AtHeartEngineer/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-10 16:18:04 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: AtHeartEngineer:v0.7.5
Branches Tags
AtHeartEngineer:main AtHeartEngineer:update-rack-unprocessable_content AtHeartEngineer:ca-devise-locale-throw AtHeartEngineer:password-length-dynamic AtHeartEngineer:4-stable AtHeartEngineer:mf-issue-5140 AtHeartEngineer:mf-check-for-devise-parent-mailer AtHeartEngineer:5-rc AtHeartEngineer:3-stable AtHeartEngineer:let-unsafe-redirect AtHeartEngineer:test-mongoid AtHeartEngineer:drv-improve-reset-token AtHeartEngineer:lm-jruby AtHeartEngineer:4-0-stable AtHeartEngineer:4-1-stable AtHeartEngineer:gh-pages AtHeartEngineer:v3.2 AtHeartEngineer:v2.2 AtHeartEngineer:v3.0 AtHeartEngineer:v3.1 AtHeartEngineer:v2.0 AtHeartEngineer:v2.1 AtHeartEngineer:v1.5 AtHeartEngineer:v1.0 AtHeartEngineer:v1.4 AtHeartEngineer:v1.3 AtHeartEngineer:v1.2 AtHeartEngineer:v1.1
AtHeartEngineer:v5.0.0.rc AtHeartEngineer:v4.9.4 AtHeartEngineer:v4.9.3 AtHeartEngineer:v4.9.2 AtHeartEngineer:v4.9.1 AtHeartEngineer:v4.9.0 AtHeartEngineer:v4.8.1 AtHeartEngineer:v4.8.0 AtHeartEngineer:v4.7.3 AtHeartEngineer:v4.7.2 AtHeartEngineer:v4.7.1 AtHeartEngineer:v4.7.0 AtHeartEngineer:v4.6.2 AtHeartEngineer:v4.6.1 AtHeartEngineer:v4.6.0 AtHeartEngineer:v4.5.0 AtHeartEngineer:v4.4.3 AtHeartEngineer:v4.4.2 AtHeartEngineer:v4.4.1 AtHeartEngineer:v4.4.0 AtHeartEngineer:v4.3.0 AtHeartEngineer:v4.2.1 AtHeartEngineer:v4.2.0 AtHeartEngineer:v3.5.10 AtHeartEngineer:v4.0.3 AtHeartEngineer:v4.1.1 AtHeartEngineer:v4.1.0 AtHeartEngineer:v3.5.9 AtHeartEngineer:v4.0.2 AtHeartEngineer:v4.0.1 AtHeartEngineer:v3.5.8 AtHeartEngineer:v3.5.7 AtHeartEngineer:v4.0.0 AtHeartEngineer:v4.0.0.rc2 AtHeartEngineer:v4.0.0.rc1 AtHeartEngineer:v3.5.6 AtHeartEngineer:v3.5.5 AtHeartEngineer:v3.5.4 AtHeartEngineer:v3.5.3 AtHeartEngineer:v3.5.2 AtHeartEngineer:v3.5.1 AtHeartEngineer:v3.5.0 AtHeartEngineer:v3.4.1 AtHeartEngineer:v3.4.0 AtHeartEngineer:v3.3.0 AtHeartEngineer:v3.2.4 AtHeartEngineer:v3.2.3 AtHeartEngineer:v3.2.2 AtHeartEngineer:v3.2.1 AtHeartEngineer:v2.2.8 AtHeartEngineer:v3.0.4 AtHeartEngineer:v3.1.2 AtHeartEngineer:v3.2.0 AtHeartEngineer:v3.1.1 AtHeartEngineer:v3.1.0 AtHeartEngineer:v2.0.6 AtHeartEngineer:v2.1.4 AtHeartEngineer:v2.2.7 AtHeartEngineer:v3.0.3 AtHeartEngineer:v3.1.0.rc2 AtHeartEngineer:v3.1.0.rc AtHeartEngineer:v2.2.6 AtHeartEngineer:v3.0.2 AtHeartEngineer:v3.0.1 AtHeartEngineer:v2.2.5 AtHeartEngineer:v3.0.0 AtHeartEngineer:v3.0.0.rc AtHeartEngineer:v2.2.4 AtHeartEngineer:v2.2.3 AtHeartEngineer:v2.2.2 AtHeartEngineer:v2.2.1 AtHeartEngineer:v2.2.0 AtHeartEngineer:v2.2.0.rc AtHeartEngineer:v2.1.2 AtHeartEngineer:v2.1.1 AtHeartEngineer:v2.1.0 AtHeartEngineer:v2.1.0.rc2 AtHeartEngineer:v2.1.0.rc AtHeartEngineer:v2.0.4 AtHeartEngineer:v2.0.3 AtHeartEngineer:v2.0.2 AtHeartEngineer:v2.0.1 AtHeartEngineer:v2.0.0 AtHeartEngineer:v2.0.0.rc2 AtHeartEngineer:v2.0.0.rc AtHeartEngineer:v1.5.3 AtHeartEngineer:v1.5.2 AtHeartEngineer:v1.5.1 AtHeartEngineer:v1.5.0 AtHeartEngineer:v1.5.0.rc1 AtHeartEngineer:v1.5.0.rc AtHeartEngineer:v1.4.9 AtHeartEngineer:v1.4.8 AtHeartEngineer:v1.4.7 AtHeartEngineer:v1.4.6 AtHeartEngineer:v1.4.5 AtHeartEngineer:v1.4.4 AtHeartEngineer:v1.4.3 AtHeartEngineer:v1.4.2 AtHeartEngineer:v1.4.1 AtHeartEngineer:v1.4.0 AtHeartEngineer:v1.3.4 AtHeartEngineer:v1.3.3 AtHeartEngineer:v1.3.2 AtHeartEngineer:v1.3.1 AtHeartEngineer:v1.3.0 AtHeartEngineer:v1.2.1 AtHeartEngineer:v1.2.0 AtHeartEngineer:v1.1.9 AtHeartEngineer:v1.0.11 AtHeartEngineer:v1.1.8 AtHeartEngineer:v1.2.rc2 AtHeartEngineer:v1.1.7 AtHeartEngineer:v1.1.6 AtHeartEngineer:v1.1.5 AtHeartEngineer:v1.0.9 AtHeartEngineer:v1.1.4 AtHeartEngineer:v1.2.rc AtHeartEngineer:v1.1.3 AtHeartEngineer:v1.1.2 AtHeartEngineer:v1.1.1 AtHeartEngineer:v1.1.0 AtHeartEngineer:v1.1.rc2 AtHeartEngineer:v1.0.8 AtHeartEngineer:v1.0.7 AtHeartEngineer:v1.1.rc1 AtHeartEngineer:v1.0.6 AtHeartEngineer:v1.1.rc0 AtHeartEngineer:v1.0.5 AtHeartEngineer:v1.0.4 AtHeartEngineer:v1.1.pre4 AtHeartEngineer:v1.1.pre3 AtHeartEngineer:v1.0.3 AtHeartEngineer:v1.1.pre2 AtHeartEngineer:v1.0.2 AtHeartEngineer:v1.1.pre AtHeartEngineer:v1.0.1 AtHeartEngineer:v1.0.0 AtHeartEngineer:v0.9.2 AtHeartEngineer:v0.9.1 AtHeartEngineer:v0.9.0 AtHeartEngineer:v0.8.2 AtHeartEngineer:v0.8.1 AtHeartEngineer:v0.8.0 AtHeartEngineer:v0.7.5
...
compare: AtHeartEngineer:v1.1.pre4
Branches Tags
AtHeartEngineer:main AtHeartEngineer:update-rack-unprocessable_content AtHeartEngineer:ca-devise-locale-throw AtHeartEngineer:password-length-dynamic AtHeartEngineer:4-stable AtHeartEngineer:mf-issue-5140 AtHeartEngineer:mf-check-for-devise-parent-mailer AtHeartEngineer:5-rc AtHeartEngineer:3-stable AtHeartEngineer:let-unsafe-redirect AtHeartEngineer:test-mongoid AtHeartEngineer:drv-improve-reset-token AtHeartEngineer:lm-jruby AtHeartEngineer:4-0-stable AtHeartEngineer:4-1-stable AtHeartEngineer:gh-pages AtHeartEngineer:v3.2 AtHeartEngineer:v2.2 AtHeartEngineer:v3.0 AtHeartEngineer:v3.1 AtHeartEngineer:v2.0 AtHeartEngineer:v2.1 AtHeartEngineer:v1.5 AtHeartEngineer:v1.0 AtHeartEngineer:v1.4 AtHeartEngineer:v1.3 AtHeartEngineer:v1.2 AtHeartEngineer:v1.1
AtHeartEngineer:v5.0.0.rc AtHeartEngineer:v4.9.4 AtHeartEngineer:v4.9.3 AtHeartEngineer:v4.9.2 AtHeartEngineer:v4.9.1 AtHeartEngineer:v4.9.0 AtHeartEngineer:v4.8.1 AtHeartEngineer:v4.8.0 AtHeartEngineer:v4.7.3 AtHeartEngineer:v4.7.2 AtHeartEngineer:v4.7.1 AtHeartEngineer:v4.7.0 AtHeartEngineer:v4.6.2 AtHeartEngineer:v4.6.1 AtHeartEngineer:v4.6.0 AtHeartEngineer:v4.5.0 AtHeartEngineer:v4.4.3 AtHeartEngineer:v4.4.2 AtHeartEngineer:v4.4.1 AtHeartEngineer:v4.4.0 AtHeartEngineer:v4.3.0 AtHeartEngineer:v4.2.1 AtHeartEngineer:v4.2.0 AtHeartEngineer:v3.5.10 AtHeartEngineer:v4.0.3 AtHeartEngineer:v4.1.1 AtHeartEngineer:v4.1.0 AtHeartEngineer:v3.5.9 AtHeartEngineer:v4.0.2 AtHeartEngineer:v4.0.1 AtHeartEngineer:v3.5.8 AtHeartEngineer:v3.5.7 AtHeartEngineer:v4.0.0 AtHeartEngineer:v4.0.0.rc2 AtHeartEngineer:v4.0.0.rc1 AtHeartEngineer:v3.5.6 AtHeartEngineer:v3.5.5 AtHeartEngineer:v3.5.4 AtHeartEngineer:v3.5.3 AtHeartEngineer:v3.5.2 AtHeartEngineer:v3.5.1 AtHeartEngineer:v3.5.0 AtHeartEngineer:v3.4.1 AtHeartEngineer:v3.4.0 AtHeartEngineer:v3.3.0 AtHeartEngineer:v3.2.4 AtHeartEngineer:v3.2.3 AtHeartEngineer:v3.2.2 AtHeartEngineer:v3.2.1 AtHeartEngineer:v2.2.8 AtHeartEngineer:v3.0.4 AtHeartEngineer:v3.1.2 AtHeartEngineer:v3.2.0 AtHeartEngineer:v3.1.1 AtHeartEngineer:v3.1.0 AtHeartEngineer:v2.0.6 AtHeartEngineer:v2.1.4 AtHeartEngineer:v2.2.7 AtHeartEngineer:v3.0.3 AtHeartEngineer:v3.1.0.rc2 AtHeartEngineer:v3.1.0.rc AtHeartEngineer:v2.2.6 AtHeartEngineer:v3.0.2 AtHeartEngineer:v3.0.1 AtHeartEngineer:v2.2.5 AtHeartEngineer:v3.0.0 AtHeartEngineer:v3.0.0.rc AtHeartEngineer:v2.2.4 AtHeartEngineer:v2.2.3 AtHeartEngineer:v2.2.2 AtHeartEngineer:v2.2.1 AtHeartEngineer:v2.2.0 AtHeartEngineer:v2.2.0.rc AtHeartEngineer:v2.1.2 AtHeartEngineer:v2.1.1 AtHeartEngineer:v2.1.0 AtHeartEngineer:v2.1.0.rc2 AtHeartEngineer:v2.1.0.rc AtHeartEngineer:v2.0.4 AtHeartEngineer:v2.0.3 AtHeartEngineer:v2.0.2 AtHeartEngineer:v2.0.1 AtHeartEngineer:v2.0.0 AtHeartEngineer:v2.0.0.rc2 AtHeartEngineer:v2.0.0.rc AtHeartEngineer:v1.5.3 AtHeartEngineer:v1.5.2 AtHeartEngineer:v1.5.1 AtHeartEngineer:v1.5.0 AtHeartEngineer:v1.5.0.rc1 AtHeartEngineer:v1.5.0.rc AtHeartEngineer:v1.4.9 AtHeartEngineer:v1.4.8 AtHeartEngineer:v1.4.7 AtHeartEngineer:v1.4.6 AtHeartEngineer:v1.4.5 AtHeartEngineer:v1.4.4 AtHeartEngineer:v1.4.3 AtHeartEngineer:v1.4.2 AtHeartEngineer:v1.4.1 AtHeartEngineer:v1.4.0 AtHeartEngineer:v1.3.4 AtHeartEngineer:v1.3.3 AtHeartEngineer:v1.3.2 AtHeartEngineer:v1.3.1 AtHeartEngineer:v1.3.0 AtHeartEngineer:v1.2.1 AtHeartEngineer:v1.2.0 AtHeartEngineer:v1.1.9 AtHeartEngineer:v1.0.11 AtHeartEngineer:v1.1.8 AtHeartEngineer:v1.2.rc2 AtHeartEngineer:v1.1.7 AtHeartEngineer:v1.1.6 AtHeartEngineer:v1.1.5 AtHeartEngineer:v1.0.9 AtHeartEngineer:v1.1.4 AtHeartEngineer:v1.2.rc AtHeartEngineer:v1.1.3 AtHeartEngineer:v1.1.2 AtHeartEngineer:v1.1.1 AtHeartEngineer:v1.1.0 AtHeartEngineer:v1.1.rc2 AtHeartEngineer:v1.0.8 AtHeartEngineer:v1.0.7 AtHeartEngineer:v1.1.rc1 AtHeartEngineer:v1.0.6 AtHeartEngineer:v1.1.rc0 AtHeartEngineer:v1.0.5 AtHeartEngineer:v1.0.4 AtHeartEngineer:v1.1.pre4 AtHeartEngineer:v1.1.pre3 AtHeartEngineer:v1.0.3 AtHeartEngineer:v1.1.pre2 AtHeartEngineer:v1.0.2 AtHeartEngineer:v1.1.pre AtHeartEngineer:v1.0.1 AtHeartEngineer:v1.0.0 AtHeartEngineer:v0.9.2 AtHeartEngineer:v0.9.1 AtHeartEngineer:v0.9.0 AtHeartEngineer:v0.8.2 AtHeartEngineer:v0.8.1 AtHeartEngineer:v0.8.0 AtHeartEngineer:v0.7.5

136 Commits
v0.7.5 ... v1.1.pre4

Author SHA1 Message Date
José Valim
1d4f4c19c9 Release pre4 with improved controller handling. 2010-03-03 12:22:04 +01:00
José Valim
901c6ae4df Always get a new object on edit, update and delete. 2010-03-03 12:12:06 +01:00
José Valim
0e64bc74b7 Move trackabe logic to the model. 2010-03-03 12:03:43 +01:00
José Valim
038627574c Keep modules definition in a different file. 2010-03-03 12:03:43 +01:00
José Valim
af39afcdf8 More refactoring. 2010-03-03 12:03:43 +01:00
José Valim
1660831002 Give more flexibility when swapping controllers. 2010-03-03 12:03:42 +01:00
Carlos Antonio da Silva
03e11e4a18 We also have sign up as a valid path name for routes 2010-02-27 09:35:26 -03:00
José Valim
20ca0dc981 Add info about devise_facebook_connectable. 2010-02-27 09:13:42 +01:00
Daniel Kehoe
5c59f4cd1b Fixes to syntax, diction and spelling in README. 2010-02-27 16:04:38 +08:00
Daniel Kehoe
5bc741cdab Add a section 'Examples' to the README mentioning plataformatec/devise_example and fortuity/subdomain-authentication 2010-02-27 16:04:37 +08:00
Daniel Kehoe
cfb3305ae5 Add a section 'Related Applications' to the README with a mention of devise_invitable 2010-02-27 16:04:37 +08:00
Lucas Uyezu
8525b56318 SQLite requries a default value when the column is NOT NULL 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-25 08:33:38 +01:00
José Valim
bcb46bbccb Do not forget frozen records. 2010-02-25 08:00:10 +01:00
José Valim
484361e815 Improve error message on undefined method devise. 2010-02-25 07:54:06 +01:00
José Valim
94511c1a43 Bump to 1.1.pre3 2010-02-24 22:19:46 +01:00
Andrei Bocan
c914c143bc Fix typo in route description 2010-02-24 18:22:43 +08:00
José Valim
e03e137c35 Update warden which fixes a security issue. 2010-02-23 19:47:45 +01:00
snusnu
a12ca2955f Avoid datamapper deprecation warnings 2010-02-24 01:52:08 +08:00
José Valim
e6f3034b11 Do not remove options from MongoMapper and DataMapper in find. 2010-02-23 15:51:29 +01:00
José Valim
33cf55aa13 Add link to wiki on README. 2010-02-19 23:54:55 -07:00
José Valim
e9682a3e64 In Rails 3, for some reason, you need to restart the server after copying views. 2010-02-19 23:54:05 -07:00
Jacques Crocker
3f37ce03c8 Gemfile fix for mongomapper 
Points MongoMapper dependency to use a fork on MongoMapper that supports Rails3.
 2010-02-19 20:32:32 +08:00
Jacques Crocker
4a51394af5 MongoMapper test suite fixes 2010-02-19 20:32:31 +08:00
Carlos Antonio da Silva
b3283e097d Use available warden_options method instead of env. 2010-02-19 09:07:37 -02:00
Paul Campbell
e9c16d852e add paragraphs to html emails 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-19 10:20:02 +01:00
José Valim
1c6f18cb8b Since Devise::FailureApp is now a metal, we can get rid of this default_url_options stuff. 2010-02-19 10:13:53 +01:00
José Valim
4a0b9c663a Use metal for Devise::FailureApp. \m/ 2010-02-19 09:52:12 +01:00
José Valim
f0eb4348f3 Deprecate Devise.orm. This allows you to use several ORMs with Devise and reduces the required API. 2010-02-19 09:26:17 +01:00
José Valim
3ac399f2ff Returns the proper response body based on the rquest for 401. 2010-02-18 19:38:13 +01:00
José Valim
889803151d Release 1.1.pre2 2010-02-18 18:06:01 +01:00
José Valim
35e058b279 Fix the undefined method devise issue. 2010-02-18 18:04:08 +01:00
José Valim
104d5b0441 There is no such thing as magic, my dear Watson. 2010-02-18 17:59:05 +01:00
José Valim
968ebe1b15 Uses the same content type as request on http authenticatable 401 responses 2010-02-17 21:40:01 +01:00
José Valim
1282fc03cf Add missing autoload. 2010-02-17 16:53:17 +01:00
José Valim
a79e8e0404 Tiny change in generator README. 2010-02-17 16:37:27 +01:00
José Valim
6d6633d1fb Release 1.1.pre which is Rails 3 compatible. 2010-02-17 13:53:05 +01:00
José Valim
fdf06861b0 Load Devise ORM after initialization. 2010-02-17 13:18:08 +01:00
José Valim
f6cc219210 Devise now allows you to have custom controlleers. Check the README for more information. 2010-02-17 13:15:19 +01:00
José Valim
691f9324f5 Use ActiveSupport::Concern. 2010-02-17 12:35:38 +01:00
José Valim
8e21373946 Rename devise/shared/_devise_links to devise/shared/links. 2010-02-17 12:30:08 +01:00
José Valim
02e8c04cde Update views generator and now have scoped views. 2010-02-17 12:26:54 +01:00
José Valim
5bf2eb3850 Updated .gitignore. 2010-02-17 11:11:27 +01:00
José Valim
443a2d8343 Moved devise_install to rails 3 generators. 2010-02-17 11:10:24 +01:00
José Valim
38bfe3f990 First generator for Rails 3. 2010-02-17 11:00:10 +01:00
José Valim
b4bbd3b892 Get all tests passing for ActiveRecord and allow MongoMapper tests to run. 2010-02-17 10:11:43 +01:00
José Valim
33941d1f62 All tests passing (except two which are errors in Rails). Now generators and initialization process. 2010-02-16 21:23:58 +01:00
José Valim
e6e66481b8 Got all tests in test/models and failure app ones passing. 369 tests, 805 assertions, 13 failures, 2 errors. 2010-02-16 17:00:36 +01:00
José Valim
d466849c57 More tests passing for Rails 3 compatibility. 369 tests, 788 assertions, 34 failures, 16 errors. 2010-02-16 16:11:30 +01:00
José Valim
b3e11c5aca Got another bunch of tests passing on Rails 3. 369 tests, 731 assertions, 33 failures, 53 errors. 2010-02-16 14:57:10 +01:00
José Valim
766316b5e7 Got tests running on Rails 3: 369 tests, 486 assertions, 45 failures, 124 errors. 2010-02-16 14:31:49 +01:00
Paul Campbell
6d29bcc467 Add mention of flash[:notice] and flash[:alert] 2010-02-15 22:29:23 +08:00
José Valim
ee87ec398a Updated gemspec. 2010-02-15 14:23:00 +01:00
José Valim
3e37fe8d4d Bump to 1.0.1 2010-02-15 14:19:08 +01:00
José Valim
48a94cdece Avoid mass assignment error messages with current password. 2010-02-15 14:17:12 +01:00
José Valim
bdacffab58 Make HttpAuthenticatable opt-in. 2010-02-15 14:11:33 +01:00
José Valim
085b12a710 Add registerable to defaults. 2010-02-15 14:06:50 +01:00
Carlos Antonio da Silva
3435c53725 Fix typo: autoload Clearance encryptor and not Authlogic one. 2010-02-12 13:02:11 -02:00
Carlos Antonio da Silva
01dec7fc78 README and TODO minor updates. 2010-02-12 01:54:47 -02:00
José Valim
4bfbeea7e6 Release 1.0.0 2010-02-09 02:17:20 +01:00
José Valim
2a9e8dca73 Allow authenticatable to used in change_table statements 2010-02-09 00:26:26 +01:00
José Valim
1b6f1b9752 Add registerable integration tests. 2010-02-09 00:08:57 +01:00
José Valim
732e31528e More changes in update_with_password. 2010-02-08 23:14:03 +01:00
José Valim
d7db5b1eea More work on edit. 2010-02-08 20:38:47 +01:00
José Valim
2761a75437 Refactor on routes. 2010-02-08 20:25:20 +01:00
José Valim
8a15ac6e4a Stub out other views for Registerable. 2010-02-08 19:07:24 +01:00
José Valim
9798ad7455 Allow scoped views to be customized per controller/mailer class. 2010-02-08 17:33:22 +01:00
José Valim
54cd2cc0e8 Use _ instead of . 2010-02-08 17:15:12 +01:00
Carlos Antonio da Silva
445070f6ec Use sign_up instead of registration in routes. Fix issue with users being signed in while attempting to sign up with info from already existing user. Also fix signed up flash. 2010-02-08 11:03:15 -02:00
Carlos Antonio da Silva
9856646fac Merge with master 2010-02-06 09:24:00 -02:00
José Valim
60fd9d26ea Rely on duck type instead of mappings settings. 2010-02-06 10:06:22 +01:00
José Valim
1cf4dc798d Add Http Basic Authentication support. 2010-02-06 01:33:32 +01:00
José Valim
2f441fb60b Commit new gemspec. 2010-02-05 21:38:50 +01:00
José Valim
e02810d528 Move to 0.9.2. 2010-02-05 21:37:28 +01:00
José Valim
c146cad448 Ensure inactive user cannot sign in. 2010-02-05 21:36:19 +01:00
Carlos Antonio da Silva
49d1978863 We do not need to check for registerable active inside the view. 2010-02-05 00:02:49 -02:00
Carlos Antonio da Silva
658059f31a Bring Devise::ALL back to modules and improving lockable docs. 2010-02-04 20:09:53 -02:00
Carlos Antonio da Silva
21359fb433 Refactoring a bit models and lockable. Also remove devise :all deprecation. 2010-02-04 20:09:53 -02:00
Carlos Antonio da Silva
60714cd449 autload Registerable. Extracting default routes and path_names to constants. Fix evals for better debugging and stack trace. 2010-02-04 20:09:53 -02:00
Carlos Antonio da Silva
6b837cb285 Introducing Registerable module, allowing users to sign up. 2010-02-04 20:08:38 -02:00
Carlos Antonio da Silva
4de1e43b7a Fix "return_to" to always save the request_uri, overwriting the return to url when the user types another forbidden url before sign in. 
This way the user will be redirected to the last attempted url and not the first one.
 2010-02-04 08:46:22 -02:00
Matt Powell
02a99b9766 deprecate find(:first) and find(:all) in MongoMapper 2010-02-03 16:53:49 +08:00
José Valim
a9e2337aeb Change EMAIL_REGEXP so it can be used in javascript. 2010-02-02 13:28:47 +01:00
José Valim
3781a0f47b Tidy up token authentication implementation. 2010-02-02 13:21:00 +01:00
Jonas Grimfelt
4878bdb60b Second version of token_authenticatable reflecting feedback: Nuked all hook-stuff. Should be easy to custom-reset authentication tokens by inheritance. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-02 12:37:06 +01:00
Jonas Grimfelt
e1440fb430 Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-02 12:36:44 +01:00
José Valim
c03b4ff339 Add gemspec since it's required by bundler. 2010-02-01 16:32:36 +01:00
José Valim
ca794776c1 Bump to 0.9.1. 2010-01-25 20:19:47 +01:00
José Valim
b4707c2bae Use self. just to stay in the same pattern. 2010-01-25 19:29:14 +01:00
jgeiger
b3fd742aea bcrypt requires the salt to be over 29 chars 2010-01-22 23:04:03 +08:00
David Palm
bc05d28d3f Devise::Mapping#raw_path does not consider relative_url_root so that route helpers work (no more session_path(:user) => '/abc/abc/users/sign_in') 
Devise::Mapping#parsed_path considers relative_url_root so that initial redirects still work with non empty relative_url_roots
 2010-01-22 23:03:48 +08:00
José Valim
e4e9e16623 Bump to 0.9.0. 2010-01-21 15:30:13 +01:00
José Valim
345bf159e2 Add latest commities entries to CHANGELOG. 2010-01-21 09:15:07 +01:00
Jonas Grimfelt
0c7c762c16 Fixed some Ruby 1.9 issues/bugs. 2010-01-21 16:06:19 +08:00
Jonas Grimfelt
f50ec773b2 New convenient helper method for extending Devise with additional modules: Devise::add_module. 2010-01-21 16:06:17 +08:00
Carlos Antonio da Silva
6d80418fd1 Changing flash messages to new Rails defaults :notice/:alert 2010-01-20 17:46:14 -02:00
José Valim
b4183cbaa2 Url helpers should rely find_scope! 2010-01-19 17:19:40 +01:00
José Valim
04ce9d1e6f Should accept path prefixes not starting with slash. 2010-01-16 14:39:57 +01:00
José Valim
ef25da992c Use an OrderedHash to fix problems with test suite working in some machines but no in others. 2010-01-16 14:32:52 +01:00
José Valim
394b1ff444 Bring mongomapper up to date. Remember that you need mongo_ext in order to use MongoMapper with Devise. 2010-01-16 11:22:09 +01:00
José Valim
a5b2ee5171 Improve documentation for after_sign_in_path_for. 2010-01-16 10:56:35 +01:00
José Valim
fdc2e795d7 Simplify links requirement. 2010-01-14 16:04:13 +01:00
José Valim
a32e90a1d6 Update CHANGELOG and dependencies. 2010-01-14 15:53:17 +01:00
José Valim
2afad49a96 Bring rememberable back. 2010-01-14 15:47:14 +01:00
José Valim
f46d1b1d81 Add support to Warden 0.9.0.pre 2010-01-14 13:38:02 +01:00
José Valim
66f4cfd3eb Clean up tests. 2010-01-13 19:53:12 +01:00
José Valim
efc0ae230a Deprecate :all. 2010-01-13 19:45:24 +01:00
José Valim
f075a6babe Tidying up. 2010-01-13 18:46:04 +01:00
José Valim
19f9ecfcb6 Updating CHANGELOG. 2010-01-13 18:27:26 +01:00
José Valim
d4442837d5 Clean up whitespace and remove deprecated stuff. 2010-01-13 18:23:04 +01:00
José Valim
b581f86317 DRY up controllers. 2010-01-13 18:12:13 +01:00
José Valim
d0ccd14c54 Merge remote branch 'mhfs/master' 2010-01-13 17:49:20 +01:00
José Valim
d1dc18cb1a Bump to 0.8.2. 2010-01-13 17:46:16 +01:00
José Valim
6bb1901830 Add tests for mail with proc. 2010-01-13 17:45:02 +01:00
Jonas Grimfelt
37119616ff Devise.mailer_sender accepts a proc too, passing mapping. Useful if sender e-mail should differ for different devise scopes or current locale. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-01-13 17:36:05 +01:00
David Palm
5ca178aa7e Devise::Mapping#raw_path considers the relative_url_root to fix issue with Passenger and RailsBaseURI directives 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-01-13 17:30:27 +01:00
Marcelo Silveira
f4b438bb1e adding links refactory to changelog 2010-01-09 13:36:04 -02:00
Marcelo Silveira
6c4274fae6 fixing mongo tests 2010-01-09 13:16:07 -02:00
Marcelo Silveira
827d0ce14c refactoring attempts track to avoid saving the model twice 2010-01-09 13:12:24 -02:00
Marcelo Silveira
915afa5f0a forgot the partial.. 2010-01-09 12:59:24 -02:00
Marcelo Silveira
4498acb1d0 moved view links into a partial and I18n'ed them 2010-01-09 12:58:51 -02:00
Marcelo Silveira
9c4ddc6465 - Maximum attempts changed from 5 to 20 
- Lockable is not turned on by default
- Fixed lockable incompatibilities with latest commits
 2010-01-09 11:41:28 -02:00
Marcelo Silveira
32991e13c4 Merge and fix conflicts. 2010-01-09 11:22:27 -02:00
José Valim
c4764c931a Bump to 0.8.1 2010-01-08 23:27:15 +01:00
José Valim
35838b02b7 Ensure bcrypt works and move salt generation to encryptors (needed for bcrypt). 2010-01-08 23:19:57 +01:00
José Valim
d00c31314d Bump to 0.8.0 2010-01-07 22:50:01 +01:00
lancecarlson
ab57cdfb4a More DataMapper compatibility 2010-01-07 22:48:23 +01:00
José Valim
6517b358a1 sign_in_count should also be increased when user signs in via password change, confirmation, etc. 2010-01-07 22:41:14 +01:00
José Valim
99694fd159 Updated CHANGELOG. 2010-01-07 22:37:47 +01:00
Julio Capote
3916033058 added bcrypt as one of the encryptors 2010-01-08 05:33:16 +08:00
José Valim
4d8f5ea165 Add an easy way to configure an application to sign in users through "/sign_in". 
First, configure your routes:

  map.devise_for :users
  map.sign_in "/sign_in", :controller => "sessions", :action => "new"

Then, in config/initializers/devise.rb:

  config.use_default_scope = true

The default scope is always the first declaration in routes.rb, but if you need
to change it, you can also do it through the initializer:

  config.default_scope = :user
 2010-01-06 14:31:00 +01:00
José Valim
27a515fcbf Alloy dummy test app to boot. 2010-01-06 14:03:52 +01:00
José Valim
dc5724c888 Since script/generate devise_install is a required step, move README over there. 2010-01-06 14:00:50 +01:00
Carlos Antonio da Silva
73c0a10af5 Updating docs: timeoutable does not rely on trackable. 2010-01-05 21:12:16 -02:00
José Valim
a789f08d3b Cleaning up README to be more compatible with the latest stuff. 2010-01-05 16:01:16 +01:00
José Valim
543fe077d8 Update to work with Warden 0.8.0. 2010-01-05 13:44:13 +01:00
Marcelo Silveira
d2fa737aa0 introducing lockable implementation 2010-01-01 17:57:35 -02:00
179 changed files with 3970 additions and 2683 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -4,5 +4,5 @@
coverage/*
*.sqlite3
rdoc/*
devise.gemspec
pkg
log

116
CHANGELOG.rdoc
View File

@@ -1,3 +1,119 @@
== 1.1.pre
* enhancements
* Rails 3 compatibility.
* All controllers and views are namespaced, for example: Devise::SessionsController and "devise/sessions".
* You can specify the controller in routes and have specific controllers for each role.
* Devise.orm is deprecated. This reduces the required API to hook your ORM with devise.
* Use metal for failure app.
* HTML e-mails now have proper formatting.
* Do not remove options from Datamapper and MongoMapper in find
* deprecations
* Rails 3 compatible only.
* Scoped views are no longer "sessions/users/new". Now use "users/sessions/new".
* Devise.orm is deprecated, just require "devise/orm/YOUR_ORM" instead.
* Devise.default_url_options is deprecated, just modify ApplicationController.default_url_options.
== 1.0.3
* enhancements
* HTML e-mails now have proper formatting
* Do not remove MongoMapper options in find
== 1.0.2
* enhancements
* Allows you set mailer content type (by github.com/glennr)
* bug fix
* Uses the same content type as request on http authenticatable 401 responses
== 1.0.1
* enhancements
* HttpAuthenticatable is not added by default automatically.
* Avoid mass assignment error messages with current password.
* bug fix
* Fixed encryptors autoload
== 1.0.0
* deprecation
* :old_password in update_with_password is deprecated, use :current_password instead
* enhancements
* Added Registerable
* Added Http Basic Authentication support
* Allow scoped_views to be customized per controller/mailer class
* [#99] Allow authenticatable to used in change_table statements
== 0.9.2
* bug fix
* Ensure inactive user cannot sign in
* Ensure redirect to proper url after sign up
* enhancements
* Added gemspec to repo
* Added token authenticatable (by github.com/grimen)
== 0.9.1
* bug fix
* Allow bigger salt size (by github.com/jgeiger)
* Fix relative url root
== 0.9.0
* deprecation
* devise :all is deprecated
* :success and :failure flash messages are now :notice and :alert
* enhancements
* Added devise lockable (by github.com/mhfs)
* Warden 0.9.0 compatibility
* Mongomapper 0.6.10 compatibility
* Added Devise.add_module as hooks for extensions (by github.com/grimen)
* Ruby 1.9.1 compatibility (by github.com/grimen)
* bug fix
* Accept path prefix not starting with slash
* url helpers should rely on find_scope!
== 0.8.2
* enhancements
* Allow Devise.mailer_sender to be a proc (by github.com/grimen)
* bug fix
* Fix bug with passenger, update is required to anyone deploying on passenger (by github.com/dvdpalm)
== 0.8.1
* enhancements
* Move salt to encryptors
* Devise::Lockable
* Moved view links into partial and I18n'ed them
* bug fix
* Bcrypt generator was not being loaded neither setting the proper salt
== 0.8.0
* enhancements
* Warden 0.8.0 compatibility
* Add an easy for map.connect "sign_in", :controller => "sessions", :action => "new" to work
* Added :bcrypt encryptor (by github.com/capotej)
* bug fix
* sign_in_count is also increased when user signs in via password change, confirmation, etc..
* More DataMapper compatibility (by github.com/lancecarlson)
* deprecation
* Removed DeviseMailer.sender
== 0.7.5
* enhancements

18
Gemfile Normal file
View File

@@ -0,0 +1,18 @@
source "http://gemcutter.org"
gem "rails", "3.0.0.beta"
gem "warden", "0.9.4"
gem "sqlite3-ruby", :require => "sqlite3"
gem "webrat", "0.7"
gem "mocha", :require => false
gem "bcrypt-ruby", :require => "bcrypt"
if RUBY_VERSION < '1.9'
gem "ruby-debug", ">= 0.10.3"
end
group :mongo_mapper do
gem "mongo", "0.18.3"
gem "mongo_ext", "0.18.3", :require => false
gem "mongo_mapper", :git => "git://github.com/merbjedi/mongomapper.git", :branch => "rails3"
end

234
README.rdoc
View File

@@ -7,166 +7,142 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
* Allows you to have multiple roles (or models/scopes) signed in at the same time;
* Is based on a modularity concept: use just what you really need.
Right now it's composed of seven mainly modules:
Right now it's composed of 12 modules:
* Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
* Confirmable: responsible for verifying whether an account is already confirmed to sign in, and to send emails with confirmation instructions.
* Recoverable: takes care of reseting the user password and send reset instructions.
* Rememberable: manages generating and clearing token for remember the user from a saved cookie.
* Activatable: if you need to activate accounts by other means, which are not through confirmation, use this module.
* Timeoutable: expires sessions without activity in a certain period of time.
* Trackable: tracks sign in count, timestamps and ip.
* Validatable: creates all needed validations for email and password. It's totally optional, so you're able to to customize validations by yourself.
* Authenticatable: encrypts a password and validates the authenticity of a user while signing in.
* Token Authenticatable: validates the authenticity of a user while signing in using an authentication token (also known as "single access token").
* HttpAuthenticatable: sign in users using basic HTTP authentication.
* Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
* Recoverable: resets the user password and sends reset instructions.
* Registerable: handles signing up users through a registration process.
* Rememberable: manages generating and clearing a token for remembering the user from a saved cookie.
* Trackable: tracks sign in count, timestamps and IP address.
* Timeoutable: expires sessions that have no activity in a specified period of time.
* Validatable: provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
* Lockable: locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
* Activatable: use this module if you need to activate accounts by means other than confirmation.
There's an example application using Devise at http://github.com/plataformatec/devise_example .
== Examples
* Example application using Devise at http://github.com/plataformatec/devise_example
* Example Rails 2.3 web app combining subdomains with Devise at http://github.com/fortuity/subdomain-authentication
== Dependencies
Devise is based on Warden (http://github.com/hassox/warden), a Rack Authentication Framework so you need to install it as a gem. Please ensure you have it installed in order to use devise (see instalation below).
Devise is based on Warden (http://github.com/hassox/warden), a Rack Authentication Framework. You need to install Warden as a gem. Please ensure you have it installed in order to use Devise (see installation below).
== Installation
All gems are on gemcutter, so you need to add gemcutter to your sources if you haven't yet:
Devise master branch now supports Rails 3 and is NOT backward compatible. You can install it as:
sudo gem sources -a http://gemcutter.org/
sudo gem install devise --version=1.1.pre
Install warden gem if you don't have it installed (requires 0.6.4 or higher):
After installing the Warden and Devise gems, you need to configure the gems inside your gemfile:
sudo gem install warden
gem 'warden'
gem 'devise'
Install devise gem:
And run the generator:
sudo gem install devise
rails generate devise_install
Configure warden and devise gems inside your app:
And you're ready to go. The generator will install an initializer which describes ALL Devise's configuration options, so be sure to take a look at it and at the documentation as well:
config.gem 'warden'
config.gem 'devise'
http://rdoc.info/projects/plataformatec/devise
Run the generator:
== Rails 2.3
ruby script/generate devise_install
If you want to use the Rails 2.3.x version, you should do:
And you're ready to go. The generator will install an initializer which describes Devise's configuration options. Be sure to take a look.
sudo gem install devise --version=1.0.1
Or checkout from the v1.0 branch:
http://github.com/plataformatec/devise/tree/v1.0
== Basic Usage
This is a walkthrough with all steps you need to setup a devise resource, including model, migration, route files, and optional configuration. You can also check out the *Generators* section below to help you start.
This is a walkthrough with all steps you need to setup a devise resource, including model, migration, route files, and optional configuration. You MUST also check out the *Generators* section below to help you start.
Devise must be set up within the model (or models) you want to use, and devise routes must be created inside your routes.rb file.
Devise must be set up within the model (or models) you want to use. Devise routes must be created inside your config/routes.rb file.
We're assuming here you want a User model. First of all you have to setup a migration with the following fields:
We're assuming here you want a User model with some Devise modules, as outlined below:
class User < ActiveRecord::Base
devise :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
end
After you choose which modules to use, you need to set up your migrations. Luckily, Devise has some helpers to save you from this boring work:
create_table :users do |t|
t.authenticatable
t.confirmable
t.recoverable
t.rememberable
t.trackable
t.timestamps
end
You may also want to add some indexes to improve performance:
Devise doesn't use _attr_accessible_ or _attr_protected_ inside its modules, so be sure to define attributes as accessible or protected in your model.
add_index :your_table, :email
add_index :your_table, :confirmation_token # for confirmable
add_index :your_table, :reset_password_token # for recoverable
Configure your routes after setting up your model. Open your config/routes.rb file and add:
Now let's setup a User model adding the devise line to have your authentication working:
devise_for :users
class User < ActiveRecord::Base
devise :authenticatable
end
This will use your User model to create a set of needed routes (you can see them by running `rake routes`).
This line adds devise authenticatable inside your User class. Devise don't rely on _attr_accessible_ or _attr_protected_ inside its modules, so be sure to setup what attributes are accessible or protected in your model.
Options for configuring your routes include :class_name (to set the class for that route), :path_prefix, :as and :path_names, where the last two have the same meaning as in common routes. The available :path_names are:
You could also include the other devise modules as below:
devise_for :users, :as => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :sign_up => 'register', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock' }
# Include only authenticatable stuff
devise :authenticatable
Be sure to check devise_for documentation for details.
# Include authenticatable + confirmable
devise :authenticatable, :confirmable
# Include authenticatable + recoverable + rememberable
devise :authenticatable, :recoverable, :rememberable
# Include authenticatable + timeoutable
devise :authenticatable, :timeoutable
# Include all of them
devise :all
# Include all except recoverable
devise :all, :except => :recoverable
Note that validations aren't added by default, so you're able to customize it. In order to have automatic validations working just include :validatable.
== Model configuration
In addition to :except, you can provide :pepper, :stretches, :encryptor, :authentication_keys, :confirm_within, :remember_for and :timeout as options to devise method.
All those options are described in "config/initializers/devise.rb", which is generated when you invoke `ruby script/generate devise_install` in your application root.
== Routes
The next step after setting up your model is to configure your routes for devise. You do this by opening up your config/routes.rb and adding:
map.devise_for :users
This is going to look inside you User model and create a set of needed routes (you can see them by running `rake routes`).
There are also some options available for configuring your routes, as :class_name (to set the class for that route), :as and :path_names, where the last two have the same meaning as in common routes. The available :path_names are:
map.devise_for :users, :as => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
Be sure to check devise_for documentation for detailed description.
After creating your models and routes, run your migrations, and you are ready to go! But don't stop reading here, we still have a lot to tell you:
== Controller filters and helpers
Devise is gonna create some helpers to use inside your controllers and views. To setup a controller that needs user authentication, just add this before_filter:
Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_filter:
before_filter :authenticate_user!
To verify if a user is signed in, you have the following helper:
To verify if a user is signed in, use the following helper:
user_signed_in?
And to get the current signed in user this helper is available:
For the current signed-in user, this helper is available:
current_user
You have also access to the session for this scope:
You can access the session for this scope:
user_session
After signing in a user, confirming it's account or updating it's password, devise will look for a scoped root path to redirect. Example: For a :user resource, it will use user_root_path if it exists, otherwise default root_path will be used. To do it so, you need to create e default root inside your routes for your application:
After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. Example: For a :user resource, it will use user_root_path if it exists, otherwise default root_path will be used. This means that you need to set the root inside your routes:
map.root :controller => 'home'
root :to => "home"
You can also overwrite after_sign_in_path_for and after_sign_out_path_for to customize better your redirect hooks.
You can also overwrite after_sign_in_path_for and after_sign_out_path_for to customize your redirect hooks.
Finally, if you are using confirmable or recoverable, you also need to setup default url options for the mailer in each environment. Here's is the configuration for config/environments/development.rb:
Finally, you need to set up default url options for the mailer in each environment. Here is the configuration for config/environments/development.rb:
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
== Views
By default devise will use the same views for all scopes/roles you have. But what if you need so different views to each of them? Devise also has an easy way to accomplish it: just setup :scoped_views to true inside your devise config file, and you will be able to have views based on scope like 'sessions/users/new' and 'sessions/admin/new'. If no view is found within the scope, Devise will fallback to the default view.
== Tidying up
Devise let's you setup as many roles as you want, so let's say you already have this User model and also want an Admin model with the same authentication stuff, but not confirmation or password recovery. Just follow the same steps:
Devise allows you to set up as many roles as you want. For example, you may have a User model and also want an Admin model with just authentication, trackable, lockable and timeoutable features and no confirmation or password-recovery features. Just follow these steps:
# Create a migration with the required fields
create_table :admins do |t|
t.authenticatable
t.lockable
t.trackable
end
# Inside your Admin model
devise :authenticatable, :validatable
devise :authenticatable, :trackable, :timeoutable, :lockable
# Inside your routes
map.devise_for :admin
devise_for :admin
# Inside your protected controller
before_filter :authenticate_admin!
@@ -178,25 +154,56 @@ Devise let's you setup as many roles as you want, so let's say you already have
== Generators
Devise comes with some generators to help you start:
Devise has generators to help you get started:
ruby script/generate devise_install
rails generate devise_install
This will generate an initializer, with a description of all configuration values. You can also generate models through:
This will generate an initializer, with a description of all configuration values.
ruby script/generate devise Model
You can also generate models:
A model configured with all devise modules and attr_accessible for default fields will be created. The generator will also create the migration and configure your routes for devise.
rails generate devise Model
You can also copy devise views to your application, being able to modify them based on your needs. To do it so, run the following command:
This will create a model named "Model" configured with default Devise modules and attr_accessible set for default fields. The generator will also create the migration and configure your routes for Devise.
ruby script/generate devise_views
== Model configuration
This is gonna copy all session, password, confirmation and mailer views to your app/views folder.
The devise method in your models also accepts some options to configure its modules. For example, you can choose which encryptor to use in authenticatable:
devise :authenticatable, :confirmable, :recoverable, :encryptor => :bcrypt
Besides :encryptor, you can define :pepper, :stretches, :confirm_within, :remember_for, :timeout_in, :unlock_in and other values. For details, see the initializer file that was created when you invoked the devise_install generator described above.
== Configuring controllers and views
We built Devise to help you quickly develop an application that uses authentication. We don't want to be in your way when you need to customize it.
Since Devise is an engine, all its default views are packaged inside the gem. The default views will get you started but you may want to customize them. Devise has a generator to copy the default views to your application. After they've been copied to your application, you can make changes as required:
rails generate devise_views
If you have more than one role in your application (such as "user" and "admin"), you will notice that Devise uses the same views for all roles. You may need different views for each role. Devise offers an easy way to customize views for each role. Just set config.scoped_views to "true" inside "config/initializers/devise.rb".
After doing so you will be able to have views based on the scope like "users/sessions/new" and "admins/sessions/new". If no view is found within the scope, Devise will use the default view at "devise/sessions/new".
Finally, if the customization at the views level is not enough, you can customize each controller by following these steps:
1) Create your custom controller, for example a Admins::SessionsController:
class Admins::SessionsController < Devise::SessionsController
end
2) Tell the router to use this controller:
devise_for :admins, :controllers => { :sessions = "admin/sessions" }
3) And finally, since we changed the controller, it won't use the "devise/sessions" views, so remember to copy "devise/sessions" to "admin/sessions".
Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call "flash[:notice]" and "flash[:alert]" as appropriate.
== I18n
Devise uses flash messages with I18n with the flash keys :success and :failure. To customize your app, you can setup your locale file this way:
Devise uses flash messages with I18n with the flash keys :success and :failure. To customize your app, you can set up your locale file:
en:
devise:
@@ -213,7 +220,7 @@ You can also create distinct messages based on the resource you've configured us
admin:
signed_in: 'Hello admin!'
Devise mailer uses the same pattern to create subject messages:
The Devise mailer uses the same pattern to create subject messages:
en:
devise:
@@ -241,16 +248,15 @@ You can include the Devise Test Helpers in all of your tests by adding the follo
include Devise::TestHelpers
end
Do not use such helpers for integration tests like Cucumber, Webrat... Just fill in the form or explicitly set the user in session. For more tips, check the wiki (http://wiki.github.com/plataformatec/devise).
Do not use such helpers for integration tests such as Cucumber or Webrat. Instead, fill in the form or explicitly set the user in session. For more tips, check the wiki (http://wiki.github.com/plataformatec/devise).
== Migrating from other solutions
Devise implements encryption strategies for Clearance, Authlogic and Restful-Authentication. To make use of it set the desired encryptor in the encryptor initializer config option. You might also need to rename your encrypted password and salt columns to match Devises's one (encrypted_password and password_salt).
Devise implements encryption strategies for Clearance, Authlogic and Restful-Authentication. To make use of these strategies, set the desired encryptor in the encryptor initializer config option. You might also need to rename your encrypted password and salt columns to match Devise's fields (encrypted_password and password_salt).
== Other ORMs
Devise was made to work from scratch with ActiveRecord. However it currently supports DataMapper and MongoMapper as well.
To use it, just set Devise.orm or configure it in the initialization file (which is created with devise_install).
Devise supports ActiveRecord (by default) and MongoMapper. We offer experimental Datamapper support (with the limitation that the Devise test suite does not run completely with Datamapper). To choose other ORM, you just need to configure it in the initializer file.
== TODO
@@ -263,16 +269,28 @@ Please refer to TODO file.
== Contributors
* Marcelo Silveira (http://github.com/mhfs)
* Cyril Mougel (http://github.com/shingara)
* Jonas Grimfelt (http://github.com/grimen)
We have a long list of valued contributors. See the CHANGELOG or do `git shortlog -s -n` in the cloned repository.
== Related Applications
* http://github.com/scambra/devise_invitable adds support to Devise for sending invitations by email.
* http://github.com/grimen/devise_facebook_connectable adds support for Facebook Connect authentication, and optionally fetching user info from Facebook in the same step.
== Bugs and Feedback
If you discover any bugs or want to drop a line, feel free to create an issue on
GitHub or send an e-mail to the mailing list.
If you discover any bugs, please create an issue on GitHub.
http://github.com/plataformatec/devise/issues
For support, send an e-mail to the mailing list.
http://groups.google.com/group/plataformatec-devise
See the wiki for additional documentation and support.
http://wiki.github.com/plataformatec/devise/
== License
MIT License. Copyright 2009 Plataforma Tecnologia. http://blog.plataformatec.com.br

