Over-haul · AndriySolonyna · Jan 23, 2017 · Jan 25, 2017 · Feb 2, 2017 · Feb 8, 2017
diff --git a/app/controllers/devise_token_auth/application_controller.rb b/app/controllers/devise_token_auth/application_controller.rb
@@ -34,6 +34,5 @@ def is_json_api
       return false unless defined?(ActiveModel::Serializer)
       return ActiveModel::Serializer.config.adapter == :json_api
     end
-
   end
 end
diff --git a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
@@ -68,7 +68,7 @@ def set_user_by_token(mapping=nil)
 
   def update_auth_header
     # cannot save object if model has invalid params
-    return unless @resource and @resource.valid? and @client_id
+    return unless @resource and @client_id
 
     # Generate new client_id with existing authentication
     @client_id = nil unless @used_auth_by_token

diff --git a/app/controllers/devise_token_auth/passwords_controller.rb b/app/controllers/devise_token_auth/passwords_controller.rb
@@ -105,7 +105,9 @@ def edit
           }.merge(@resource.try(:reset_custom_params) || {})
         ))
       else
-        @resource.try(:access_denied?) ? render_error_deactivated : render_edit_error
+        @resource.try(:access_denied?) ? render_error_deactivated : redirect_to(@resource.build_url(params[:invalid_redirect_url], {
+          message: true
+        }))
       end
     end
 
@@ -130,7 +132,7 @@ def update
         return render_update_error_missing_password
       end
 
-      if @resource.send(resource_update_method, password_resource_params)
+      if @resource.send(resource_update_method, password_resource_params.merge(force_change_password: false, status: 'active'))
         @resource.allow_password_change = false
 
         yield if block_given?

diff --git a/app/controllers/devise_token_auth/sessions_controller.rb b/app/controllers/devise_token_auth/sessions_controller.rb
@@ -26,7 +26,11 @@ def create
           q = "BINARY " + q
         end
 
-        @resource = resource_class.where(q, q_value).first
+        if respond_to?(:current_portal) && current_portal
+          @resource = resource_class.where(q, q_value).where(portal_id: current_portal.id).first
+        else
+          @resource = resource_class.where(q, q_value).first
+        end
       end
 
       if @resource and valid_params?(field, q_value) and @resource.valid_password?(resource_params[:password]) and (!@resource.respond_to?(:active_for_authentication?) or @resource.active_for_authentication?)
@@ -63,6 +67,10 @@ def destroy
       if user and client_id and user.tokens[client_id]
         user.tokens.delete(client_id)
         user.save!
+        if user.has_attribute?(:player_id) && mobile_devise?
+          user.update_columns(player_id: nil)
+        end
+
 
         yield if block_given?
 
@@ -148,6 +156,10 @@ def render_destroy_error
 
     private
 
+    def mobile_devise?
+      request.headers['Client-Device'] == 'mob'
+    end
+
     def resource_params
       params.permit(*params_for_resource(:sign_in))
     end

diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb
@@ -198,15 +198,15 @@ def create_new_auth_token(client_id=nil)
 
   def build_auth_header(token, client_id='default')
     client_id ||= 'default'
-    
+
     if !DeviseTokenAuth.change_headers_on_each_request && self.tokens[client_id].nil?
       create_new_auth_token(client_id)
     else
 
       # client may use expiry to prevent validation request if expired
       # must be cast as string or headers will break
       expiry = self.tokens[client_id]['expiry'] || self.tokens[client_id][:expiry]
-  
+
       return {
         "access-token" => token,
         "token-type"   => "Bearer",
@@ -219,12 +219,17 @@ def build_auth_header(token, client_id='default')
 
 
   def build_auth_url(base_url, args)
+
     args[:uid]    = self.uid
     args[:expiry] = self.tokens[args[:client_id]]['expiry']
 
     DeviseTokenAuth::Url.generate(base_url, args)
   end
 
+  def build_url(base_url, args)
+    "#{base_url}?#{args.to_param}"
+  end
+
 
   def extend_batch_buffer(token, client_id)
     self.tokens[client_id]['updated_at'] = Time.now

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -1,6 +1,7 @@
 # Use this hook to configure devise mailer, warden hooks and so forth.
 # Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
+  config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
   # The secret key used by Devise. Devise uses this key to generate
   # random tokens. Changing this key will render invalid all existing
   # confirmation, reset password and unlock tokens in the database.
@@ -193,4 +194,5 @@
 
   # don't serialize tokens
   Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION << :tokens
+
 end
diff --git a/lib/devise_token_auth/version.rb b/lib/devise_token_auth/version.rb
@@ -1,3 +1,3 @@
 module DeviseTokenAuth
-  VERSION = "0.1.37"
+  VERSION = "0.1.40"
 end
-Original file line number
+Diff line change
@@ Expand Up / @@ -34,6 +34,5 @@ def is_json_api @@
           return false unless defined?(ActiveModel::Serializer)
           return ActiveModel::Serializer.config.adapter == :json_api
         end
       end
     end