AtHeartEngineer/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-09 23:58:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: AtHeartEngineer:v0.8.2
Branches Tags
AtHeartEngineer:main AtHeartEngineer:update-rack-unprocessable_content AtHeartEngineer:ca-devise-locale-throw AtHeartEngineer:password-length-dynamic AtHeartEngineer:4-stable AtHeartEngineer:mf-issue-5140 AtHeartEngineer:mf-check-for-devise-parent-mailer AtHeartEngineer:5-rc AtHeartEngineer:3-stable AtHeartEngineer:let-unsafe-redirect AtHeartEngineer:test-mongoid AtHeartEngineer:drv-improve-reset-token AtHeartEngineer:lm-jruby AtHeartEngineer:4-0-stable AtHeartEngineer:4-1-stable AtHeartEngineer:gh-pages AtHeartEngineer:v3.2 AtHeartEngineer:v2.2 AtHeartEngineer:v3.0 AtHeartEngineer:v3.1 AtHeartEngineer:v2.0 AtHeartEngineer:v2.1 AtHeartEngineer:v1.5 AtHeartEngineer:v1.0 AtHeartEngineer:v1.4 AtHeartEngineer:v1.3 AtHeartEngineer:v1.2 AtHeartEngineer:v1.1
AtHeartEngineer:v5.0.0.rc AtHeartEngineer:v4.9.4 AtHeartEngineer:v4.9.3 AtHeartEngineer:v4.9.2 AtHeartEngineer:v4.9.1 AtHeartEngineer:v4.9.0 AtHeartEngineer:v4.8.1 AtHeartEngineer:v4.8.0 AtHeartEngineer:v4.7.3 AtHeartEngineer:v4.7.2 AtHeartEngineer:v4.7.1 AtHeartEngineer:v4.7.0 AtHeartEngineer:v4.6.2 AtHeartEngineer:v4.6.1 AtHeartEngineer:v4.6.0 AtHeartEngineer:v4.5.0 AtHeartEngineer:v4.4.3 AtHeartEngineer:v4.4.2 AtHeartEngineer:v4.4.1 AtHeartEngineer:v4.4.0 AtHeartEngineer:v4.3.0 AtHeartEngineer:v4.2.1 AtHeartEngineer:v4.2.0 AtHeartEngineer:v3.5.10 AtHeartEngineer:v4.0.3 AtHeartEngineer:v4.1.1 AtHeartEngineer:v4.1.0 AtHeartEngineer:v3.5.9 AtHeartEngineer:v4.0.2 AtHeartEngineer:v4.0.1 AtHeartEngineer:v3.5.8 AtHeartEngineer:v3.5.7 AtHeartEngineer:v4.0.0 AtHeartEngineer:v4.0.0.rc2 AtHeartEngineer:v4.0.0.rc1 AtHeartEngineer:v3.5.6 AtHeartEngineer:v3.5.5 AtHeartEngineer:v3.5.4 AtHeartEngineer:v3.5.3 AtHeartEngineer:v3.5.2 AtHeartEngineer:v3.5.1 AtHeartEngineer:v3.5.0 AtHeartEngineer:v3.4.1 AtHeartEngineer:v3.4.0 AtHeartEngineer:v3.3.0 AtHeartEngineer:v3.2.4 AtHeartEngineer:v3.2.3 AtHeartEngineer:v3.2.2 AtHeartEngineer:v3.2.1 AtHeartEngineer:v2.2.8 AtHeartEngineer:v3.0.4 AtHeartEngineer:v3.1.2 AtHeartEngineer:v3.2.0 AtHeartEngineer:v3.1.1 AtHeartEngineer:v3.1.0 AtHeartEngineer:v2.0.6 AtHeartEngineer:v2.1.4 AtHeartEngineer:v2.2.7 AtHeartEngineer:v3.0.3 AtHeartEngineer:v3.1.0.rc2 AtHeartEngineer:v3.1.0.rc AtHeartEngineer:v2.2.6 AtHeartEngineer:v3.0.2 AtHeartEngineer:v3.0.1 AtHeartEngineer:v2.2.5 AtHeartEngineer:v3.0.0 AtHeartEngineer:v3.0.0.rc AtHeartEngineer:v2.2.4 AtHeartEngineer:v2.2.3 AtHeartEngineer:v2.2.2 AtHeartEngineer:v2.2.1 AtHeartEngineer:v2.2.0 AtHeartEngineer:v2.2.0.rc AtHeartEngineer:v2.1.2 AtHeartEngineer:v2.1.1 AtHeartEngineer:v2.1.0 AtHeartEngineer:v2.1.0.rc2 AtHeartEngineer:v2.1.0.rc AtHeartEngineer:v2.0.4 AtHeartEngineer:v2.0.3 AtHeartEngineer:v2.0.2 AtHeartEngineer:v2.0.1 AtHeartEngineer:v2.0.0 AtHeartEngineer:v2.0.0.rc2 AtHeartEngineer:v2.0.0.rc AtHeartEngineer:v1.5.3 AtHeartEngineer:v1.5.2 AtHeartEngineer:v1.5.1 AtHeartEngineer:v1.5.0 AtHeartEngineer:v1.5.0.rc1 AtHeartEngineer:v1.5.0.rc AtHeartEngineer:v1.4.9 AtHeartEngineer:v1.4.8 AtHeartEngineer:v1.4.7 AtHeartEngineer:v1.4.6 AtHeartEngineer:v1.4.5 AtHeartEngineer:v1.4.4 AtHeartEngineer:v1.4.3 AtHeartEngineer:v1.4.2 AtHeartEngineer:v1.4.1 AtHeartEngineer:v1.4.0 AtHeartEngineer:v1.3.4 AtHeartEngineer:v1.3.3 AtHeartEngineer:v1.3.2 AtHeartEngineer:v1.3.1 AtHeartEngineer:v1.3.0 AtHeartEngineer:v1.2.1 AtHeartEngineer:v1.2.0 AtHeartEngineer:v1.1.9 AtHeartEngineer:v1.0.11 AtHeartEngineer:v1.1.8 AtHeartEngineer:v1.2.rc2 AtHeartEngineer:v1.1.7 AtHeartEngineer:v1.1.6 AtHeartEngineer:v1.1.5 AtHeartEngineer:v1.0.9 AtHeartEngineer:v1.1.4 AtHeartEngineer:v1.2.rc AtHeartEngineer:v1.1.3 AtHeartEngineer:v1.1.2 AtHeartEngineer:v1.1.1 AtHeartEngineer:v1.1.0 AtHeartEngineer:v1.1.rc2 AtHeartEngineer:v1.0.8 AtHeartEngineer:v1.0.7 AtHeartEngineer:v1.1.rc1 AtHeartEngineer:v1.0.6 AtHeartEngineer:v1.1.rc0 AtHeartEngineer:v1.0.5 AtHeartEngineer:v1.0.4 AtHeartEngineer:v1.1.pre4 AtHeartEngineer:v1.1.pre3 AtHeartEngineer:v1.0.3 AtHeartEngineer:v1.1.pre2 AtHeartEngineer:v1.0.2 AtHeartEngineer:v1.1.pre AtHeartEngineer:v1.0.1 AtHeartEngineer:v1.0.0 AtHeartEngineer:v0.9.2 AtHeartEngineer:v0.9.1 AtHeartEngineer:v0.9.0 AtHeartEngineer:v0.8.2 AtHeartEngineer:v0.8.1 AtHeartEngineer:v0.8.0 AtHeartEngineer:v0.7.5
...
compare: AtHeartEngineer:v1.0.4
Branches Tags
AtHeartEngineer:main AtHeartEngineer:update-rack-unprocessable_content AtHeartEngineer:ca-devise-locale-throw AtHeartEngineer:password-length-dynamic AtHeartEngineer:4-stable AtHeartEngineer:mf-issue-5140 AtHeartEngineer:mf-check-for-devise-parent-mailer AtHeartEngineer:5-rc AtHeartEngineer:3-stable AtHeartEngineer:let-unsafe-redirect AtHeartEngineer:test-mongoid AtHeartEngineer:drv-improve-reset-token AtHeartEngineer:lm-jruby AtHeartEngineer:4-0-stable AtHeartEngineer:4-1-stable AtHeartEngineer:gh-pages AtHeartEngineer:v3.2 AtHeartEngineer:v2.2 AtHeartEngineer:v3.0 AtHeartEngineer:v3.1 AtHeartEngineer:v2.0 AtHeartEngineer:v2.1 AtHeartEngineer:v1.5 AtHeartEngineer:v1.0 AtHeartEngineer:v1.4 AtHeartEngineer:v1.3 AtHeartEngineer:v1.2 AtHeartEngineer:v1.1
AtHeartEngineer:v5.0.0.rc AtHeartEngineer:v4.9.4 AtHeartEngineer:v4.9.3 AtHeartEngineer:v4.9.2 AtHeartEngineer:v4.9.1 AtHeartEngineer:v4.9.0 AtHeartEngineer:v4.8.1 AtHeartEngineer:v4.8.0 AtHeartEngineer:v4.7.3 AtHeartEngineer:v4.7.2 AtHeartEngineer:v4.7.1 AtHeartEngineer:v4.7.0 AtHeartEngineer:v4.6.2 AtHeartEngineer:v4.6.1 AtHeartEngineer:v4.6.0 AtHeartEngineer:v4.5.0 AtHeartEngineer:v4.4.3 AtHeartEngineer:v4.4.2 AtHeartEngineer:v4.4.1 AtHeartEngineer:v4.4.0 AtHeartEngineer:v4.3.0 AtHeartEngineer:v4.2.1 AtHeartEngineer:v4.2.0 AtHeartEngineer:v3.5.10 AtHeartEngineer:v4.0.3 AtHeartEngineer:v4.1.1 AtHeartEngineer:v4.1.0 AtHeartEngineer:v3.5.9 AtHeartEngineer:v4.0.2 AtHeartEngineer:v4.0.1 AtHeartEngineer:v3.5.8 AtHeartEngineer:v3.5.7 AtHeartEngineer:v4.0.0 AtHeartEngineer:v4.0.0.rc2 AtHeartEngineer:v4.0.0.rc1 AtHeartEngineer:v3.5.6 AtHeartEngineer:v3.5.5 AtHeartEngineer:v3.5.4 AtHeartEngineer:v3.5.3 AtHeartEngineer:v3.5.2 AtHeartEngineer:v3.5.1 AtHeartEngineer:v3.5.0 AtHeartEngineer:v3.4.1 AtHeartEngineer:v3.4.0 AtHeartEngineer:v3.3.0 AtHeartEngineer:v3.2.4 AtHeartEngineer:v3.2.3 AtHeartEngineer:v3.2.2 AtHeartEngineer:v3.2.1 AtHeartEngineer:v2.2.8 AtHeartEngineer:v3.0.4 AtHeartEngineer:v3.1.2 AtHeartEngineer:v3.2.0 AtHeartEngineer:v3.1.1 AtHeartEngineer:v3.1.0 AtHeartEngineer:v2.0.6 AtHeartEngineer:v2.1.4 AtHeartEngineer:v2.2.7 AtHeartEngineer:v3.0.3 AtHeartEngineer:v3.1.0.rc2 AtHeartEngineer:v3.1.0.rc AtHeartEngineer:v2.2.6 AtHeartEngineer:v3.0.2 AtHeartEngineer:v3.0.1 AtHeartEngineer:v2.2.5 AtHeartEngineer:v3.0.0 AtHeartEngineer:v3.0.0.rc AtHeartEngineer:v2.2.4 AtHeartEngineer:v2.2.3 AtHeartEngineer:v2.2.2 AtHeartEngineer:v2.2.1 AtHeartEngineer:v2.2.0 AtHeartEngineer:v2.2.0.rc AtHeartEngineer:v2.1.2 AtHeartEngineer:v2.1.1 AtHeartEngineer:v2.1.0 AtHeartEngineer:v2.1.0.rc2 AtHeartEngineer:v2.1.0.rc AtHeartEngineer:v2.0.4 AtHeartEngineer:v2.0.3 AtHeartEngineer:v2.0.2 AtHeartEngineer:v2.0.1 AtHeartEngineer:v2.0.0 AtHeartEngineer:v2.0.0.rc2 AtHeartEngineer:v2.0.0.rc AtHeartEngineer:v1.5.3 AtHeartEngineer:v1.5.2 AtHeartEngineer:v1.5.1 AtHeartEngineer:v1.5.0 AtHeartEngineer:v1.5.0.rc1 AtHeartEngineer:v1.5.0.rc AtHeartEngineer:v1.4.9 AtHeartEngineer:v1.4.8 AtHeartEngineer:v1.4.7 AtHeartEngineer:v1.4.6 AtHeartEngineer:v1.4.5 AtHeartEngineer:v1.4.4 AtHeartEngineer:v1.4.3 AtHeartEngineer:v1.4.2 AtHeartEngineer:v1.4.1 AtHeartEngineer:v1.4.0 AtHeartEngineer:v1.3.4 AtHeartEngineer:v1.3.3 AtHeartEngineer:v1.3.2 AtHeartEngineer:v1.3.1 AtHeartEngineer:v1.3.0 AtHeartEngineer:v1.2.1 AtHeartEngineer:v1.2.0 AtHeartEngineer:v1.1.9 AtHeartEngineer:v1.0.11 AtHeartEngineer:v1.1.8 AtHeartEngineer:v1.2.rc2 AtHeartEngineer:v1.1.7 AtHeartEngineer:v1.1.6 AtHeartEngineer:v1.1.5 AtHeartEngineer:v1.0.9 AtHeartEngineer:v1.1.4 AtHeartEngineer:v1.2.rc AtHeartEngineer:v1.1.3 AtHeartEngineer:v1.1.2 AtHeartEngineer:v1.1.1 AtHeartEngineer:v1.1.0 AtHeartEngineer:v1.1.rc2 AtHeartEngineer:v1.0.8 AtHeartEngineer:v1.0.7 AtHeartEngineer:v1.1.rc1 AtHeartEngineer:v1.0.6 AtHeartEngineer:v1.1.rc0 AtHeartEngineer:v1.0.5 AtHeartEngineer:v1.0.4 AtHeartEngineer:v1.1.pre4 AtHeartEngineer:v1.1.pre3 AtHeartEngineer:v1.0.3 AtHeartEngineer:v1.1.pre2 AtHeartEngineer:v1.0.2 AtHeartEngineer:v1.1.pre AtHeartEngineer:v1.0.1 AtHeartEngineer:v1.0.0 AtHeartEngineer:v0.9.2 AtHeartEngineer:v0.9.1 AtHeartEngineer:v0.9.0 AtHeartEngineer:v0.8.2 AtHeartEngineer:v0.8.1 AtHeartEngineer:v0.8.0 AtHeartEngineer:v0.7.5