5
Rakefile
View File

@@ -43,8 +43,9 @@ begin
s.homepage = "http://github.com/plataformatec/devise"
s.description = "Flexible authentication solution for Rails with Warden"
s.authors = ['José Valim', 'Carlos Antônio']
s.files = FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "init.rb"]
s.add_dependency("warden", "~> 0.6.4")
s.files = FileList["[A-Z]*", "{app,config,lib}/**/*"]
s.extra_rdoc_files = FileList["[A-Z]*"] - %w(Gemfile Rakefile)
s.add_dependency("warden", "~> 0.9.4")
end
Jeweler::GemcutterTasks.new

8
TODO
View File

@@ -1,6 +1,2 @@
* Make test run with DataMapper (ActiveRecord, MongoMapper)
* Add Registerable support
* Add http authentication support
* Extract SessionSerializer tests from Authenticatable
* Extract CookieSerializer tests from Authenticatable
* Extract Activatable tests from Confirmable
* Make test run with DataMapper
* Extract Activatable tests from Confirmable

8
app/controllers/confirmations_controller.rb → app/controllers/devise/confirmations_controller.rb
View File

@@ -1,5 +1,5 @@
class ConfirmationsController < ApplicationController
include Devise::Controllers::Helpers
class Devise::ConfirmationsController < ApplicationController
include Devise::Controllers::InternalHelpers
# GET /resource/confirmation/new
def new
@@ -12,7 +12,7 @@ class ConfirmationsController < ApplicationController
self.resource = resource_class.send_confirmation_instructions(params[resource_name])
if resource.errors.empty?
set_flash_message :success, :send_instructions
set_flash_message :notice, :send_instructions
redirect_to new_session_path(resource_name)
else
render_with_scope :new
@@ -24,7 +24,7 @@ class ConfirmationsController < ApplicationController
self.resource = resource_class.confirm!(:confirmation_token => params[:confirmation_token])
if resource.errors.empty?
set_flash_message :success, :confirmed
set_flash_message :notice, :confirmed
sign_in_and_redirect(resource_name, resource)
else
render_with_scope :new

8
app/controllers/passwords_controller.rb → app/controllers/devise/passwords_controller.rb
View File

@@ -1,5 +1,5 @@
class PasswordsController < ApplicationController
include Devise::Controllers::Helpers
class Devise::PasswordsController < ApplicationController
include Devise::Controllers::InternalHelpers
before_filter :require_no_authentication
@@ -14,7 +14,7 @@ class PasswordsController < ApplicationController
self.resource = resource_class.send_reset_password_instructions(params[resource_name])
if resource.errors.empty?
set_flash_message :success, :send_instructions
set_flash_message :notice, :send_instructions
redirect_to new_session_path(resource_name)
else
render_with_scope :new
@@ -33,7 +33,7 @@ class PasswordsController < ApplicationController
self.resource = resource_class.reset_password!(params[resource_name])
if resource.errors.empty?
set_flash_message :success, :updated
set_flash_message :notice, :updated
sign_in_and_redirect(resource_name, resource)
else
render_with_scope :edit

57
app/controllers/devise/registrations_controller.rb Normal file
View File

@@ -0,0 +1,57 @@
class Devise::RegistrationsController < ApplicationController
include Devise::Controllers::InternalHelpers
before_filter :require_no_authentication, :only => [ :new, :create ]
before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
# GET /resource/sign_up
def new
build_resource
render_with_scope :new
end
# POST /resource/sign_up
def create
build_resource
if resource.save
flash[:"#{resource_name}_signed_up"] = true
set_flash_message :notice, :signed_up
sign_in_and_redirect(resource_name, resource)
else
render_with_scope :new
end
end
# GET /resource/edit
def edit
render_with_scope :edit
end
# PUT /resource
def update
if resource.update_with_password(params[resource_name])
set_flash_message :notice, :updated
redirect_to after_sign_in_path_for(self.resource)
else
render_with_scope :edit
end
end
# DELETE /resource
def destroy
resource.destroy
set_flash_message :notice, :destroyed
sign_out_and_redirect(self.resource)
end
protected
# Authenticates the current scope and gets a copy of the current resource.
# We need to use a copy because we don't want actions like update changing
# the current user in place.
def authenticate_scope!
send(:"authenticate_#{resource_name}!")
self.resource = resource_class.find(send(:"current_#{resource_name}").id)
end
end

45
app/controllers/devise/sessions_controller.rb Normal file
View File

@@ -0,0 +1,45 @@
class Devise::SessionsController < ApplicationController
include Devise::Controllers::InternalHelpers
before_filter :require_no_authentication, :only => [ :new, :create ]
# GET /resource/sign_in
def new
unless resource_just_signed_up?
Devise::FLASH_MESSAGES.each do |message|
set_now_flash_message :alert, message if params.try(:[], message) == "true"
end
end
build_resource
render_with_scope :new
end
# POST /resource/sign_in
def create
if resource = authenticate(resource_name)
set_flash_message :notice, :signed_in
sign_in_and_redirect(resource_name, resource, true)
else
set_now_flash_message :alert, (warden.message || :invalid)
clean_up_passwords(build_resource)
render_with_scope :new
end
end
# GET /resource/sign_out
def destroy
set_flash_message :notice, :signed_out if signed_in?(resource_name)
sign_out_and_redirect(resource_name)
end
protected
def resource_just_signed_up?
flash[:"#{resource_name}_signed_up"]
end
def clean_up_passwords(object)
object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
end
end

33
app/controllers/devise/unlocks_controller.rb Normal file
View File

@@ -0,0 +1,33 @@
class Devise::UnlocksController < ApplicationController
include Devise::Controllers::InternalHelpers
# GET /resource/unlock/new
def new
build_resource
render_with_scope :new
end
# POST /resource/unlock
def create
self.resource = resource_class.send_unlock_instructions(params[resource_name])
if resource.errors.empty?
set_flash_message :notice, :send_instructions
redirect_to new_session_path(resource_name)
else
render_with_scope :new
end
end
# GET /resource/unlock?unlock_token=abcdef
def show
self.resource = resource_class.unlock!(:unlock_token => params[:unlock_token])
if resource.errors.empty?
set_flash_message :notice, :unlocked
sign_in_and_redirect(resource_name, resource)
else
render_with_scope :new
end
end
end

33
app/controllers/sessions_controller.rb
View File

@@ -1,33 +0,0 @@
class SessionsController < ApplicationController
include Devise::Controllers::Helpers
before_filter :require_no_authentication, :only => [ :new, :create ]
# GET /resource/sign_in
def new
Devise::FLASH_MESSAGES.each do |message|
set_now_flash_message :failure, message if params.try(:[], message) == "true"
end
build_resource
render_with_scope :new
end
# POST /resource/sign_in
def create
if authenticate(resource_name)
set_flash_message :success, :signed_in
sign_in_and_redirect(resource_name)
else
set_now_flash_message :failure, warden.message || :invalid
build_resource
render_with_scope :new
end
end
# GET /resource/sign_out
def destroy
set_flash_message :success, :signed_out if signed_in?(resource_name)
sign_out_and_redirect(resource_name)
end
end

55
app/models/devise/mailer.rb Normal file
View File

@@ -0,0 +1,55 @@
class Devise::Mailer < ::ActionMailer::Base
include Devise::Controllers::ScopedViews
attr_reader :devise_mapping, :resource
def confirmation_instructions(record)
setup_mail(record, :confirmation_instructions)
end
def reset_password_instructions(record)
setup_mail(record, :reset_password_instructions)
end
def unlock_instructions(record)
setup_mail(record, :unlock_instructions)
end
private
# Configure default email options
def setup_mail(record, action)
@devise_mapping = Devise::Mapping.find_by_class(record.class)
raise "Invalid devise resource #{record}" unless @devise_mapping
@resource = instance_variable_set("@#{@devise_mapping.name}", record)
mail(:subject => translate(@devise_mapping, action),
:from => mailer_sender(@devise_mapping), :to => record.email) do |format|
format.html { render_with_scope(action, :controller => "mailer") }
end
end
def mailer_sender(mapping)
if Devise.mailer_sender.is_a?(Proc)
block_args = mapping.name if Devise.mailer_sender.arity > 0
Devise.mailer_sender.call(block_args)
else
Devise.mailer_sender
end
end
# Setup subject namespaced by model. It means you're able to setup your
# messages using specific resource scope, or provide a default one.
# Example (i18n locale file):
#
# en:
# devise:
# mailer:
# confirmation_instructions: '...'
# user:
# confirmation_instructions: '...'
def translate(mapping, key)
I18n.t(:"#{mapping.name}.#{key}", :scope => [:devise, :mailer], :default => key)
end
end

65
app/models/devise_mailer.rb
View File

@@ -1,65 +0,0 @@
class DeviseMailer < ::ActionMailer::Base
# Sets who is sending the e-mail
def self.sender=(value)
@@sender = value
end
# Reads who is sending the e-mail
def self.sender
@@sender
end
self.sender = nil
# Deliver confirmation instructions when the user is created or its email is
# updated, and also when confirmation is manually requested
def confirmation_instructions(record)
setup_mail(record, :confirmation_instructions)
end
# Deliver reset password instructions when manually requested
def reset_password_instructions(record)
setup_mail(record, :reset_password_instructions)
end
private
# Configure default email options
def setup_mail(record, key)
mapping = Devise::Mapping.find_by_class(record.class)
raise "Invalid devise resource #{record}" unless mapping
subject translate(mapping, key)
from self.class.sender
recipients record.email
sent_on Time.now
content_type 'text/html'
body render_with_scope(key, mapping, mapping.name => record, :resource => record)
end
def render_with_scope(key, mapping, assigns)
if Devise.scoped_views
begin
render :file => "devise_mailer/#{mapping.as}/#{key}", :body => assigns
rescue ActionView::MissingTemplate
render :file => "devise_mailer/#{key}", :body => assigns
end
else
render :file => "devise_mailer/#{key}", :body => assigns
end
end
# Setup subject namespaced by model. It means you're able to setup your
# messages using specific resource scope, or provide a default one.
# Example (i18n locale file):
#
# en:
# devise:
# mailer:
# confirmation_instructions: '...'
# user:
# confirmation_instructions: '...'
def translate(mapping, key)
I18n.t(:"#{mapping.name}.#{key}", :scope => [:devise, :mailer], :default => key)
end
end

6
app/views/confirmations/new.html.erb → app/views/devise/confirmations/new.html.erb
View File

@@ -9,8 +9,4 @@
<p><%= f.submit "Resend confirmation instructions" %></p>
<% end %>
<%= link_to "Sign in", new_session_path(resource_name) %><br />
<%- if devise_mapping.recoverable? %>
<%= link_to "Forgot password?", new_password_path(resource_name) %><br />
<% end -%>
<%= render :partial => "devise/shared/links" %>

5
app/views/devise/mailer/confirmation_instructions.html.erb Normal file
View File

@@ -0,0 +1,5 @@
<p>Welcome <%= @resource.email %>!</p>
<p>You can confirm your account through the link below:</p>
<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %></p>

8
app/views/devise/mailer/reset_password_instructions.html.erb Normal file
View File

@@ -0,0 +1,8 @@
<p>Hello <%= @resource.email %>!</p>
<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
<p>If you didn't request this, please ignore this email.</p>
<p>Your password won't change until you access the link above and create a new one.</p>

7
app/views/devise/mailer/unlock_instructions.html.erb Normal file
View File

@@ -0,0 +1,7 @@
<p>Hello <%= @resource.email %>!</p>
<p>Your account has been locked due to an excessive amount of unsuccessful sign in attempts.</p>
<p>Click the link below to unlock your account:</p>
<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p>

6
app/views/passwords/edit.html.erb → app/views/devise/passwords/edit.html.erb
View File

@@ -13,8 +13,4 @@
<p><%= f.submit "Change my password" %></p>
<% end %>
<%= link_to "Sign in", new_session_path(resource_name) %><br />
<%- if devise_mapping.confirmable? %>
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
<% end -%>
<%= render :partial => "devise/shared/links" %>

6
app/views/passwords/new.html.erb → app/views/devise/passwords/new.html.erb
View File

@@ -9,8 +9,4 @@
<p><%= f.submit "Send me reset password instructions" %></p>
<% end %>
<%= link_to "Sign in", new_session_path(resource_name) %><br />
<%- if devise_mapping.confirmable? %>
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
<% end -%>
<%= render :partial => "devise/shared/links" %>

25
app/views/devise/registrations/edit.html.erb Normal file
View File

@@ -0,0 +1,25 @@
<h2>Edit <%= resource_name.to_s.humanize %></h2>
<% form_for resource_name, resource, :url => registration_path(resource_name), :html => { :method => :put } do |f| -%>
<%= f.error_messages %>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.label :password %> <i>(leave blank if you don't want to change it)</i></p>
<p><%= f.password_field :password %></p>
<p><%= f.label :password_confirmation %></p>
<p><%= f.password_field :password_confirmation %></p>
<p><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i></p>
<p><%= f.password_field :current_password %></p>
<p><%= f.submit "Update" %></p>
<% end -%>
<h3>Cancel my account</h3>
<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>
<%= link_to "Back", :back %>

17
app/views/devise/registrations/new.html.erb Normal file
View File

@@ -0,0 +1,17 @@
<h2>Sign up</h2>
<% form_for resource_name, resource, :url => registration_path(resource_name) do |f| -%>
<%= f.error_messages %>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.label :password %></p>
<p><%= f.password_field :password %></p>
<p><%= f.label :password_confirmation %></p>
<p><%= f.password_field :password_confirmation %></p>
<p><%= f.submit "Sign up" %></p>
<% end -%>
<%= render :partial => "devise/shared/links" %>

17
app/views/devise/sessions/new.html.erb Normal file
View File

@@ -0,0 +1,17 @@
<h2>Sign in</h2>
<% form_for resource_name, resource, :url => session_path(resource_name) do |f| -%>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.label :password %></p>
<p><%= f.password_field :password %></p>
<% if devise_mapping.rememberable? -%>
<p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
<% end -%>
<p><%= f.submit "Sign in" %></p>
<% end -%>
<%= render :partial => "devise/shared/links" %>

19
app/views/devise/shared/_links.erb Normal file
View File

@@ -0,0 +1,19 @@
<%- if controller_name != 'sessions' %>
<%= link_to t('devise.sessions.link'), new_session_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
<%= link_to t('devise.registrations.link'), new_registration_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
<%= link_to t('devise.passwords.link'), new_password_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
<%= link_to t('devise.confirmations.link'), new_confirmation_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.lockable? && controller_name != 'unlocks' %>
<%= link_to t('devise.unlocks.link'), new_unlock_path(resource_name) %><br />
<% end -%>

12
app/views/devise/unlocks/new.html.erb Normal file
View File

@@ -0,0 +1,12 @@
<h2>Resend unlock instructions</h2>
<% form_for resource_name, resource, :url => unlock_path(resource_name) do |f| %>
<%= f.error_messages %>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.submit "Resend unlock instructions" %></p>
<% end %>
<%= render :partial => "devise/shared/links" %>

5
app/views/devise_mailer/confirmation_instructions.html.erb
View File

@@ -1,5 +0,0 @@
Welcome <%= @resource.email %>!
You can confirm your account through the link below:
<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %>

8
app/views/devise_mailer/reset_password_instructions.html.erb
View File

@@ -1,8 +0,0 @@
Hello <%= @resource.email %>!
Someone has requested a link to change your password, and you can do this through the link below.
<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %>
If you didn't request this, please ignore this email.
Your password won't change until you access the link above and create a new one.

25
app/views/sessions/new.html.erb
View File

@@ -1,25 +0,0 @@
<h2>Sign in</h2>
<%- if devise_mapping.authenticatable? %>
<% form_for resource_name, resource, :url => session_path(resource_name) do |f| -%>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.label :password %></p>
<p><%= f.password_field :password %></p>
<% if devise_mapping.rememberable? -%>
<p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
<% end -%>
<p><%= f.submit "Sign in" %></p>
<% end -%>
<% end%>
<%- if devise_mapping.recoverable? %>
<%= link_to "Forgot password?", new_password_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.confirmable? %>
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
<% end -%>

22
lib/devise/locales/en.yml → config/locales/en.yml
View File

@@ -1,21 +1,41 @@
en:
errors:
messages:
not_found: "not found"
already_confirmed: "was already confirmed"
not_locked: "was not locked"
devise:
sessions:
link: 'Sign in'
signed_in: 'Signed in successfully.'
signed_out: 'Signed out successfully.'
unauthenticated: 'You need to sign in or sign up before continuing.'
unconfirmed: 'You have to confirm your account before continuing.'
locked: 'Your account is locked.'
invalid: 'Invalid email or password.'
invalid_token: 'Invalid authentication token.'
timeout: 'Your session expired, please sign in again to continue.'
inactive: 'Your account was not activated yet.'
passwords:
link: 'Forgot password?'
send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
updated: 'Your password was changed successfully. You are now signed in.'
confirmations:
link: "Didn't receive confirmation instructions?"
send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
confirmed: 'Your account was successfully confirmed. You are now signed in.'
registrations:
link: 'Sign up'
signed_up: 'You have signed up successfully.'
updated: 'You updated your account successfully.'
destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
unlocks:
link: "Didn't receive unlock instructions?"
send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
unlocked: 'Your account was successfully unlocked. You are now signed in.'
mailer:
confirmation_instructions: 'Confirmation instructions'
reset_password_instructions: 'Reset password instructions'
unlock_instructions: 'Unlock Instructions'

