Release 2.0.6

Use the Ruby 1.8 hash syntax.
Yes we still support Ruby 1.8 😢 Conflicts: Gemfile.lock
2026-01-10 08:08:00 -05:00 · 2013-08-18 10:43:33 +02:00 · 2013-01-28 13:26:29 -02:00 · 2013-01-26 11:53:34 -07:00 · 2013-01-26 11:52:15 -07:00 · 2012-02-17 12:49:21 +01:00
12 changed files with 51 additions and 51 deletions
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@@ -1,4 +1,19 @@
-== 2.0.3
+== 2.0.6
+
+* bug fix
+  * Do not confirm account after reset password
+
+== 2.0.5
+
+* bug fix
+  * Require string conversion for all values
+
+== 2.0.4
+
+* bug fix
+  * Fix a regression that caused Warden to be initialized too late
+
+== 2.0.3 (yanked)

 * bug fix
  * Ensure warning is not shown by mistake on apps with mounted engines
@@ -8,8 +23,6 @@

 == 2.0.2

-Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0
-
 * enhancements
  * Add devise_i18n_options to customize I18n message

@@ -114,7 +127,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
 * bug fix
  * Fix backward incompatible change from 1.4.6 for those using custom controllers

-== 1.4.6
+== 1.4.6 (yanked)

 * enhancements
  * Allow devise_for :skip => :all
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
  remote: .
  specs:
-    devise (2.0.2)
+    devise (2.0.6)
      bcrypt-ruby (~> 3.0)
      orm_adapter (~> 0.0.3)
      railties (~> 3.1)
@@ -39,7 +39,7 @@ GEM
      multi_json (~> 1.0)
    addressable (2.2.6)
    arel (3.0.0)
-    bcrypt-ruby (3.0.1)
+    bcrypt-ruby (3.1.1)
    bson (1.5.1)
    bson_ext (1.3.1)
    builder (3.0.0)
@@ -87,7 +87,7 @@ GEM
    omniauth-openid (1.0.1)
      omniauth (~> 1.0)
      rack-openid (~> 1.3.1)
-    orm_adapter (0.0.6)
+    orm_adapter (0.0.7)
    polyglot (0.3.3)
    rack (1.4.1)
    rack-cache (1.1)
--- a/gemfiles/Gemfile.rails-3.1.x.lock
+++ b/gemfiles/Gemfile.rails-3.1.x.lock
@@ -1,7 +1,7 @@
 PATH
  remote: ..
  specs:
-    devise (2.0.2)
+    devise (2.0.6)
      bcrypt-ruby (~> 3.0)
      orm_adapter (~> 0.0.3)
      railties (~> 3.1)
@@ -40,7 +40,7 @@ GEM
      multi_json (~> 1.0)
    addressable (2.2.7)
    arel (2.2.1)
-    bcrypt-ruby (3.0.1)
+    bcrypt-ruby (3.1.1)
    bson (1.5.2)
    bson_ext (1.3.1)
    builder (3.0.0)
@@ -87,7 +87,7 @@ GEM
    omniauth-openid (1.0.1)
      omniauth (~> 1.0)
      rack-openid (~> 1.3.1)
-    orm_adapter (0.0.6)
+    orm_adapter (0.0.7)
    polyglot (0.3.3)
    rack (1.3.6)
    rack-cache (1.1)
--- a/lib/devise/models/authenticatable.rb
+++ b/lib/devise/models/authenticatable.rb
@@ -154,17 +154,20 @@ module Devise
        # namedscope to filter records while authenticating.
        # Example:
        #
-        #   def self.find_for_authentication(conditions={})
-        #     conditions[:active] = true
-        #     super
+        #   def self.find_for_authentication(tainted_conditions)
+        #     find_first_by_auth_conditions(tainted_conditions, :active => true)
        #   end
        #
-        def find_for_authentication(conditions)
-          find_first_by_auth_conditions(conditions)
+        # Finally, notice that Devise also queries for users in other scenarios
+        # besides authentication, for example when retrieving an user to send
+        # an e-mail for password reset. In such cases, find_for_authentication
+        # is not called.
+        def find_for_authentication(tainted_conditions)
+          find_first_by_auth_conditions(tainted_conditions)
        end

-        def find_first_by_auth_conditions(conditions)
-          to_adapter.find_first devise_param_filter.filter(conditions)
+        def find_first_by_auth_conditions(tainted_conditions, opts={})
+          to_adapter.find_first(devise_param_filter.filter(tainted_conditions).merge(opts))
        end

        # Find an initialize a record setting an error if it can't be found.
@@ -210,4 +213,4 @@ module Devise
      end
    end
  end
-end
+end
--- a/lib/devise/models/confirmable.rb
+++ b/lib/devise/models/confirmable.rb
@@ -165,11 +165,6 @@ module Devise
          generate_confirmation_token && save(:validate => false)
        end