88 Commits
v0.8.2 ... v1.0.4

Author SHA1 Message Date
José Valim
d36e1012f8 Release 1.0.4 with a couple bug fixes. 2010-03-03 12:24:29 +01:00
Lucas de Castro
5d187ff278 Fixing session controllers when within namespaces 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-03-03 12:16:24 +01:00
Cyril Mougel
a0220243c3 fix spec failed with mongo_mapper DEVISE_ORM 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-25 08:44:08 +01:00
José Valim
4c10f86e74 Do not forget frozen records. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-25 08:35:07 +01:00
Lucas Uyezu
cf66e935a9 SQLite requries a default value when the column is NOT NULL 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-25 08:34:47 +01:00
José Valim
fbe485f3df Update warden which fixes a security issue. 2010-02-23 19:52:53 +01:00
José Valim
545462e964 Bump to 1.0.3. 2010-02-23 15:45:07 +01:00
José Valim
42df192df8 Do not remove options from MongoMapper find. 2010-02-23 15:41:52 +01:00
Andre Arko
7f451ed9cc Add rails/init.rb to the gemspec 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-19 18:06:38 +01:00
Daniel Jagszent
27fe3023ae renamed init.rb -> rails/init.rb. So that rails can find and initalize the GemPlugin even without a config.gem "devise" line in environment.rb (for using with bundler) 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-19 17:10:03 +01:00
Paul Campbell
41d416a18e add paragraphs to html emails 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-19 10:18:00 +01:00
José Valim
c36cd84c31 Returns the proper response body based on the rquest for 401. 2010-02-18 19:52:37 +01:00
José Valim
fd96335d05 Autoload Devise::Models. 2010-02-18 07:22:26 +01:00
José Valim
23568bda82 Bump to 1.0.2. 2010-02-17 21:30:54 +01:00
José Valim
ee7f5270fc Uses the same content type as request on http authenticatable 401 responses 2010-02-17 21:25:31 +01:00
José Valim
f294700723 Update test files. 2010-02-17 21:15:11 +01:00
Glenn Roberts
c86ce298dc add content type test, update config doc 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-17 21:13:27 +01:00
Glenn Roberts
b0ff0d46dd add content_type config parameter 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-17 21:13:16 +01:00
José Valim
187ef5c452 Update README. 2010-02-17 13:56:00 +01:00
Paul Campbell
6d29bcc467 Add mention of flash[:notice] and flash[:alert] 2010-02-15 22:29:23 +08:00
José Valim
ee87ec398a Updated gemspec. 2010-02-15 14:23:00 +01:00
José Valim
3e37fe8d4d Bump to 1.0.1 2010-02-15 14:19:08 +01:00
José Valim
48a94cdece Avoid mass assignment error messages with current password. 2010-02-15 14:17:12 +01:00
José Valim
bdacffab58 Make HttpAuthenticatable opt-in. 2010-02-15 14:11:33 +01:00
José Valim
085b12a710 Add registerable to defaults. 2010-02-15 14:06:50 +01:00
Carlos Antonio da Silva
3435c53725 Fix typo: autoload Clearance encryptor and not Authlogic one. 2010-02-12 13:02:11 -02:00
Carlos Antonio da Silva
01dec7fc78 README and TODO minor updates. 2010-02-12 01:54:47 -02:00
José Valim
4bfbeea7e6 Release 1.0.0 2010-02-09 02:17:20 +01:00
José Valim
2a9e8dca73 Allow authenticatable to used in change_table statements 2010-02-09 00:26:26 +01:00
José Valim
1b6f1b9752 Add registerable integration tests. 2010-02-09 00:08:57 +01:00
José Valim
732e31528e More changes in update_with_password. 2010-02-08 23:14:03 +01:00
José Valim
d7db5b1eea More work on edit. 2010-02-08 20:38:47 +01:00
José Valim
2761a75437 Refactor on routes. 2010-02-08 20:25:20 +01:00
José Valim
8a15ac6e4a Stub out other views for Registerable. 2010-02-08 19:07:24 +01:00
José Valim
9798ad7455 Allow scoped views to be customized per controller/mailer class. 2010-02-08 17:33:22 +01:00
José Valim
54cd2cc0e8 Use _ instead of . 2010-02-08 17:15:12 +01:00
Carlos Antonio da Silva
445070f6ec Use sign_up instead of registration in routes. Fix issue with users being signed in while attempting to sign up with info from already existing user. Also fix signed up flash. 2010-02-08 11:03:15 -02:00
Carlos Antonio da Silva
9856646fac Merge with master 2010-02-06 09:24:00 -02:00
José Valim
60fd9d26ea Rely on duck type instead of mappings settings. 2010-02-06 10:06:22 +01:00
José Valim
1cf4dc798d Add Http Basic Authentication support. 2010-02-06 01:33:32 +01:00
José Valim
2f441fb60b Commit new gemspec. 2010-02-05 21:38:50 +01:00
José Valim
e02810d528 Move to 0.9.2. 2010-02-05 21:37:28 +01:00
José Valim
c146cad448 Ensure inactive user cannot sign in. 2010-02-05 21:36:19 +01:00
Carlos Antonio da Silva
49d1978863 We do not need to check for registerable active inside the view. 2010-02-05 00:02:49 -02:00
Carlos Antonio da Silva
658059f31a Bring Devise::ALL back to modules and improving lockable docs. 2010-02-04 20:09:53 -02:00
Carlos Antonio da Silva
21359fb433 Refactoring a bit models and lockable. Also remove devise :all deprecation. 2010-02-04 20:09:53 -02:00
Carlos Antonio da Silva
60714cd449 autload Registerable. Extracting default routes and path_names to constants. Fix evals for better debugging and stack trace. 2010-02-04 20:09:53 -02:00
Carlos Antonio da Silva
6b837cb285 Introducing Registerable module, allowing users to sign up. 2010-02-04 20:08:38 -02:00
Carlos Antonio da Silva
4de1e43b7a Fix "return_to" to always save the request_uri, overwriting the return to url when the user types another forbidden url before sign in. 
This way the user will be redirected to the last attempted url and not the first one.
 2010-02-04 08:46:22 -02:00
Matt Powell
02a99b9766 deprecate find(:first) and find(:all) in MongoMapper 2010-02-03 16:53:49 +08:00
José Valim
a9e2337aeb Change EMAIL_REGEXP so it can be used in javascript. 2010-02-02 13:28:47 +01:00
José Valim
3781a0f47b Tidy up token authentication implementation. 2010-02-02 13:21:00 +01:00
Jonas Grimfelt
4878bdb60b Second version of token_authenticatable reflecting feedback: Nuked all hook-stuff. Should be easy to custom-reset authentication tokens by inheritance. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-02 12:37:06 +01:00
Jonas Grimfelt
e1440fb430 Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-02 12:36:44 +01:00
José Valim
c03b4ff339 Add gemspec since it's required by bundler. 2010-02-01 16:32:36 +01:00
José Valim
ca794776c1 Bump to 0.9.1. 2010-01-25 20:19:47 +01:00
José Valim
b4707c2bae Use self. just to stay in the same pattern. 2010-01-25 19:29:14 +01:00
jgeiger
b3fd742aea bcrypt requires the salt to be over 29 chars 2010-01-22 23:04:03 +08:00
David Palm
bc05d28d3f Devise::Mapping#raw_path does not consider relative_url_root so that route helpers work (no more session_path(:user) => '/abc/abc/users/sign_in') 
Devise::Mapping#parsed_path considers relative_url_root so that initial redirects still work with non empty relative_url_roots
 2010-01-22 23:03:48 +08:00
José Valim
e4e9e16623 Bump to 0.9.0. 2010-01-21 15:30:13 +01:00
José Valim
345bf159e2 Add latest commities entries to CHANGELOG. 2010-01-21 09:15:07 +01:00
Jonas Grimfelt
0c7c762c16 Fixed some Ruby 1.9 issues/bugs. 2010-01-21 16:06:19 +08:00
Jonas Grimfelt
f50ec773b2 New convenient helper method for extending Devise with additional modules: Devise::add_module. 2010-01-21 16:06:17 +08:00
Carlos Antonio da Silva
6d80418fd1 Changing flash messages to new Rails defaults :notice/:alert 2010-01-20 17:46:14 -02:00
José Valim
b4183cbaa2 Url helpers should rely find_scope! 2010-01-19 17:19:40 +01:00
José Valim
04ce9d1e6f Should accept path prefixes not starting with slash. 2010-01-16 14:39:57 +01:00
José Valim
ef25da992c Use an OrderedHash to fix problems with test suite working in some machines but no in others. 2010-01-16 14:32:52 +01:00
José Valim
394b1ff444 Bring mongomapper up to date. Remember that you need mongo_ext in order to use MongoMapper with Devise. 2010-01-16 11:22:09 +01:00
José Valim
a5b2ee5171 Improve documentation for after_sign_in_path_for. 2010-01-16 10:56:35 +01:00
José Valim
fdc2e795d7 Simplify links requirement. 2010-01-14 16:04:13 +01:00
José Valim
a32e90a1d6 Update CHANGELOG and dependencies. 2010-01-14 15:53:17 +01:00
José Valim
2afad49a96 Bring rememberable back. 2010-01-14 15:47:14 +01:00
José Valim
f46d1b1d81 Add support to Warden 0.9.0.pre 2010-01-14 13:38:02 +01:00
José Valim
66f4cfd3eb Clean up tests. 2010-01-13 19:53:12 +01:00
José Valim
efc0ae230a Deprecate :all. 2010-01-13 19:45:24 +01:00
José Valim
f075a6babe Tidying up. 2010-01-13 18:46:04 +01:00
José Valim
19f9ecfcb6 Updating CHANGELOG. 2010-01-13 18:27:26 +01:00
José Valim
d4442837d5 Clean up whitespace and remove deprecated stuff. 2010-01-13 18:23:04 +01:00
José Valim
b581f86317 DRY up controllers. 2010-01-13 18:12:13 +01:00
José Valim
d0ccd14c54 Merge remote branch 'mhfs/master' 2010-01-13 17:49:20 +01:00
Marcelo Silveira
f4b438bb1e adding links refactory to changelog 2010-01-09 13:36:04 -02:00
Marcelo Silveira
6c4274fae6 fixing mongo tests 2010-01-09 13:16:07 -02:00
Marcelo Silveira
827d0ce14c refactoring attempts track to avoid saving the model twice 2010-01-09 13:12:24 -02:00
Marcelo Silveira
915afa5f0a forgot the partial.. 2010-01-09 12:59:24 -02:00
Marcelo Silveira
4498acb1d0 moved view links into a partial and I18n'ed them 2010-01-09 12:58:51 -02:00
Marcelo Silveira
9c4ddc6465 - Maximum attempts changed from 5 to 20 
- Lockable is not turned on by default
- Fixed lockable incompatibilities with latest commits
 2010-01-09 11:41:28 -02:00
Marcelo Silveira
32991e13c4 Merge and fix conflicts. 2010-01-09 11:22:27 -02:00
Marcelo Silveira
d2fa737aa0 introducing lockable implementation 2010-01-01 17:57:35 -02:00
104 changed files with 2836 additions and 1455 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -4,5 +4,4 @@
coverage/*
*.sqlite3
rdoc/*
devise.gemspec
pkg

