#663

Committed 17 Mar 2026 01:12AM UTC coverage: 12.22% (-78.4%) from 90.649%

Build # #663

Build Type

push

Committed by

Commit Message

switching back to mult-email

Coverage Stats

202 of 1653 relevant lines covered (12.22%)

0.39 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/app/controllers/devise_token_auth/application_controller.rb

# frozen_string_literal: true

module DeviseTokenAuth
  class ApplicationController < DeviseController
    include DeviseTokenAuth::Concerns::SetUserByToken

    def resource_data(opts = {})
      response_data = opts[:resource_json] || @resource.as_json
      response_data['type'] = @resource.class.name.parameterize if json_api?
      response_data
    end

    def resource_errors
      @resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)
    end

    protected

    def blacklisted_redirect_url?(redirect_url)
      DeviseTokenAuth.redirect_whitelist && !DeviseTokenAuth::Url.whitelisted?(redirect_url)
    end

    def build_redirect_headers(access_token, client, redirect_header_options = {})
      {
        DeviseTokenAuth.headers_names[:"access-token"] => access_token,
        DeviseTokenAuth.headers_names[:"client"] => client,
        :config => params[:config],

        # Legacy parameters which may be removed in a future release.
        # Consider using "client" and "access-token" in client code.
        # See: github.com/lynndylanhurley/devise_token_auth/issues/993
        :client_id => client,
        :token => access_token
      }.merge(redirect_header_options)
    end

    def params_for_resource(resource)
      devise_parameter_sanitizer.instance_values['permitted'][resource].each do |type|
        params[type.to_s] ||= request.headers[type.to_s] unless request.headers[type.to_s].nil?
      end
      devise_parameter_sanitizer.instance_values['permitted'][resource]
    end

    def resource_class(m = nil)
      if m
        mapping = Devise.mappings[m]
      else
        mapping = Devise.mappings[resource_name] || Devise.mappings.values.first
      end

      mapping.to
    end

    def json_api?
      return false unless defined?(ActiveModel::Serializer)
      return ActiveModel::Serializer.setup do |config|
        config.adapter == :json_api
      end if ActiveModel::Serializer.respond_to?(:setup)
      ActiveModelSerializers.config.adapter == :json_api
    end

    def recoverable_enabled?
      resource_class.devise_modules.include?(:recoverable)
    end

    def confirmable_enabled?
      resource_class.devise_modules.include?(:confirmable)
    end

    def render_error(status, message, data = nil)
      response = {
        success: false,
        errors: [message]
      }
      response = response.merge(data) if data
      render json: response, status: status
    end

    def success_message(name, email)
      if Devise.paranoid
        I18n.t("devise_token_auth.#{name}.sended_paranoid")
      else
        I18n.t("devise_token_auth.#{name}.sended", email: email)
      end
    end

    def redirect_options
      {}
    end

    # When using a cookie to transport the auth token we can set it immediately in flows such as
    # reset password and OmniAuth success, rather than making the client scrape the token from
    # query params (to then send in the initial validate_token request).
    # TODO: We should be able to stop exposing the token in query params when this method is used
    def set_token_in_cookie(resource, token)
      auth_header = resource.build_auth_headers(token.token, token.client)
      cookies[DeviseTokenAuth.cookie_name] = DeviseTokenAuth.cookie_attributes.merge(value: auth_header.to_json)
    end
  end
end

1	# frozen_string_literal: true
2
3	module DeviseTokenAuth	×
4	class ApplicationController < DeviseController	×
5	include DeviseTokenAuth::Concerns::SetUserByToken	×
6
7	def resource_data(opts = {})	×
8	response_data = opts[:resource_json] \|\| @resource.as_json	×
9	response_data['type'] = @resource.class.name.parameterize if json_api?	×
10	response_data	×
11	end	×
12
13	def resource_errors	×
14	@resource.errors.to_hash.merge(full_messages: @resource.errors.full_messages)	×
15	end	×
16
17	protected	×
18
19	def blacklisted_redirect_url?(redirect_url)	×
20	DeviseTokenAuth.redirect_whitelist && !DeviseTokenAuth::Url.whitelisted?(redirect_url)	×
21	end	×
22
23	def build_redirect_headers(access_token, client, redirect_header_options = {})	×
24	{	×
25	DeviseTokenAuth.headers_names[:"access-token"] => access_token,	×
26	DeviseTokenAuth.headers_names[:"client"] => client,	×
27	:config => params[:config],	×
28
29	# Legacy parameters which may be removed in a future release.
30	# Consider using "client" and "access-token" in client code.
31	# See: github.com/lynndylanhurley/devise_token_auth/issues/993
32	:client_id => client,	×
33	:token => access_token	×
34	}.merge(redirect_header_options)	×
35	end	×
36
37	def params_for_resource(resource)	×
38	devise_parameter_sanitizer.instance_values['permitted'][resource].each do \|type\|	×
39	params[type.to_s] \|\|= request.headers[type.to_s] unless request.headers[type.to_s].nil?	×
40	end	×
41	devise_parameter_sanitizer.instance_values['permitted'][resource]	×
42	end	×
43
44	def resource_class(m = nil)	×
45	if m	×
46	mapping = Devise.mappings[m]	×
47	else	×
48	mapping = Devise.mappings[resource_name] \|\| Devise.mappings.values.first	×
49	end	×
50
51	mapping.to	×
52	end	×
53
54	def json_api?	×
55	return false unless defined?(ActiveModel::Serializer)	×
56	return ActiveModel::Serializer.setup do \|config\|	×
57	config.adapter == :json_api	×
58	end if ActiveModel::Serializer.respond_to?(:setup)	×
59	ActiveModelSerializers.config.adapter == :json_api	×
60	end	×
61
62	def recoverable_enabled?	×
63	resource_class.devise_modules.include?(:recoverable)	×
64	end	×
65
66	def confirmable_enabled?	×
67	resource_class.devise_modules.include?(:confirmable)	×
68	end	×
69
70	def render_error(status, message, data = nil)	×
71	response = {	×
72	success: false,	×
73	errors: [message]	×
74	}	×
75	response = response.merge(data) if data	×
76	render json: response, status: status	×
77	end	×
78
79	def success_message(name, email)	×
80	if Devise.paranoid	×
81	I18n.t("devise_token_auth.#{name}.sended_paranoid")	×
82	else	×
83	I18n.t("devise_token_auth.#{name}.sended", email: email)	×
84	end	×
85	end	×
86
87	def redirect_options	×
88	{}	×
89	end	×
90
91	# When using a cookie to transport the auth token we can set it immediately in flows such as
92	# reset password and OmniAuth success, rather than making the client scrape the token from
93	# query params (to then send in the initial validate_token request).
94	# TODO: We should be able to stop exposing the token in query params when this method is used
95	def set_token_in_cookie(resource, token)	×
96	auth_header = resource.build_auth_headers(token.token, token.client)	×
97	cookies[DeviseTokenAuth.cookie_name] = DeviseTokenAuth.cookie_attributes.merge(value: auth_header.to_json)	×
98	end	×
99	end	×
100	end	×

mgmodell / devise_token_auth_multi_email / #663

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous