Bump to 0.8.2.

Signed-off-by: José Valim <jose.valim@gmail.com>

CHANGELOG.rdoc

@@ -1,3 +1,21 @@
+== 0.8.2
+
+* enhancements
+  * Allow Devise.mailer_sender to be a proc (by github/grimen)
+
+* bug fix
+  * Fix bug with passenger, update is required to anyone deploying on passenger (by github/dvdpalm)
+
+== 0.8.1
+
+* enhancements
+  * Move salt to encryptors
+
+* bug fix
+  * Bcrypt generator was not being loaded neither setting the proper salt
+
+== 0.8.0
+
 * enhancements
   * Warden 0.8.0 compatibility
   * Add an easy for map.connect "sign_in", :controller => "sessions", :action => "new" to work

Rakefile

@@ -44,7 +44,7 @@ begin
     s.description = "Flexible authentication solution for Rails with Warden"
     s.authors = ['José Valim', 'Carlos Antônio']
     s.files =  FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "init.rb"]
-    s.add_dependency("warden", "~> 0.8.0")
+    s.add_dependency("warden", "~> 0.8.1")
   end
 
   Jeweler::GemcutterTasks.new

app/models/devise_mailer.rb

@@ -19,7 +19,7 @@ class DeviseMailer < ::ActionMailer::Base
       raise "Invalid devise resource #{record}" unless mapping
 
       subject      translate(mapping, key)
-      from         Devise.mailer_sender
+      from         mailer_sender(mapping)
       recipients   record.email
       sent_on      Time.now
       content_type 'text/html'
@@ -38,6 +38,14 @@ class DeviseMailer < ::ActionMailer::Base
       end
     end
 
+    def mailer_sender(mapping)
+      if Devise.mailer_sender.is_a?(Proc)
+        Devise.mailer_sender.call(mapping.name)
+      else
+        Devise.mailer_sender
+      end
+    end
+
     # Setup subject namespaced by model. It means you're able to setup your
     # messages using specific resource scope, or provide a default one.
     # Example (i18n locale file):

lib/devise.rb

@@ -11,12 +11,13 @@ module Devise
   end
 
   module Encryptors
+    autoload :Base, 'devise/encryptors/base'
+    autoload :Bcrypt, 'devise/encryptors/bcrypt'
     autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
     autoload :AuthlogicSha1, 'devise/encryptors/authlogic_sha1'
     autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
     autoload :Sha512, 'devise/encryptors/sha512'
     autoload :Sha1, 'devise/encryptors/sha1'
-    autoload :BCrypt, 'devise/encryptors/bcrypt'
   end
 
   module Orm
@@ -48,7 +49,8 @@ module Devise
     :sha512 => 128,
     :clearance_sha1 => 40,
     :restful_authentication_sha1 => 40,
-    :authlogic_sha512 => 128
+    :authlogic_sha512 => 128,
+    :bcrypt => 60
   }
 
   # Email regex used to validate email formats. Retrieved from authlogic.

lib/devise/encryptors/authlogic_sha512.rb

@@ -1,19 +1,12 @@
 require "digest/sha2"
 
 module Devise
-  # Implements a way of adding different encryptions.
-  # The class should implement a self.digest method that taks the following params:
-  #   - password
-  #   - stretches: the number of times the encryption will be applied
-  #   - salt: the password salt as defined by devise
-  #   - pepper: Devise config option
-  #
   module Encryptors
     # = AuthlogicSha512
     # Simulates Authlogic's default encryption mechanism.
     # Warning: it uses Devise's stretches configuration to port Authlogic's one. Should be set to 20 in the initializer to silumate
     #  the default behavior.
-    class AuthlogicSha512
+    class AuthlogicSha512 < Base
       
       # Gererates a default password digest based on salt, pepper and the
       # incoming password.

lib/devise/encryptors/base.rb

@@ -0,0 +1,20 @@
+module Devise
+  # Implements a way of adding different encryptions.
+  # The class should implement a self.digest method that taks the following params:
+  #   - password
+  #   - stretches: the number of times the encryption will be applied
+  #   - salt: the password salt as defined by devise
+  #   - pepper: Devise config option
+  #
+  module Encryptors
+    class Base
+      def self.digest
+        raise NotImplemented
+      end
+
+      def self.salt
+        Devise.friendly_token
+      end
+    end
+  end
+end

lib/devise/encryptors/bcrypt.rb

@@ -1,22 +1,19 @@
 require "bcrypt"
 
 module Devise
-  # Implements a way of adding different encryptions.
-  # The class should implement a self.digest method that taks the following params:
-  #   - password
-  #   - stretches: the number of times the encryption will be applied
-  #   - salt: the password salt as defined by devise
-  #   - pepper: Devise config option
-  #
   module Encryptors
     # = BCrypt 
     # Uses the BCrypt hash algorithm to encrypt passwords.
-    class BCrypt
+    class Bcrypt < Base
       
