Add extra fields from config to resource owner (nejdetkadir#38)

* add extra fields from config to resource owner * add sign_up in the config path
zhaknafein · Jan 31, 2024 · 05ba483 · 05ba483
1 parent f220683
commit 05ba483
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 9 deletions.
diff --git a/lib/devise/api/responses/token_response.rb b/lib/devise/api/responses/token_response.rb
@@ -41,15 +41,19 @@ def default_body
             refresh_token: Devise.api.config.refresh_token.enabled ? token.refresh_token : nil,
             expires_in: token.expires_in,
             token_type: ::Devise.api.config.authorization.scheme,
-            resource_owner: {
-              id: resource_owner.id,
-              email: resource_owner.email,
-              created_at: resource_owner.created_at,
-              updated_at: resource_owner.updated_at
-            }
+            resource_owner: default_resource_owner
           }.compact
         end
 
+        def default_resource_owner
+          keys_to_extract = %i[id email created_at updated_at]
+          if Devise.api.config.sign_up.extra_fields.present?
+            keys_to_extract |= Devise.api.config.sign_up.extra_fields.map(&:to_sym)
+          end
+
+          resource_owner.slice(*keys_to_extract)
+        end
+
         def status
           return :created if sign_up_action?
           return :no_content if revoke_action?

diff --git a/spec/requests/tokens_spec.rb b/spec/requests/tokens_spec.rb
@@ -489,7 +489,8 @@
       let(:devise_api_token) { build(:devise_api_token, resource_owner: user) }
 
       before do
-        post refresh_user_tokens_path, headers: authentication_headers_for(user, devise_api_token, :refresh_token), as: :json
+        post refresh_user_tokens_path, headers: authentication_headers_for(user, devise_api_token, :refresh_token),
+                                       as: :json
       end
 
       it 'returns http unauthorized' do
@@ -533,7 +534,8 @@
       let(:devise_api_token) { create(:devise_api_token, :refresh_token_expired, resource_owner: user) }
 
       before do
-        post refresh_user_tokens_path, headers: authentication_headers_for(user, devise_api_token, :refresh_token), as: :json
+        post refresh_user_tokens_path, headers: authentication_headers_for(user, devise_api_token, :refresh_token),
+                                       as: :json
       end
 
       it 'returns http unauthorized' do
@@ -555,7 +557,8 @@
       let(:devise_api_token) { create(:devise_api_token, :revoked, resource_owner: user) }
 
       before do
-        post refresh_user_tokens_path, headers: authentication_headers_for(user, devise_api_token, :refresh_token), as: :json
+        post refresh_user_tokens_path, headers: authentication_headers_for(user, devise_api_token, :refresh_token),
+                                       as: :json
       end
 
       it 'returns http unauthorized' do