handle locking by yourself. 161 | # config.lock_strategy = :failed_attempts 162 | 163 | # Defines which key will be used when locking and unlocking an account 164 | # config.unlock_keys = [:email] 165 | 166 | # Defines which strategy will be used to unlock an account. 167 | # :email = Sends an unlock link to the user email 168 | # :time = Re-enables login after a certain amount of time (see :unlock_in below) 169 | # :both = Enables both strategies 170 | # :none = No unlock strategy. You should handle unlocking by yourself. 171 | # config.unlock_strategy = :both 172 | 173 | # Number of authentication tries before locking an account if lock_strategy 174 | # is failed attempts. 175 | # config.maximum_attempts = 20 176 | 177 | # Time interval to unlock the account if :time is enabled as unlock_strategy. 178 | # config.unlock_in = 1.hour 179 | 180 | # Warn on the last attempt before the account is locked. 181 | # config.last_attempt_warning = true 182 | 183 | # ==> Configuration for :recoverable 184 | # 185 | # Defines which key will be used when recovering the password for an account 186 | # config.reset_password_keys = [:email] 187 | 188 | # Time interval you can reset your password with a reset password key. 189 | # Don't put a too small interval or your users won't have the time to 190 | # change their passwords. 191 | config.reset_password_within = 6.hours 192 | 193 | # When set to false, does not sign a user in automatically after their password is 194 | # reset. Defaults to true, so a user is signed in automatically after a reset. 195 | # config.sign_in_after_reset_password = true 196 | 197 | # ==> Configuration for :encryptable 198 | # Allow you to use another encryption algorithm besides bcrypt (default). You can use 199 | # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1, 200 | # :authlogic_sha512 (then you should set stretches above to 20 for default behavior) 201 | # and :restful_authentication_sha1 (then you should set stretches to 10, and copy 202 | # REST_AUTH_SITE_KEY to pepper). 203 | # 204 | # Require the `devise-encryptable` gem when using anything other than bcrypt 205 | # config.encryptor = :sha512 206 | 207 | # ==> Scopes configuration 208 | # Turn scoped views on. Before rendering "sessions/new", it will first check for 209 | # "users/sessions/new". It's turned off by default because it's slower if you 210 | # are using only default views. 211 | # config.scoped_views = false 212 | 213 | # Configure the default scope given to Warden. By default it's the first 214 | # devise role declared in your routes (usually :user). 215 | # config.default_scope = :user 216 | 217 | # Set this configuration to false if you want /users/sign_out to sign out 218 | # only the current scope. By default, Devise signs out all scopes. 219 | # config.sign_out_all_scopes = true 220 | 221 | # ==> Navigation configuration 222 | # Lists the formats that should be treated as navigational. Formats like 223 | # :html, should redirect to the sign in page when the user does not have 224 | # access, but formats like :xml or :json, should return 401. 225 | # 226 | # If you have any extra navigational formats, like :iphone or :mobile, you 227 | # should add them to the navigational formats lists. 228 | # 229 | # The "*/*" below is required to match Internet Explorer requests. 230 | # config.navigational_formats = ['*/*', :html] 231 | 232 | # The default HTTP method used to sign out a resource. Default is :delete. 233 | config.sign_out_via = :delete 234 | 235 | # ==> OmniAuth 236 | # Add a new OmniAuth provider. Check the wiki for more information on setting 237 | # up on your models and hooks. 238 | # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' 239 | 240 | # ==> Warden configuration 241 | # If you want to use other strategies, that are not supported by Devise, or 242 | # change the failure app, you can configure them inside the config.warden block. 243 | # 244 | # config.warden do |manager| 245 | # manager.intercept_401 = false 246 | # manager.default_strategies(scope: :user).unshift :some_external_strategy 247 | # end 248 | 249 | # ==> Mountable engine configurations 250 | # When using Devise inside an engine, let's call it `MyEngine`, and this engine 251 | # is mountable, there are some extra configurations to be taken into account. 252 | # The following options are available, assuming the engine is mounted as: 253 | # 254 | # mount MyEngine, at: '/my_engine' 255 | # 256 | # The router that invoked `devise_for`, in the example above, would be: 257 | # config.router_name = :my_engine 258 | # 259 | # When using OmniAuth, Devise cannot automatically set OmniAuth path, 260 | # so you need to do it manually. For the users scope, it would be: 261 | # config.omniauth_path_prefix = '/my_engine/users/auth' 262 | end 263 | --------------------------------------------------------------------------------