183
devise.gemspec Normal file
View File

@@ -0,0 +1,183 @@
# Generated by jeweler
# DO NOT EDIT THIS FILE DIRECTLY
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
# -*- encoding: utf-8 -*-
Gem::Specification.new do |s|
s.name = %q{devise}
s.version = "1.1.pre4"
s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
s.authors = ["Jos\303\251 Valim", "Carlos Ant\303\264nio"]
s.date = %q{2010-03-03}
s.description = %q{Flexible authentication solution for Rails with Warden}
s.email = %q{contact@plataformatec.com.br}
s.extra_rdoc_files = [
"CHANGELOG.rdoc",
"MIT-LICENSE",
"README.rdoc",
"TODO"
]
s.files = [
"CHANGELOG.rdoc",
"Gemfile",
"MIT-LICENSE",
"README.rdoc",
"Rakefile",
"TODO",
"app/controllers/devise/confirmations_controller.rb",
"app/controllers/devise/passwords_controller.rb",
"app/controllers/devise/registrations_controller.rb",
"app/controllers/devise/sessions_controller.rb",
"app/controllers/devise/unlocks_controller.rb",
"app/models/devise/mailer.rb",
"app/views/devise/confirmations/new.html.erb",
"app/views/devise/mailer/confirmation_instructions.html.erb",
"app/views/devise/mailer/reset_password_instructions.html.erb",
"app/views/devise/mailer/unlock_instructions.html.erb",
"app/views/devise/passwords/edit.html.erb",
"app/views/devise/passwords/new.html.erb",
"app/views/devise/registrations/edit.html.erb",
"app/views/devise/registrations/new.html.erb",
"app/views/devise/sessions/new.html.erb",
"app/views/devise/shared/_links.erb",
"app/views/devise/unlocks/new.html.erb",
"config/locales/en.yml",
"lib/devise.rb",
"lib/devise/controllers/helpers.rb",
"lib/devise/controllers/internal_helpers.rb",
"lib/devise/controllers/scoped_views.rb",
"lib/devise/controllers/url_helpers.rb",
"lib/devise/encryptors/authlogic_sha512.rb",
"lib/devise/encryptors/base.rb",
"lib/devise/encryptors/bcrypt.rb",
"lib/devise/encryptors/clearance_sha1.rb",
"lib/devise/encryptors/restful_authentication_sha1.rb",
"lib/devise/encryptors/sha1.rb",
"lib/devise/encryptors/sha512.rb",
"lib/devise/failure_app.rb",
"lib/devise/hooks/activatable.rb",
"lib/devise/hooks/rememberable.rb",
"lib/devise/hooks/timeoutable.rb",
"lib/devise/hooks/trackable.rb",
"lib/devise/mapping.rb",
"lib/devise/models.rb",
"lib/devise/models/activatable.rb",
"lib/devise/models/authenticatable.rb",
"lib/devise/models/confirmable.rb",
"lib/devise/models/http_authenticatable.rb",
"lib/devise/models/lockable.rb",
"lib/devise/models/recoverable.rb",
"lib/devise/models/registerable.rb",
"lib/devise/models/rememberable.rb",
"lib/devise/models/timeoutable.rb",
"lib/devise/models/token_authenticatable.rb",
"lib/devise/models/trackable.rb",
"lib/devise/models/validatable.rb",
"lib/devise/modules.rb",
"lib/devise/orm/active_record.rb",
"lib/devise/orm/data_mapper.rb",
"lib/devise/orm/mongo_mapper.rb",
"lib/devise/rails.rb",
"lib/devise/rails/routes.rb",
"lib/devise/rails/warden_compat.rb",
"lib/devise/schema.rb",
"lib/devise/strategies/authenticatable.rb",
"lib/devise/strategies/base.rb",
"lib/devise/strategies/http_authenticatable.rb",
"lib/devise/strategies/rememberable.rb",
"lib/devise/strategies/token_authenticatable.rb",
"lib/devise/test_helpers.rb",
"lib/devise/version.rb",
"lib/generators/devise/devise_generator.rb",
"lib/generators/devise/templates/migration.rb",
"lib/generators/devise_install/devise_install_generator.rb",
"lib/generators/devise_install/templates/README",
"lib/generators/devise_install/templates/devise.rb",
"lib/generators/devise_views/devise_views_generator.rb"
]
s.homepage = %q{http://github.com/plataformatec/devise}
s.rdoc_options = ["--charset=UTF-8"]
s.require_paths = ["lib"]
s.rubygems_version = %q{1.3.5}
s.summary = %q{Flexible authentication solution for Rails with Warden}
s.test_files = [
"test/controllers/helpers_test.rb",
"test/controllers/internal_helpers_test.rb",
"test/controllers/url_helpers_test.rb",
"test/devise_test.rb",
"test/encryptors_test.rb",
"test/failure_app_test.rb",
"test/integration/authenticatable_test.rb",
"test/integration/confirmable_test.rb",
"test/integration/http_authenticatable_test.rb",
"test/integration/lockable_test.rb",
"test/integration/recoverable_test.rb",
"test/integration/registerable_test.rb",
"test/integration/rememberable_test.rb",
"test/integration/timeoutable_test.rb",
"test/integration/token_authenticatable_test.rb",
"test/integration/trackable_test.rb",
"test/mailers/confirmation_instructions_test.rb",
"test/mailers/reset_password_instructions_test.rb",
"test/mailers/unlock_instructions_test.rb",
"test/mapping_test.rb",
"test/models/authenticatable_test.rb",
"test/models/confirmable_test.rb",
"test/models/http_authenticatable_test.rb",
"test/models/lockable_test.rb",
"test/models/recoverable_test.rb",
"test/models/rememberable_test.rb",
"test/models/timeoutable_test.rb",
"test/models/token_authenticatable_test.rb",
"test/models/trackable_test.rb",
"test/models/validatable_test.rb",
"test/models_test.rb",
"test/orm/active_record.rb",
"test/orm/mongo_mapper.rb",
"test/rails_app/app/active_record/admin.rb",
"test/rails_app/app/active_record/user.rb",
"test/rails_app/app/controllers/admins_controller.rb",
"test/rails_app/app/controllers/application_controller.rb",
"test/rails_app/app/controllers/home_controller.rb",
"test/rails_app/app/controllers/sessions_controller.rb",
"test/rails_app/app/controllers/users_controller.rb",
"test/rails_app/app/helpers/application_helper.rb",
"test/rails_app/app/mongo_mapper/admin.rb",
"test/rails_app/app/mongo_mapper/user.rb",
"test/rails_app/config/application.rb",
"test/rails_app/config/boot.rb",
"test/rails_app/config/environment.rb",
"test/rails_app/config/environments/development.rb",
"test/rails_app/config/environments/production.rb",
"test/rails_app/config/environments/test.rb",
"test/rails_app/config/initializers/backtrace_silencers.rb",
"test/rails_app/config/initializers/cookie_verification_secret.rb",
"test/rails_app/config/initializers/devise.rb",
"test/rails_app/config/initializers/inflections.rb",
"test/rails_app/config/initializers/session_store.rb",
"test/rails_app/config/routes.rb",
"test/routes_test.rb",
"test/support/assertions.rb",
"test/support/helpers.rb",
"test/support/integration.rb",
"test/support/test_silencer.rb",
"test/support/webrat/integrations/rails.rb",
"test/test_helper.rb",
"test/test_helpers_test.rb"
]
if s.respond_to? :specification_version then
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
s.specification_version = 3
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
s.add_runtime_dependency(%q<warden>, ["~> 0.9.4"])
else
s.add_dependency(%q<warden>, ["~> 0.9.4"])
end
else
s.add_dependency(%q<warden>, ["~> 0.9.4"])
end
end

5
generators/devise/USAGE
View File

@@ -1,5 +0,0 @@
To create a devise resource user:
script/generate devise User
This will generate a model named User, a route map for devise called :users, and a migration file for table :users with all devise modules.

22
generators/devise/devise_generator.rb
View File

@@ -1,22 +0,0 @@
require File.expand_path(File.dirname(__FILE__) + "/lib/route_devise.rb")
class DeviseGenerator < Rails::Generator::NamedBase
def manifest
record do |m|
# Model
m.directory(File.join('app', 'models', class_path))
m.template 'model.rb', File.join('app', 'models', "#{file_path}.rb")
# Migration
m.migration_template 'migration.rb', 'db/migrate', :migration_file_name => "devise_create_#{table_name}"
# Routing
m.route_devise table_name
# Readme
m.readme "README"
end
end
end

32
generators/devise/lib/route_devise.rb
View File

@@ -1,32 +0,0 @@
module Rails
module Generator
module Commands
class Create < Base
# Create devise route. Based on route_resources
def route_devise(*resources)
resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
sentinel = 'ActionController::Routing::Routes.draw do |map|'
logger.route "map.devise_for #{resource_list}"
unless options[:pretend]
gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
"#{match}\n map.devise_for #{resource_list}\n"
end
end
end
end
class Destroy < RewindBase
# Destroy devise route. Based on route_resources
def route_devise(*resources)
resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
look_for = "\n map.devise_for #{resource_list}\n"
logger.route "map.devise_for #{resource_list}"
gsub_file 'config/routes.rb', /(#{look_for})/mi, ''
end
end
end
end
end

22
generators/devise/templates/README
View File

@@ -1,22 +0,0 @@
================================================================================
Some setup you must do manually if you haven't yet:
1. Setup defaut url options for your specific environment. Here is an example of development environment:
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
It's a Rails required configuration. In production it must be the actual host your application is deployed to.
2. Setup default sender for mails. In config/environment.rb:
DeviseMailer.sender = "test@example.com"
You can also configure this value by running script/generate devise_install and setting config.mailer_sender,
3. Ensure you have defined root_url to *something* in your config/routes.rb:
map.root :controller => 'home'
================================================================================

5
generators/devise/templates/model.rb
View File

@@ -1,5 +0,0 @@
class <%= class_name %> < ActiveRecord::Base
devise :all
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation
end

3
generators/devise_install/USAGE
View File

@@ -1,3 +0,0 @@
To copy a Devise initializer to your Rails App, with some configuration values, just do:
script/generate devise_install

13
generators/devise_install/devise_install_generator.rb
View File

@@ -1,13 +0,0 @@
class DeviseInstallGenerator < Rails::Generator::Base
def manifest
record do |m|
m.directory "config/initializers"
m.template "devise.rb", "config/initializers/devise.rb"
m.directory "config/locales"
m.file "../../../lib/devise/locales/en.yml", "config/locales/devise.en.yml"
end
end
end

3
generators/devise_views/USAGE
View File

@@ -1,3 +0,0 @@
To copy all session, password, confirmation and mailer views from devise to your app just run the following command:
script/generate devise_views

21
generators/devise_views/devise_views_generator.rb
View File

@@ -1,21 +0,0 @@
class DeviseViewsGenerator < Rails::Generator::Base
def initialize(*args)
super
@source_root = options[:source] || File.join(spec.path, '..', '..')
end
def manifest
record do |m|
m.directory "app/views"
Dir[File.join(@source_root, "app", "views", "**/*.erb")].each do |file|
file = file.gsub(@source_root, "")[1..-1]
m.directory File.dirname(file)
m.file file, file
end
end
end
end

2
init.rb
View File

@@ -1,2 +0,0 @@
# We need to load devise here to ensure routes extensions are loaded.
require 'devise'

220
lib/devise.rb
View File

@@ -1,57 +1,48 @@
module Devise
autoload :FailureApp, 'devise/failure_app'
autoload :Mapping, 'devise/mapping'
autoload :Schema, 'devise/schema'
autoload :TestHelpers, 'devise/test_helpers'
module Controllers
autoload :Filters, 'devise/controllers/filters'
autoload :Helpers, 'devise/controllers/helpers'
autoload :InternalHelpers, 'devise/controllers/internal_helpers'
autoload :ScopedViews, 'devise/controllers/scoped_views'
autoload :UrlHelpers, 'devise/controllers/url_helpers'
end
module Encryptors
autoload :Base, 'devise/encryptors/base'
autoload :Bcrypt, 'devise/encryptors/bcrypt'
autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
autoload :AuthlogicSha1, 'devise/encryptors/authlogic_sha1'
autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1'
autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
autoload :Sha512, 'devise/encryptors/sha512'
autoload :Sha1, 'devise/encryptors/sha1'
end
module Orm
autoload :ActiveRecord, 'devise/orm/active_record'
autoload :DataMapper, 'devise/orm/data_mapper'
autoload :MongoMapper, 'devise/orm/mongo_mapper'
end
# Constants which holds devise configuration for extensions. Those should
# not be modified by the "end user".
ALL = []
CONTROLLERS = {}
ROUTES = []
STRATEGIES = []
FLASH_MESSAGES = [:unauthenticated]
ALL = [:authenticatable, :activatable, :confirmable, :recoverable, :rememberable,
:timeoutable, :trackable, :validatable]
# Maps controller names to devise modules
CONTROLLERS = {
:sessions => [:authenticatable],
:passwords => [:recoverable],
:confirmations => [:confirmable]
}
STRATEGIES = [:authenticatable]
SERIALIZERS = [:session, :cookie]
# True values used to check params
TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
# Maps the messages types that are used in flash message.
FLASH_MESSAGES = [ :unauthenticated, :unconfirmed, :invalid, :timeout, :inactive ]
# Declare encryptors length which are used in migrations.
ENCRYPTORS_LENGTH = {
:sha1 => 40,
:sha512 => 128,
:clearance_sha1 => 40,
:restful_authentication_sha1 => 40,
:authlogic_sha512 => 128
:authlogic_sha512 => 128,
:bcrypt => 60
}
# Email regex used to validate email formats. Retrieved from authlogic.
EMAIL_REGEX = /\A[\w\.%\+\-]+@(?:[A-Z0-9\-]+\.)+(?:[A-Z]{2,4}|museum|travel)\z/i
# Email regex used to validate email formats. Adapted from authlogic.
EMAIL_REGEX = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
# Used to encrypt password. Please generate one with rake secret.
mattr_accessor :pepper
@@ -83,15 +74,7 @@ module Devise
# Store scopes mappings.
mattr_accessor :mappings
@@mappings = {}
# Stores the chosen ORM.
mattr_accessor :orm
@@orm = :active_record
# Configure default options used in :all.
mattr_accessor :all
@@all = Devise::ALL.dup
@@mappings = ActiveSupport::OrderedHash.new
# Tells if devise should apply the schema in ORMs where devise declaration
# and schema belongs to the same class (as Datamapper and MongoMapper).
@@ -103,74 +86,123 @@ module Devise
mattr_accessor :scoped_views
@@scoped_views = false
class << self
# Default way to setup Devise. Run script/generate devise_install to create
# a fresh initializer with all configuration values.
def setup
yield self
# Number of authentication tries before locking an account
mattr_accessor :maximum_attempts
@@maximum_attempts = 20
# Defines which strategy can be used to unlock an account.
# Values: :email, :time, :both
mattr_accessor :unlock_strategy
@@unlock_strategy = :both
# Time interval to unlock the account if :time is defined as unlock_strategy.
mattr_accessor :unlock_in
@@unlock_in = 1.hour
# Tell when to use the default scope, if one cannot be found from routes.
mattr_accessor :use_default_scope
@@use_default_scope = false
# The default scope which is used by warden.
mattr_accessor :default_scope
@@default_scope = nil
# Address which sends Devise e-mails.
mattr_accessor :mailer_sender
@@mailer_sender = nil
# Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
mattr_accessor :token_authentication_key
@@token_authentication_key = :auth_token
# The realm used in Http Basic Authentication
mattr_accessor :http_authentication_realm
@@http_authentication_realm = "Application"
# Default way to setup Devise. Run rails generate devise_install to create
# a fresh initializer with all configuration values.
def self.setup
yield self
end
# Make Devise aware of an 3rd party Devise-module. For convenience.
#
# == Options:
#
# +strategy+ - Boolean value representing if this module got a custom *strategy*.
# Default is +false+. Note: Devise will auto-detect this in such case if this is true.
# +model+ - String representing the load path to a custom *model* for this module (to autoload.)
# Default is +nil+ (i.e. +false+).
# +controller+ - Symbol representing the name of an exisiting or custom *controller* for this module.
# Default is +nil+ (i.e. +false+).
# +route+ - Symbol representing the named *router* helper for this module.
# Default is +nil+ (i.e. +false+).
# +flash+ - Symbol representing the *flash messages* used by this helper.
# Default is +nil+ (i.e. +false+).
#
# == Examples:
#
# Devise.add_module(:party_module)
# Devise.add_module(:party_module, :strategy => true, :controller => :sessions)
# Devise.add_module(:party_module, :autoload => 'party_module/model')
#
def self.add_module(module_name, options = {})
ALL << module_name
options.assert_valid_keys(:strategy, :model, :controller, :route, :flash)
{ :strategy => STRATEGIES, :flash => FLASH_MESSAGES, :route => ROUTES }.each do |key, value|
next unless options[key]
name = (options[key] == true ? module_name : options[key])
value.unshift(name) unless value.include?(name)
end
# Sets the sender in DeviseMailer.
def mailer_sender=(value)
DeviseMailer.sender = value
end
alias :sender= :mailer_sender=
# Sets warden configuration using a block that will be invoked on warden
# initialization.
#
# Devise.initialize do |config|
# config.confirm_within = 2.days
#
# config.warden do |manager|
# # Configure warden to use other strategies, like oauth.
# manager.oauth(:twitter)
# end
# end
def warden(&block)
@warden_config = block
if options[:controller]
Devise::CONTROLLERS[module_name] = options[:controller].to_sym
end
# Configure default url options to be used within Devise and ActionController.
def default_url_options(&block)
Devise::Mapping.metaclass.send :define_method, :default_url_options, &block
if options[:model]
model_path = (options[:model] == true ? "devise/models/#{module_name}" : options[:model])
Devise::Models.send(:autoload, module_name.to_s.camelize.to_sym, model_path)
end
# A method used internally to setup warden manager from the Rails initialize
# block.
def configure_warden_manager(manager) #:nodoc:
manager.default_strategies *Devise::STRATEGIES
manager.default_serializers *Devise::SERIALIZERS
manager.failure_app = Devise::FailureApp
manager.silence_missing_strategies!
manager.silence_missing_serializers!
Devise::Mapping.register module_name
end
# If the user provided a warden hook, call it now.
@warden_config.try :call, manager
end
# Sets warden configuration using a block that will be invoked on warden
# initialization.
#
# Devise.initialize do |config|
# config.confirm_within = 2.days
#
# config.warden do |manager|
# # Configure warden to use other strategies, like oauth.
# manager.oauth(:twitter)
# end
# end
def self.warden(&block)
@warden_config = block
end
# The class of the configured ORM
def orm_class
Devise::Orm.const_get(@@orm.to_s.camelize.to_sym)
end
# A method used internally to setup warden manager from the Rails initialize
# block.
def self.configure_warden(config) #:nodoc:
config.default_strategies *Devise::STRATEGIES
config.failure_app = Devise::FailureApp
config.silence_missing_strategies!
config.default_scope = Devise.default_scope
# Generate a friendly string randomically to be used as token.
def friendly_token
ActiveSupport::SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
end
# If the user provided a warden hook, call it now.
@warden_config.try :call, config
end
# Generate a friendly string randomically to be used as token.
def self.friendly_token
ActiveSupport::SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
end
end
begin
require 'warden'
rescue
gem 'warden'
require 'warden'
end
# Clear some Warden default configuration which will be overwritten
Warden::Strategies.clear!
Warden::Serializers.clear!
Warden::Manager.default_scope = nil
require 'devise/rails'
require 'warden'
require 'devise/mapping'
require 'devise/models'
require 'devise/modules'
require 'devise/rails'

186
lib/devise/controllers/filters.rb
View File

@@ -1,186 +0,0 @@
module Devise
module Controllers
# Those filters are convenience methods added to ApplicationController to
# deal with Warden.
module Filters
def self.included(base)
base.class_eval do
helper_method :warden, :signed_in?, :devise_controller?,
*Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
# Use devise default_url_options. We have to declare it here to overwrite
# default definitions.
def default_url_options(options=nil)
Devise::Mapping.default_url_options
end
end
end
# The main accessor for the warden proxy instance
def warden
request.env['warden']
end
# Return true if it's a devise_controller. false to all controllers unless
# the controllers defined inside devise. Useful if you want to apply a before
# filter to all controller, except the ones in devise:
#
# before_filter :my_filter, :unless => { |c| c.devise_controller? }
def devise_controller?
false
end
# Attempts to authenticate the given scope by running authentication hooks,
# but does not redirect in case of failures.
def authenticate(scope)
warden.authenticate(:scope => scope)
end
# Attempts to authenticate the given scope by running authentication hooks,
# redirecting in case of failures.
def authenticate!(scope)
warden.authenticate!(:scope => scope)
end
# Check if the given scope is signed in session, without running
# authentication hooks.
def signed_in?(scope)
warden.authenticated?(scope)
end
# Sign in an user that already was authenticated. This helper is useful for logging
# users in after sign up.
#
# Examples:
#
# sign_in :user, @user # sign_in(scope, resource)
# sign_in @user # sign_in(resource)
#
def sign_in(resource_or_scope, resource=nil)
scope ||= Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
warden.set_user(resource, :scope => scope)
end
# Sign out a given user or scope. This helper is useful for signing out an user
# after deleting accounts.
#
# Examples:
#
# sign_out :user # sign_out(scope)
# sign_out @user # sign_out(resource)
#
def sign_out(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
warden.user(scope) # Without loading user here, before_logout hook is not called
warden.raw_session.inspect # Without this inspect here. The session does not clear.
warden.logout(scope)
end
# Returns and delete the url stored in the session for the given scope. Useful
# for giving redirect backs after sign up:
#
# Example:
#
# redirect_to stored_location_for(:user) || root_path
#
def stored_location_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
session.delete(:"#{scope}.return_to")
end
# The default url to be used after signing in. This is used by all Devise
# controllers and you can overwrite it in your ApplicationController to
# provide a custom hook for a custom resource.
#
# By default, it first tries to find a resource_root_path, otherwise it
# uses the root path. For a user scope, you can define the default url in
# the following way:
#
# map.user_root '/users', :controller => 'users' # creates user_root_path
#
# map.resources :users do |users|
# users.root # creates user_root_path
# end
#
# If none of these are defined, root_path is used.
def after_sign_in_path_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
home_path = :"#{scope}_root_path"
respond_to?(home_path, true) ? send(home_path) : root_path
end
# The default to be used after signing out. This is used by all Devise
# controllers and you can overwrite it in your ApplicationController to
# provide a custom hook for a custom resource.
#
# By default is the root_path.
def after_sign_out_path_for(resource_or_scope)
root_path
end
# Sign in an user and tries to redirect first to the stored location and
# then to the url specified by after_sign_in_path_for.
#
# If just a symbol is given, consider that the user was already signed in
# through other means and just perform the redirection.
def sign_in_and_redirect(*args)
sign_in(*args) unless args.size == 1 && args.first.is_a?(Symbol)
redirect_to stored_location_for(args.first) || after_sign_in_path_for(args.first)
end
# Sign out an user and tries to redirect to the url specified by
# after_sign_out_path_for.
def sign_out_and_redirect(resource_or_scope)
sign_out(resource_or_scope)
redirect_to after_sign_out_path_for(resource_or_scope)
end
# Define authentication filters and accessor helpers based on mappings.
# These filters should be used inside the controllers as before_filters,
# so you can control the scope of the user who should be signed in to
# access that specific controller/action.
# Example:
#
# Maps:
# User => :authenticatable
# Admin => :authenticatable
#
# Generated methods:
# authenticate_user! # Signs user in or redirect
# authenticate_admin! # Signs admin in or redirect
# user_signed_in? # Checks whether there is an user signed in or not
# admin_signed_in? # Checks whether there is an admin signed in or not
# current_user # Current signed in user
# current_admin # Currend signed in admin
# user_session # Session data available only to the user scope
# admin_session # Session data available only to the admin scope
#
# Use:
# before_filter :authenticate_user! # Tell devise to use :user map
# before_filter :authenticate_admin! # Tell devise to use :admin map
#
Devise.mappings.each_key do |mapping|
class_eval <<-METHODS, __FILE__, __LINE__
def authenticate_#{mapping}!
warden.authenticate!(:scope => :#{mapping})
end
def #{mapping}_signed_in?
warden.authenticated?(:#{mapping})
end
def current_#{mapping}
@current_#{mapping} ||= warden.user(:#{mapping})
end
def #{mapping}_session
warden.session(:#{mapping})
end
METHODS
end
end
end
end