80
CHANGELOG.rdoc
View File

@@ -1,15 +1,91 @@
== 1.0.4
* bug fix
* Fixed a bug when deleting an account with rememberable
* Fixed a bug with custom controllers
== 1.0.3
* enhancements
* HTML e-mails now have proper formatting
* Do not remove MongoMapper options in find
== 1.0.2
* enhancements
* Allows you set mailer content type (by github.com/glennr)
* bug fix
* Uses the same content type as request on http authenticatable 401 responses
== 1.0.1
* enhancements
* HttpAuthenticatable is not added by default automatically.
* Avoid mass assignment error messages with current password.
* bug fix
* Fixed encryptors autoload
== 1.0.0
* deprecation
* :old_password in update_with_password is deprecated, use :current_password instead
* enhancements
* Added Registerable
* Added Http Basic Authentication support
* Allow scoped_views to be customized per controller/mailer class
* [#99] Allow authenticatable to used in change_table statements
* Add mailer_content_type configuration parameter (by github.com/glennr)
== 0.9.2
* bug fix
* Ensure inactive user cannot sign in
* Ensure redirect to proper url after sign up
* enhancements
* Added gemspec to repo
* Added token authenticatable (by github.com/grimen)
== 0.9.1
* bug fix
* Allow bigger salt size (by github.com/jgeiger)
* Fix relative url root
== 0.9.0
* deprecation
* devise :all is deprecated
* :success and :failure flash messages are now :notice and :alert
* enhancements
* Added devise lockable (by github.com/mhfs)
* Warden 0.9.0 compatibility
* Mongomapper 0.6.10 compatibility
* Added Devise.add_module as hooks for extensions (by github.com/grimen)
* Ruby 1.9.1 compatibility (by github.com/grimen)
* bug fix
* Accept path prefix not starting with slash
* url helpers should rely on find_scope!
== 0.8.2
* enhancements
* Allow Devise.mailer_sender to be a proc (by github/grimen)
* Allow Devise.mailer_sender to be a proc (by github.com/grimen)
* bug fix
* Fix bug with passenger, update is required to anyone deploying on passenger (by github/dvdpalm)
* Fix bug with passenger, update is required to anyone deploying on passenger (by github.com/dvdpalm)
== 0.8.1
* enhancements
* Move salt to encryptors
* Devise::Lockable
* Moved view links into partial and I18n'ed them
* bug fix
* Bcrypt generator was not being loaded neither setting the proper salt

113
README.rdoc
View File

@@ -7,19 +7,20 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
* Allows you to have multiple roles (or models/scopes) signed in at the same time;
* Is based on a modularity concept: use just what you really need.
Right now it's composed of six modules included by default when you invoke "devise :all" in your models:
Right now it's composed of 12 modules:
* Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
* Token Authenticatable: validates authenticity of a user while signing in using an authentication token (also known as "single access token").
* HttpAuthenticatable: sign in users using basic HTTP authentication.
* Confirmable: responsible for verifying whether an account is already confirmed to sign in, and to send emails with confirmation instructions.
* Recoverable: takes care of reseting the user password and send reset instructions.
* Registerable: handles signing up users through a registration process.
* Rememberable: manages generating and clearing token for remember the user from a saved cookie.
* Trackable: tracks sign in count, timestamps and ip.
* Validatable: creates all needed validations for email and password. It's totally optional, so you're able to to customize validations by yourself.
And it also includes the optional modules:
* Activatable: if you need to activate accounts by other means, which are not through confirmation, use this module.
* Timeoutable: expires sessions without activity in a certain period of time.
* Validatable: creates all needed validations for email and password. It's totally optional, so you're able to to customize validations by yourself.
* Lockable: takes care of locking an account based on the number of failed sign in attempts. Handles unlock via expire and email.
* Activatable: if you need to activate accounts by other means, which are not through confirmation, use this module.
There's an example application using Devise at http://github.com/plataformatec/devise_example .
@@ -29,17 +30,13 @@ Devise is based on Warden (http://github.com/hassox/warden), a Rack Authenticati
== Installation
All gems are on gemcutter, so you need to add gemcutter to your sources if you haven't yet:
sudo gem sources -a http://gemcutter.org/
Install warden gem if you don't have it installed (requires 0.6.4 or higher):
Install warden gem if you don't have it installed:
sudo gem install warden
Install devise gem:
sudo gem install devise
sudo gem install devise --version=1.0.1
Configure warden and devise gems inside your app:
@@ -50,15 +47,27 @@ Run the generator:
ruby script/generate devise_install
And you're ready to go. The generator will install an initializer which describes Devise's configuration options. Be sure to take a look.
And you're ready to go. The generator will install an initializer which describes ALL Devise's configuration options, so be sure to take a look at it and the documentation as well:
http://rdoc.info/projects/plataformatec/devise
If you want to use Devise with bundler on Rails 2.3, you need to follow the instructions here:
http://github.com/carlhuda/bundler/issues/issue/83
== Basic Usage
This is a walkthrough with all steps you need to setup a devise resource, including model, migration, route files, and optional configuration. You can also check out the *Generators* section below to help you start.
This is a walkthrough with all steps you need to setup a devise resource, including model, migration, route files, and optional configuration. You MUST also check out the *Generators* section below to help you start.
Devise must be set up within the model (or models) you want to use, and devise routes must be created inside your config/routes.rb file.
We're assuming here you want a User model. First of all you have to setup a migration with the following fields:
We're assuming here you want a User model with some modules, as outlined below:
class User < ActiveRecord::Base
devise :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
end
After you choose which modules to use, you need to setup your migrations. Luckily, devise has some helpers to save you from this boring work:
create_table :users do |t|
t.authenticatable
@@ -69,48 +78,22 @@ We're assuming here you want a User model. First of all you have to setup a migr
t.timestamps
end
You may also want to add some indexes to improve performance:
add_index :your_table, :email
add_index :your_table, :confirmation_token # for confirmable
add_index :your_table, :reset_password_token # for recoverable
Now let's setup a User model adding the devise line:
class User < ActiveRecord::Base
devise :all
end
This will include the six default modules outlined at the beginning. You can exclude and remove any module at will:
# Include timeout configuration
devise :all, :timeoutable
# Remove validations
devise :all, :except => :validatable
Remember that Devise don't rely on _attr_accessible_ or _attr_protected_ inside its modules, so be sure to setup what attributes are accessible or protected in your model.
== Model configuration
In addition to :except, you can provide :pepper, :stretches, :encryptor, :authentication_keys, :confirm_within, :remember_for and :timeout as options to devise method.
All those options are described in "config/initializers/devise.rb", which is generated when you invoke `ruby script/generate devise_install` in your application root.
== Routes
The next step after setting up your model is to configure your routes for devise. You do this by opening up your config/routes.rb and adding:
The next setup after setting up your model is to configure your routes. You do this by opening up your config/routes.rb and adding:
map.devise_for :users
This is going to look inside you User model and create a set of needed routes (you can see them by running `rake routes`).
There are also some options available for configuring your routes, as :class_name (to set the class for that route), :as and :path_names, where the last two have the same meaning as in common routes. The available :path_names are:
There are also some options available for configuring your routes, as :class_name (to set the class for that route), :path_prefix, :as and :path_names, where the last two have the same meaning as in common routes. The available :path_names are:
map.devise_for :users, :as => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
map.devise_for :users, :as => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock' }
Be sure to check devise_for documentation for detailed description.
After this steps, run your migrations, and you are ready to go! But don't finish reading, we still have a lot to tell you:
== Controller filters and helpers
Devise is gonna create some helpers to use inside your controllers and views. To setup a controller that needs user authentication, just add this before_filter:
@@ -129,32 +112,29 @@ You have also access to the session for this scope:
user_session
After signing in a user, confirming it's account or updating it's password, devise will look for a scoped root path to redirect. Example: For a :user resource, it will use user_root_path if it exists, otherwise default root_path will be used. To do it so, you need to create e default root inside your routes for your application:
After signing in a user, confirming it's account or updating it's password, devise will look for a scoped root path to redirect. Example: For a :user resource, it will use user_root_path if it exists, otherwise default root_path will be used. This means that you need to set the root inside your routes:
map.root :controller => 'home'
You can also overwrite after_sign_in_path_for and after_sign_out_path_for to customize better your redirect hooks.
Finally, if you are using confirmable or recoverable, you also need to setup default url options for the mailer in each environment. Here's is the configuration for config/environments/development.rb:
Finally, you also need to setup default url options for the mailer in each environment. Here's is the configuration for config/environments/development.rb:
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
== Views
By default devise will use the same views for all scopes/roles you have. But what if you need so different views to each of them? Devise also has an easy way to accomplish it: just setup config,scoped_views to true inside your devise config file, and you will be able to have views based on scope like 'sessions/users/new' and 'sessions/admin/new'. If no view is found within the scope, Devise will fallback to the default view.
== Tidying up
Devise let's you setup as many roles as you want, so let's say you already have this User model and also want an Admin model with just authentication, trackable and timeoutable stuff and none of confirmation or password recovery. Just follow the same steps:
Devise let's you setup as many roles as you want, so let's say you already have this User model and also want an Admin model with just authentication, trackable, lockable and timeoutable stuff and none of confirmation or password recovery. Just follow the same steps:
# Create a migration with the required fields
create_table :admins do |t|
t.authenticatable
t.lockable
t.trackable
end
# Inside your Admin model
devise :authenticatable, :trackable, :timeoutable
devise :authenticatable, :trackable, :timeoutable, :lockable
# Inside your routes
map.devise_for :admin
@@ -179,11 +159,25 @@ This will generate an initializer, with a description of all configuration value
A model configured with all devise modules and attr_accessible for default fields will be created. The generator will also create the migration and configure your routes for devise.
You can also copy devise views to your application, being able to modify them based on your needs. To do it so, run the following command:
== Model configuration
The devise method in your models also accept some options to configure its modules. For example, you can chose which encryptor to use in authenticatable:
devise :authenticatable, :confirmable, :recoverable, :encryptor => :bcrypt
Besides :encryptor, you can provide :pepper, :stretches, :confirm_within, :remember_for, :timeout_in, :unlock_in and others. All those are describer in the initializer created when you invoke the devise_install generator describer above.
== Views
Since devise is an engine, it has all default views inside the gem. They are good to get you started, but you will want to customize them at some point. And Devise has a generator to make copy them all to your application:
ruby script/generate devise_views
This is gonna copy all session, password, confirmation and mailer views to your app/views folder.
By default Devise will use the same views for all roles you have. But what if you need so different views to each of them? Devise also has an easy way to accomplish it: just setup config.scoped_views to true inside "config/initializers/devise.rb".
After doing so you will be able to have views based on the scope like 'sessions/users/new' and 'sessions/admin/new'. If no view is found within the scope, Devise will fallback to the default view.
Devise uses flash messages to let users know if their login is successful or not. Devise expects your application to call 'flash[:notice]' and 'flash[:alert]' as appropriate.
== I18n
@@ -240,8 +234,7 @@ Devise implements encryption strategies for Clearance, Authlogic and Restful-Aut
== Other ORMs
Devise was made to work from scratch with ActiveRecord. However it currently supports DataMapper and MongoMapper as well.
To use it, just set Devise.orm or configure it in the initialization file (which is created with devise_install).
Devise supports both ActiveRecord (default) and MongoMapper, and has experimental Datamapper supports (in a sense that Devise test suite does not run completely with Datamapper). To choose other ORM, you just need to configure it in the initializer file.
== TODO
@@ -254,9 +247,7 @@ Please refer to TODO file.
== Contributors
* Marcelo Silveira (http://github.com/mhfs)
* Cyril Mougel (http://github.com/shingara)
* Jonas Grimfelt (http://github.com/grimen)
We have a long running list of contributors. Check them in the CHANGELOG or do `git shortlog -s -n` in the cloned repository.
== Bugs and Feedback

