From 60fab7894e23973ba6afb62dcd63150ab87f1f37 Mon Sep 17 00:00:00 2001 From: Ivan Poon Date: Wed, 6 Jan 2016 12:59:32 +0800 Subject: [PATCH] Save allow_password_change flag to db to persist across requests Fixes https://github.com/lynndylanhurley/devise_token_auth/issues/481 --- .../devise_token_auth/passwords_controller.rb | 1 + app/models/devise_token_auth/concerns/user.rb | 3 +- .../devise_token_auth_create_users.rb.erb | 1 + .../passwords_controller_test.rb | 192 +++++++++--------- ...15061447_devise_token_auth_create_users.rb | 1 + ...15061805_devise_token_auth_create_mangs.rb | 1 + ...203_devise_token_auth_create_evil_users.rb | 1 + ..._token_auth_create_unregisterable_users.rb | 1 + ...712_devise_token_auth_create_nice_users.rb | 1 + ...e_token_auth_create_unconfirmable_users.rb | 1 + ...1_devise_token_auth_create_scoped_users.rb | 1 + test/dummy/db/schema.rb | 57 +++--- 12 files changed, 138 insertions(+), 123 deletions(-) diff --git a/app/controllers/devise_token_auth/passwords_controller.rb b/app/controllers/devise_token_auth/passwords_controller.rb index cea6b27e6..16b801525 100644 --- a/app/controllers/devise_token_auth/passwords_controller.rb +++ b/app/controllers/devise_token_auth/passwords_controller.rb @@ -125,6 +125,7 @@ def update if @resource.send(resource_update_method, password_resource_params) @resource.allow_password_change = false + @resource.save! yield if block_given? return render_update_success diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb index 3dcc5a02b..5ba71b1a1 100644 --- a/app/models/devise_token_auth/concerns/user.rb +++ b/app/models/devise_token_auth/concerns/user.rb @@ -48,9 +48,8 @@ def self.tokens_match?(token_hash, token) before_save :remove_tokens_after_password_reset # allows user to change password without current_password - attr_writer :allow_password_change def allow_password_change - @allow_password_change || false + self[:allow_password_change] || false end # don't use default devise email validation diff --git a/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb b/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb index 7179726aa..550a94734 100644 --- a/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb +++ b/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb @@ -11,6 +11,7 @@ class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration ## Recoverable t.string :reset_password_token t.datetime :reset_password_sent_at + t.boolean :allow_password_change, :null => false, :default => false ## Rememberable t.datetime :remember_created_at diff --git a/test/controllers/devise_token_auth/passwords_controller_test.rb b/test/controllers/devise_token_auth/passwords_controller_test.rb index 4a0868821..39f96555c 100644 --- a/test/controllers/devise_token_auth/passwords_controller_test.rb +++ b/test/controllers/devise_token_auth/passwords_controller_test.rb @@ -20,8 +20,8 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase @new_password = Faker::Internet.password xhr :post, :create, { - redirect_url: @redirect_url - } + redirect_url: @redirect_url + } @data = JSON.parse(response.body) end @@ -40,8 +40,8 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase @new_password = Faker::Internet.password xhr :post, :create, { - email: 'chester@cheet.ah', - } + email: 'chester@cheet.ah', + } @data = JSON.parse(response.body) end @@ -58,9 +58,9 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase describe 'unknown user should return 404' do before do xhr :post, :create, { - email: 'chester@cheet.ah', - redirect_url: @redirect_url - } + email: 'chester@cheet.ah', + redirect_url: @redirect_url + } @data = JSON.parse(response.body) end test 'unknown user should return 404' do @@ -77,17 +77,17 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase describe 'case-sensitive email' do before do xhr :post, :create, { - email: @resource.email, - redirect_url: @redirect_url - } + email: @resource.email, + redirect_url: @redirect_url + } @mail = ActionMailer::Base.deliveries.last @resource.reload @data = JSON.parse(response.body) - @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) + @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1]) - @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1] + @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1] end test 'response should return success status' do @@ -116,8 +116,8 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase test 'the email body should contain a link with reset token as a query param' do user = User.reset_password_by_token({ - reset_password_token: @mail_reset_token - }) + reset_password_token: @mail_reset_token + }) assert_equal user.id, @resource.id end @@ -126,9 +126,9 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase test 'response should return 404' do assert_raises(ActionController::RoutingError) { xhr :get, :edit, { - reset_password_token: "bogus", - redirect_url: @mail_redirect_url - } + reset_password_token: "bogus", + redirect_url: @mail_redirect_url + } } end end @@ -136,20 +136,20 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase describe 'password reset link success' do before do xhr :get, :edit, { - reset_password_token: @mail_reset_token, - redirect_url: @mail_redirect_url - } + reset_password_token: @mail_reset_token, + redirect_url: @mail_redirect_url + } @resource.reload raw_qs = response.location.split('?')[1] @qs = Rack::Utils.parse_nested_query(raw_qs) - @client_id = @qs["client_id"] - @expiry = @qs["expiry"] + @client_id = @qs["client_id"] + @expiry = @qs["expiry"] @reset_password = @qs["reset_password"] - @token = @qs["token"] - @uid = @qs["uid"] + @token = @qs["token"] + @uid = @qs["uid"] end test 'respones should have success redirect status' do @@ -175,8 +175,8 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase before do @resource_class = User @request_params = { - email: @resource.email.upcase, - redirect_url: @redirect_url + email: @resource.email.upcase, + redirect_url: @redirect_url } end @@ -202,9 +202,9 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase DeviseTokenAuth.default_password_reset_url = @redirect_url xhr :post, :create, { - email: @resource.email, - redirect_url: @redirect_url - } + email: @resource.email, + redirect_url: @redirect_url + } @mail = ActionMailer::Base.deliveries.last @resource.reload @@ -243,26 +243,26 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase test "request to whitelisted redirect should be successful" do xhr :post, :create, { - email: @resource.email, - redirect_url: @good_redirect_url - } + email: @resource.email, + redirect_url: @good_redirect_url + } assert_equal 200, response.status end test "request to non-whitelisted redirect should fail" do xhr :post, :create, { - email: @resource.email, - redirect_url: @bad_redirect_url - } + email: @resource.email, + redirect_url: @bad_redirect_url + } assert_equal 400, response.status end test "request to non-whitelisted redirect should return error message" do xhr :post, :create, { - email: @resource.email, - redirect_url: @bad_redirect_url - } + email: @resource.email, + redirect_url: @bad_redirect_url + } @data = JSON.parse(response.body) assert @data["errors"] @@ -287,10 +287,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase @resource.update password: 'secret123', password_confirmation: 'secret123' xhr :put, :update, { - password: @new_password, - password_confirmation: @new_password, - current_password: 'secret123' - } + password: @new_password, + password_confirmation: @new_password, + current_password: 'secret123' + } @data = JSON.parse(response.body) @resource.reload @@ -304,27 +304,27 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase describe 'success with after password reset' do before do xhr :post, :create, { - email: @resource.email, - redirect_url: @redirect_url - } + email: @resource.email, + redirect_url: @redirect_url + } @mail = ActionMailer::Base.deliveries.last @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1]) - @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1] + @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1] xhr :get, :edit, { - reset_password_token: @mail_reset_token, - redirect_url: @mail_redirect_url - } + reset_password_token: @mail_reset_token, + redirect_url: @mail_redirect_url + } @auth_headers = @resource.create_new_auth_token request.headers.merge!(@auth_headers) @new_password = Faker::Internet.password xhr :put, :update, { - password: @new_password, - password_confirmation: @new_password - } + password: @new_password, + password_confirmation: @new_password + } @data = JSON.parse(response.body) @allow_password_change = @resource.allow_password_change @@ -347,10 +347,10 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase @new_password = Faker::Internet.password xhr :put, :update, { - password: @new_password, - password_confirmation: @new_password, - current_password: 'not_very_secret321' - } + password: @new_password, + password_confirmation: @new_password, + current_password: 'not_very_secret321' + } end test 'response should fail unauthorized' do @@ -367,9 +367,9 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase @new_password = Faker::Internet.password xhr :put, :update, { - password: @new_password, - password_confirmation: @new_password - } + password: @new_password, + password_confirmation: @new_password + } @data = JSON.parse(response.body) @resource.reload @@ -396,9 +396,9 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase @new_password = Faker::Internet.password xhr :put, :update, { - password: 'chong', - password_confirmation: 'bong' - } + password: 'chong', + password_confirmation: 'bong' + } end test 'response should fail' do @@ -412,9 +412,9 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase @new_password = Faker::Internet.password xhr :put, :update, { - password: @new_password, - password_confirmation: @new_password - } + password: @new_password, + password_confirmation: @new_password + } end test 'response should fail' do @@ -438,16 +438,16 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase @redirect_url = 'http://ng-token-auth.dev' xhr :post, :create, { - email: @resource.email, - redirect_url: @redirect_url - } + email: @resource.email, + redirect_url: @redirect_url + } @mail = ActionMailer::Base.deliveries.last @resource.reload - @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) + @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1]) - @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1] + @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1] end test 'response should return success status' do @@ -456,8 +456,8 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase test 'the email body should contain a link with reset token as a query param' do user = Mang.reset_password_by_token({ - reset_password_token: @mail_reset_token - }) + reset_password_token: @mail_reset_token + }) assert_equal user.id, @resource.id end @@ -469,21 +469,21 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase @redirect_url = 'http://ng-token-auth.dev' xhr :post, :create, { - email: @resource.email, - redirect_url: @redirect_url - } + email: @resource.email, + redirect_url: @redirect_url + } @mail = ActionMailer::Base.deliveries.last @resource.reload - @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) + @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1]) - @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1] + @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1] xhr :get, :edit, { - reset_password_token: @mail_reset_token, - redirect_url: @mail_redirect_url - } + reset_password_token: @mail_reset_token, + redirect_url: @mail_redirect_url + } @resource.reload end @@ -502,21 +502,21 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase @redirect_url = 'http://ng-token-auth.dev' xhr :post, :create, { - email: @resource.email, - redirect_url: @redirect_url - } + email: @resource.email, + redirect_url: @redirect_url + } @mail = ActionMailer::Base.deliveries.last @resource.reload - @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) + @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1]) - @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1] + @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1] xhr :get, :edit, { - reset_password_token: @mail_reset_token, - redirect_url: @mail_redirect_url - } + reset_password_token: @mail_reset_token, + redirect_url: @mail_redirect_url + } @resource.reload end @@ -524,22 +524,22 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase describe 'alternate user type' do before do - @resource = users(:confirmed_email_user) + @resource = users(:confirmed_email_user) @redirect_url = 'http://ng-token-auth.dev' - @config_name = "altUser" + @config_name = "altUser" xhr :post, :create, { - email: @resource.email, - redirect_url: @redirect_url, - config_name: @config_name - } + email: @resource.email, + redirect_url: @redirect_url, + config_name: @config_name + } @mail = ActionMailer::Base.deliveries.last @resource.reload - @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) + @mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1]) @mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1]) - @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1] + @mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1] end test 'config_name param is included in the confirmation email link' do diff --git a/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb b/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb index c6227fa45..10bbbe13d 100644 --- a/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb +++ b/test/dummy/db/migrate/20140715061447_devise_token_auth_create_users.rb @@ -11,6 +11,7 @@ def change t.string :reset_password_token t.datetime :reset_password_sent_at t.string :reset_password_redirect_url + t.boolean :allow_password_change, :null => false, :default => false ## Rememberable t.datetime :remember_created_at diff --git a/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb b/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb index 628ad8af4..08ad2d9aa 100644 --- a/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb +++ b/test/dummy/db/migrate/20140715061805_devise_token_auth_create_mangs.rb @@ -11,6 +11,7 @@ def change t.string :reset_password_token t.datetime :reset_password_sent_at t.string :reset_password_redirect_url + t.boolean :allow_password_change, :null => false, :default => false ## Rememberable t.datetime :remember_created_at diff --git a/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb b/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb index 8bc60b8cf..886f69b46 100644 --- a/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb +++ b/test/dummy/db/migrate/20140928231203_devise_token_auth_create_evil_users.rb @@ -10,6 +10,7 @@ def change ## Recoverable t.string :reset_password_token t.datetime :reset_password_sent_at + t.boolean :allow_password_change, :null => false, :default => false ## Rememberable t.datetime :remember_created_at diff --git a/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb b/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb index aa7cb7ec7..d590cc413 100644 --- a/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb +++ b/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb @@ -13,6 +13,7 @@ def change ## Recoverable t.string :reset_password_token t.datetime :reset_password_sent_at + t.boolean :allow_password_change, :null => false, :default => false ## Rememberable t.datetime :remember_created_at diff --git a/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb b/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb index 0b237452e..3b0f2805b 100644 --- a/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb +++ b/test/dummy/db/migrate/20150409095712_devise_token_auth_create_nice_users.rb @@ -13,6 +13,7 @@ def change ## Recoverable t.string :reset_password_token t.datetime :reset_password_sent_at + t.boolean :allow_password_change, :null => false, :default => false ## Rememberable t.datetime :remember_created_at diff --git a/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb b/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb index af0a224a7..e3d55d7d7 100644 --- a/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb +++ b/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb @@ -13,6 +13,7 @@ def change ## Recoverable t.string :reset_password_token t.datetime :reset_password_sent_at + t.boolean :allow_password_change, :null => false, :default => false ## Rememberable t.datetime :remember_created_at diff --git a/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb b/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb index 0b2a9320f..198c2aa78 100644 --- a/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb +++ b/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb @@ -13,6 +13,7 @@ def change ## Recoverable t.string :reset_password_token t.datetime :reset_password_sent_at + t.boolean :allow_password_change, :null => false, :default => false ## Rememberable t.datetime :remember_created_at diff --git a/test/dummy/db/schema.rb b/test/dummy/db/schema.rb index c5e24774c..bc541070d 100644 --- a/test/dummy/db/schema.rb +++ b/test/dummy/db/schema.rb @@ -15,11 +15,12 @@ create_table "evil_users", force: :cascade do |t| t.string "email" - t.string "encrypted_password", default: "", null: false + t.string "encrypted_password", default: "", null: false t.string "reset_password_token" t.datetime "reset_password_sent_at" + t.boolean "allow_password_change", default: false, null: false t.datetime "remember_created_at" - t.integer "sign_in_count", default: 0, null: false + t.integer "sign_in_count", default: 0, null: false t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" t.string "current_sign_in_ip" @@ -32,7 +33,7 @@ t.string "nickname" t.string "image" t.string "provider" - t.string "uid", default: "", null: false + t.string "uid", default: "", null: false t.text "tokens" t.string "favorite_color" t.datetime "created_at" @@ -46,12 +47,13 @@ create_table "mangs", force: :cascade do |t| t.string "email" - t.string "encrypted_password", default: "", null: false + t.string "encrypted_password", default: "", null: false t.string "reset_password_token" t.datetime "reset_password_sent_at" t.string "reset_password_redirect_url" + t.boolean "allow_password_change", default: false, null: false t.datetime "remember_created_at" - t.integer "sign_in_count", default: 0, null: false + t.integer "sign_in_count", default: 0, null: false t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" t.string "current_sign_in_ip" @@ -65,7 +67,7 @@ t.string "nickname" t.string "image" t.string "provider" - t.string "uid", default: "", null: false + t.string "uid", default: "", null: false t.text "tokens" t.datetime "created_at" t.datetime "updated_at" @@ -78,13 +80,14 @@ add_index "mangs", ["uid", "provider"], name: "index_mangs_on_uid_and_provider", unique: true create_table "nice_users", force: :cascade do |t| - t.string "provider", null: false - t.string "uid", default: "", null: false - t.string "encrypted_password", default: "", null: false + t.string "provider", null: false + t.string "uid", default: "", null: false + t.string "encrypted_password", default: "", null: false t.string "reset_password_token" t.datetime "reset_password_sent_at" + t.boolean "allow_password_change", default: false, null: false t.datetime "remember_created_at" - t.integer "sign_in_count", default: 0, null: false + t.integer "sign_in_count", default: 0, null: false t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" t.string "current_sign_in_ip" @@ -123,13 +126,14 @@ add_index "only_email_users", ["uid", "provider"], name: "index_only_email_users_on_uid_and_provider", unique: true create_table "scoped_users", force: :cascade do |t| - t.string "provider", null: false - t.string "uid", default: "", null: false - t.string "encrypted_password", default: "", null: false + t.string "provider", null: false + t.string "uid", default: "", null: false + t.string "encrypted_password", default: "", null: false t.string "reset_password_token" t.datetime "reset_password_sent_at" + t.boolean "allow_password_change", default: false, null: false t.datetime "remember_created_at" - t.integer "sign_in_count", default: 0, null: false + t.integer "sign_in_count", default: 0, null: false t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" t.string "current_sign_in_ip" @@ -152,13 +156,14 @@ add_index "scoped_users", ["uid", "provider"], name: "index_scoped_users_on_uid_and_provider", unique: true create_table "unconfirmable_users", force: :cascade do |t| - t.string "provider", null: false - t.string "uid", default: "", null: false - t.string "encrypted_password", default: "", null: false + t.string "provider", null: false + t.string "uid", default: "", null: false + t.string "encrypted_password", default: "", null: false t.string "reset_password_token" t.datetime "reset_password_sent_at" + t.boolean "allow_password_change", default: false, null: false t.datetime "remember_created_at" - t.integer "sign_in_count", default: 0, null: false + t.integer "sign_in_count", default: 0, null: false t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" t.string "current_sign_in_ip" @@ -177,13 +182,14 @@ add_index "unconfirmable_users", ["uid", "provider"], name: "index_unconfirmable_users_on_uid_and_provider", unique: true create_table "unregisterable_users", force: :cascade do |t| - t.string "provider", null: false - t.string "uid", default: "", null: false - t.string "encrypted_password", default: "", null: false + t.string "provider", null: false + t.string "uid", default: "", null: false + t.string "encrypted_password", default: "", null: false t.string "reset_password_token" t.datetime "reset_password_sent_at" + t.boolean "allow_password_change", default: false, null: false t.datetime "remember_created_at" - t.integer "sign_in_count", default: 0, null: false + t.integer "sign_in_count", default: 0, null: false t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" t.string "current_sign_in_ip" @@ -207,12 +213,13 @@ create_table "users", force: :cascade do |t| t.string "email" - t.string "encrypted_password", default: "", null: false + t.string "encrypted_password", default: "", null: false t.string "reset_password_token" t.datetime "reset_password_sent_at" t.string "reset_password_redirect_url" + t.boolean "allow_password_change", default: false, null: false t.datetime "remember_created_at" - t.integer "sign_in_count", default: 0, null: false + t.integer "sign_in_count", default: 0, null: false t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" t.string "current_sign_in_ip" @@ -226,7 +233,7 @@ t.string "nickname" t.string "image" t.string "provider" - t.string "uid", default: "", null: false + t.string "uid", default: "", null: false t.text "tokens" t.datetime "created_at" t.datetime "updated_at"