Release 1.0.4 with a couple bug fixes.

Signed-off-by: José Valim <jose.valim@gmail.com>

CHANGELOG.rdoc

@@ -1,3 +1,23 @@
+== 1.0.4
+
+* bug fix
+  * Fixed a bug when deleting an account with rememberable
+  * Fixed a bug with custom controllers
+
+== 1.0.3
+
+* enhancements
+  * HTML e-mails now have proper formatting
+  * Do not remove MongoMapper options in find
+
+== 1.0.2
+
+* enhancements
+  * Allows you set mailer content type (by github.com/glennr)
+
+* bug fix
+  * Uses the same content type as request on http authenticatable 401 responses
+
 == 1.0.1
 
 * enhancements
@@ -17,6 +37,7 @@
   * Added Http Basic Authentication support
   * Allow scoped_views to be customized per controller/mailer class
   * [#99] Allow authenticatable to used in change_table statements
+  * Add mailer_content_type configuration parameter (by github.com/glennr)
 
 == 0.9.2
 

README.rdoc

@@ -30,17 +30,13 @@ Devise is based on Warden (http://github.com/hassox/warden), a Rack Authenticati
 
 == Installation
 
-All gems are on gemcutter, so you need to add gemcutter to your sources if you haven't yet:
-
-  sudo gem sources -a http://gemcutter.org/
-
-Install warden gem if you don't have it installed (requires 0.6.4 or higher):
+Install warden gem if you don't have it installed:
 
   sudo gem install warden
 
 Install devise gem:
 
-  sudo gem install devise
+  sudo gem install devise --version=1.0.1
 
 Configure warden and devise gems inside your app:
 
@@ -55,6 +51,10 @@ And you're ready to go. The generator will install an initializer which describe
 
   http://rdoc.info/projects/plataformatec/devise
 
+If you want to use Devise with bundler on Rails 2.3, you need to follow the instructions here:
+
+  http://github.com/carlhuda/bundler/issues/issue/83
+
 == Basic Usage
 
 This is a walkthrough with all steps you need to setup a devise resource, including model, migration, route files, and optional configuration. You MUST also check out the *Generators* section below to help you start.

Rakefile

@@ -43,8 +43,8 @@ begin
     s.homepage = "http://github.com/plataformatec/devise"
     s.description = "Flexible authentication solution for Rails with Warden"
     s.authors = ['José Valim', 'Carlos Antônio']
-    s.files =  FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "init.rb"]
-    s.add_dependency("warden", "~> 0.9.0")
+    s.files =  FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "rails/init.rb"]
+    s.add_dependency("warden", "~> 0.9.4")
   end
 
   Jeweler::GemcutterTasks.new

app/models/devise_mailer.rb

@@ -27,7 +27,7 @@ class DeviseMailer < ::ActionMailer::Base
       from         mailer_sender(mapping)
       recipients   record.email
       sent_on      Time.now
-      content_type 'text/html'
+      content_type Devise.mailer_content_type
       body         render_with_scope(key, mapping, mapping.name => record, :resource => record)
     end
 

app/views/devise_mailer/confirmation_instructions.html.erb

@@ -1,5 +1,5 @@
-Welcome <%= @resource.email %>!
+<p>Welcome <%= @resource.email %>!</p>
 
-You can confirm your account through the link below:
+<p>You can confirm your account through the link below:</p>
 
-<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %>
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %></p>

app/views/devise_mailer/reset_password_instructions.html.erb

@@ -1,8 +1,8 @@
-Hello <%= @resource.email %>!
+<p>Hello <%= @resource.email %>!</p>
 
-Someone has requested a link to change your password, and you can do this through the link below.
+<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
 
-<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %>
+<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
 
-If you didn't request this, please ignore this email.
-Your password won't change until you access the link above and create a new one.
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the link above and create a new one.</p>

app/views/devise_mailer/unlock_instructions.html.erb

@@ -1,7 +1,7 @@
-Hello <%= @resource.email %>!
+<p>Hello <%= @resource.email %>!</p>
 
-Your account has been locked due to an excessive amount of unsuccessful sign in attempts.
+<p>Your account has been locked due to an excessive amount of unsuccessful sign in attempts.</p>
 
-Click the link below to unlock your account:
+<p>Click the link below to unlock your account:</p>
 
-<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %>
+<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p>

devise.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise}
-  s.version = "1.0.1"
+  s.version = "1.0.4"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Jos\303\251 Valim", "Carlos Ant\303\264nio"]
-  s.date = %q{2010-02-15}
+  s.date = %q{2010-03-03}
   s.description = %q{Flexible authentication solution for Rails with Warden}
   s.email = %q{contact@plataformatec.com.br}
   s.extra_rdoc_files = [
@@ -50,7 +50,6 @@ Gem::Specification.new do |s|
      "generators/devise_install/templates/devise.rb",
      "generators/devise_views/USAGE",
      "generators/devise_views/devise_views_generator.rb",
-     "init.rb",
      "lib/devise.rb",
      "lib/devise/controllers/helpers.rb",
      "lib/devise/controllers/internal_helpers.rb",
@@ -95,7 +94,8 @@ Gem::Specification.new do |s|
      "lib/devise/strategies/rememberable.rb",
      "lib/devise/strategies/token_authenticatable.rb",
      "lib/devise/test_helpers.rb",
-     "lib/devise/version.rb"
+     "lib/devise/version.rb",
+     "rails/init.rb"
   ]
   s.homepage = %q{http://github.com/plataformatec/devise}
   s.rdoc_options = ["--charset=UTF-8"]
@@ -168,12 +168,12 @@ Gem::Specification.new do |s|
     s.specification_version = 3
 