4
Rakefile
View File

@@ -43,8 +43,8 @@ begin
s.homepage = "http://github.com/plataformatec/devise"
s.description = "Flexible authentication solution for Rails with Warden"
s.authors = ['José Valim', 'Carlos Antônio']
s.files = FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "init.rb"]
s.add_dependency("warden", "~> 0.8.1")
s.files = FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "rails/init.rb"]
s.add_dependency("warden", "~> 0.9.4")
end
Jeweler::GemcutterTasks.new

8
TODO
View File

@@ -1,6 +1,2 @@
* Make test run with DataMapper (ActiveRecord, MongoMapper)
* Add Registerable support
* Add http authentication support
* Extract SessionSerializer tests from Authenticatable
* Extract CookieSerializer tests from Authenticatable
* Extract Activatable tests from Confirmable
* Make test run with DataMapper
* Extract Activatable tests from Confirmable

6
app/controllers/confirmations_controller.rb
View File

@@ -1,5 +1,5 @@
class ConfirmationsController < ApplicationController
include Devise::Controllers::Helpers
include Devise::Controllers::InternalHelpers
# GET /resource/confirmation/new
def new
@@ -12,7 +12,7 @@ class ConfirmationsController < ApplicationController
self.resource = resource_class.send_confirmation_instructions(params[resource_name])
if resource.errors.empty?
set_flash_message :success, :send_instructions
set_flash_message :notice, :send_instructions
redirect_to new_session_path(resource_name)
else
render_with_scope :new
@@ -24,7 +24,7 @@ class ConfirmationsController < ApplicationController
self.resource = resource_class.confirm!(:confirmation_token => params[:confirmation_token])
if resource.errors.empty?
set_flash_message :success, :confirmed
set_flash_message :notice, :confirmed
sign_in_and_redirect(resource_name, resource)
else
render_with_scope :new

6
app/controllers/passwords_controller.rb
View File

@@ -1,5 +1,5 @@
class PasswordsController < ApplicationController
include Devise::Controllers::Helpers
include Devise::Controllers::InternalHelpers
before_filter :require_no_authentication
@@ -14,7 +14,7 @@ class PasswordsController < ApplicationController
self.resource = resource_class.send_reset_password_instructions(params[resource_name])
if resource.errors.empty?
set_flash_message :success, :send_instructions
set_flash_message :notice, :send_instructions
redirect_to new_session_path(resource_name)
else
render_with_scope :new
@@ -33,7 +33,7 @@ class PasswordsController < ApplicationController
self.resource = resource_class.reset_password!(params[resource_name])
if resource.errors.empty?
set_flash_message :success, :updated
set_flash_message :notice, :updated
sign_in_and_redirect(resource_name, resource)
else
render_with_scope :edit

55
app/controllers/registrations_controller.rb Normal file
View File

@@ -0,0 +1,55 @@
class RegistrationsController < ApplicationController
include Devise::Controllers::InternalHelpers
before_filter :require_no_authentication, :only => [ :new, :create ]
before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
# GET /resource/sign_in
def new
build_resource
render_with_scope :new
end
# POST /resource/sign_up
def create
build_resource
if resource.save
flash[:"#{resource_name}_signed_up"] = true
set_flash_message :notice, :signed_up
sign_in_and_redirect(resource_name, resource)
else
render_with_scope :new
end
end
# GET /resource/edit
def edit
render_with_scope :edit
end
# PUT /resource
def update
if self.resource.update_with_password(params[resource_name])
set_flash_message :notice, :updated
redirect_to after_sign_in_path_for(self.resource)
else
render_with_scope :edit
end
end
# DELETE /resource
def destroy
self.resource.destroy
set_flash_message :notice, :destroyed
sign_out_and_redirect(self.resource)
end
protected
# Authenticates the current scope and dup the resource
def authenticate_scope!
send(:"authenticate_#{resource_name}!")
self.resource = send(:"current_#{resource_name}").dup
end
end

30
app/controllers/sessions_controller.rb
View File

@@ -1,33 +1,45 @@
class SessionsController < ApplicationController
include Devise::Controllers::Helpers
include Devise::Controllers::InternalHelpers
before_filter :require_no_authentication, :only => [ :new, :create ]
# GET /resource/sign_in
def new
Devise::FLASH_MESSAGES.each do |message|
set_now_flash_message :failure, message if params.try(:[], message) == "true"
unless resource_just_signed_up?
Devise::FLASH_MESSAGES.each do |message|
set_now_flash_message :alert, message if params.try(:[], message) == "true"
end
end
build_resource
render_with_scope :new
end
# POST /resource/sign_in
def create
if authenticate(resource_name)
set_flash_message :success, :signed_in
sign_in_and_redirect(resource_name)
if resource = authenticate(resource_name)
set_flash_message :notice, :signed_in
sign_in_and_redirect(resource_name, resource, true)
else
set_now_flash_message :failure, warden.message || :invalid
build_resource
set_now_flash_message :alert, (warden.message || :invalid)
clean_up_passwords(build_resource)
render_with_scope :new
end
end
# GET /resource/sign_out
def destroy
set_flash_message :success, :signed_out if signed_in?(resource_name)
set_flash_message :notice, :signed_out if signed_in?(resource_name)
sign_out_and_redirect(resource_name)
end
protected
def resource_just_signed_up?
flash[:"#{resource_name}_signed_up"]
end
def clean_up_passwords(object)
object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
end
end

33
app/controllers/unlocks_controller.rb Normal file
View File

@@ -0,0 +1,33 @@
class UnlocksController < ApplicationController
include Devise::Controllers::InternalHelpers
# GET /resource/unlock/new
def new
build_resource
render_with_scope :new
end
# POST /resource/unlock
def create
self.resource = resource_class.send_unlock_instructions(params[resource_name])
if resource.errors.empty?
set_flash_message :notice, :send_instructions
redirect_to new_session_path(resource_name)
else
render_with_scope :new
end
end
# GET /resource/unlock?unlock_token=abcdef
def show
self.resource = resource_class.unlock!(:unlock_token => params[:unlock_token])
if resource.errors.empty?
set_flash_message :notice, :unlocked
sign_in_and_redirect(resource_name, resource)
else
render_with_scope :new
end
end
end

12
app/models/devise_mailer.rb
View File

@@ -1,4 +1,5 @@
class DeviseMailer < ::ActionMailer::Base
extend Devise::Controllers::InternalHelpers::ScopedViews
# Deliver confirmation instructions when the user is created or its email is
# updated, and also when confirmation is manually requested
@@ -11,6 +12,10 @@ class DeviseMailer < ::ActionMailer::Base
setup_mail(record, :reset_password_instructions)
end
def unlock_instructions(record)
setup_mail(record, :unlock_instructions)
end
private
# Configure default email options
@@ -22,12 +27,12 @@ class DeviseMailer < ::ActionMailer::Base
from mailer_sender(mapping)
recipients record.email
sent_on Time.now
content_type 'text/html'
content_type Devise.mailer_content_type
body render_with_scope(key, mapping, mapping.name => record, :resource => record)
end
def render_with_scope(key, mapping, assigns)
if Devise.scoped_views
if self.class.scoped_views
begin
render :file => "devise_mailer/#{mapping.as}/#{key}", :body => assigns
rescue ActionView::MissingTemplate
@@ -40,7 +45,8 @@ class DeviseMailer < ::ActionMailer::Base
def mailer_sender(mapping)
if Devise.mailer_sender.is_a?(Proc)
Devise.mailer_sender.call(mapping.name)
block_args = mapping.name if Devise.mailer_sender.arity > 0
Devise.mailer_sender.call(block_args)
else
Devise.mailer_sender
end

6
app/views/confirmations/new.html.erb
View File

@@ -9,8 +9,4 @@
<p><%= f.submit "Resend confirmation instructions" %></p>
<% end %>
<%= link_to "Sign in", new_session_path(resource_name) %><br />
<%- if devise_mapping.recoverable? %>
<%= link_to "Forgot password?", new_password_path(resource_name) %><br />
<% end -%>
<%= render :partial => "shared/devise_links" %>

6
app/views/devise_mailer/confirmation_instructions.html.erb
View File

@@ -1,5 +1,5 @@
Welcome <%= @resource.email %>!
<p>Welcome <%= @resource.email %>!</p>
You can confirm your account through the link below:
<p>You can confirm your account through the link below:</p>
<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %>
<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %></p>

10
app/views/devise_mailer/reset_password_instructions.html.erb
View File

@@ -1,8 +1,8 @@
Hello <%= @resource.email %>!
<p>Hello <%= @resource.email %>!</p>
Someone has requested a link to change your password, and you can do this through the link below.
<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %>
<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
If you didn't request this, please ignore this email.
Your password won't change until you access the link above and create a new one.
<p>If you didn't request this, please ignore this email.</p>
<p>Your password won't change until you access the link above and create a new one.</p>