247
lib/devise/controllers/helpers.rb
View File

@@ -1,114 +1,191 @@
module Devise
module Controllers
# Those helpers are used only inside Devise controllers and should not be
# included in ApplicationController since they all depend on the url being
# accessed.
# Those helpers are convenience methods added to ApplicationController.
module Helpers
extend ActiveSupport::Concern
def self.included(base)
base.class_eval do
unloadable
helper_method :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
hide_action :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
before_filter :is_devise_resource?
end
included do
helper_method :warden, :signed_in?, :devise_controller?,
*Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
end
# Gets the actual resource stored in the instance variable
def resource
instance_variable_get(:"@#{resource_name}")
# The main accessor for the warden proxy instance
def warden
request.env['warden']
end
# Proxy to devise map name
def resource_name
devise_mapping.name
end
alias :scope_name :resource_name
# Proxy to devise map class
def resource_class
devise_mapping.to
end
# Attempt to find the mapped route for devise based on request path
def devise_mapping
@devise_mapping ||= Devise::Mapping.find_by_path(request.path)
end
# Overwrites devise_controller? to return true
# Return true if it's a devise_controller. false to all controllers unless
# the controllers defined inside devise. Useful if you want to apply a before
# filter to all controller, except the ones in devise:
#
# before_filter :my_filter, :unless => { |c| c.devise_controller? }
def devise_controller?
true
false
end
protected
# Checks whether it's a devise mapped resource or not.
def is_devise_resource? #:nodoc:
raise ActionController::UnknownAction unless devise_mapping && devise_mapping.allows?(controller_name)
# Attempts to authenticate the given scope by running authentication hooks,
# but does not redirect in case of failures.
def authenticate(scope)
warden.authenticate(:scope => scope)
end
# Sets the resource creating an instance variable
def resource=(new_resource)
instance_variable_set(:"@#{resource_name}", new_resource)
# Attempts to authenticate the given scope by running authentication hooks,
# redirecting in case of failures.
def authenticate!(scope)
warden.authenticate!(:scope => scope)
end
# Build a devise resource without setting password and password confirmation fields.
def build_resource
self.resource ||= begin
attributes = params[resource_name].try(:except, :password, :password_confirmation)
resource_class.new(attributes || {})
end
# Check if the given scope is signed in session, without running
# authentication hooks.
def signed_in?(scope)
warden.authenticate?(:scope => scope)
end
# Helper for use in before_filters where no authentication is required.
# Sign in an user that already was authenticated. This helper is useful for logging
# users in after sign up.
#
# Examples:
#
# sign_in :user, @user # sign_in(scope, resource)
# sign_in @user # sign_in(resource)
#
def sign_in(resource_or_scope, resource=nil)
scope = Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
warden.set_user(resource, :scope => scope)
end
# Sign out a given user or scope. This helper is useful for signing out an user
# after deleting accounts.
#
# Examples:
#
# sign_out :user # sign_out(scope)
# sign_out @user # sign_out(resource)
#
def sign_out(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
warden.user(scope) # Without loading user here, before_logout hook is not called
warden.raw_session.inspect # Without this inspect here. The session does not clear.
warden.logout(scope)
end
# Returns and delete the url stored in the session for the given scope. Useful
# for giving redirect backs after sign up:
#
# Example:
# before_filter :require_no_authentication, :only => :new
def require_no_authentication
redirect_to after_sign_in_path_for(resource_name) if warden.authenticated?(resource_name)
end
# Sets the flash message with :key, using I18n. By default you are able
# to setup your messages using specific resource scope, and if no one is
# found we look to default scope.
# Example (i18n locale file):
#
# en:
# devise:
# passwords:
# #default_scope_messages - only if resource_scope is not found
# user:
# #resource_scope_messages
# redirect_to stored_location_for(:user) || root_path
#
# Please refer to README or en.yml locale file to check what messages are
# available.
def set_flash_message(key, kind, now=false)
flash_hash = now ? flash.now : flash
flash_hash[key] = I18n.t(:"#{resource_name}.#{kind}",
:scope => [:devise, controller_name.to_sym], :default => kind)
def stored_location_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
session.delete(:"#{scope}.return_to")
end
# Shortcut to set flash.now message. Same rules applied from set_flash_message
def set_now_flash_message(key, kind)
set_flash_message(key, kind, true)
# The default url to be used after signing in. This is used by all Devise
# controllers and you can overwrite it in your ApplicationController to
# provide a custom hook for a custom resource.
#
# By default, it first tries to find a resource_root_path, otherwise it
# uses the root path. For a user scope, you can define the default url in
# the following way:
#
# map.user_root '/users', :controller => 'users' # creates user_root_path
#
# map.resources :users do |users|
# users.root # creates user_root_path
# end
#
#
# If none of these are defined, root_path is used. However, if this default
# is not enough, you can customize it, for example:
#
# def after_sign_in_path_for(resource)
# if resource.is_a?(User) && resource.can_publish?
# publisher_url
# else
# super
# end
# end
#
def after_sign_in_path_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
home_path = :"#{scope}_root_path"
respond_to?(home_path, true) ? send(home_path) : root_path
end
# Render a view for the specified scope. Turned off by default.
# Accepts just :controller as option.
def render_with_scope(action, options={})
controller_name = options.delete(:controller) || self.controller_name
if Devise.scoped_views
begin
render :template => "#{controller_name}/#{devise_mapping.as}/#{action}"
rescue ActionView::MissingTemplate
render action, :controller => controller_name
# Method used by sessions controller to sign out an user. You can overwrite
# it in your ApplicationController to provide a custom hook for a custom
# scope. Notice that differently from +after_sign_in_path_for+ this method
# receives a symbol with the scope, and not the resource.
#
# By default is the root_path.
def after_sign_out_path_for(resource_or_scope)
root_path
end
# Sign in an user and tries to redirect first to the stored location and
# then to the url specified by after_sign_in_path_for.
#
# If just a symbol is given, consider that the user was already signed in
# through other means and just perform the redirection.
def sign_in_and_redirect(resource_or_scope, resource=nil, skip=false)
scope = Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
sign_in(scope, resource) unless skip
redirect_to stored_location_for(scope) || after_sign_in_path_for(resource)
end
# Sign out an user and tries to redirect to the url specified by
# after_sign_out_path_for.
def sign_out_and_redirect(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
sign_out(scope)
redirect_to after_sign_out_path_for(scope)
end
# Define authentication filters and accessor helpers based on mappings.
# These filters should be used inside the controllers as before_filters,
# so you can control the scope of the user who should be signed in to
# access that specific controller/action.
# Example:
#
# Maps:
# User => :authenticatable
# Admin => :authenticatable
#
# Generated methods:
# authenticate_user! # Signs user in or redirect
# authenticate_admin! # Signs admin in or redirect
# user_signed_in? # Checks whether there is an user signed in or not
# admin_signed_in? # Checks whether there is an admin signed in or not
# current_user # Current signed in user
# current_admin # Currend signed in admin
# user_session # Session data available only to the user scope
# admin_session # Session data available only to the admin scope
#
# Use:
# before_filter :authenticate_user! # Tell devise to use :user map
# before_filter :authenticate_admin! # Tell devise to use :admin map
#
Devise.mappings.each_key do |mapping|
class_eval <<-METHODS, __FILE__, __LINE__ + 1
def authenticate_#{mapping}!
warden.authenticate!(:scope => :#{mapping})
end
else
render action, :controller => controller_name
end
def #{mapping}_signed_in?
warden.authenticate?(:scope => :#{mapping})
end
def current_#{mapping}
@current_#{mapping} ||= warden.authenticate(:scope => :#{mapping})
end
def #{mapping}_session
current_#{mapping} && warden.session(:#{mapping})
end
METHODS
end
end

104
lib/devise/controllers/internal_helpers.rb Normal file
View File

@@ -0,0 +1,104 @@
module Devise
module Controllers
# Those helpers are used only inside Devise controllers and should not be
# included in ApplicationController since they all depend on the url being
# accessed.
module InternalHelpers #:nodoc:
extend ActiveSupport::Concern
include Devise::Controllers::ScopedViews
included do
helpers = [:resource, :scope_name, :resource_name,
:resource_class, :devise_mapping, :devise_controller?]
hide_action *helpers
helper_method *helpers
before_filter :is_devise_resource?
skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
end
# Gets the actual resource stored in the instance variable
def resource
instance_variable_get(:"@#{resource_name}")
end
# Proxy to devise map name
def resource_name
devise_mapping.name
end
alias :scope_name :resource_name
# Proxy to devise map class
def resource_class
devise_mapping.to
end
# Attempt to find the mapped route for devise based on request path
def devise_mapping
@devise_mapping ||= begin
mapping = Devise::Mapping.find_by_path(request.path)
mapping ||= Devise.mappings[Devise.default_scope] if Devise.use_default_scope
mapping
end
end
# Overwrites devise_controller? to return true
def devise_controller?
true
end
protected
# Checks whether it's a devise mapped resource or not.
def is_devise_resource? #:nodoc:
raise ActionController::UnknownAction unless devise_mapping &&
devise_mapping.allowed_controllers.include?(controller_path)
end
# Sets the resource creating an instance variable
def resource=(new_resource)
instance_variable_set(:"@#{resource_name}", new_resource)
end
# Build a devise resource.
def build_resource
self.resource = resource_class.new(params[resource_name] || {})
end
# Helper for use in before_filters where no authentication is required.
#
# Example:
# before_filter :require_no_authentication, :only => :new
def require_no_authentication
redirect_to after_sign_in_path_for(resource_name) if warden.authenticated?(resource_name)
end
# Sets the flash message with :key, using I18n. By default you are able
# to setup your messages using specific resource scope, and if no one is
# found we look to default scope.
# Example (i18n locale file):
#
# en:
# devise:
# passwords:
# #default_scope_messages - only if resource_scope is not found
# user:
# #resource_scope_messages
#
# Please refer to README or en.yml locale file to check what messages are
# available.
def set_flash_message(key, kind, now=false)
flash_hash = now ? flash.now : flash
flash_hash[key] = I18n.t(:"#{resource_name}.#{kind}",
:scope => [:devise, controller_name.to_sym], :default => kind)
end
# Shortcut to set flash.now message. Same rules applied from set_flash_message
def set_now_flash_message(key, kind)
set_flash_message(key, kind, true)
end
end
end
end

35
lib/devise/controllers/scoped_views.rb Normal file
View File

@@ -0,0 +1,35 @@
module Devise
module Controllers
module ScopedViews
extend ActiveSupport::Concern
module ClassMethods
def scoped_views
defined?(@scoped_views) ? @scoped_views : Devise.scoped_views
end
def scoped_views=(value)
@scoped_views = value
end
end
protected
# Render a view for the specified scope. Turned off by default.
# Accepts just :controller as option.
def render_with_scope(action, options={})
controller_name = options.delete(:controller) || self.controller_name
if self.class.scoped_views
begin
render :template => "#{devise_mapping.as}/#{controller_name}/#{action}"
rescue ActionView::MissingTemplate
render :template => "#{controller_path}/#{action}"
end
else
render :template => "#{controller_path}/#{action}"
end
end
end
end
end

22
lib/devise/controllers/url_helpers.rb
View File

@@ -19,25 +19,17 @@ module Devise
# Those helpers are added to your ApplicationController.
module UrlHelpers
[:session, :password, :confirmation].each do |module_name|
Devise::ROUTES.each do |module_name|
[:path, :url].each do |path_or_url|
actions = [ nil, :new_ ]
actions << :edit_ if module_name == :password
actions << :destroy_ if module_name == :session
actions << :edit_ if [:password, :registration].include?(module_name)
actions << :destroy_ if [:session].include?(module_name)
actions.each do |action|
class_eval <<-URL_HELPERS
def #{action}#{module_name}_#{path_or_url}(resource, *args)
resource = case resource
when Symbol, String
resource
when Class
resource.name.underscore
else
resource.class.name.underscore
end
send("#{action}\#{resource}_#{module_name}_#{path_or_url}", *args)
class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
def #{action}#{module_name}_#{path_or_url}(resource_or_scope, *args)
scope = Devise::Mapping.find_scope!(resource_or_scope)
send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
end
URL_HELPERS
end

9
lib/devise/encryptors/authlogic_sha512.rb
View File

@@ -1,19 +1,12 @@
require "digest/sha2"
module Devise
# Implements a way of adding different encryptions.
# The class should implement a self.digest method that taks the following params:
# - password
# - stretches: the number of times the encryption will be applied
# - salt: the password salt as defined by devise
# - pepper: Devise config option
#
module Encryptors
# = AuthlogicSha512
# Simulates Authlogic's default encryption mechanism.
# Warning: it uses Devise's stretches configuration to port Authlogic's one. Should be set to 20 in the initializer to silumate
# the default behavior.
class AuthlogicSha512
class AuthlogicSha512 < Base
# Gererates a default password digest based on salt, pepper and the
# incoming password.

20
lib/devise/encryptors/base.rb Normal file
View File

@@ -0,0 +1,20 @@
module Devise
# Implements a way of adding different encryptions.
# The class should implement a self.digest method that taks the following params:
# - password
# - stretches: the number of times the encryption will be applied
# - salt: the password salt as defined by devise
# - pepper: Devise config option
#
module Encryptors
class Base
def self.digest
raise NotImplemented
end
def self.salt
Devise.friendly_token
end
end
end
end

21
lib/devise/encryptors/bcrypt.rb Normal file
View File

@@ -0,0 +1,21 @@
require "bcrypt"
module Devise
module Encryptors
# = BCrypt
# Uses the BCrypt hash algorithm to encrypt passwords.
class Bcrypt < Base
# Gererates a default password digest based on stretches, salt, pepper and the
# incoming password. We don't strech it ourselves since BCrypt does so internally.
def self.digest(password, stretches, salt, pepper)
::BCrypt::Engine.hash_secret([password, pepper].join, salt, stretches)
end
def self.salt
::BCrypt::Engine.generate_salt
end
end
end
end

9
lib/devise/encryptors/clearance_sha1.rb
View File

@@ -1,19 +1,12 @@
require "digest/sha1"
module Devise
# Implements a way of adding different encryptions.
# The class should implement a self.digest method that taks the following params:
# - password
# - stretches: the number of times the encryption will be applied
# - salt: the password salt as defined by devise
# - pepper: Devise config option
#
module Encryptors
# = ClearanceSha1
# Simulates Clearance's default encryption mechanism.
# Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
# Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES
class ClearanceSha1
class ClearanceSha1 < Base
# Gererates a default password digest based on salt, pepper and the
# incoming password.

9
lib/devise/encryptors/restful_authentication_sha1.rb
View File

@@ -1,20 +1,13 @@
require "digest/sha1"
module Devise
# Implements a way of adding different encryptions.
# The class should implement a self.digest method that taks the following params:
# - password
# - stretches: the number of times the encryption will be applied
# - salt: the password salt as defined by devise
# - pepper: Devise config option
#
module Encryptors
# = RestfulAuthenticationSha1
# Simulates Restful Authentication's default encryption mechanism.
# Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
# Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES. Should be set to 10 in
# the initializer to silumate the default behavior.
class RestfulAuthenticationSha1
class RestfulAuthenticationSha1 < Base
# Gererates a default password digest based on salt, pepper and the
# incoming password.

9
lib/devise/encryptors/sha1.rb
View File

@@ -1,17 +1,10 @@
require "digest/sha1"
module Devise
# Implements a way of adding different encryptions.
# The class should implement a self.digest method that taks the following params:
# - password
# - stretches: the number of times the encryption will be applied
# - salt: the password salt as defined by devise
# - pepper: Devise config option
#
module Encryptors
# = Sha1
# Uses the Sha1 hash algorithm to encrypt passwords.
class Sha1
class Sha1 < Base
# Gererates a default password digest based on stretches, salt, pepper and the
# incoming password.

9
lib/devise/encryptors/sha512.rb
View File

@@ -1,17 +1,10 @@
require "digest/sha2"
module Devise
# Implements a way of adding different encryptions.
# The class should implement a self.digest method that taks the following params:
# - password
# - stretches: the number of times the encryption will be applied
# - salt: the password salt as defined by devise
# - pepper: Devise config option
#
module Encryptors
# = Sha512
# Uses the Sha512 hash algorithm to encrypt passwords.
class Sha512
class Sha512 < Base
# Gererates a default password digest based on salt, pepper and the
# incoming password.

69
lib/devise/failure_app.rb
View File

@@ -1,57 +1,54 @@
require "action_controller/metal"
module Devise
# Failure application that will be called every time :warden is thrown from
# any strategy or hook. Responsible for redirect the user to the sign in
# page based on current scope and mapping. If no scope is given, redirect
# to the default_url.
class FailureApp
attr_reader :env
include Warden::Mixins::Common
class FailureApp < ActionController::Metal
include ActionController::RackDelegation
include ActionController::UrlFor
include ActionController::Redirecting
cattr_accessor :default_url, :default_message, :instance_writer => false
@@default_message = :unauthenticated
mattr_accessor :default_message
self.default_message = :unauthenticated
def self.call(env)
new(env).respond!
action(:respond).call(env)
end
def initialize(env)
@env = env
def self.default_url_options(*args)
ApplicationController.default_url_options(*args)
end
def respond!
options = @env['warden.options']
scope = options[:scope]
redirect_path = if mapping = Devise.mappings[scope]
"#{mapping.parsed_path}/#{mapping.path_names[:sign_in]}"
else
"/#{default_url}"
end
query_string = query_string_for(options)
def respond
scope = warden_options[:scope]
store_location!(scope)
headers = {}
headers["Location"] = redirect_path
headers["Location"] << "?" << query_string unless query_string.empty?
headers["Content-Type"] = 'text/plain'
[302, headers, ["You are being redirected to #{redirect_path}"]]
redirect_to send(:"new_#{scope}_session_path", query_string_params)
end
protected
# Build the proper query string based on the given message.
def query_string_for(options)
message = @env['warden'].try(:message) || options[:message] || default_message
def query_string_params
message = warden.try(:message) || warden_options[:message] || self.class.default_message
params = case message
when Symbol
{ message => true }
when String
{ :message => message }
else
{}
case message
when Symbol
{ message => true }
when String
{ :message => message }
else
{}
end
end
Rack::Utils.build_query(params)
def warden
env['warden']
end
def warden_options
env['warden.options']
end
# Stores requested uri to redirect the user after signing in. We cannot use
@@ -59,7 +56,7 @@ module Devise
# yet, but we still need to store the uri based on scope, so different scopes
# would never use the same uri to redirect.
def store_location!(scope)
session[:"#{scope}.return_to"] ||= request.request_uri if request && request.get?
session[:"#{scope}.return_to"] = request.request_uri if request && request.get?
end
end
end

5
lib/devise/hooks/activatable.rb
View File

@@ -1,7 +1,4 @@
# Each time the user is set we verify if it is still able to really sign in.
# This is done by checking the time frame the user is able to sign in without
# confirming it's account. If the user has not confirmed it's account during
# this time frame, he/she will not able to sign in anymore.
# Deny user access whenever his account is not active yet.
Warden::Manager.after_set_user do |record, warden, options|
if record && record.respond_to?(:active?) && !record.active?
scope = options[:scope]

32
lib/devise/hooks/rememberable.rb Normal file
View File

@@ -0,0 +1,32 @@
# After authenticate hook to verify if the user in the given scope asked to be
# remembered while he does not sign out. Generates a new remember token for
# that specific user and adds a cookie with this user info to sign in this user
# automatically without asking for credentials. Refer to rememberable strategy
# for more info.
Warden::Manager.prepend_after_authentication do |record, warden, options|
scope = options[:scope]
remember_me = warden.params[scope].try(:fetch, :remember_me, nil)
if Devise::TRUE_VALUES.include?(remember_me) &&
warden.authenticated?(scope) && record.respond_to?(:remember_me!)
record.remember_me!
warden.response.set_cookie "remember_#{scope}_token", {
:value => record.class.serialize_into_cookie(record),
:expires => record.remember_expires_at,
:path => "/"
}
end
end
# Before logout hook to forget the user in the given scope, only if rememberable
# is activated for this scope. Also clear remember token to ensure the user
# won't be remembered again.
# Notice that we forget the user if the record is frozen. This usually means the
# user was just deleted.
Warden::Manager.before_logout do |record, warden, scope|
if record.respond_to?(:forget_me!)
record.forget_me! unless record.frozen?
warden.response.delete_cookie "remember_#{scope}_token"
end
end

6
lib/devise/hooks/timeoutable.rb
View File

@@ -5,12 +5,14 @@
# verify timeout in the following request.
Warden::Manager.after_set_user do |record, warden, options|
scope = options[:scope]
if record && record.respond_to?(:timeout?) && warden.authenticated?(scope)
if record && record.respond_to?(:timedout?) && warden.authenticated?(scope)
last_request_at = warden.session(scope)['last_request_at']
if record.timeout?(last_request_at)
if record.timedout?(last_request_at)
warden.logout(scope)
throw :warden, :scope => scope, :message => :timeout
end
warden.session(scope)['last_request_at'] = Time.now.utc
end
end

17
lib/devise/hooks/trackable.rb
View File

@@ -1,18 +1,7 @@
# After each sign in, update sign in time, sign in count and sign in IP.
Warden::Manager.after_authentication do |record, warden, options|
Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
scope = options[:scope]
if Devise.mappings[scope].try(:trackable?) && warden.authenticated?(scope)
old_current, new_current = record.current_sign_in_at, Time.now
record.last_sign_in_at = old_current || new_current
record.current_sign_in_at = new_current
old_current, new_current = record.current_sign_in_ip, warden.request.remote_ip
record.last_sign_in_ip = old_current || new_current
record.current_sign_in_ip = new_current
record.sign_in_count ||= 0
record.sign_in_count += 1
record.save(false)
if record.respond_to?(:update_tracked_fields!) && warden.authenticated?(scope)
record.update_tracked_fields!(warden.request)
end
end

79
lib/devise/mapping.rb
View File

@@ -18,31 +18,35 @@ module Devise
# mapping.to #=> User
# # is the class to be loaded from routes, given in the route as :class_name.
#
# mapping.for #=> [:authenticatable]
# mapping.modules #=> [:authenticatable]
# # is the modules included in the class
#
class Mapping #:nodoc:
attr_reader :name, :as, :path_names, :path_prefix, :route_options
attr_reader :name, :as, :controllers, :path_names, :path_prefix
# Loop through all mappings looking for a map that matches with the requested
# path (ie /users/sign_in). If a path prefix is given, it's taken into account.
def self.find_by_path(path)
Devise.mappings.each_value do |mapping|
route = path.split("/")[mapping.as_position]
return mapping if mapping.as == route.to_sym
return mapping if route && mapping.as == route.to_sym
end
nil
end
# Find a mapping by a given class. It takes into account single table inheritance as well.
def self.find_by_class(klass)
Devise.mappings.values.find { |m| return m if klass <= m.to }
Devise.mappings.each_value do |mapping|
return mapping if klass <= mapping.to
end
nil
end
# Receives an object and find a scope for it. If a scope cannot be found,
# raises an error. If a symbol is given, it's considered to be the scope.
def self.find_scope!(duck)
if duck.is_a?(Symbol)
case duck
when String, Symbol
duck
else
klass = duck.is_a?(Class) ? duck : duck.class
@@ -52,28 +56,26 @@ module Devise
end
end
# Default url options which can be used as prefix.
def self.default_url_options
{}
end
def initialize(name, options) #:nodoc:
@as = (options.delete(:as) || name).to_sym
@klass = (options.delete(:class_name) || name.to_s.classify).to_s
@name = (options.delete(:scope) || name.to_s.singularize).to_sym
@path_names = options.delete(:path_names) || {}
@path_prefix = options.delete(:path_prefix).to_s
@path_prefix << "/" unless @path_prefix[-1] == ?/
@route_options = options || {}
setup_path_names
@path_prefix = "/#{options.delete(:path_prefix)}/".squeeze("/")
@controllers = Hash.new { |h,k| h[k] = "devise/#{k}" }
@controllers.merge!(options.delete(:controllers) || {})
@path_names = Hash.new { |h,k| h[k] = k.to_s }
@path_names.merge!(options.delete(:path_names) || {})
end
# Return modules for the mapping.
def for
@for ||= to.devise_modules
def modules
@modules ||= to.devise_modules
end
# Gives the class the mapping points to.
# Reload mapped class each time when cache_classes is false.
def to
return @to if @to
@@ -82,9 +84,14 @@ module Devise
klass
end
# Check if the respective controller has a module in the mapping class.
def allows?(controller)
(self.for & CONTROLLERS[controller.to_sym]).present?
# Keep a list of allowed controllers for this mapping. It's useful to ensure
# that an Admin cannot access the registrations controller unless it has
# :registerable in the model.
def allowed_controllers
@allowed_controllers ||= begin
canonical = CONTROLLERS.values_at(*self.modules).compact
@controllers.values_at(*canonical)
end
end
# Return in which position in the path prefix devise should find the as mapping.
@@ -93,45 +100,23 @@ module Devise
end
# Returns the raw path using path_prefix and as.
def raw_path
def path
path_prefix + as.to_s
end
# Returns the parsed path. If you need meta information in your path_prefix,
# you should overwrite this method to use it. The only information supported
# by default is I18n.locale.
#
def parsed_path
returning raw_path do |path|
self.class.default_url_options.each do |key, value|
path.gsub!(key.inspect, value.to_s)
end
end
end
# Create magic predicates for verifying what module is activated by this map.
# Example:
#
# def confirmable?
# self.for.include?(:confirmable)
# self.modules.include?(:confirmable)
# end
#
ALL.each do |m|
class_eval <<-METHOD, __FILE__, __LINE__
def self.register(m)
class_eval <<-METHOD, __FILE__, __LINE__ + 1
def #{m}?
self.for.include?(:#{m})
self.modules.include?(:#{m})
end
METHOD
end
private
# Configure default path names, allowing the user overwrite defaults by
# passing a hash in :path_names.
def setup_path_names
[:sign_in, :sign_out, :password, :confirmation].each do |path_name|
@path_names[path_name] ||= path_name.to_s
end
end
end
end

83
lib/devise/models.rb
View File

@@ -1,15 +1,5 @@
module Devise
module Models
autoload :Activatable, 'devise/models/activatable'
autoload :Authenticatable, 'devise/models/authenticatable'
autoload :Confirmable, 'devise/models/confirmable'
autoload :Recoverable, 'devise/models/recoverable'
autoload :Rememberable, 'devise/models/rememberable'
autoload :SessionSerializer, 'devise/models/session_serializer'
autoload :Timeoutable, 'devise/models/timeoutable'
autoload :Trackable, 'devise/models/trackable'
autoload :Validatable, 'devise/models/validatable'
# Creates configuration values for Devise and for the given module.
#
# Devise::Models.config(Devise::Authenticable, :stretches, 10)
@@ -28,7 +18,7 @@ module Devise
#
def self.config(mod, *accessors) #:nodoc:
accessors.each do |accessor|
mod.class_eval <<-METHOD, __FILE__, __LINE__
mod.class_eval <<-METHOD, __FILE__, __LINE__ + 1
def #{accessor}
if defined?(@#{accessor})
@#{accessor}
@@ -46,52 +36,22 @@ module Devise
end
end
# Shortcut method for including all devise modules inside your model.
# You can give some extra options while declaring devise in your model:
# Include the chosen devise modules in your model:
#
# * except: convenient option that allows you to add all devise modules,
# removing only the modules you setup here:
# devise :authenticatable, :confirmable, :recoverable
#
# devise :all, :except => :rememberable
#
# You can also give the following configuration values in a hash: :pepper,
# :stretches, :confirm_within and :remember_for. Please check your Devise
# initialiazer for a complete description on those values.
#
# Examples:
#
# # include only authenticatable module
# devise :authenticatable
#
# # include authenticatable + confirmable modules
# devise :authenticatable, :confirmable
#
# # include authenticatable + recoverable modules
# devise :authenticatable, :recoverable
#
# # include authenticatable + rememberable + validatable modules
# devise :authenticatable, :rememberable, :validatable
#
# # shortcut to include all available modules
# devise :all
#
# # include all except recoverable
# devise :all, :except => :recoverable
# You can also give any of the devise configuration values in form of a hash,
# with specific values for this model. Please check your Devise initializer
# for a complete description on those values.
#
def devise(*modules)
raise "You need to give at least one Devise module" if modules.empty?
options = modules.extract_options!
modules += Devise.all if modules.delete(:all)
modules -= Array(options.delete(:except))
modules = Devise::ALL & modules.uniq
Devise.orm_class.included_modules_hook(self, modules) do
modules.each do |m|
devise_modules << m.to_sym
include Devise::Models.const_get(m.to_s.classify)
end
options = modules.extract_options!
@devise_modules = Devise::ALL & modules.map(&:to_sym).uniq
devise_modules_hook! do
devise_modules.each { |m| include Devise::Models.const_get(m.to_s.classify) }
options.each { |key, value| send(:"#{key}=", value) }
end
end
@@ -102,6 +62,12 @@ module Devise
@devise_modules ||= []
end
# The hook which is called inside devise. So your ORM can include devise
# compatibility stuff.
def devise_modules_hook!
yield
end
# Find an initialize a record setting an error if it can't be found.
def find_or_initialize_with_error_by(attribute, value, error=:invalid)
if value.present?
@@ -115,24 +81,13 @@ module Devise
if value.present?
record.send(:"#{attribute}=", value)
else
error, skip_default = :blank, true
error = :blank
end
add_error_on(record, attribute, error, !skip_default)
record.errors.add(attribute, error)
end
record
end
# Wraps add error logic in a method that works for different frameworks.
def add_error_on(record, attribute, error, add_default=true)
options = add_default ? { :default => error.to_s.gsub("_", " ") } : {}
begin
record.errors.add(attribute, error, options)
rescue ArgumentError
record.errors.add(attribute, error.to_s.gsub("_", " "))
end
end
end
end
end

2
lib/devise/models/activatable.rb
View File

@@ -5,7 +5,7 @@ module Devise
# This module implements the default API required in activatable hook.
module Activatable
def active?
raise NotImplementedError
true
end
def inactive_message

65
lib/devise/models/authenticatable.rb
View File

@@ -1,5 +1,4 @@
require 'devise/strategies/authenticatable'
require 'devise/models/session_serializer'
module Devise
module Models
@@ -28,29 +27,33 @@ module Devise
# User.find(1).valid_password?('password123') # returns true/false
#
module Authenticatable
def self.included(base)
base.class_eval do
extend ClassMethods
extend SessionSerializer
extend ActiveSupport::Concern
attr_reader :password, :old_password
attr_accessor :password_confirmation
end
included do
attr_reader :password, :current_password
attr_accessor :password_confirmation
end
# Regenerates password salt and encrypted password each time password is set.
# Regenerates password salt and encrypted password each time password is set,
# and then trigger any "after_changed_password"-callbacks.
def password=(new_password)
@password = new_password
if @password.present?
self.password_salt = Devise.friendly_token
self.password_salt = self.class.encryptor_class.salt
self.encrypted_password = password_digest(@password)
end
end
# Verifies whether an incoming_password (ie from sign in) is the user password.
def valid_password?(incoming_password)
password_digest(incoming_password) == encrypted_password
password_digest(incoming_password) == self.encrypted_password
end
# Verifies whether an +incoming_authentication_token+ (i.e. from single access URL)
# is the user authentication token.
def valid_authentication_token?(incoming_auth_token)
incoming_auth_token == self.authentication_token
end
# Checks if a resource is valid upon authentication.
@@ -58,39 +61,49 @@ module Devise
valid_password?(attributes[:password])
end
# Update record attributes when :old_password matches, otherwise returns
# error on :old_password.
# Set password and password confirmation to nil
def clean_up_passwords
self.password = self.password_confirmation = nil
end
# Update record attributes when :current_password matches, otherwise returns
# error on :current_password. It also automatically rejects :password and
# :password_confirmation if they are blank.
def update_with_password(params={})
if valid_password?(params[:old_password])
current_password = params.delete(:current_password)
params.delete(:password) if params[:password].blank?
params.delete(:password_confirmation) if params[:password_confirmation].blank?
result = if valid_password?(current_password)
update_attributes(params)
else
self.class.add_error_on(self, :old_password, :invalid, false)
self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
self.attributes = params
false
end
clean_up_passwords unless result
result
end
protected
# Digests the password using the configured encryptor.
def password_digest(password)
self.class.encryptor_class.digest(password, self.class.stretches, password_salt, self.class.pepper)
self.class.encryptor_class.digest(password, self.class.stretches, self.password_salt, self.class.pepper)
end
module ClassMethods
Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
# Authenticate a user based on configured attribute keys. Returns the
# authenticated user if it's valid or nil. Attributes are by default
# :email and :password, but the latter is always required.
# authenticated user if it's valid or nil.
def authenticate(attributes={})
return unless authentication_keys.all? { |k| attributes[k].present? }
conditions = attributes.slice(*authentication_keys)
resource = find_for_authentication(conditions)
if respond_to?(:valid_for_authentication)
ActiveSupport::Deprecation.warn "valid_for_authentication class method is deprecated. " <<
"Use valid_for_authentication? in the instance instead."
valid_for_authentication(resource, attributes)
elsif resource.try(:valid_for_authentication?, attributes)
resource
end
resource if resource.try(:valid_for_authentication?, attributes)
end
# Returns the class for the configured encryptor.
@@ -113,8 +126,6 @@ module Devise
def find_for_authentication(conditions)
find(:first, :conditions => conditions)
end
Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
end
end
end

27
lib/devise/models/confirmable.rb
View File

@@ -29,15 +29,12 @@ module Devise
# User.find(1).send_confirmation_instructions # manually send instructions
# User.find(1).resend_confirmation! # generates a new token and resent it
module Confirmable
extend ActiveSupport::Concern
include Devise::Models::Activatable
def self.included(base)
base.class_eval do
extend ClassMethods
before_create :generate_confirmation_token, :if => :confirmation_required?
after_create :send_confirmation_instructions, :if => :confirmation_required?
end
included do
before_create :generate_confirmation_token, :if => :confirmation_required?
after_create :send_confirmation_instructions, :if => :confirmation_required?
end
# Confirm a user by setting it's confirmed_at to actual time. If the user
@@ -46,7 +43,7 @@ module Devise
unless_confirmed do
self.confirmation_token = nil
self.confirmed_at = Time.now
save(false)
save(:validate => false)
end
end
@@ -57,7 +54,7 @@ module Devise
# Send confirmation instructions by email
def send_confirmation_instructions
::DeviseMailer.deliver_confirmation_instructions(self)
::Devise::Mailer.confirmation_instructions(self).deliver
end
# Remove confirmation date and send confirmation instructions, to ensure
@@ -66,7 +63,7 @@ module Devise
def resend_confirmation!
unless_confirmed do
generate_confirmation_token
save(false)
save(:validate => false)
send_confirmation_instructions
end
end
@@ -76,12 +73,16 @@ module Devise
# is already confirmed, it should never be blocked. Otherwise we need to
# calculate if the confirm time has not expired for this user.
def active?
confirmed? || confirmation_period_valid?
super && (confirmed? || confirmation_period_valid?)
end
# The message to be shown if the account is inactive.
def inactive_message
:unconfirmed
if !confirmed?
:unconfirmed
else
super
end
end
# If you don't want confirmation to be sent on create, neither a code
@@ -127,7 +128,7 @@ module Devise
unless confirmed?
yield
else
self.class.add_error_on(self, :email, :already_confirmed)
self.errors.add(:email, :already_confirmed)
false
end
end

21
lib/devise/models/cookie_serializer.rb
View File

@@ -1,21 +0,0 @@
require 'devise/serializers/cookie'
module Devise
module Models
module CookieSerializer
# Create the cookie key using the record id and remember_token
def serialize_into_cookie(record)
"#{record.id}::#{record.remember_token}"
end
# Recreate the user based on the stored cookie
def serialize_from_cookie(cookie)
record_id, record_token = cookie.split('::')
record = find(:first, :conditions => { :id => record_id }) if record_id
record if record.try(:valid_remember_token?, record_token)
end
Devise::Models.config(self, :remember_for)
end
end
end

19
lib/devise/models/http_authenticatable.rb Normal file
View File

@@ -0,0 +1,19 @@
require 'devise/strategies/http_authenticatable'
module Devise
module Models
# Adds HttpAuthenticatable behavior to your model. It expects that your
# model class responds to authenticate and authentication_keys methods
# (which for example are defined in authenticatable).
module HttpAuthenticatable
extend ActiveSupport::Concern
module ClassMethods
# Authenticate an user using http.
def authenticate_with_http(username, password)
authenticate(authentication_keys.first => username, :password => password)
end
end
end
end
end

155
lib/devise/models/lockable.rb Normal file
View File

@@ -0,0 +1,155 @@
require 'devise/models/activatable'
module Devise
module Models
# Handles blocking a user access after a certain number of attempts.
# Lockable accepts two different strategies to unlock a user after it's
# blocked: email and time. The former will send an email to the user when
# the lock happens, containing a link to unlock it's account. The second
# will unlock the user automatically after some configured time (ie 2.hours).
# It's also possible to setup lockable to use both email and time strategies.
#
# Configuration:
#
# maximum_attempts: how many attempts should be accepted before blocking the user.
# unlock_strategy: unlock the user account by :time, :email or :both.
# unlock_in: the time you want to lock the user after to lock happens. Only
# available when unlock_strategy is :time or :both.
#
module Lockable
extend ActiveSupport::Concern
include Devise::Models::Activatable
# Lock an user setting it's locked_at to actual time.
def lock
self.locked_at = Time.now
if unlock_strategy_enabled?(:email)
generate_unlock_token
send_unlock_instructions
end
end
# Lock an user also saving the record.
def lock!
lock
save(:validate => false)
end
# Unlock an user by cleaning locket_at and failed_attempts.
def unlock!
if_locked do
self.locked_at = nil
self.failed_attempts = 0
self.unlock_token = nil
save(:validate => false)
end
end
# Verifies whether a user is locked or not.
def locked?
locked_at && !lock_expired?
end
# Send unlock instructions by email
def send_unlock_instructions
::Devise::Mailer.unlock_instructions(self).deliver
end
# Resend the unlock instructions if the user is locked.
def resend_unlock!
if_locked do
generate_unlock_token unless unlock_token.present?
save(:validate => false)
send_unlock_instructions
end
end
# Overwrites active? from Devise::Models::Activatable for locking purposes
# by verifying whether an user is active to sign in or not based on locked?
def active?
super && !locked?
end
# Overwrites invalid_message from Devise::Models::Authenticatable to define
# the correct reason for blocking the sign in.
def inactive_message
if locked?
:locked
else
super
end
end
# Overwrites valid_for_authentication? from Devise::Models::Authenticatable
# for verifying whether an user is allowed to sign in or not. If the user
# is locked, it should never be allowed.
def valid_for_authentication?(attributes)
if result = super
self.failed_attempts = 0
else
self.failed_attempts += 1
lock if failed_attempts > self.class.maximum_attempts
end
save(:validate => false) if changed?
result
end
protected
# Generates unlock token
def generate_unlock_token
self.unlock_token = Devise.friendly_token
end
# Tells if the lock is expired if :time unlock strategy is active
def lock_expired?
if unlock_strategy_enabled?(:time)
locked_at && locked_at < self.class.unlock_in.ago
else
false
end
end
# Checks whether the record is locked or not, yielding to the block
# if it's locked, otherwise adds an error to email.
def if_locked
if locked?
yield
else
self.errors.add(:email, :not_locked)
false
end
end
# Is the unlock enabled for the given unlock strategy?
def unlock_strategy_enabled?(strategy)
[:both, strategy].include?(self.class.unlock_strategy)
end
module ClassMethods
# Attempt to find a user by it's email. If a record is found, send new
# unlock instructions to it. If not user is found, returns a new user
# with an email not found error.
# Options must contain the user email
def send_unlock_instructions(attributes={})
lockable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
lockable.resend_unlock! unless lockable.new_record?
lockable
end
# Find a user by it's unlock token and try to unlock it.
# If no user is found, returns a new user with an error.
# If the user is not locked, creates an error for the user
# Options must have the unlock_token
def unlock!(attributes={})
lockable = find_or_initialize_with_error_by(:unlock_token, attributes[:unlock_token])
lockable.unlock! unless lockable.new_record?
lockable
end
Devise::Models.config(self, :maximum_attempts, :unlock_strategy, :unlock_in)
end
end
end
end

10
lib/devise/models/recoverable.rb
View File

@@ -14,11 +14,7 @@ module Devise
# # creates a new token and send it with instructions about how to reset the password
# User.find(1).send_reset_password_instructions
module Recoverable
def self.included(base)
base.class_eval do
extend ClassMethods
end
end
extend ActiveSupport::Concern
# Update password saving the record and clearing token. Returns true if
# the passwords are valid and the record was saved, false otherwise.
@@ -32,7 +28,7 @@ module Devise
# Resets reset password token and send reset password instructions by email
def send_reset_password_instructions
generate_reset_password_token!
::DeviseMailer.deliver_reset_password_instructions(self)
::Devise::Mailer.reset_password_instructions(self).deliver
end
protected
@@ -45,7 +41,7 @@ module Devise
# Resets the reset password token with and save the record without
# validating
def generate_reset_password_token!
generate_reset_password_token && save(false)
generate_reset_password_token && save(:validate => false)
end
# Removes reset_password token

8
lib/devise/models/registerable.rb Normal file
View File

@@ -0,0 +1,8 @@
module Devise
module Models
# Registerable is responsible for everything related to registering a new
# resource (ie user sign up).
module Registerable
end
end
end

34
lib/devise/models/rememberable.rb
View File

@@ -1,4 +1,5 @@
require 'devise/models/cookie_serializer'
require 'devise/strategies/rememberable'
require 'devise/hooks/rememberable'
module Devise
module Models
@@ -29,21 +30,18 @@ module Devise
# # lookup the user based on the incoming cookie information
# User.serialize_from_cookie(cookie_string)
module Rememberable
extend ActiveSupport::Concern
def self.included(base)
base.class_eval do
extend CookieSerializer
# Remember me option available in after_authentication hook.
attr_accessor :remember_me
end
included do
# Remember me option available in after_authentication hook.
attr_accessor :remember_me
end
# Generate a new remember token and save the record without validations.
def remember_me!
self.remember_token = Devise.friendly_token
self.remember_created_at = Time.now.utc
save(false)
save(:validate => false)
end
# Removes the remember token only if it exists, and save the record
@@ -52,7 +50,7 @@ module Devise
if remember_token
self.remember_token = nil
self.remember_created_at = nil
save(false)
save(:validate => false)
end
end
@@ -70,6 +68,22 @@ module Devise
def remember_expires_at
remember_created_at + self.class.remember_for
end
module ClassMethods
# Create the cookie key using the record id and remember_token
def serialize_into_cookie(record)
"#{record.id}::#{record.remember_token}"
end
# Recreate the user based on the stored cookie
def serialize_from_cookie(cookie)
record_id, record_token = cookie.split('::')
record = find(:first, :conditions => { :id => record_id }) if record_id
record if record.try(:valid_remember_token?, record_token)
end
Devise::Models.config(self, :remember_for)
end
end
end
end

19
lib/devise/models/session_serializer.rb
View File

@@ -1,19 +0,0 @@
require 'devise/serializers/session'
module Devise
module Models
module SessionSerializer
# Hook to serialize user into session. Overwrite if you want.
def serialize_into_session(record)
[record.class, record.id]
end
# Hook to serialize user from session. Overwrite if you want.
def serialize_from_session(keys)
klass, id = keys
raise "#{self} cannot serialize from #{klass} session since it's not one of its ancestors" unless klass <= self
klass.find(:first, :conditions => { :id => id })
end
end
end
end

10
lib/devise/models/timeoutable.rb
View File

@@ -2,7 +2,6 @@ require 'devise/hooks/timeoutable'
module Devise
module Models
# Timeoutable takes care of veryfing whether a user session has already
# expired or not. When a session expires after the configured time, the user
# will be asked for credentials again, it means, he/she will be redirected
@@ -10,15 +9,12 @@ module Devise
#
# Configuration:
#
# timeout: the time you want to timeout the user session without activity.
# timeout_in: the time you want to timeout the user session without activity.
module Timeoutable
def self.included(base)
base.extend ClassMethods
end
extend ActiveSupport::Concern
# Checks whether the user session has expired based on configured time.
def timeout?(last_access)
def timedout?(last_access)
last_access && last_access <= self.class.timeout_in.ago
end

88
lib/devise/models/token_authenticatable.rb Normal file
View File

@@ -0,0 +1,88 @@
require 'devise/strategies/token_authenticatable'
module Devise
module Models
# Token Authenticatable Module, responsible for generate authentication token and validating
# authenticity of a user while signing in using an authentication token (say follows an URL).
#
# == Configuration:
#
# You can overwrite configuration values by setting in globally in Devise (+Devise.setup+),
# using devise method, or overwriting the respective instance method.
#
# +token_authentication_key+ - Defines name of the authentication token params key. E.g. /users/sign_in?some_key=...
#
# == Examples:
#
# User.authenticate_with_token(:auth_token => '123456789') # returns authenticated user or nil
# User.find(1).valid_authentication_token?('rI1t6PKQ8yP7VetgwdybB') # returns true/false
#
module TokenAuthenticatable
extend ActiveSupport::Concern
included do
before_save :ensure_authentication_token
end
# Generate new authentication token (a.k.a. "single access token").
def reset_authentication_token
self.authentication_token = self.class.authentication_token
end
# Generate new authentication token and save the record.
def reset_authentication_token!
reset_authentication_token
self.save
end
# Generate authentication token unless already exists.
def ensure_authentication_token
self.reset_authentication_token if self.authentication_token.blank?
end
# Generate authentication token unless already exists and save the record.
def ensure_authentication_token!
self.reset_authentication_token! if self.authentication_token.blank?
end
# Verifies whether an +incoming_authentication_token+ (i.e. from single access URL)
# is the user authentication token.
def valid_authentication_token?(incoming_auth_token)
incoming_auth_token.present? && incoming_auth_token == self.authentication_token
end
module ClassMethods
::Devise::Models.config(self, :token_authentication_key)
# Authenticate a user based on authentication token.
def authenticate_with_token(attributes)
token = attributes[self.token_authentication_key]
resource = self.find_for_token_authentication(token)
resource if resource.try(:valid_authentication_token?, token)
end
def authentication_token
::Devise.friendly_token
end
protected
# Find first record based on conditions given (ie by the sign in form).
# Overwrite to add customized conditions, create a join, or maybe use a
# namedscope to filter records while authenticating.
#
# == Example:
#
# def self.find_for_token_authentication(token, conditions = {})
# conditions = {:active => true}
# self.find_by_authentication_token(token, :conditions => conditions)
# end
#
def find_for_token_authentication(token)
self.find(:first, :conditions => { :authentication_token => token})
end
end
end
end
end

14
lib/devise/models/trackable.rb
View File

@@ -11,6 +11,20 @@ module Devise
# * last_sign_in_at - Holds the remote ip of the previous sign in
#
module Trackable
def update_tracked_fields!(request)
old_current, new_current = self.current_sign_in_at, Time.now
self.last_sign_in_at = old_current || new_current
self.current_sign_in_at = new_current
old_current, new_current = self.current_sign_in_ip, request.remote_ip
self.last_sign_in_ip = old_current || new_current
self.current_sign_in_ip = new_current
self.sign_in_count ||= 0
self.sign_in_count += 1
save(:validate => false)
end
end
end
end