-        def after_password_reset
-          super
-          confirm! unless confirmed?
-        end
-
        def postpone_email_change_until_confirmation
          @reconfirmation_required = true
          self.unconfirmed_email = self.email
--- a/lib/devise/param_filter.rb
+++ b/lib/devise/param_filter.rb
@@ -33,9 +33,8 @@ module Devise

    private

-    # Determine which values should be transformed to string or passed as-is to the query builder underneath
    def param_requires_string_conversion?(value)
-      [Fixnum, TrueClass, FalseClass, Regexp].none? {|clz| value.is_a? clz }
+      true
    end
  end
 end
--- a/lib/devise/rails.rb
+++ b/lib/devise/rails.rb
@@ -87,8 +87,6 @@ module Devise
      end

      config.after_initialize do
-        Devise.configure_warden!
-
        example = <<-YAML
 en:
  devise:
--- a/lib/devise/rails/routes.rb
+++ b/lib/devise/rails/routes.rb
@@ -7,11 +7,8 @@ module ActionDispatch::Routing
    def finalize_with_devise!
      result = finalize_without_devise!

-      # If @devise_finalized was defined, it means devise_for was invoked
-      # in this router, so we proceed to generate devise helpers unless
-      # they were already defined (which then @devise_finalizd would be true).
-      if defined?(@devise_finalized) && !@devise_finalized
-        if Devise.router_name.nil? && self != Rails.application.try(:routes)
+      @devise_finalized ||= begin
+        if Devise.router_name.nil? && defined?(@devise_finalized) && self != Rails.application.try(:routes)
          warn "[DEVISE] We have detected that you are using devise_for inside engine routes. " \
            "In this case, you probably want to set Devise.router_name = MOUNT_POINT, where "   \
            "MOUNT_POINT is a symbol representing where this engine will be mounted at. For "   \
@@ -19,8 +16,9 @@ module ActionDispatch::Routing
            " to :main_app as well in case you want to keep the current behavior."
        end

+        Devise.configure_warden!
        Devise.regenerate_helpers!
-        @devise_finalized = true
+        true
      end

      result
--- a/lib/devise/version.rb
+++ b/lib/devise/version.rb
@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "2.0.3".freeze
+  VERSION = "2.0.6".freeze
 end
--- a/test/integration/recoverable_test.rb
+++ b/test/integration/recoverable_test.rb
@@ -195,15 +195,6 @@ class PasswordTest < ActionController::IntegrationTest
    assert !warden.authenticated?(:user)
  end

-  test 'sign in user automatically and confirm after changing its password if it\'s not confirmed' do
-    user = create_user(:confirm => false)
-    request_forgot_password
-    reset_password :reset_password_token => user.reload.reset_password_token
-
-    assert warden.authenticated?(:user)
-    assert user.reload.confirmed?
-  end
-
  test 'reset password request with valid E-Mail in XML format should return valid response' do
    create_user
    post user_password_path(:format => 'xml'), :user => {:email => "user@test.com"}
--- a/test/models/authenticatable_test.rb
+++ b/test/models/authenticatable_test.rb
@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class AuthenticatableTest < ActiveSupport::TestCase
+  test 'find_first_by_auth_conditions allows custom filtering parameters' do
+    user = User.create!(:email => "example@example.com", :password => "123456")
+    assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }), user
+    assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }, :id => user.id + 1), nil
+  end
+end
--- a/test/models/database_authenticatable_test.rb
+++ b/test/models/database_authenticatable_test.rb
@@ -23,15 +23,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
  end

  test "param filter should not convert booleans and integer to strings" do
-    conditions = { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
+    conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
    conditions = Devise::ParamFilter.new([], []).filter(conditions)
-    assert_equal( { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => "1..10" }, conditions)
-  end
-
-  test "param filter should not convert regular expressions to strings" do
-    conditions = { "regexp" => /expression/ }
-    conditions = Devise::ParamFilter.new([], []).filter(conditions)
-    assert_equal( { "regexp" => /expression/ }, conditions)
+    assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions)
  end

  test 'should respond to password and password confirmation' do
Author	SHA1	Message	Date
José Valim	b78519e154	Release 2.0.6	2013-08-18 10:43:33 +02:00
Rafael Mendonça França	0430689b01	Use the Ruby 1.8 hash syntax. Yes we still support Ruby 1.8 😢 Conflicts: Gemfile.lock	2013-01-28 13:26:29 -02:00
José Valim	bc82165ee3	Release v2.0.5	2013-01-26 11:53:34 -07:00
José Valim	eecb2c1695	Require string conversion for all values	2013-01-26 11:52:15 -07:00
José Valim	8fc18b49eb	Release 2.0.4	2012-02-17 12:49:21 +01:00
José Valim	b4af49cc38	Update CHANGELOG.	2012-02-17 12:49:14 +01:00
José Valim	4c654e71be	Fix regression where warden was being configured too early.	2012-02-17 12:49:07 +01:00