7
app/views/devise_mailer/unlock_instructions.html.erb Normal file
View File

@@ -0,0 +1,7 @@
<p>Hello <%= @resource.email %>!</p>
<p>Your account has been locked due to an excessive amount of unsuccessful sign in attempts.</p>
<p>Click the link below to unlock your account:</p>
<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p>

6
app/views/passwords/edit.html.erb
View File

@@ -13,8 +13,4 @@
<p><%= f.submit "Change my password" %></p>
<% end %>
<%= link_to "Sign in", new_session_path(resource_name) %><br />
<%- if devise_mapping.confirmable? %>
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
<% end -%>
<%= render :partial => "shared/devise_links" %>

6
app/views/passwords/new.html.erb
View File

@@ -9,8 +9,4 @@
<p><%= f.submit "Send me reset password instructions" %></p>
<% end %>
<%= link_to "Sign in", new_session_path(resource_name) %><br />
<%- if devise_mapping.confirmable? %>
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
<% end -%>
<%= render :partial => "shared/devise_links" %>

25
app/views/registrations/edit.html.erb Normal file
View File

@@ -0,0 +1,25 @@
<h2>Edit <%= resource_name.to_s.humanize %></h2>
<% form_for resource_name, resource, :url => registration_path(resource_name), :html => { :method => :put } do |f| -%>
<%= f.error_messages %>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.label :password %> <i>(leave blank if you don't want to change it)</i></p>
<p><%= f.password_field :password %></p>
<p><%= f.label :password_confirmation %></p>
<p><%= f.password_field :password_confirmation %></p>
<p><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i></p>
<p><%= f.password_field :current_password %></p>
<p><%= f.submit "Update" %></p>
<% end -%>
<h3>Cancel my account</h3>
<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>
<%= render :partial => "shared/devise_links" %>

17
app/views/registrations/new.html.erb Normal file
View File

@@ -0,0 +1,17 @@
<h2>Sign up</h2>
<% form_for resource_name, resource, :url => registration_path(resource_name) do |f| -%>
<%= f.error_messages %>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.label :password %></p>
<p><%= f.password_field :password %></p>
<p><%= f.label :password_confirmation %></p>
<p><%= f.password_field :password_confirmation %></p>
<p><%= f.submit "Sign up" %></p>
<% end -%>
<%= render :partial => "shared/devise_links" %>

26
app/views/sessions/new.html.erb
View File

@@ -1,25 +1,17 @@
<h2>Sign in</h2>
<%- if devise_mapping.authenticatable? %>
<% form_for resource_name, resource, :url => session_path(resource_name) do |f| -%>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<% form_for resource_name, resource, :url => session_path(resource_name) do |f| -%>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.label :password %></p>
<p><%= f.password_field :password %></p>
<p><%= f.label :password %></p>
<p><%= f.password_field :password %></p>
<% if devise_mapping.rememberable? -%>
<p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
<% end -%>
<p><%= f.submit "Sign in" %></p>
<% if devise_mapping.rememberable? -%>
<p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
<% end -%>
<% end%>
<%- if devise_mapping.recoverable? %>
<%= link_to "Forgot password?", new_password_path(resource_name) %><br />
<p><%= f.submit "Sign in" %></p>
<% end -%>
<%- if devise_mapping.confirmable? %>
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
<% end -%>
<%= render :partial => "shared/devise_links" %>

19
app/views/shared/_devise_links.erb Normal file
View File

@@ -0,0 +1,19 @@
<%- if controller_name != 'sessions' %>
<%= link_to t('devise.sessions.link'), new_session_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
<%= link_to t('devise.registrations.link'), new_registration_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
<%= link_to t('devise.passwords.link'), new_password_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
<%= link_to t('devise.confirmations.link'), new_confirmation_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.lockable? && controller_name != 'unlocks' %>
<%= link_to t('devise.unlocks.link'), new_unlock_path(resource_name) %><br />
<% end -%>

12
app/views/unlocks/new.html.erb Normal file
View File

@@ -0,0 +1,12 @@
<h2>Resend unlock instructions</h2>
<% form_for resource_name, resource, :url => unlock_path(resource_name) do |f| %>
<%= f.error_messages %>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.submit "Resend unlock instructions" %></p>
<% end %>
<%= render :partial => "shared/devise_links" %>

179
devise.gemspec Normal file
View File

@@ -0,0 +1,179 @@
# Generated by jeweler
# DO NOT EDIT THIS FILE DIRECTLY
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
# -*- encoding: utf-8 -*-
Gem::Specification.new do |s|
s.name = %q{devise}
s.version = "1.0.4"
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
s.authors = ["Jos\303\251 Valim", "Carlos Ant\303\264nio"]
s.date = %q{2010-03-03}
s.description = %q{Flexible authentication solution for Rails with Warden}
s.email = %q{contact@plataformatec.com.br}
s.extra_rdoc_files = [
"README.rdoc",
"TODO"
]
s.files = [
"CHANGELOG.rdoc",
"MIT-LICENSE",
"README.rdoc",
"Rakefile",
"TODO",
"app/controllers/confirmations_controller.rb",
"app/controllers/passwords_controller.rb",
"app/controllers/registrations_controller.rb",
"app/controllers/sessions_controller.rb",
"app/controllers/unlocks_controller.rb",
"app/models/devise_mailer.rb",
"app/views/confirmations/new.html.erb",
"app/views/devise_mailer/confirmation_instructions.html.erb",
"app/views/devise_mailer/reset_password_instructions.html.erb",
"app/views/devise_mailer/unlock_instructions.html.erb",
"app/views/passwords/edit.html.erb",
"app/views/passwords/new.html.erb",
"app/views/registrations/edit.html.erb",
"app/views/registrations/new.html.erb",
"app/views/sessions/new.html.erb",
"app/views/shared/_devise_links.erb",
"app/views/unlocks/new.html.erb",
"generators/devise/USAGE",
"generators/devise/devise_generator.rb",
"generators/devise/lib/route_devise.rb",
"generators/devise/templates/migration.rb",
"generators/devise/templates/model.rb",
"generators/devise_install/USAGE",
"generators/devise_install/devise_install_generator.rb",
"generators/devise_install/templates/README",
"generators/devise_install/templates/devise.rb",
"generators/devise_views/USAGE",
"generators/devise_views/devise_views_generator.rb",
"lib/devise.rb",
"lib/devise/controllers/helpers.rb",
"lib/devise/controllers/internal_helpers.rb",
"lib/devise/controllers/url_helpers.rb",
"lib/devise/encryptors/authlogic_sha512.rb",
"lib/devise/encryptors/base.rb",
"lib/devise/encryptors/bcrypt.rb",
"lib/devise/encryptors/clearance_sha1.rb",
"lib/devise/encryptors/restful_authentication_sha1.rb",
"lib/devise/encryptors/sha1.rb",
"lib/devise/encryptors/sha512.rb",
"lib/devise/failure_app.rb",
"lib/devise/hooks/activatable.rb",
"lib/devise/hooks/rememberable.rb",
"lib/devise/hooks/timeoutable.rb",
"lib/devise/hooks/trackable.rb",
"lib/devise/locales/en.yml",
"lib/devise/mapping.rb",
"lib/devise/models.rb",
"lib/devise/models/activatable.rb",
"lib/devise/models/authenticatable.rb",
"lib/devise/models/confirmable.rb",
"lib/devise/models/http_authenticatable.rb",
"lib/devise/models/lockable.rb",
"lib/devise/models/recoverable.rb",
"lib/devise/models/registerable.rb",
"lib/devise/models/rememberable.rb",
"lib/devise/models/timeoutable.rb",
"lib/devise/models/token_authenticatable.rb",
"lib/devise/models/trackable.rb",
"lib/devise/models/validatable.rb",
"lib/devise/orm/active_record.rb",
"lib/devise/orm/data_mapper.rb",
"lib/devise/orm/mongo_mapper.rb",
"lib/devise/rails.rb",
"lib/devise/rails/routes.rb",
"lib/devise/rails/warden_compat.rb",
"lib/devise/schema.rb",
"lib/devise/strategies/authenticatable.rb",
"lib/devise/strategies/base.rb",
"lib/devise/strategies/http_authenticatable.rb",
"lib/devise/strategies/rememberable.rb",
"lib/devise/strategies/token_authenticatable.rb",
"lib/devise/test_helpers.rb",
"lib/devise/version.rb",
"rails/init.rb"
]
s.homepage = %q{http://github.com/plataformatec/devise}
s.rdoc_options = ["--charset=UTF-8"]
s.require_paths = ["lib"]
s.rubygems_version = %q{1.3.5}
s.summary = %q{Flexible authentication solution for Rails with Warden}
s.test_files = [
"test/controllers/helpers_test.rb",
"test/controllers/internal_helpers_test.rb",
"test/controllers/url_helpers_test.rb",
"test/devise_test.rb",
"test/encryptors_test.rb",
"test/failure_app_test.rb",
"test/integration/authenticatable_test.rb",
"test/integration/confirmable_test.rb",
"test/integration/http_authenticatable_test.rb",
"test/integration/lockable_test.rb",
"test/integration/recoverable_test.rb",
"test/integration/registerable_test.rb",
"test/integration/rememberable_test.rb",
"test/integration/timeoutable_test.rb",
"test/integration/token_authenticatable_test.rb",
"test/integration/trackable_test.rb",
"test/mailers/confirmation_instructions_test.rb",
"test/mailers/reset_password_instructions_test.rb",
"test/mailers/unlock_instructions_test.rb",
"test/mapping_test.rb",
"test/models/authenticatable_test.rb",
"test/models/confirmable_test.rb",
"test/models/lockable_test.rb",
"test/models/recoverable_test.rb",
"test/models/rememberable_test.rb",
"test/models/timeoutable_test.rb",
"test/models/token_authenticatable_test.rb",
"test/models/trackable_test.rb",
"test/models/validatable_test.rb",
"test/models_test.rb",
"test/orm/active_record.rb",
"test/orm/mongo_mapper.rb",
"test/rails_app/app/active_record/admin.rb",
"test/rails_app/app/active_record/user.rb",
"test/rails_app/app/controllers/admins_controller.rb",
"test/rails_app/app/controllers/application_controller.rb",
"test/rails_app/app/controllers/home_controller.rb",
"test/rails_app/app/controllers/users_controller.rb",
"test/rails_app/app/helpers/application_helper.rb",
"test/rails_app/app/mongo_mapper/admin.rb",
"test/rails_app/app/mongo_mapper/user.rb",
"test/rails_app/config/boot.rb",
"test/rails_app/config/environment.rb",
"test/rails_app/config/environments/development.rb",
"test/rails_app/config/environments/production.rb",
"test/rails_app/config/environments/test.rb",
"test/rails_app/config/initializers/devise.rb",
"test/rails_app/config/initializers/inflections.rb",
"test/rails_app/config/initializers/new_rails_defaults.rb",
"test/rails_app/config/initializers/session_store.rb",
"test/rails_app/config/routes.rb",
"test/routes_test.rb",
"test/support/assertions_helper.rb",
"test/support/integration_tests_helper.rb",
"test/support/test_silencer.rb",
"test/support/tests_helper.rb",
"test/test_helper.rb",
"test/test_helpers_test.rb"
]
if s.respond_to? :specification_version then
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
s.specification_version = 3
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
s.add_runtime_dependency(%q<warden>, ["~> 0.9.4"])
else
s.add_dependency(%q<warden>, ["~> 0.9.4"])
end
else
s.add_dependency(%q<warden>, ["~> 0.9.4"])
end
end

2
generators/devise/templates/migration.rb
View File

@@ -6,6 +6,7 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
t.recoverable
t.rememberable
t.trackable
# t.lockable
t.timestamps
end
@@ -13,6 +14,7 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
add_index :<%= table_name %>, :email, :unique => true
add_index :<%= table_name %>, :confirmation_token, :unique => true
add_index :<%= table_name %>, :reset_password_token, :unique => true
# add_index :<%= table_name %>, :unlock_token, :unique => true
end
def self.down