25
lib/devise/modules.rb Normal file
View File

@@ -0,0 +1,25 @@
require 'active_support/core_ext/object/with_options'
Devise.with_options :model => true do |d|
# Strategies first
d.with_options :strategy => true do |s|
s.add_module :authenticatable, :controller => :sessions, :flash => :invalid, :route => :session
s.add_module :http_authenticatable
s.add_module :token_authenticatable, :controller => :sessions, :flash => :invalid_token, :route => :session
s.add_module :rememberable
end
# Misc after
d.add_module :recoverable, :controller => :passwords, :route => :password
d.add_module :registerable, :controller => :registrations, :route => :registration
d.add_module :validatable
# The ones which can sign out after
d.add_module :activatable, :flash => :inactive
d.add_module :confirmable, :controller => :confirmations, :flash => :unconfirmed, :route => :confirmation
d.add_module :lockable, :controller => :unlocks, :flash => :locked, :route => :unlock
d.add_module :timeoutable, :flash => :timeout
# Stats for last, so we make sure the user is really signed in
d.add_module :trackable
end

22
lib/devise/orm/active_record.rb
View File

@@ -7,6 +7,8 @@ module Devise
# t.confirmable
# t.recoverable
# t.rememberable
# t.trackable
# t.lockable
# t.timestamps
# end
#
@@ -17,16 +19,13 @@ module Devise
# add_index "accounts", ["reset_password_token"], :name => "reset_password_token", :unique => true
#
module ActiveRecord
# Required ORM hook. Just yield the given block in ActiveRecord.
def self.included_modules_hook(klass, modules)
yield
end
module Schema
include Devise::Schema
include Devise::Schema
# Tell how to apply schema methods.
def apply_schema(name, type, options={})
column name, type.to_s.downcase.to_sym, options
# Tell how to apply schema methods.
def apply_schema(name, type, options={})
column name, type.to_s.downcase.to_sym, options
end
end
end
end
@@ -34,5 +33,6 @@ end
if defined?(ActiveRecord)
ActiveRecord::Base.extend Devise::Models
ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord
end
ActiveRecord::ConnectionAdapters::Table.send :include, Devise::Orm::ActiveRecord::Schema
ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord::Schema
end

117
lib/devise/orm/data_mapper.rb
View File

@@ -1,67 +1,86 @@
module Devise
module Orm
module DataMapper
def self.included_modules_hook(klass, modules)
klass.send :extend, self
yield
modules.each do |mod|
klass.send(mod) if klass.respond_to?(mod)
module Hook
def devise_modules_hook!
extend Schema
include Compatibility
yield
return unless Devise.apply_schema
devise_modules.each { |m| send(m) if respond_to?(m, true) }
end
end
include Devise::Schema
module Schema
include Devise::Schema
SCHEMA_OPTIONS = {
:null => :nullable,
:limit => :length
}
SCHEMA_OPTIONS = {
:null => :required,
:limit => :length
}
# Hooks for confirmable
def before_create(*args)
before :create, *args
# Tell how to apply schema methods. This automatically maps :limit to
# :length and :null to :required.
def apply_schema(name, type, options={})
SCHEMA_OPTIONS.each do |old_key, new_key|
next unless options.key?(old_key)
options[new_key] = !options.delete(old_key)
end
property name, type, options
end
end
def after_create(*args)
after :create, *args
end
module Compatibility
extend ActiveSupport::Concern
# Add ActiveRecord like finder
def find(*args)
options = args.extract_options!
case args.first
when :first
first(options)
when :all
all(options)
module ClassMethods
# Hooks for confirmable
def before_create(*args)
wrap_hook(:before, *args)
end
def after_create(*args)
wrap_hook(:after, *args)
end
def wrap_hook(action, *args)
options = args.extract_options!
args.each do |callback|
send action, :create, callback
class_eval <<-METHOD, __FILE__, __LINE__ + 1
def #{callback}
super if #{options[:if] || true}
end
METHOD
end
end
# Add ActiveRecord like finder
def find(*args)
case args.first
when :first, :all
send(args.shift, *args)
else
get(*args)
end
end
end
def save(options=nil)
if options.is_a?(Hash) && options[:validate] == false
save!
else
get(*args)
super()
end
end
end
# In Datamapper, we need to call save! if we don't want to execute callbacks.
def save(flag=nil)
if flag == false
save!
else
super()
end
end
# Tell how to apply schema methods. This automatically maps :limit to
# :length and :null to :nullable.
def apply_schema(name, type, options={})
return unless Devise.apply_schema
SCHEMA_OPTIONS.each do |old_key, new_key|
next unless options.key?(old_key)
options[new_key] = options.delete(old_key)
end
property name, type, options
end
end
end
end
DataMapper::Model.send(:include, Devise::Models)
DataMapper::Model.class_eval do
extend Devise::ORM::DataMapper::Hook
include Devise::Models
end

52
lib/devise/orm/mongo_mapper.rb
View File

@@ -1,27 +1,49 @@
module Devise
module Orm
module MongoMapper
def self.included_modules_hook(klass, modules)
klass.send :extend, self
yield
modules.each do |mod|
klass.send(mod) if klass.respond_to?(mod)
module Hook
def devise_modules_hook!
extend Schema
include Compatibility
yield
return unless Devise.apply_schema
devise_modules.each { |m| send(m) if respond_to?(m, true) }
end
end
include Devise::Schema
module Schema
include Devise::Schema
# Tell how to apply schema methods. This automatically converts DateTime
# to Time, since MongoMapper does not recognize the former.
def apply_schema(name, type, options={})
return unless Devise.apply_schema
type = Time if type == DateTime
key name, type, options
# Tell how to apply schema methods. This automatically converts DateTime
# to Time, since MongoMapper does not recognize the former.
def apply_schema(name, type, options={})
type = Time if type == DateTime
key name, type, options
end
end
module Compatibility
extend ActiveSupport::Concern
module ClassMethods
def find(*args)
case args.first
when :first, :all
send(args.shift, *args)
else
super
end
end
end
end
end
end
end
MongoMapper::Document::ClassMethods.send(:include, Devise::Models)
MongoMapper::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)
[MongoMapper::Document, MongoMapper::EmbeddedDocument].each do |mod|
mod::ClassMethods.class_eval do
include Devise::Models
include Devise::Orm::MongoMapper::Hook
end
end

16
lib/devise/rails.rb
View File

@@ -1,14 +1,12 @@
require 'devise/rails/routes'
require 'devise/rails/warden_compat'
Rails.configuration.after_initialize do
require "devise/orm/#{Devise.orm}"
module Devise
class Engine < ::Rails::Engine
engine_name :devise
# Adds Warden Manager to Rails middleware stack, configuring default devise
# strategy and also the failure app.
Rails.configuration.middleware.use Warden::Manager do |manager|
Devise.configure_warden_manager(manager)
config.middleware.use Warden::Manager do |config|
Devise.configure_warden(config)
end
end
I18n.load_path.unshift File.expand_path(File.join(File.dirname(__FILE__), 'locales', 'en.yml'))
end
end

227
lib/devise/rails/routes.rb
View File

@@ -1,118 +1,143 @@
module ActionController::Routing
module ActionDispatch::Routing
class RouteSet #:nodoc:
# Ensure Devise modules are included only after loading routes, because we
# need devise_for mappings already declared to create magic filters and
# helpers.
def load_routes_with_devise!
load_routes_without_devise!
# need devise_for mappings already declared to create filters and helpers.
def finalize_with_devise!
finalize_without_devise!
return if Devise.mappings.empty?
ActionController::Base.send :include, Devise::Controllers::Filters
ActionController::Base.send :include, Devise::Controllers::Helpers
ActionController::Base.send :include, Devise::Controllers::UrlHelpers
ActionView::Base.send :include, Devise::Controllers::UrlHelpers
end
alias_method_chain :load_routes!, :devise
alias_method_chain :finalize!, :devise
end
class Mapper #:doc:
# Includes devise_for method for routes. This method is responsible to
# generate all needed routes for devise, based on what modules you have
# defined in your model.
# Examples: Let's say you have an User model configured to use
# authenticatable, confirmable and recoverable modules. After creating this
# inside your routes:
#
# map.devise_for :users
#
# this method is going to look inside your User model and create the
# needed routes:
#
# # Session routes for Authenticatable (default)
# new_user_session GET /users/sign_in {:controller=>"sessions", :action=>"new"}
# user_session POST /users/sign_in {:controller=>"sessions", :action=>"create"}
# destroy_user_session GET /users/sign_out {:controller=>"sessions", :action=>"destroy"}
#
# # Password routes for Recoverable, if User model has :recoverable configured
# new_user_password GET /users/password/new(.:format) {:controller=>"passwords", :action=>"new"}
# edit_user_password GET /users/password/edit(.:format) {:controller=>"passwords", :action=>"edit"}
# user_password PUT /users/password(.:format) {:controller=>"passwords", :action=>"update"}
# POST /users/password(.:format) {:controller=>"passwords", :action=>"create"}
#
# # Confirmation routes for Confirmable, if User model has :confirmable configured
# new_user_confirmation GET /users/confirmation/new(.:format) {:controller=>"confirmations", :action=>"new"}
# user_confirmation GET /users/confirmation(.:format) {:controller=>"confirmations", :action=>"show"}
# POST /users/confirmation(.:format) {:controller=>"confirmations", :action=>"create"}
#
# You can configure your routes with some options:
#
# * :class_name => setup a different class to be looked up by devise, if it cannot be correctly find by the route name.
#
# map.devise_for :users, :class_name => 'Account'
#
# * :as => allows you to setup path name that will be used, as rails routes does. The following route configuration would setup your route as /accounts instead of /users:
#
# map.devise_for :users, :as => 'accounts'
#
# * :scope => setup the scope name. This is used as the instance variable name in controller, as the name in routes and the scope given to warden. Defaults to the singular of the given name:
#
# map.devise_for :users, :scope => :account
#
# * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :password and :confirmation.
#
# map.devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
#
# * :path_prefix => the path prefix to be used in all routes.
#
# map.devise_for :users, :path_prefix => "/:locale"
#
# Any other options will be passed to route definition. If you need conditions for your routes, just map:
#
# map.devise_for :users, :conditions => { :subdomain => /.+/ }
#
# If you are using a dynamic prefix, like :locale above, you need to configure default_url_options through Devise. You can do that in config/initializers/devise.rb or setting a Devise.default_url_options:
#
# Devise.default_url_options do
# { :locale => I18n.locale }
# end
#
def devise_for(*resources)
options = resources.extract_options!
class Mapper
# Includes devise_for method for routes. This method is responsible to
# generate all needed routes for devise, based on what modules you have
# defined in your model.
# Examples: Let's say you have an User model configured to use
# authenticatable, confirmable and recoverable modules. After creating this
# inside your routes:
#
# devise_for :users
#
# this method is going to look inside your User model and create the
# needed routes:
#
# # Session routes for Authenticatable (default)
# new_user_session GET /users/sign_in {:controller=>"sessions", :action=>"new"}
# user_session POST /users/sign_in {:controller=>"sessions", :action=>"create"}
# destroy_user_session GET /users/sign_out {:controller=>"sessions", :action=>"destroy"}
#
# # Password routes for Recoverable, if User model has :recoverable configured
# new_user_password GET /users/password/new(.:format) {:controller=>"passwords", :action=>"new"}
# edit_user_password GET /users/password/edit(.:format) {:controller=>"passwords", :action=>"edit"}
# user_password PUT /users/password(.:format) {:controller=>"passwords", :action=>"update"}
# POST /users/password(.:format) {:controller=>"passwords", :action=>"create"}
#
# # Confirmation routes for Confirmable, if User model has :confirmable configured
# new_user_confirmation GET /users/confirmation/new(.:format) {:controller=>"confirmations", :action=>"new"}
# user_confirmation GET /users/confirmation(.:format) {:controller=>"confirmations", :action=>"show"}
# POST /users/confirmation(.:format) {:controller=>"confirmations", :action=>"create"}
#
# You can configure your routes with some options:
#
# * :class_name => setup a different class to be looked up by devise,
# if it cannot be correctly find by the route name.
#
# devise_for :users, :class_name => 'Account'
#
# * :as => allows you to setup path name that will be used, as rails routes does.
# The following route configuration would setup your route as /accounts instead of /users:
#
# devise_for :users, :as => 'accounts'
#
# * :scope => setup the scope name. This is used as the instance variable name in controller,
# as the name in routes and the scope given to warden. Defaults to the singular of the given name:
#
# devise_for :users, :scope => :account
#
# * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
# :password, :confirmation, :unlock.
#
# devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
#
# * :path_prefix => the path prefix to be used in all routes.
#
# devise_for :users, :path_prefix => "/:locale"
#
# If you are using a dynamic prefix, like :locale above, you need to configure default_url_options in your ApplicationController
# class level, so Devise can pick it:
#
# class ApplicationController < ActionController::Base
# def self.default_url_options
# { :locale => I18n.locale }
# end
# end
#
# * :controllers => the controller which should be used. All routes by default points to Devise controllers.
# However, if you want them to point to custom controller, you should do:
#
# devise_for :users, :controllers => { :sessions => "users/sessions" }
#
def devise_for(*resources)
options = resources.extract_options!
resources.map!(&:to_sym)
resources.map!(&:to_sym)
resources.each do |resource|
mapping = Devise::Mapping.new(resource, options.dup)
Warden::Manager.default_scope ||= mapping.name
Devise.mappings[mapping.name] = mapping
resources.each do |resource|
mapping = Devise::Mapping.new(resource, options)
route_options = mapping.route_options.merge(:path_prefix => mapping.raw_path, :name_prefix => "#{mapping.name}_")
unless mapping.to.respond_to?(:devise)
raise "#{mapping.to.name} does not respond to 'devise' method. This usually means you haven't " <<
"loaded your ORM file or it's being loaded to late. To fix it, be sure to require 'devise/orm/YOUR_ORM' " <<
"inside 'config/initializers/devise.rb' or before your application definition in 'config/application.rb'"
end
with_options(route_options) do |routes|
mapping.for.each do |strategy|
send(strategy, routes, mapping) if self.respond_to?(strategy, true)
end
end
Devise.default_scope ||= mapping.name
Devise.mappings[mapping.name] = mapping
mapping.modules.each do |mod|
send(mod, mapping, mapping.controllers) if self.respond_to?(mod, true)
end
end
end
protected
def authenticatable(mapping, controllers)
scope mapping.path do
get mapping.path_names[:sign_in], :to => "#{controllers[:sessions]}#new", :as => :"new_#{mapping.name}_session"
post mapping.path_names[:sign_in], :to => "#{controllers[:sessions]}#create", :as => :"#{mapping.name}_session"
get mapping.path_names[:sign_out], :to => "#{controllers[:sessions]}#destroy", :as => :"destroy_#{mapping.name}_session"
end
end
def recoverable(mapping, controllers)
scope mapping.path, :name_prefix => mapping.name do
resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password], :controller => controllers[:passwords]
end
end
def confirmable(mapping, controllers)
scope mapping.path, :name_prefix => mapping.name do
resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation], :controller => controllers[:confirmations]
end
end
def lockable(mapping, controllers)
scope mapping.path, :name_prefix => mapping.name do
resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock], :controller => controllers[:unlocks]
end
end
protected
def authenticatable(routes, mapping)
routes.with_options(:controller => 'sessions', :name_prefix => nil) do |session|
session.send(:"new_#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'new', :conditions => { :method => :get })
session.send(:"#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'create', :conditions => { :method => :post })
session.send(:"destroy_#{mapping.name}_session", mapping.path_names[:sign_out], :action => 'destroy', :conditions => { :method => :get })
end
def registerable(mapping, controllers)
scope :name_prefix => mapping.name do
resource :registration, :only => [:new, :create, :edit, :update, :destroy], :as => mapping.path[1..-1],
:path_names => { :new => mapping.path_names[:sign_up] }, :controller => controllers[:registrations]
end
def recoverable(routes, mapping)
routes.resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password]
end
def confirmable(routes, mapping)
routes.resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation]
end
end
end
end
end
end

26
lib/devise/rails/warden_compat.rb
View File

@@ -1,12 +1,6 @@
# Taken from RailsWarden, thanks to Hassox. http://github.com/hassox/rails_warden
module Warden::Mixins::Common
def request
return @request if @request
if env['action_controller.rescue.request']
@request = env['action_controller.rescue.request']
else
Rack::Request.new(env)
end
@request ||= ActionDispatch::Request.new(env)
end
def reset_session!
@@ -15,11 +9,17 @@ module Warden::Mixins::Common
end
def response
return @response if @response
if env['action_controller.rescue.response']
@response = env['action_controller.rescue.response']
else
Rack::Response.new(env)
end
@response ||= env['action_controller.instance'].response
end
end
class Warden::SessionSerializer
def serialize(record)
[record.class, record.id]
end
def deserialize(keys)
klass, id = keys
klass.find(:first, :conditions => { :id => id })
end
end

23
lib/devise/schema.rb
View File

@@ -9,12 +9,18 @@ module Devise
# * :null - When true, allow columns to be null.
# * :encryptor - The encryptor going to be used, necessary for setting the proper encrypter password length.
def authenticatable(options={})
null = options[:null] || false
encryptor = options[:encryptor] || (respond_to?(:encryptor) ? self.encryptor : :sha1)
null = options[:null] || false
default = options[:default]
encryptor = options[:encryptor] || (respond_to?(:encryptor) ? self.encryptor : :sha1)
apply_schema :email, String, :null => null, :limit => 100
apply_schema :encrypted_password, String, :null => null, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
apply_schema :password_salt, String, :null => null, :limit => 20
apply_schema :email, String, :null => null, :default => default
apply_schema :encrypted_password, String, :null => null, :default => default, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
apply_schema :password_salt, String, :null => null, :default => default
end
# Creates authentication_token.
def token_authenticatable
apply_schema :authentication_token, String, :limit => 20
end
# Creates confirmation_token, confirmed_at and confirmation_sent_at.
@@ -45,6 +51,13 @@ module Devise
apply_schema :last_sign_in_ip, String
end
# Creates failed_attempts, unlock_token and locked_at
def lockable
apply_schema :failed_attempts, Integer, :default => 0
apply_schema :unlock_token, String, :limit => 20
apply_schema :locked_at, DateTime
end
# Overwrite with specific modification to create your own schema.
def apply_schema(name, type, options={})
raise NotImplementedError

23
lib/devise/serializers/base.rb
View File

@@ -1,23 +0,0 @@
require 'devise/strategies/base'
module Devise
module Serializers
module Base
include Devise::Strategies::Base
attr_reader :scope
def serialize(record)
record.class.send(:"serialize_into_#{klass_type}", record)
end
def deserialize(keys)
mapping.to.send(:"serialize_from_#{klass_type}", keys)
end
def fetch(scope)
@scope = scope
super
end
end
end
end

43
lib/devise/serializers/cookie.rb
View File

@@ -1,43 +0,0 @@
require 'devise/serializers/base'
module Devise
module Serializers
# This is a cookie serializer which stores the information if a :remember_me
# is sent in the params and if the model responds to remember_me! as well.
# As in Session serializer, the invoked methods are:
#
# User.serialize_into_cookie(@user)
# User.serialize_from_cookie(*args)
#
# An implementation for such methods can be found at Devise::Models::Rememberable.
#
# Differently from session, this approach is based in a token which is stored in
# the database. So if you want to sign out all clients at once, you just need to
# clean up the token column.
#
class Cookie < Warden::Serializers::Cookie
include Devise::Serializers::Base
def store(record, scope)
remember_me = params[scope].try(:fetch, :remember_me, nil)
if Devise::TRUE_VALUES.include?(remember_me) && record.respond_to?(:remember_me!)
record.remember_me!
super
end
end
def default_options(record)
super.merge!(:expires => record.remember_expires_at)
end
def delete(scope, record=nil)
if record && record.respond_to?(:forget_me!)
record.forget_me!
super
end
end
end
end
end
Warden::Serializers.add(:cookie, Devise::Serializers::Cookie)

22
lib/devise/serializers/session.rb
View File

@@ -1,22 +0,0 @@
require 'devise/serializers/base'
module Devise
module Serializers
# This serializer stores sign in information in th client session. It just
# extends Warden own serializer to move all the serialization logic to a
# class. For example, if a @user resource is given, it will call the following
# two methods to serialize and deserialize a record:
#
# User.serialize_into_session(@user)
# User.serialize_from_session(*args)
#
# This can be used any strategy and the default implementation is available
# at Devise::Models::SessionSerializer.
#
class Session < Warden::Serializers::Session
include Devise::Serializers::Base
end
end
end
Warden::Serializers.add(:session, Devise::Serializers::Session)

16
lib/devise/strategies/authenticatable.rb
View File

@@ -4,11 +4,9 @@ module Devise
module Strategies
# Default strategy for signing in a user, based on his email and password.
# Redirects to sign_in page if it's not authenticated
class Authenticatable < Warden::Strategies::Base
include Devise::Strategies::Base
class Authenticatable < Base
def valid?
super && params[scope] && params[scope][:password].present?
valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate)
end
# Authenticate a user based on email and password params, returning to warden
@@ -21,6 +19,16 @@ module Devise
fail!(:invalid)
end
end
protected
def valid_controller?
mapping.controllers[:sessions] == params[:controller]
end
def valid_params?
params[scope] && params[scope][:password].present?
end
end
end
end

20
lib/devise/strategies/base.rb
View File

@@ -1,23 +1,15 @@
module Devise
module Strategies
# Base strategy for Devise. Responsible for verifying correct scope and mapping.
module Base
# Validate strategy. By default will raise an error if no scope or an
# invalid mapping is found.
def valid?
raise "Could not find mapping for #{scope}" unless mapping
mapping.for.include?(klass_type)
end
class Base < ::Warden::Strategies::Base
# Checks if a valid scope was given for devise and find mapping based on
# this scope.
def mapping
Devise.mappings[scope]
end
# Store this class type.
def klass_type
@klass_type ||= self.class.name.split("::").last.underscore.to_sym
@mapping ||= begin
mapping = Devise.mappings[scope]
raise "Could not find mapping for #{scope}" unless mapping
mapping
end
end
end
end

47
lib/devise/strategies/http_authenticatable.rb Normal file
View File

@@ -0,0 +1,47 @@
require 'devise/strategies/base'
module Devise
module Strategies
# Sign in an user using HTTP authentication.
class HttpAuthenticatable < Base
def valid?
request.authorization && mapping.to.respond_to?(:authenticate_with_http)
end
def authenticate!
username, password = username_and_password
if resource = mapping.to.authenticate_with_http(username, password)
success!(resource)
else
custom!([401, custom_headers, [response_body]])
end
end
private
def username_and_password
decode_credentials(request).split(/:/, 2)
end
def decode_credentials(request)
ActiveSupport::Base64.decode64(request.authorization.split(' ', 2).last || '')
end
def response_body
body = "HTTP Basic: Access denied."
method = :"to_#{request.format.to_sym}"
{}.respond_to?(method) ? { :error => body }.send(method) : body
end
def custom_headers
{
"Content-Type" => request.format.to_s,
"WWW-Authenticate" => %(Basic realm="#{Devise.http_authentication_realm.gsub(/"/, "")}")
}
end
end
end
end
Warden::Strategies.add(:http_authenticatable, Devise::Strategies::HttpAuthenticatable)

