Release v3.1.1

For #2627

When allow_unconfirmed_access_for > 0, users may
be already signed in at the time they confirm
their account. Consequently, the default
confirmation should be compatible with this
possibility. Additionally, they should not be
redirected to the sign in form after confirmation
in this case. So I've changed
ConfirmationsController#after_confirmation_path_for
to send the user to the root path when signed in,
or the sign in form otherwise.

Conflicts:
	app/controllers/devise/confirmations_controller.rb
	config/locales/en.yml

CHANGELOG.md

@@ -1,3 +1,9 @@
+== 3.1.1
+
+* bug fix
+  * Improve default message which asked users to sign in even when they were already signed (by @gregates)
+  * Improve error message for when the `config.secret_key` is missing
+
 == 3.1.0
 
 Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/

Gemfile.lock

@@ -12,7 +12,7 @@ GIT
 PATH
   remote: .
   specs:
-    devise (3.1.0)
+    devise (3.1.1)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
@@ -48,7 +48,7 @@ GEM
       tzinfo (~> 0.3.37)
     arel (4.0.0)
     atomic (1.1.12)
-    bcrypt-ruby (3.1.1)
+    bcrypt-ruby (3.1.2)
     builder (3.1.4)
     erubis (2.7.0)
     faraday (0.8.8)

app/controllers/devise/confirmations_controller.rb

@@ -43,6 +43,8 @@ class Devise::ConfirmationsController < DeviseController
     def after_confirmation_path_for(resource_name, resource)
       if Devise.allow_insecure_sign_in_after_confirmation
         after_sign_in_path_for(resource)
+      elsif signed_in?
+        signed_in_root_path(resource)
       else
         new_session_path(resource_name)
       end

config/locales/en.yml

@@ -3,7 +3,7 @@
 en:
   devise:
     confirmations:
-      confirmed: "Your account was successfully confirmed. Please sign in."
+      confirmed: "Your account was successfully confirmed."
       confirmed_and_signed_in: "Your account was successfully confirmed. You are now signed in."
       send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes."
       send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."

gemfiles/Gemfile.rails-3.2.x.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    devise (3.1.0)
+    devise (3.1.1)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
@@ -40,7 +40,7 @@ GEM
       multi_json (~> 1.0)
     arel (3.0.2)
     atomic (1.1.13)
-    bcrypt-ruby (3.1.1)
+    bcrypt-ruby (3.1.2)
     builder (3.0.4)
     erubis (2.7.0)
     faraday (0.8.8)

lib/devise/rails/routes.rb

@@ -442,6 +442,7 @@ Devise.secret_key was not set. Please add the following to your Devise initializ
 
   config.secret_key = '#{SecureRandom.hex(64)}'
 
+Please ensure you restarted your application after installing Devise or setting the key.
 ERROR
       end
 

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "3.1.0".freeze
+  VERSION = "3.1.1".freeze
 end

test/integration/confirmable_test.rb

@@ -56,7 +56,7 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
       assert_not user.confirmed?
       visit_user_confirmation_with_token(user.raw_confirmation_token)
 
-      assert_contain 'Your account was successfully confirmed. Please sign in.'
+      assert_contain 'Your account was successfully confirmed.'
       assert_current_url '/users/sign_in'
       assert user.reload.confirmed?
     end
@@ -135,6 +135,16 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
     end
   end
 
+  test 'unconfirmed but signed in user should be redirected to their root path' do
+    swap Devise, :allow_unconfirmed_access_for => 1.day do
+      user = sign_in_as_user(:confirm => false)
+
+      visit_user_confirmation_with_token(user.raw_confirmation_token)
+      assert_contain 'Your account was successfully confirmed.'
+      assert_current_url '/'
+    end
+  end
+
   test 'error message is configurable by resource name' do
     store_translations :en, :devise => {
       :failure => { :user => { :unconfirmed => "Not confirmed user" } }