6
generators/devise/templates/model.rb
View File

@@ -1,5 +1,9 @@
class <%= class_name %> < ActiveRecord::Base
devise :all
# Include default devise modules. Others available are:
# :http_authenticatable, :token_authenticatable, :lockable, :timeoutable and :activatable
devise :registerable, :authenticatable, :confirmable, :recoverable,
:rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation
end

41
generators/devise_install/templates/devise.rb
View File

@@ -1,18 +1,13 @@
# Use this hook to configure devise mailer, warden hooks and so forth. The first
# four configuration values can also be set straight in your models.
Devise.setup do |config|
# Configure Devise modules used by default. You should always set this value
# because if Devise adds a new strategy, it won't be added to your application
# by default, unless you configure it here.
#
# Remember that Devise includes other modules on its own (like :activatable
# and :timeoutable) which are not included here and also plugins. So be sure
# to check the docs for a complete set.
config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable]
# Configure the e-mail address which will be shown in DeviseMailer.
config.mailer_sender = "please-change-me@config-initializers-devise.com"
# Configure the content type of DeviseMailer mails (defaults to text/html")
# config.mailer_content_type = "text/plain"
# ==> Configuration for :authenticatable
# Invoke `rake secret` and use the printed value to setup a pepper to generate
# the encrypted password. By default no pepper is used.
# config.pepper = "rake secret output"
@@ -34,18 +29,43 @@ Devise.setup do |config|
# session. If you need permissions, you should implement that in a before filter.
# config.authentication_keys = [ :email ]
# The realm used in Http Basic Authentication
# config.http_authentication_realm = "Application"
# ==> Configuration for :confirmable
# The time you want give to your user to confirm his account. During this time
# he will be able to access your application without confirming. Default is nil.
# config.confirm_within = 2.days
# ==> Configuration for :rememberable
# The time the user will be remembered without asking for credentials again.
# config.remember_for = 2.weeks
# ==> Configuration for :timeoutable
# The time you want to timeout the user session without activity. After this
# time the user will be asked for credentials again.
# config.timeout_in = 10.minutes
# Load and configure the ORM. Supports :active_record, :data_mapper and :mongo_mapper.
# ==> Configuration for :lockable
# Number of authentication tries before locking an account.
# config.maximum_attempts = 20
# Defines which strategy will be used to unlock an account.
# :email = Sends an unlock link to the user email
# :time = Reanables login after a certain ammount of time (see :unlock_in below)
# :both = enables both strategies
# config.unlock_strategy = :both
# Time interval to unlock the account if :time is enabled as unlock_strategy.
# config.unlock_in = 1.hour
# ==> Configuration for :token_authenticatable
# Defines name of the authentication token params key
# config.token_authentication_key = :auth_token
# ==> General configuration
# Load and configure the ORM. Supports :active_record (default), :mongo_mapper
# (requires mongo_ext installed) and :data_mapper (experimental).
# require 'devise/orm/mongo_mapper'
# config.orm = :mongo_mapper
@@ -79,7 +99,6 @@ Devise.setup do |config|
# Configure default_url_options if you are using dynamic segments in :path_prefix
# for devise_for.
#
# config.default_url_options do
# { :locale => I18n.locale }
# end

120
lib/devise.rb
View File

@@ -1,12 +1,12 @@
module Devise
autoload :FailureApp, 'devise/failure_app'
autoload :Mapping, 'devise/mapping'
autoload :Models, 'devise/models'
autoload :Schema, 'devise/schema'
autoload :TestHelpers, 'devise/test_helpers'
module Controllers
autoload :Filters, 'devise/controllers/filters'
autoload :Helpers, 'devise/controllers/helpers'
autoload :InternalHelpers, 'devise/controllers/internal_helpers'
autoload :UrlHelpers, 'devise/controllers/url_helpers'
end
@@ -14,7 +14,7 @@ module Devise
autoload :Base, 'devise/encryptors/base'
autoload :Bcrypt, 'devise/encryptors/bcrypt'
autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
autoload :AuthlogicSha1, 'devise/encryptors/authlogic_sha1'
autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1'
autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
autoload :Sha512, 'devise/encryptors/sha512'
autoload :Sha1, 'devise/encryptors/sha1'
@@ -26,22 +26,38 @@ module Devise
autoload :MongoMapper, 'devise/orm/mongo_mapper'
end
ALL = [:authenticatable, :activatable, :confirmable, :recoverable, :rememberable,
:timeoutable, :trackable, :validatable]
ALL = []
# Maps controller names to devise modules
# Authentication ones first
ALL.push :authenticatable, :http_authenticatable, :token_authenticatable, :rememberable
# Misc after
ALL.push :recoverable, :registerable, :validatable
# The ones which can sign out after
ALL.push :activatable, :confirmable, :lockable, :timeoutable
# Stats for last, so we make sure the user is really signed in
ALL.push :trackable
# Maps controller names to devise modules.
CONTROLLERS = {
:sessions => [:authenticatable],
:sessions => [:authenticatable, :token_authenticatable],
:passwords => [:recoverable],
:confirmations => [:confirmable]
:confirmations => [:confirmable],
:registrations => [:registerable],
:unlocks => [:lockable]
}
STRATEGIES = [:authenticatable]
SERIALIZERS = [:session, :cookie]
# Routes for generating url helpers.
ROUTES = [:session, :password, :confirmation, :registration, :unlock]
STRATEGIES = [:rememberable, :http_authenticatable, :token_authenticatable, :authenticatable]
TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
# Maps the messages types that are used in flash message.
FLASH_MESSAGES = [ :unauthenticated, :unconfirmed, :invalid, :timeout, :inactive ]
FLASH_MESSAGES = [:unauthenticated, :unconfirmed, :invalid, :invalid_token, :timeout, :inactive, :locked]
# Declare encryptors length which are used in migrations.
ENCRYPTORS_LENGTH = {
@@ -53,8 +69,8 @@ module Devise
:bcrypt => 60
}
# Email regex used to validate email formats. Retrieved from authlogic.
EMAIL_REGEX = /\A[\w\.%\+\-]+@(?:[A-Z0-9\-]+\.)+(?:[A-Z]{2,4}|museum|travel)\z/i
# Email regex used to validate email formats. Adapted from authlogic.
EMAIL_REGEX = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
# Used to encrypt password. Please generate one with rake secret.
mattr_accessor :pepper
@@ -86,15 +102,15 @@ module Devise
# Store scopes mappings.
mattr_accessor :mappings
@@mappings = {}
@@mappings = ActiveSupport::OrderedHash.new
# Stores the chosen ORM.
mattr_accessor :orm
@@orm = :active_record
# Configure default options used in :all.
# TODO Remove
mattr_accessor :all
@@all = Devise::ALL.dup
@@all = []
# Tells if devise should apply the schema in ORMs where devise declaration
# and schema belongs to the same class (as Datamapper and MongoMapper).
@@ -106,9 +122,22 @@ module Devise
mattr_accessor :scoped_views
@@scoped_views = false
# Number of authentication tries before locking an account
mattr_accessor :maximum_attempts
@@maximum_attempts = 20
# Defines which strategy can be used to unlock an account.
# Values: :email, :time, :both
mattr_accessor :unlock_strategy
@@unlock_strategy = :both
# Time interval to unlock the account if :time is defined as unlock_strategy.
mattr_accessor :unlock_in
@@unlock_in = 1.hour
# Tell when to use the default scope, if one cannot be found from routes.
mattr_accessor :use_default_scope
@@use_default_scope
@@use_default_scope = false
# The default scope which is used by warden.
mattr_accessor :default_scope
@@ -116,7 +145,19 @@ module Devise
# Address which sends Devise e-mails.
mattr_accessor :mailer_sender
@@mailer_sender
@@mailer_sender = nil
# Content Type of Devise e-mails.
mattr_accessor :mailer_content_type
@@mailer_content_type = 'text/html'
# Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
mattr_accessor :token_authentication_key
@@token_authentication_key = :auth_token
# The realm used in Http Basic Authentication
mattr_accessor :http_authentication_realm
@@http_authentication_realm = "Application"
class << self
# Default way to setup Devise. Run script/generate devise_install to create
@@ -149,10 +190,8 @@ module Devise
# block.
def configure_warden(config) #:nodoc:
config.default_strategies *Devise::STRATEGIES
config.default_serializers *Devise::SERIALIZERS
config.failure_app = Devise::FailureApp
config.silence_missing_strategies!
config.silence_missing_serializers!
config.default_scope = Devise.default_scope
# If the user provided a warden hook, call it now.
@@ -168,6 +207,42 @@ module Devise
def friendly_token
ActiveSupport::SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
end
# Make Devise aware of an 3rd party Devise-module. For convenience.
#
# == Options:
#
# +strategy+ - Boolean value representing if this module got a custom *strategy*.
# Default is +false+. Note: Devise will auto-detect this in such case if this is true.
# +model+ - String representing a load path to a custom *model* for this module (to autoload).
# Default is +nil+ (i.e. +false+).
# +controller+ - Symbol representing a name of an exisiting or custom *controller* for this module.
# Default is +nil+ (i.e. +false+).
#
# == Examples:
#
# Devise.add_module(:party_module)
# Devise.add_module(:party_module, :strategy => true, :controller => :sessions)
# Devise.add_module(:party_module, :model => 'party_module/model')
#
def add_module(module_name, options = {})
Devise::ALL.unshift module_name unless Devise::ALL.include?(module_name)
Devise::STRATEGIES.unshift module_name if options[:strategy] && !Devise::STRATEGIES.include?(module_name)
if options[:controller]
controller = options[:controller].to_sym
Devise::CONTROLLERS[controller] ||= []
Devise::CONTROLLERS[controller].unshift module_name unless Devise::CONTROLLERS[controller].include?(module_name)
end
if options[:model]
Devise::Models.module_eval do
autoload :"#{module_name.to_s.classify}", options[:model]
end
end
Devise::Mapping.register module_name
end
end
end
@@ -178,8 +253,5 @@ rescue
require 'warden'
end
# Clear some Warden default configuration which will be overwritten
Warden::Strategies.clear!
Warden::Serializers.clear!
require 'devise/mapping'
require 'devise/rails'