37
lib/devise/strategies/rememberable.rb Normal file
View File

@@ -0,0 +1,37 @@
require 'devise/strategies/base'
module Devise
module Strategies
# Remember the user through the remember token. This strategy is responsible
# to verify whether there is a cookie with the remember token, and to
# recreate the user from this cookie if it exists. Must be called *before*
# authenticatable.
class Rememberable < Devise::Strategies::Base
# A valid strategy for rememberable needs a remember token in the cookies.
def valid?
remember_me_cookie.present? && mapping.to.respond_to?(:serialize_from_cookie)
end
# To authenticate a user we deserialize the cookie and attempt finding
# the record in the database. If the attempt fails, we pass to another
# strategy handle the authentication.
def authenticate!
if resource = mapping.to.serialize_from_cookie(remember_me_cookie)
success!(resource)
else
pass
end
end
private
# Accessor for remember cookie
def remember_me_cookie
@remember_me_cookie ||= request.cookies["remember_#{mapping.name}_token"]
end
end
end
end
Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)

37
lib/devise/strategies/token_authenticatable.rb Normal file
View File

@@ -0,0 +1,37 @@
require 'devise/strategies/base'
module Devise
module Strategies
# Strategy for signing in a user, based on a authenticatable token.
# Redirects to sign_in page if it's not authenticated.
class TokenAuthenticatable < Base
def valid?
mapping.to.respond_to?(:authenticate_with_token) && authentication_token(scope).present?
end
# Authenticate a user based on authenticatable token params, returning to warden
# success and the authenticated user if everything is okay. Otherwise redirect
# to sign in page.
def authenticate!
if resource = mapping.to.authenticate_with_token(params[scope] || params)
success!(resource)
else
fail!(:invalid_token)
end
end
private
# Detect authentication token in params: scoped or not.
def authentication_token(scope)
if params[scope]
params[scope][mapping.to.token_authentication_key]
else
params[mapping.to.token_authentication_key]
end
end
end
end
end
Warden::Strategies.add(:token_authenticatable, Devise::Strategies::TokenAuthenticatable)

15
lib/devise/test_helpers.rb
View File

@@ -7,17 +7,17 @@ module Devise
end
# This is a Warden::Proxy customized for functional tests. It's meant to
# some of Warden::Manager resposnabilities, as retrieving configuration
# some of Warden::Manager responsibilities, as retrieving configuration
# options and calling the FailureApp.
class TestWarden < Warden::Proxy #:nodoc:
attr_reader :controller
def initialize(controller)
@controller = controller
manager = Warden::Manager.new(nil) do |manager|
Devise.configure_warden_manager(manager)
manager = Warden::Manager.new(nil) do |config|
Devise.configure_warden(config)
end
super(controller.request.env, manager.config)
super(controller.request.env, manager)
end
def authenticate!(*args)
@@ -45,10 +45,7 @@ module Devise
# We need to setup the environment variables and the response in the controller.
def setup_controller_for_warden #:nodoc:
@request.env['action_controller.rescue.request'] = @request
@request.env['action_controller.rescue.response'] = @response
@request.env['rack.session'] = session
@controller.response = @response
@request.env['action_controller.instance'] = @controller
end
# Quick access to Warden::Proxy.
@@ -66,7 +63,7 @@ module Devise
def sign_in(resource_or_scope, resource=nil)
scope ||= Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
session["warden.user.#{scope}.key"] = resource.class.serialize_into_session(resource)
warden.session_serializer.store(resource, scope)
end
# Sign out a given resource or scope by calling logout on Warden.

2
lib/devise/version.rb
View File

@@ -1,3 +1,3 @@
module Devise
VERSION = "0.7.5".freeze
VERSION = "1.1.pre4".freeze
end

57
lib/generators/devise/devise_generator.rb Normal file
View File

@@ -0,0 +1,57 @@
require 'rails/generators/migration'
class DeviseGenerator < Rails::Generators::NamedBase
include Rails::Generators::Migration
desc "Generates a model with the given NAME (if one does not exist) with devise " <<
"configuration plus a migration file and devise routes."
def self.source_root
@_devise_source_root ||= File.expand_path("../templates", __FILE__)
end
def self.orm_has_migration?
Rails::Generators.options[:rails][:orm] == :active_record
end
def self.next_migration_number(path)
Time.now.utc.strftime("%Y%m%d%H%M%S")
end
class_option :migration, :type => :boolean, :default => orm_has_migration?
def invoke_orm_model
if File.exists?(File.join(destination_root, model_path))
say "* Model already exists. Adding Devise behavior."
else
invoke "model", [name], :migration => false
end
end
def inject_devise_config_into_model
inject_into_class model_path, class_name, <<-CONTENT
# Include default devise modules. Others available are:
# :http_authenticatable, :token_authenticatable, :lockable, :timeoutable and :activatable
devise :registerable, :authenticatable, :confirmable, :recoverable,
:rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation
CONTENT
end
def copy_migration_template
return unless options.migration?
migration_template "migration.rb", "db/migrate/devise_create_#{table_name}"
end
def add_devise_routes
route "devise_for :#{table_name}"
end
protected
def model_path
@model_path ||= File.join("app", "models", "#{file_path}.rb")
end
end

2
generators/devise/templates/migration.rb → lib/generators/devise/templates/migration.rb
View File

@@ -6,6 +6,7 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
t.recoverable
t.rememberable
t.trackable
# t.lockable
t.timestamps
end
@@ -13,6 +14,7 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
add_index :<%= table_name %>, :email, :unique => true
add_index :<%= table_name %>, :confirmation_token, :unique => true
add_index :<%= table_name %>, :reset_password_token, :unique => true
# add_index :<%= table_name %>, :unlock_token, :unique => true
end
def self.down

25
lib/generators/devise_install/devise_install_generator.rb Normal file
View File

@@ -0,0 +1,25 @@
class DeviseInstallGenerator < Rails::Generators::Base
desc "Creates a Devise initializer and copy locale files to your application."
def self.source_root
@_devise_source_root ||= File.expand_path("../templates", __FILE__)
end
def copy_initializer
template "devise.rb", "config/initializers/devise.rb"
end
def copy_locale
copy_file "../../../../config/locales/en.yml", "config/locales/devise.en.yml"
end
def show_readme
readme "README"
end
protected
def readme(path)
say File.read(File.expand_path(path, self.class.source_root))
end
end

19
lib/generators/devise_install/templates/README Normal file
View File

@@ -0,0 +1,19 @@
===============================================================================
Some setup you must do manually if you haven't yet:
1. Setup default url options for your specific environment. Here is an
example of development environment:
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
This is a required Rails configuration. In production is must be the
actual host of your application
2. Ensure you have defined root_url to *something* in your config/routes.rb.
For example:
root :to => "home#index"
===============================================================================

67
generators/devise_install/templates/devise.rb → lib/generators/devise_install/templates/devise.rb
View File

@@ -1,15 +1,10 @@
# Use this hook to configure devise mailer, warden hooks and so forth. The first
# four configuration values can also be set straight in your models.
Devise.setup do |config|
# Configure Devise modules used by default. You should always set this value
# because if Devise adds a new strategy, it won't be added to your application
# by default, unless you configure it here.
#
# Remember that Devise includes other modules on its own (like :activatable
# and :timeoutable) which are not included here and also plugins. So be sure
# to check the docs for a complete set.
config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable]
# Configure the e-mail address which will be shown in DeviseMailer.
config.mailer_sender = "please-change-me@config-initializers-devise.com"
# ==> Configuration for :authenticatable
# Invoke `rake secret` and use the printed value to setup a pepper to generate
# the encrypted password. By default no pepper is used.
# config.pepper = "rake secret output"
@@ -18,10 +13,10 @@ Devise.setup do |config|
# config.stretches = 10
# Define which will be the encryption algorithm. Supported algorithms are :sha1
# (default) and :sha512. Devise also supports encryptors from others authentication
# frameworks as :clearance_sha1, :authlogic_sha512 (then you should set stretches
# above to 20 for default behavior) and :restful_authentication_sha1 (then you
# should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper)
# (default), :sha512 and :bcrypt. Devise also supports encryptors from others
# authentication tools as :clearance_sha1, :authlogic_sha512 (then you should set
# stretches above to 20 for default behavior) and :restful_authentication_sha1
# (then you should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper)
# config.encryptor = :sha1
# Configure which keys are used when authenticating an user. By default is
@@ -31,29 +26,60 @@ Devise.setup do |config|
# session. If you need permissions, you should implement that in a before filter.
# config.authentication_keys = [ :email ]
# The realm used in Http Basic Authentication
# config.http_authentication_realm = "Application"
# ==> Configuration for :confirmable
# The time you want give to your user to confirm his account. During this time
# he will be able to access your application without confirming. Default is nil.
# config.confirm_within = 2.days
# ==> Configuration for :rememberable
# The time the user will be remembered without asking for credentials again.
# config.remember_for = 2.weeks
# ==> Configuration for :timeoutable
# The time you want to timeout the user session without activity. After this
# time the user will be asked for credentials again.
# config.timeout_in = 10.minutes
# Configure the e-mail address which will be shown in DeviseMailer.
config.mailer_sender = "please-change-me@config-initializers-devise.com"
# ==> Configuration for :lockable
# Number of authentication tries before locking an account.
# config.maximum_attempts = 20
# Load and configure the ORM. Supports :active_record, :data_mapper and :mongo_mapper.
# require 'devise/orm/mongo_mapper'
# config.orm = :mongo_mapper
# Defines which strategy will be used to unlock an account.
# :email = Sends an unlock link to the user email
# :time = Reanables login after a certain ammount of time (see :unlock_in below)
# :both = enables both strategies
# config.unlock_strategy = :both
# Time interval to unlock the account if :time is enabled as unlock_strategy.
# config.unlock_in = 1.hour
# ==> Configuration for :token_authenticatable
# Defines name of the authentication token params key
# config.token_authentication_key = :auth_token
# ==> General configuration
# Load and configure the ORM. Supports :active_record (default), :mongo_mapper
# (requires mongo_ext installed) and :data_mapper (experimental).
require 'devise/orm/active_record'
# Turn scoped views on. Before rendering "sessions/new", it will first check for
# "sessions/users/new". It's turned off by default because it's slower if you
# are using only default views.
# config.scoped_views = true
# By default, devise detects the role accessed based on the url. So whenever
# accessing "/users/sign_in", it knows you are accessing an User. This makes
# routes as "/sign_in" not possible, unless you tell Devise to use the default
# scope, setting true below.
# config.use_default_scope = true
# Configure the default scope used by Devise. By default it's the first devise
# role declared in your routes.
# config.default_scope = :user
# If you want to use other strategies, that are not (yet) supported by Devise,
# you can configure them inside the config.warden block. The example below
# allows you to setup OAuth, using http://github.com/roman/warden_oauth
@@ -66,11 +92,4 @@ Devise.setup do |config|
# end
# manager.default_strategies.unshift :twitter_oauth
# end
# Configure default_url_options if you are using dynamic segments in :path_prefix
# for devise_for.
#
# config.default_url_options do
# { :locale => I18n.locale }
# end
end

15
lib/generators/devise_views/devise_views_generator.rb Normal file
View File

@@ -0,0 +1,15 @@
class DeviseViewsGenerator < Rails::Generators::Base
desc "Copies all Devise views to your application."
def self.source_root
@_devise_source_root ||= File.expand_path("../../../../app/views", __FILE__)
end
def copy_views
directory "devise"
end
def say_restart_server
say "Views copied. Please restart your server."
end
end

177
test/controllers/filters_test.rb
View File

@@ -1,177 +0,0 @@
require 'test/test_helper'
require 'ostruct'
class MockController < ApplicationController
attr_accessor :env
def request
self
end
def path
''
end
end
class ControllerAuthenticableTest < ActionController::TestCase
tests MockController
def setup
@controller = MockController.new
@mock_warden = OpenStruct.new
@controller.env = { 'warden' => @mock_warden }
@controller.session = {}
end
test 'setup warden' do
assert_not_nil @controller.warden
end
test 'provide access to warden instance' do
assert_equal @controller.warden, @controller.env['warden']
end
test 'run authenticate? with scope on warden' do
@mock_warden.expects(:authenticated?).with(:my_scope)
@controller.signed_in?(:my_scope)
end
test 'proxy signed_in? to authenticated' do
@mock_warden.expects(:authenticated?).with(:my_scope)
@controller.signed_in?(:my_scope)
end
test 'run user with scope on warden' do
@mock_warden.expects(:user).with(:admin).returns(true)
@controller.current_admin
@mock_warden.expects(:user).with(:user).returns(true)
@controller.current_user
end
test 'proxy user_authenticate! to authenticate with user scope' do
@mock_warden.expects(:authenticate!).with(:scope => :user)
@controller.authenticate_user!
end
test 'proxy admin_authenticate! to authenticate with admin scope' do
@mock_warden.expects(:authenticate!).with(:scope => :admin)
@controller.authenticate_admin!
end
test 'proxy user_authenticated? to authenticate with user scope' do
@mock_warden.expects(:authenticated?).with(:user)
@controller.user_signed_in?
end
test 'proxy admin_authenticated? to authenticate with admin scope' do
@mock_warden.expects(:authenticated?).with(:admin)
@controller.admin_signed_in?
end
test 'proxy user_session to session scope in warden' do
@mock_warden.expects(:session).with(:user).returns({})
@controller.user_session
end
test 'proxy admin_session to session scope in warden' do
@mock_warden.expects(:session).with(:admin).returns({})
@controller.admin_session
end
test 'sign in proxy to set_user on warden' do
user = User.new
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.sign_in(:user, user)
end
test 'sign in accepts a resource as argument' do
user = User.new
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.sign_in(user)
end
test 'sign out proxy to logout on warden' do
@mock_warden.expects(:user).with(:user).returns(true)
@mock_warden.expects(:logout).with(:user).returns(true)
@controller.sign_out(:user)
end
test 'sign out accepts a resource as argument' do
@mock_warden.expects(:user).with(:user).returns(true)
@mock_warden.expects(:logout).with(:user).returns(true)
@controller.sign_out(User.new)
end
test 'stored location for returns the location for a given scope' do
assert_nil @controller.stored_location_for(:user)
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
end
test 'stored location for accepts a resource as argument' do
assert_nil @controller.stored_location_for(:user)
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(User.new)
end
test 'stored location cleans information after reading' do
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
assert_nil @controller.session[:"user.return_to"]
end
test 'after sign in path defaults to root path if none by was specified for the given scope' do
assert_equal root_path, @controller.after_sign_in_path_for(:user)
end
test 'after sign in path defaults to the scoped root path' do
assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
end
test 'after sign out path defaults to the root path' do
assert_equal root_path, @controller.after_sign_out_path_for(:admin)
assert_equal root_path, @controller.after_sign_out_path_for(:user)
end
test 'sign in and redirect uses the stored location' do
user = User.new
@controller.session[:"user.return_to"] = "/foo.bar"
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.expects(:redirect_to).with("/foo.bar")
@controller.sign_in_and_redirect(user)
end
test 'sign in and redirect uses the configured after sign in path' do
admin = Admin.new
@mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true)
@controller.expects(:redirect_to).with(admin_root_path)
@controller.sign_in_and_redirect(admin)
end
test 'only redirect if just a symbol is given' do
@controller.expects(:redirect_to).with(admin_root_path)
@controller.sign_in_and_redirect(:admin)
end
test 'sign out and redirect uses the configured after sign out path' do
@mock_warden.expects(:user).with(:admin).returns(true)
@mock_warden.expects(:logout).with(:admin).returns(true)
@controller.expects(:redirect_to).with(admin_root_path)
@controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
@controller.sign_out_and_redirect(:admin)
end
test 'is not a devise controller' do
assert_not @controller.devise_controller?
end
test 'default url options are retrieved from devise' do
begin
Devise.default_url_options {{ :locale => I18n.locale }}
assert_equal({ :locale => :en }, @controller.send(:default_url_options))
ensure
Devise.default_url_options {{ }}
end
end
end

206
test/controllers/helpers_test.rb
View File

@@ -1,55 +1,181 @@
require 'test/test_helper'
require 'ostruct'
class MyController < ApplicationController
include Devise::Controllers::Helpers
end
class MockController < ApplicationController
attr_accessor :env
class HelpersTest < ActionController::TestCase
tests MyController
test 'get resource name from request path' do
@request.path = '/users/session'
assert_equal :user, @controller.resource_name
def request
self
end
test 'get resource name from specific request path' do
@request.path = '/admin_area/session'
assert_equal :admin, @controller.resource_name
def path
''
end
test 'get resource class from request path' do
@request.path = '/users/session'
assert_equal User, @controller.resource_class
def index
end
test 'get resource instance variable from request path' do
@request.path = '/admin_area/session'
@controller.instance_variable_set(:@admin, admin = Admin.new)
assert_equal admin, @controller.resource
def host_with_port
"test.host:3000"
end
test 'set resource instance variable from request path' do
@request.path = '/admin_area/session'
admin = @controller.send(:resource_class).new
@controller.send(:resource=, admin)
assert_equal admin, @controller.send(:resource)
assert_equal admin, @controller.instance_variable_get(:@admin)
def protocol
"http"
end
test 'resources methods are not controller actions' do
assert @controller.class.action_methods.empty?
end
test 'require no authentication tests current mapping' do
@controller.expects(:resource_name).returns(:user).twice
@mock_warden.expects(:authenticated?).with(:user).returns(true)
@controller.expects(:redirect_to).with(root_path)
@controller.send :require_no_authentication
end
test 'is a devise controller' do
assert @controller.devise_controller?
def symbolized_path_parameters
{}
end
end
class ControllerAuthenticableTest < ActionController::TestCase
tests MockController
def setup
@mock_warden = OpenStruct.new
@controller.env = { 'warden' => @mock_warden }
end
test 'setup warden' do
assert_not_nil @controller.warden
end
test 'provide access to warden instance' do
assert_equal @controller.warden, @controller.env['warden']
end
test 'proxy signed_in? to authenticated' do
@mock_warden.expects(:authenticate?).with(:scope => :my_scope)
@controller.signed_in?(:my_scope)
end
test 'proxy current_admin to authenticate with admin scope' do
@mock_warden.expects(:authenticate).with(:scope => :admin)
@controller.current_admin
end
test 'proxy current_user to authenticate with user scope' do
@mock_warden.expects(:authenticate).with(:scope => :user)
@controller.current_user
end
test 'proxy user_authenticate! to authenticate with user scope' do
@mock_warden.expects(:authenticate!).with(:scope => :user)
@controller.authenticate_user!
end
test 'proxy admin_authenticate! to authenticate with admin scope' do
@mock_warden.expects(:authenticate!).with(:scope => :admin)
@controller.authenticate_admin!
end
test 'proxy user_signed_in? to authenticate? with user scope' do
@mock_warden.expects(:authenticate?).with(:scope => :user)
@controller.user_signed_in?
end
test 'proxy admin_signed_in? to authenticate? with admin scope' do
@mock_warden.expects(:authenticate?).with(:scope => :admin)
@controller.admin_signed_in?
end
test 'proxy user_session to session scope in warden' do
@mock_warden.expects(:authenticate).with(:scope => :user).returns(true)
@mock_warden.expects(:session).with(:user).returns({})
@controller.user_session
end
test 'proxy admin_session to session scope in warden' do
@mock_warden.expects(:authenticate).with(:scope => :admin).returns(true)
@mock_warden.expects(:session).with(:admin).returns({})
@controller.admin_session
end
test 'sign in proxy to set_user on warden' do
user = User.new
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.sign_in(:user, user)
end
test 'sign in accepts a resource as argument' do
user = User.new
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.sign_in(user)
end
test 'sign out proxy to logout on warden' do
@mock_warden.expects(:user).with(:user).returns(true)
@mock_warden.expects(:logout).with(:user).returns(true)
@controller.sign_out(:user)
end
test 'sign out accepts a resource as argument' do
@mock_warden.expects(:user).with(:user).returns(true)
@mock_warden.expects(:logout).with(:user).returns(true)
@controller.sign_out(User.new)
end
test 'stored location for returns the location for a given scope' do
assert_nil @controller.stored_location_for(:user)
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
end
test 'stored location for accepts a resource as argument' do
assert_nil @controller.stored_location_for(:user)
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(User.new)
end
test 'stored location cleans information after reading' do
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
assert_nil @controller.session[:"user.return_to"]
end
test 'after sign in path defaults to root path if none by was specified for the given scope' do
assert_equal root_path, @controller.after_sign_in_path_for(:user)
end
test 'after sign in path defaults to the scoped root path' do
assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
end
test 'after sign out path defaults to the root path' do
assert_equal root_path, @controller.after_sign_out_path_for(:admin)
assert_equal root_path, @controller.after_sign_out_path_for(:user)
end
test 'sign in and redirect uses the stored location' do
user = User.new
@controller.session[:"user.return_to"] = "/foo.bar"
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.expects(:redirect_to).with("/foo.bar")
@controller.sign_in_and_redirect(user)
end
test 'sign in and redirect uses the configured after sign in path' do
admin = Admin.new
@mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true)
@controller.expects(:redirect_to).with(admin_root_path)
@controller.sign_in_and_redirect(admin)
end
test 'only redirect if skip is given' do
admin = Admin.new
@controller.expects(:redirect_to).with(admin_root_path)
@controller.sign_in_and_redirect(:admin, admin, true)
end
test 'sign out and redirect uses the configured after sign out path' do
@mock_warden.expects(:user).with(:admin).returns(true)
@mock_warden.expects(:logout).with(:admin).returns(true)
@controller.expects(:redirect_to).with(admin_root_path)
@controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
@controller.sign_out_and_redirect(:admin)
end
test 'is not a devise controller' do
assert_not @controller.devise_controller?
end
end

55
test/controllers/internal_helpers_test.rb Normal file
View File

@@ -0,0 +1,55 @@
require 'test/test_helper'
class MyController < ApplicationController
include Devise::Controllers::InternalHelpers
end
class HelpersTest < ActionController::TestCase
tests MyController
test 'get resource name from request path' do
@request.path = '/users/session'
assert_equal :user, @controller.resource_name
end
test 'get resource name from specific request path' do
@request.path = '/admin_area/session'
assert_equal :admin, @controller.resource_name
end
test 'get resource class from request path' do
@request.path = '/users/session'
assert_equal User, @controller.resource_class
end
test 'get resource instance variable from request path' do
@request.path = '/admin_area/session'
@controller.instance_variable_set(:@admin, admin = Admin.new)
assert_equal admin, @controller.resource
end
test 'set resource instance variable from request path' do
@request.path = '/admin_area/session'
admin = @controller.send(:resource_class).new
@controller.send(:resource=, admin)
assert_equal admin, @controller.send(:resource)
assert_equal admin, @controller.instance_variable_get(:@admin)
end
test 'resources methods are not controller actions' do
assert @controller.class.action_methods.empty?
end
test 'require no authentication tests current mapping' do
@controller.expects(:resource_name).returns(:user).twice
@mock_warden.expects(:authenticated?).with(:user).returns(true)
@controller.expects(:redirect_to).with(root_path)
@controller.send :require_no_authentication
end
test 'is a devise controller' do
assert @controller.devise_controller?
end
end

Some files were not shown because too many files have changed in this diff Show More