     if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<warden>, ["~> 0.9.0"])
+      s.add_runtime_dependency(%q<warden>, ["~> 0.9.4"])
     else
-      s.add_dependency(%q<warden>, ["~> 0.9.0"])
+      s.add_dependency(%q<warden>, ["~> 0.9.4"])
     end
   else
-    s.add_dependency(%q<warden>, ["~> 0.9.0"])
+    s.add_dependency(%q<warden>, ["~> 0.9.4"])
   end
 end
 

generators/devise_install/templates/devise.rb

@@ -3,6 +3,9 @@
 Devise.setup do |config|
   # Configure the e-mail address which will be shown in DeviseMailer.
   config.mailer_sender = "please-change-me@config-initializers-devise.com"
+  
+  # Configure the content type of DeviseMailer mails (defaults to text/html")
+  # config.mailer_content_type = "text/plain"
 
   # ==> Configuration for :authenticatable
   # Invoke `rake secret` and use the printed value to setup a pepper to generate

lib/devise.rb

@@ -1,5 +1,6 @@
 module Devise
   autoload :FailureApp, 'devise/failure_app'
+  autoload :Models, 'devise/models'
   autoload :Schema, 'devise/schema'
   autoload :TestHelpers, 'devise/test_helpers'
 
@@ -144,7 +145,11 @@ module Devise
 
   # Address which sends Devise e-mails.
   mattr_accessor :mailer_sender
-  @@mailer_sender = nil
+  @@mailer_sender = nil  
+  
+  # Content Type of Devise e-mails.
+  mattr_accessor :mailer_content_type
+  @@mailer_content_type = 'text/html'
 
   # Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
   mattr_accessor :token_authentication_key

lib/devise/hooks/rememberable.rb

@@ -3,7 +3,7 @@
 # that specific user and adds a cookie with this user info to sign in this user
 # automatically without asking for credentials. Refer to rememberable strategy
 # for more info.
-Warden::Manager.after_authentication do |record, warden, options|
+Warden::Manager.prepend_after_authentication do |record, warden, options|
   scope = options[:scope]
   remember_me = warden.params[scope].try(:fetch, :remember_me, nil)
 
@@ -22,9 +22,11 @@ end
 # Before logout hook to forget the user in the given scope, only if rememberable
 # is activated for this scope. Also clear remember token to ensure the user
 # won't be remembered again.
+# Notice that we forget the user if the record is frozen. This usually means the
+# user was just deleted.
 Warden::Manager.before_logout do |record, warden, scope|
   if record.respond_to?(:forget_me!)
-    record.forget_me!
+    record.forget_me! unless record.frozen?
     warden.response.delete_cookie "remember_#{scope}_token"
   end
 end

lib/devise/orm/mongo_mapper.rb

@@ -22,14 +22,11 @@ module Devise
       end
       
       def find(*args)
-        options = args.extract_options!
         case args.first
-          when :first
-            first(options)
-          when :all
-            all(options)
-          else
-            super
+        when :first, :all
+          send(args.shift, *args)
+        else
+          super
         end
       end
       

lib/devise/schema.rb

@@ -9,12 +9,13 @@ module Devise
     # * :null - When true, allow columns to be null.
     # * :encryptor - The encryptor going to be used, necessary for setting the proper encrypter password length.
     def authenticatable(options={})
-      null       = options[:null] || false
-      encryptor  = options[:encryptor] || (respond_to?(:encryptor) ? self.encryptor : :sha1)
+      null      = options[:null] || false
+      default   = options[:default]
+      encryptor = options[:encryptor] || (respond_to?(:encryptor) ? self.encryptor : :sha1)
 
-      apply_schema :email,              String, :null => null
-      apply_schema :encrypted_password, String, :null => null, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
-      apply_schema :password_salt,      String, :null => null
+      apply_schema :email,              String, :null => null, :default => default
+      apply_schema :encrypted_password, String, :null => null, :default => default, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
+      apply_schema :password_salt,      String, :null => null, :default => default
     end
 
     # Creates authentication_token.

lib/devise/strategies/authenticatable.rb

@@ -23,7 +23,7 @@ module Devise
       protected
 
         def valid_controller?
-          params[:controller] == 'sessions'
+          params[:controller] =~ /sessions$/
         end
 
         def valid_params?