186
lib/devise/controllers/filters.rb
View File

@@ -1,186 +0,0 @@
module Devise
module Controllers
# Those filters are convenience methods added to ApplicationController to
# deal with Warden.
module Filters
def self.included(base)
base.class_eval do
helper_method :warden, :signed_in?, :devise_controller?,
*Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
# Use devise default_url_options. We have to declare it here to overwrite
# default definitions.
def default_url_options(options=nil)
Devise::Mapping.default_url_options
end
end
end
# The main accessor for the warden proxy instance
def warden
request.env['warden']
end
# Return true if it's a devise_controller. false to all controllers unless
# the controllers defined inside devise. Useful if you want to apply a before
# filter to all controller, except the ones in devise:
#
# before_filter :my_filter, :unless => { |c| c.devise_controller? }
def devise_controller?
false
end
# Attempts to authenticate the given scope by running authentication hooks,
# but does not redirect in case of failures.
def authenticate(scope)
warden.authenticate(:scope => scope)
end
# Attempts to authenticate the given scope by running authentication hooks,
# redirecting in case of failures.
def authenticate!(scope)
warden.authenticate!(:scope => scope)
end
# Check if the given scope is signed in session, without running
# authentication hooks.
def signed_in?(scope)
warden.authenticated?(scope)
end
# Sign in an user that already was authenticated. This helper is useful for logging
# users in after sign up.
#
# Examples:
#
# sign_in :user, @user # sign_in(scope, resource)
# sign_in @user # sign_in(resource)
#
def sign_in(resource_or_scope, resource=nil)
scope ||= Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
warden.set_user(resource, :scope => scope)
end
# Sign out a given user or scope. This helper is useful for signing out an user
# after deleting accounts.
#
# Examples:
#
# sign_out :user # sign_out(scope)
# sign_out @user # sign_out(resource)
#
def sign_out(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
warden.user(scope) # Without loading user here, before_logout hook is not called
warden.raw_session.inspect # Without this inspect here. The session does not clear.
warden.logout(scope)
end
# Returns and delete the url stored in the session for the given scope. Useful
# for giving redirect backs after sign up:
#
# Example:
#
# redirect_to stored_location_for(:user) || root_path
#
def stored_location_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
session.delete(:"#{scope}.return_to")
end
# The default url to be used after signing in. This is used by all Devise
# controllers and you can overwrite it in your ApplicationController to
# provide a custom hook for a custom resource.
#
# By default, it first tries to find a resource_root_path, otherwise it
# uses the root path. For a user scope, you can define the default url in
# the following way:
#
# map.user_root '/users', :controller => 'users' # creates user_root_path
#
# map.resources :users do |users|
# users.root # creates user_root_path
# end
#
# If none of these are defined, root_path is used.
def after_sign_in_path_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
home_path = :"#{scope}_root_path"
respond_to?(home_path, true) ? send(home_path) : root_path
end
# The default to be used after signing out. This is used by all Devise
# controllers and you can overwrite it in your ApplicationController to
# provide a custom hook for a custom resource.
#
# By default is the root_path.
def after_sign_out_path_for(resource_or_scope)
root_path
end
# Sign in an user and tries to redirect first to the stored location and
# then to the url specified by after_sign_in_path_for.
#
# If just a symbol is given, consider that the user was already signed in
# through other means and just perform the redirection.
def sign_in_and_redirect(*args)
sign_in(*args) unless args.size == 1 && args.first.is_a?(Symbol)
redirect_to stored_location_for(args.first) || after_sign_in_path_for(args.first)
end
# Sign out an user and tries to redirect to the url specified by
# after_sign_out_path_for.
def sign_out_and_redirect(resource_or_scope)
sign_out(resource_or_scope)
redirect_to after_sign_out_path_for(resource_or_scope)
end
# Define authentication filters and accessor helpers based on mappings.
# These filters should be used inside the controllers as before_filters,
# so you can control the scope of the user who should be signed in to
# access that specific controller/action.
# Example:
#
# Maps:
# User => :authenticatable
# Admin => :authenticatable
#
# Generated methods:
# authenticate_user! # Signs user in or redirect
# authenticate_admin! # Signs admin in or redirect
# user_signed_in? # Checks whether there is an user signed in or not
# admin_signed_in? # Checks whether there is an admin signed in or not
# current_user # Current signed in user
# current_admin # Currend signed in admin
# user_session # Session data available only to the user scope
# admin_session # Session data available only to the admin scope
#
# Use:
# before_filter :authenticate_user! # Tell devise to use :user map
# before_filter :authenticate_admin! # Tell devise to use :admin map
#
Devise.mappings.each_key do |mapping|
class_eval <<-METHODS, __FILE__, __LINE__
def authenticate_#{mapping}!
warden.authenticate!(:scope => :#{mapping})
end
def #{mapping}_signed_in?
warden.authenticated?(:#{mapping})
end
def current_#{mapping}
@current_#{mapping} ||= warden.user(:#{mapping})
end
def #{mapping}_session
warden.session(:#{mapping})
end
METHODS
end
end
end
end

250
lib/devise/controllers/helpers.rb
View File

@@ -1,118 +1,198 @@
module Devise
module Controllers
# Those helpers are used only inside Devise controllers and should not be
# included in ApplicationController since they all depend on the url being
# accessed.
# Those helpers are convenience methods added to ApplicationController.
module Helpers
def self.included(base)
base.class_eval do
unloadable
helper_method :warden, :signed_in?, :devise_controller?,
*Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
helper_method :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
hide_action :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
before_filter :is_devise_resource?
# Use devise default_url_options. We have to declare it here to overwrite
# default definitions.
def default_url_options(options=nil)
Devise::Mapping.default_url_options
end
end
end
# Gets the actual resource stored in the instance variable
def resource
instance_variable_get(:"@#{resource_name}")
# The main accessor for the warden proxy instance
def warden
request.env['warden']
end
# Proxy to devise map name
def resource_name
devise_mapping.name
end
alias :scope_name :resource_name
# Proxy to devise map class
def resource_class
devise_mapping.to
end
# Attempt to find the mapped route for devise based on request path
def devise_mapping
@devise_mapping ||= begin
mapping = Devise::Mapping.find_by_path(request.path)
mapping ||= Devise.mappings[Devise.default_scope] if Devise.use_default_scope
mapping
end
end
# Overwrites devise_controller? to return true
# Return true if it's a devise_controller. false to all controllers unless
# the controllers defined inside devise. Useful if you want to apply a before
# filter to all controller, except the ones in devise:
#
# before_filter :my_filter, :unless => { |c| c.devise_controller? }
def devise_controller?
true
false
end
protected
# Checks whether it's a devise mapped resource or not.
def is_devise_resource? #:nodoc:
raise ActionController::UnknownAction unless devise_mapping && devise_mapping.allows?(controller_name)
# Attempts to authenticate the given scope by running authentication hooks,
# but does not redirect in case of failures.
def authenticate(scope)
warden.authenticate(:scope => scope)
end
# Sets the resource creating an instance variable
def resource=(new_resource)
instance_variable_set(:"@#{resource_name}", new_resource)
# Attempts to authenticate the given scope by running authentication hooks,
# redirecting in case of failures.
def authenticate!(scope)
warden.authenticate!(:scope => scope)
end
# Build a devise resource without setting password and password confirmation fields.
def build_resource
self.resource ||= begin
attributes = params[resource_name].try(:except, :password, :password_confirmation)
resource_class.new(attributes || {})
end
# Check if the given scope is signed in session, without running
# authentication hooks.
def signed_in?(scope)
warden.authenticate?(:scope => scope)
end
# Helper for use in before_filters where no authentication is required.
# Sign in an user that already was authenticated. This helper is useful for logging
# users in after sign up.
#
# Examples:
#
# sign_in :user, @user # sign_in(scope, resource)
# sign_in @user # sign_in(resource)
#
def sign_in(resource_or_scope, resource=nil)
scope = Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
warden.set_user(resource, :scope => scope)
end
# Sign out a given user or scope. This helper is useful for signing out an user
# after deleting accounts.
#
# Examples:
#
# sign_out :user # sign_out(scope)
# sign_out @user # sign_out(resource)
#
def sign_out(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
warden.user(scope) # Without loading user here, before_logout hook is not called
warden.raw_session.inspect # Without this inspect here. The session does not clear.
warden.logout(scope)
end
# Returns and delete the url stored in the session for the given scope. Useful
# for giving redirect backs after sign up:
#
# Example:
# before_filter :require_no_authentication, :only => :new
def require_no_authentication
redirect_to after_sign_in_path_for(resource_name) if warden.authenticated?(resource_name)
end
# Sets the flash message with :key, using I18n. By default you are able
# to setup your messages using specific resource scope, and if no one is
# found we look to default scope.
# Example (i18n locale file):
#
# en:
# devise:
# passwords:
# #default_scope_messages - only if resource_scope is not found
# user:
# #resource_scope_messages
# redirect_to stored_location_for(:user) || root_path
#
# Please refer to README or en.yml locale file to check what messages are
# available.
def set_flash_message(key, kind, now=false)
flash_hash = now ? flash.now : flash
flash_hash[key] = I18n.t(:"#{resource_name}.#{kind}",
:scope => [:devise, controller_name.to_sym], :default => kind)
def stored_location_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
session.delete(:"#{scope}.return_to")
end
# Shortcut to set flash.now message. Same rules applied from set_flash_message
def set_now_flash_message(key, kind)
set_flash_message(key, kind, true)
# The default url to be used after signing in. This is used by all Devise
# controllers and you can overwrite it in your ApplicationController to
# provide a custom hook for a custom resource.
#
# By default, it first tries to find a resource_root_path, otherwise it
# uses the root path. For a user scope, you can define the default url in
# the following way:
#
# map.user_root '/users', :controller => 'users' # creates user_root_path
#
# map.resources :users do |users|
# users.root # creates user_root_path
# end
#
#
# If none of these are defined, root_path is used. However, if this default
# is not enough, you can customize it, for example:
#
# def after_sign_in_path_for(resource)
# if resource.is_a?(User) && resource.can_publish?
# publisher_url
# else
# super
# end
# end
#
def after_sign_in_path_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
home_path = :"#{scope}_root_path"
respond_to?(home_path, true) ? send(home_path) : root_path
end
# Render a view for the specified scope. Turned off by default.
# Accepts just :controller as option.
def render_with_scope(action, options={})
controller_name = options.delete(:controller) || self.controller_name
if Devise.scoped_views
begin
render :template => "#{controller_name}/#{devise_mapping.as}/#{action}"
rescue ActionView::MissingTemplate
render action, :controller => controller_name
# Method used by sessions controller to sign out an user. You can overwrite
# it in your ApplicationController to provide a custom hook for a custom
# scope. Notice that differently from +after_sign_in_path_for+ this method
# receives a symbol with the scope, and not the resource.
#
# By default is the root_path.
def after_sign_out_path_for(resource_or_scope)
root_path
end
# Sign in an user and tries to redirect first to the stored location and
# then to the url specified by after_sign_in_path_for.
#
# If just a symbol is given, consider that the user was already signed in
# through other means and just perform the redirection.
def sign_in_and_redirect(resource_or_scope, resource=nil, skip=false)
scope = Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
sign_in(scope, resource) unless skip
redirect_to stored_location_for(scope) || after_sign_in_path_for(resource)
end
# Sign out an user and tries to redirect to the url specified by
# after_sign_out_path_for.
def sign_out_and_redirect(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
sign_out(scope)
redirect_to after_sign_out_path_for(scope)
end
# Define authentication filters and accessor helpers based on mappings.
# These filters should be used inside the controllers as before_filters,
# so you can control the scope of the user who should be signed in to
# access that specific controller/action.
# Example:
#
# Maps:
# User => :authenticatable
# Admin => :authenticatable
#
# Generated methods:
# authenticate_user! # Signs user in or redirect
# authenticate_admin! # Signs admin in or redirect
# user_signed_in? # Checks whether there is an user signed in or not
# admin_signed_in? # Checks whether there is an admin signed in or not
# current_user # Current signed in user
# current_admin # Currend signed in admin
# user_session # Session data available only to the user scope
# admin_session # Session data available only to the admin scope
#
# Use:
# before_filter :authenticate_user! # Tell devise to use :user map
# before_filter :authenticate_admin! # Tell devise to use :admin map
#
Devise.mappings.each_key do |mapping|
class_eval <<-METHODS, __FILE__, __LINE__ + 1
def authenticate_#{mapping}!
warden.authenticate!(:scope => :#{mapping})
end
else
render action, :controller => controller_name
end
def #{mapping}_signed_in?
warden.authenticate?(:scope => :#{mapping})
end
def current_#{mapping}
@current_#{mapping} ||= warden.authenticate(:scope => :#{mapping})
end
def #{mapping}_session
current_#{mapping} && warden.session(:#{mapping})
end
METHODS
end
end