       # Gererates a default password digest based on stretches, salt, pepper and the
       # incoming password. We don't strech it ourselves since BCrypt does so internally.
       def self.digest(password, stretches, salt, pepper)
-        ::BCrypt::Engine.hash_secret(password, [salt, pepper].flatten.join('xx'), stretches)
+        ::BCrypt::Engine.hash_secret([password, pepper].join, salt, stretches)
+      end
+
+      def self.salt
+        ::BCrypt::Engine.generate_salt
       end
 
     end

lib/devise/encryptors/clearance_sha1.rb

@@ -1,19 +1,12 @@
 require "digest/sha1"
 
 module Devise
-  # Implements a way of adding different encryptions.
-  # The class should implement a self.digest method that taks the following params:
-  #   - password
-  #   - stretches: the number of times the encryption will be applied
-  #   - salt: the password salt as defined by devise
-  #   - pepper: Devise config option
-  #
   module Encryptors
     # = ClearanceSha1
     # Simulates Clearance's default encryption mechanism.
     # Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
     # Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES
-    class ClearanceSha1
+    class ClearanceSha1 < Base
       
       # Gererates a default password digest based on salt, pepper and the
       # incoming password.

lib/devise/encryptors/restful_authentication_sha1.rb

@@ -1,20 +1,13 @@
 require "digest/sha1"
 
 module Devise
-  # Implements a way of adding different encryptions.
-  # The class should implement a self.digest method that taks the following params:
-  #   - password
-  #   - stretches: the number of times the encryption will be applied
-  #   - salt: the password salt as defined by devise
-  #   - pepper: Devise config option
-  #
   module Encryptors
     # = RestfulAuthenticationSha1
     # Simulates Restful Authentication's default encryption mechanism.
     # Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
     # Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES. Should be set to 10 in 
     # the initializer to silumate the default behavior.
-    class RestfulAuthenticationSha1
+    class RestfulAuthenticationSha1 < Base
       
       # Gererates a default password digest based on salt, pepper and the
       # incoming password.

lib/devise/encryptors/sha1.rb

@@ -1,17 +1,10 @@
 require "digest/sha1"
 
 module Devise
-  # Implements a way of adding different encryptions.
-  # The class should implement a self.digest method that taks the following params:
-  #   - password
-  #   - stretches: the number of times the encryption will be applied
-  #   - salt: the password salt as defined by devise
-  #   - pepper: Devise config option
-  #
   module Encryptors
     # = Sha1
     # Uses the Sha1 hash algorithm to encrypt passwords.
-    class Sha1
+    class Sha1 < Base
       
       # Gererates a default password digest based on stretches, salt, pepper and the
       # incoming password.

lib/devise/encryptors/sha512.rb

@@ -1,17 +1,10 @@
 require "digest/sha2"
 
 module Devise
-  # Implements a way of adding different encryptions.
-  # The class should implement a self.digest method that taks the following params:
-  #   - password
-  #   - stretches: the number of times the encryption will be applied
-  #   - salt: the password salt as defined by devise
-  #   - pepper: Devise config option
-  #
   module Encryptors
     # = Sha512
     # Uses the Sha512 hash algorithm to encrypt passwords.
-    class Sha512
+    class Sha512 < Base
       
       # Gererates a default password digest based on salt, pepper and the
       # incoming password.

lib/devise/hooks/trackable.rb

@@ -1,5 +1,5 @@
 # After each sign in, update sign in time, sign in count and sign in IP.
-Warden::Manager.after_set_user :event => [:authentication, :set_user] do |record, warden, options|
+Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
   scope = options[:scope]
   if Devise.mappings[scope].try(:trackable?) && warden.authenticated?(scope)
     old_current, new_current  = record.current_sign_in_at, Time.now

lib/devise/mapping.rb

@@ -92,9 +92,9 @@ module Devise
       self.path_prefix.count("/")
     end
 
-    # Returns the raw path using path_prefix and as.
+    # Returns the raw path using the current relative_url_root, path_prefix and as.
     def raw_path
-      path_prefix + as.to_s
+      ActionController::Base.relative_url_root.to_s + path_prefix + as.to_s
     end
 