lib/devise/strategies/http_authenticatable.rb

@@ -14,7 +14,7 @@ module Devise
         if resource = mapping.to.authenticate_with_http(username, password)
           success!(resource)
         else
-          custom!([401, custom_headers, ["HTTP Basic: Access denied.\n"]])
+          custom!([401, custom_headers, [response_body]])
         end
       end
 
@@ -24,6 +24,12 @@ module Devise
         decode_credentials(request).split(/:/, 2)
       end
 
+      def response_body
+        body   = "HTTP Basic: Access denied."
+        method = :"to_#{request_format.to_sym}"
+        {}.respond_to?(method) ? { :error => body }.send(method) : body
+      end
+
       def http_authentication
         request.env['HTTP_AUTHORIZATION']   ||
         request.env['X-HTTP_AUTHORIZATION'] ||
@@ -38,10 +44,14 @@ module Devise
 
       def custom_headers
         {
-          "Content-Type" => "text/plain",
+          "Content-Type" => request_format.to_s,
           "WWW-Authenticate" => %(Basic realm="#{Devise.http_authentication_realm.gsub(/"/, "")}")
         }
       end
+
+      def request_format
+        @request_format ||= Mime::Type.lookup_by_extension(request.template_format.to_s)
+      end
     end
   end
 end

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.0.1".freeze
+  VERSION = "1.0.4".freeze
 end

test/integration/http_authenticatable_test.rb

@@ -16,6 +16,14 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
     assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
   end
 
+  test 'uses the request format as response content type' do
+    sign_in_as_new_user_with_http("unknown", "123456", :xml)
+    assert_equal 401, status
+    assert_equal "application/xml", headers["Content-Type"]
+    # Cannot assert this due to a bug between integration tests and rack on 2.3
+    # assert response.body.include?("<error>HTTP Basic: Access denied.</error>")
+  end
+
   test 'returns a custom response with www-authenticate and chosen realm' do
     swap Devise, :http_authentication_realm => "MyApp" do
       sign_in_as_new_user_with_http("unknown")
@@ -36,9 +44,9 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
 
   private
 
-    def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
+    def sign_in_as_new_user_with_http(username="user@test.com", password="123456", format=:html)
       user = create_user
-      get users_path, {}, :authorization => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
+      get users_path(:format => format), {}, :authorization => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
       user
     end
 end

test/integration/rememberable_test.rb

@@ -28,6 +28,14 @@ class RememberMeTest < ActionController::IntegrationTest
     assert warden.user(:user) == user
   end
 
+  test 'does not remember other scopes' do
+    user = create_user_and_remember
+    get root_path
+    assert_response :success
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+  end
+
   test 'do not remember with invalid token' do
     user = create_user_and_remember('add')
     get users_path

test/mailers/confirmation_instructions_test.rb

@@ -63,6 +63,12 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
     end
   end
 
+  test 'content type should be set to plain when manually configured' do
+    swap Devise, :mailer_content_type => "text/plain" do
+      assert_equal "text/plain", mail.content_type
+    end
+  end
+
   test 'renders a scoped if scoped_views is set in the mailer class' do
     begin
       DeviseMailer.scoped_views = true

test/models/confirmable_test.rb

@@ -216,7 +216,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     Devise.confirm_within = 0.days
     user = create_user
     user.confirmation_sent_at = Date.today
-    assert_not user.active?
+    assert_not user.reload.active?
   end
 
   test 'should not be active without confirmation' do

test/rails_app/app/mongo_mapper/admin.rb

@@ -1,9 +1,13 @@
 class Admin
   include MongoMapper::Document
-
-  devise :authenticatable, :timeoutable
+  devise :authenticatable, :registerable, :timeoutable
 
   def self.find_for_authentication(conditions)
-    last(:conditions => conditions, :order => "email")
+    last(:conditions => conditions)
+  end
+
+  def self.last(options={})
+    options.merge!(:order => 'email')
+    super options
   end
 end

test/rails_app/app/mongo_mapper/user.rb

@@ -1,8 +1,14 @@
 class User
   include MongoMapper::Document
   key :created_at, DateTime
-  devise :authenticatable, :http_authenticatable, :confirmable, :recoverable,
-         :rememberable, :trackable, :validatable, :timeoutable, :lockable,
-         :token_authenticatable
+  devise :authenticatable, :http_authenticatable, :confirmable, :lockable, :recoverable,
+         :registerable, :rememberable, :timeoutable, :token_authenticatable,
+         :trackable, :validatable
   # attr_accessible :username, :email, :password, :password_confirmation
+
+  def self.last(options={})
+    options.merge!(:order => 'email')
+    super options
+  end
+
 end

test/rails_app/config/initializers/devise.rb

@@ -35,6 +35,9 @@ Devise.setup do |config|
 
   # Configure the e-mail address which will be shown in DeviseMailer.
   config.mailer_sender = "please-change-me-omg@yourapp.com"
+  
+  # Configure the content type of DeviseMailer mails (defaults to text/html")
+  # config.mailer_content_type = "text/plain"
 
   # Load and configure the ORM. Supports :active_record, :data_mapper and :mongo_mapper.
   require "devise/orm/#{DEVISE_ORM}"