     # Returns the parsed path. If you need meta information in your path_prefix,

lib/devise/models/authenticatable.rb

@@ -43,7 +43,7 @@ module Devise
         @password = new_password
 
         if @password.present?
-          self.password_salt = Devise.friendly_token
+          self.password_salt = self.class.encryptor_class.salt
           self.encrypted_password = password_digest(@password)
         end
       end

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "0.8.0".freeze
+  VERSION = "0.8.2".freeze
 end

test/encryptors_test.rb

@@ -18,18 +18,11 @@ class Encryptors < ActiveSupport::TestCase
     assert_equal clearance, encryptor
   end
   
-  test 'should match a password created by bcrypt' do
-    bcrypt = "$2a$10$81UWRL4S01M6zxjMPyBame1He8EHYgdFm26rQh0qKzglf2ijtEyfa"
-    encryptor = Devise::Encryptors::BCrypt.digest('123mudar', 4, '$2a$10$81UWRL4S01M6zxjMPyBame', '')
-    assert_equal bcrypt, encryptor
-  end
-
-
-
   Devise::ENCRYPTORS_LENGTH.each do |key, value|
     test "should have length #{value} for #{key.inspect}" do
       swap Devise, :encryptor => key do
-        assert_equal value, Devise::Encryptors.const_get(key.to_s.classify).digest('a', 2, 'b', 'c').size
+        encryptor = Devise::Encryptors.const_get(key.to_s.classify)
+        assert_equal value, encryptor.digest('a', 4, encryptor.salt, nil).size
       end
     end
   end

test/mailers/confirmation_instructions_test.rb

@@ -62,4 +62,10 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
       assert_equal user.email, mail.body
     end
   end
+
+  test 'mailer sender accepts a proc' do
+    swap Devise, :mailer_sender => lambda { "another@example.com" } do
+      assert_equal ['another@example.com'], mail.from
+    end
+  end
 end

test/mailers/reset_password_instructions_test.rb

@@ -59,4 +59,10 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
     reset_url_regexp = %r{<a href=\"http://#{host}/users/password/edit\?reset_password_token=#{user.reset_password_token}">}
     assert_match reset_url_regexp, mail.body
   end
+
+  test 'mailer sender accepts a proc' do
+    swap Devise, :mailer_sender => lambda { "another@example.com" } do
+      assert_equal ['another@example.com'], mail.from
+    end
+  end
 end

test/mapping_test.rb

@@ -86,7 +86,7 @@ class MappingTest < ActiveSupport::TestCase
     mapping = Devise.mappings[:manager]
     assert_equal '/:locale/', mapping.path_prefix
   end
-
+  
   test 'retrieve as from the proper position' do
     assert_equal 1, Devise.mappings[:user].as_position
     assert_equal 2, Devise.mappings[:manager].as_position
@@ -96,6 +96,18 @@ class MappingTest < ActiveSupport::TestCase
     assert_equal '/users', Devise.mappings[:user].raw_path
     assert_equal '/:locale/accounts', Devise.mappings[:manager].raw_path
   end
+  
+  test 'raw path adds in the relative_url_root' do
+    swap ActionController::Base, :relative_url_root => '/abc' do
+      assert_equal '/abc/users', Devise.mappings[:user].raw_path
+    end
+  end
+
+  test 'raw path deals with a nil relative_url_root' do
+    swap ActionController::Base, :relative_url_root => nil do
+      assert_equal '/users', Devise.mappings[:user].raw_path
+    end
+  end
 
   test 'parsed path is returned' do
     begin
@@ -106,7 +118,13 @@ class MappingTest < ActiveSupport::TestCase
       Devise.default_url_options {{ }}
     end
   end
-
+  
+  test 'parsed path deals with non-standard relative_url_roots' do
+    swap ActionController::Base, :relative_url_root => "/abc" do
+      assert_equal '/abc/users', Devise.mappings[:user].parsed_path
+    end
+  end
+  
   test 'should have default route options' do
     assert_equal({}, Devise.mappings[:user].route_options)
   end