129
lib/devise/controllers/internal_helpers.rb Normal file
View File

@@ -0,0 +1,129 @@
module Devise
module Controllers
# Those helpers are used only inside Devise controllers and should not be
# included in ApplicationController since they all depend on the url being
# accessed.
module InternalHelpers #:nodoc:
def self.included(base)
base.class_eval do
extend ScopedViews
unloadable
helper_method :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
hide_action :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
before_filter :is_devise_resource?
end
end
module ScopedViews
def scoped_views
defined?(@scoped_views) ? @scoped_views : Devise.scoped_views
end
def scoped_views=(value)
@scoped_views = value
end
end
# Gets the actual resource stored in the instance variable
def resource
instance_variable_get(:"@#{resource_name}")
end
# Proxy to devise map name
def resource_name
devise_mapping.name
end
alias :scope_name :resource_name
# Proxy to devise map class
def resource_class
devise_mapping.to
end
# Attempt to find the mapped route for devise based on request path
def devise_mapping
@devise_mapping ||= begin
mapping = Devise::Mapping.find_by_path(request.path)
mapping ||= Devise.mappings[Devise.default_scope] if Devise.use_default_scope
mapping
end
end
# Overwrites devise_controller? to return true
def devise_controller?
true
end
protected
# Checks whether it's a devise mapped resource or not.
def is_devise_resource? #:nodoc:
raise ActionController::UnknownAction unless devise_mapping && devise_mapping.allows?(controller_name)
end
# Sets the resource creating an instance variable
def resource=(new_resource)
instance_variable_set(:"@#{resource_name}", new_resource)
end
# Build a devise resource.
def build_resource
self.resource ||= resource_class.new(params[resource_name] || {})
end
# Helper for use in before_filters where no authentication is required.
#
# Example:
# before_filter :require_no_authentication, :only => :new
def require_no_authentication
redirect_to after_sign_in_path_for(resource_name) if warden.authenticated?(resource_name)
end
# Sets the flash message with :key, using I18n. By default you are able
# to setup your messages using specific resource scope, and if no one is
# found we look to default scope.
# Example (i18n locale file):
#
# en:
# devise:
# passwords:
# #default_scope_messages - only if resource_scope is not found
# user:
# #resource_scope_messages
#
# Please refer to README or en.yml locale file to check what messages are
# available.
def set_flash_message(key, kind, now=false)
flash_hash = now ? flash.now : flash
flash_hash[key] = I18n.t(:"#{resource_name}.#{kind}",
:scope => [:devise, controller_name.to_sym], :default => kind)
end
# Shortcut to set flash.now message. Same rules applied from set_flash_message
def set_now_flash_message(key, kind)
set_flash_message(key, kind, true)
end
# Render a view for the specified scope. Turned off by default.
# Accepts just :controller as option.
def render_with_scope(action, options={})
controller_name = options.delete(:controller) || self.controller_name
if self.class.scoped_views
begin
render :template => "#{controller_name}/#{devise_mapping.as}/#{action}"
rescue ActionView::MissingTemplate
render action, :controller => controller_name
end
else
render action, :controller => controller_name
end
end
end
end
end

22
lib/devise/controllers/url_helpers.rb
View File

@@ -19,25 +19,17 @@ module Devise
# Those helpers are added to your ApplicationController.
module UrlHelpers
[:session, :password, :confirmation].each do |module_name|
Devise::ROUTES.each do |module_name|
[:path, :url].each do |path_or_url|
actions = [ nil, :new_ ]
actions << :edit_ if module_name == :password
actions << :destroy_ if module_name == :session
actions << :edit_ if [:password, :registration].include?(module_name)
actions << :destroy_ if [:session].include?(module_name)
actions.each do |action|
class_eval <<-URL_HELPERS
def #{action}#{module_name}_#{path_or_url}(resource, *args)
resource = case resource
when Symbol, String
resource
when Class
resource.name.underscore
else
resource.class.name.underscore
end
send("#{action}\#{resource}_#{module_name}_#{path_or_url}", *args)
class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
def #{action}#{module_name}_#{path_or_url}(resource_or_scope, *args)
scope = Devise::Mapping.find_scope!(resource_or_scope)
send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
end
URL_HELPERS
end

4
lib/devise/encryptors/bcrypt.rb
View File

@@ -2,10 +2,10 @@ require "bcrypt"
module Devise
module Encryptors
# = BCrypt
# = BCrypt
# Uses the BCrypt hash algorithm to encrypt passwords.
class Bcrypt < Base
# Gererates a default password digest based on stretches, salt, pepper and the
# incoming password. We don't strech it ourselves since BCrypt does so internally.
def self.digest(password, stretches, salt, pepper)

2
lib/devise/failure_app.rb
View File

@@ -59,7 +59,7 @@ module Devise
# yet, but we still need to store the uri based on scope, so different scopes
# would never use the same uri to redirect.
def store_location!(scope)
session[:"#{scope}.return_to"] ||= request.request_uri if request && request.get?
session[:"#{scope}.return_to"] = request.request_uri if request && request.get?
end
end
end

5
lib/devise/hooks/activatable.rb
View File

@@ -1,7 +1,4 @@
# Each time the user is set we verify if it is still able to really sign in.
# This is done by checking the time frame the user is able to sign in without
# confirming it's account. If the user has not confirmed it's account during
# this time frame, he/she will not able to sign in anymore.
# Deny user access whenever his account is not active yet.
Warden::Manager.after_set_user do |record, warden, options|
if record && record.respond_to?(:active?) && !record.active?
scope = options[:scope]

32
lib/devise/hooks/rememberable.rb Normal file
View File

@@ -0,0 +1,32 @@
# After authenticate hook to verify if the user in the given scope asked to be
# remembered while he does not sign out. Generates a new remember token for
# that specific user and adds a cookie with this user info to sign in this user
# automatically without asking for credentials. Refer to rememberable strategy
# for more info.
Warden::Manager.prepend_after_authentication do |record, warden, options|
scope = options[:scope]
remember_me = warden.params[scope].try(:fetch, :remember_me, nil)
if Devise::TRUE_VALUES.include?(remember_me) &&
warden.authenticated?(scope) && record.respond_to?(:remember_me!)
record.remember_me!
warden.response.set_cookie "remember_#{scope}_token", {
:value => record.class.serialize_into_cookie(record),
:expires => record.remember_expires_at,
:path => "/"
}
end
end
# Before logout hook to forget the user in the given scope, only if rememberable
# is activated for this scope. Also clear remember token to ensure the user
# won't be remembered again.
# Notice that we forget the user if the record is frozen. This usually means the
# user was just deleted.
Warden::Manager.before_logout do |record, warden, scope|
if record.respond_to?(:forget_me!)
record.forget_me! unless record.frozen?
warden.response.delete_cookie "remember_#{scope}_token"
end
end

6
lib/devise/hooks/timeoutable.rb
View File

@@ -5,12 +5,14 @@
# verify timeout in the following request.
Warden::Manager.after_set_user do |record, warden, options|
scope = options[:scope]
if record && record.respond_to?(:timeout?) && warden.authenticated?(scope)
if record && record.respond_to?(:timedout?) && warden.authenticated?(scope)
last_request_at = warden.session(scope)['last_request_at']
if record.timeout?(last_request_at)
if record.timedout?(last_request_at)
warden.logout(scope)
throw :warden, :scope => scope, :message => :timeout
end
warden.session(scope)['last_request_at'] = Time.now.utc
end
end

16
lib/devise/locales/en.yml
View File

@@ -1,21 +1,35 @@
en:
devise:
sessions:
link: 'Sign in'
signed_in: 'Signed in successfully.'
signed_out: 'Signed out successfully.'
unauthenticated: 'You need to sign in or sign up before continuing.'
unconfirmed: 'You have to confirm your account before continuing.'
locked: 'Your account is locked.'
invalid: 'Invalid email or password.'
invalid_token: 'Invalid authentication token.'
timeout: 'Your session expired, please sign in again to continue.'
inactive: 'Your account was not activated yet.'
passwords:
link: 'Forgot password?'
send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
updated: 'Your password was changed successfully. You are now signed in.'
confirmations:
link: "Didn't receive confirmation instructions?"
send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
confirmed: 'Your account was successfully confirmed. You are now signed in.'
registrations:
link: 'Sign up'
signed_up: 'You have signed up successfully.'
updated: 'You updated your account successfully.'
destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
unlocks:
link: "Didn't receive unlock instructions?"
send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
unlocked: 'Your account was successfully unlocked. You are now signed in.'
mailer:
confirmation_instructions: 'Confirmation instructions'
reset_password_instructions: 'Reset password instructions'
unlock_instructions: 'Unlock Instructions'

54
lib/devise/mapping.rb
View File

@@ -36,13 +36,17 @@ module Devise
# Find a mapping by a given class. It takes into account single table inheritance as well.
def self.find_by_class(klass)
Devise.mappings.values.find { |m| return m if klass <= m.to }
Devise.mappings.each_value do |mapping|
return mapping if klass <= mapping.to
end
nil
end
# Receives an object and find a scope for it. If a scope cannot be found,
# raises an error. If a symbol is given, it's considered to be the scope.
def self.find_scope!(duck)
if duck.is_a?(Symbol)
case duck
when String, Symbol
duck
else
klass = duck.is_a?(Class) ? duck : duck.class
@@ -61,12 +65,12 @@ module Devise
@as = (options.delete(:as) || name).to_sym
@klass = (options.delete(:class_name) || name.to_s.classify).to_s
@name = (options.delete(:scope) || name.to_s.singularize).to_sym
@path_names = options.delete(:path_names) || {}
@path_prefix = options.delete(:path_prefix).to_s
@path_prefix << "/" unless @path_prefix[-1] == ?/
@path_prefix = "/#{options.delete(:path_prefix)}/".squeeze("/")
@route_options = options || {}
setup_path_names
@path_names = Hash.new { |h,k| h[k] = k.to_s }
@path_names.merge!(options.delete(:path_names) || {})
end
# Return modules for the mapping.
@@ -92,19 +96,16 @@ module Devise
self.path_prefix.count("/")
end
# Returns the raw path using the current relative_url_root, path_prefix and as.
# Returns the raw path using path_prefix and as.
def raw_path
ActionController::Base.relative_url_root.to_s + path_prefix + as.to_s
path_prefix + as.to_s
end
# Returns the parsed path. If you need meta information in your path_prefix,
# you should overwrite this method to use it. The only information supported
# by default is I18n.locale.
#
# Returns the parsed path taking into account the relative url root and raw path.
def parsed_path
returning raw_path do |path|
returning (ActionController::Base.relative_url_root.to_s + raw_path) do |path|
self.class.default_url_options.each do |key, value|
path.gsub!(key.inspect, value.to_s)
path.gsub!(key.inspect, value.to_param)
end
end
end
@@ -116,22 +117,15 @@ module Devise
# self.for.include?(:confirmable)
# end
#
ALL.each do |m|
class_eval <<-METHOD, __FILE__, __LINE__
def #{m}?
self.for.include?(:#{m})
end
METHOD
end
private
# Configure default path names, allowing the user overwrite defaults by
# passing a hash in :path_names.
def setup_path_names
[:sign_in, :sign_out, :password, :confirmation].each do |path_name|
@path_names[path_name] ||= path_name.to_s
end
def self.register(*modules)
modules.each do |m|
class_eval <<-METHOD, __FILE__, __LINE__ + 1
def #{m}?
self.for.include?(:#{m})
end
METHOD
end
end
Devise::Mapping.register *ALL
end
end

64
lib/devise/models.rb
View File

@@ -1,14 +1,15 @@
module Devise
module Models
autoload :Activatable, 'devise/models/activatable'
autoload :Authenticatable, 'devise/models/authenticatable'
autoload :Confirmable, 'devise/models/confirmable'
autoload :Recoverable, 'devise/models/recoverable'
autoload :Authenticatable, 'devise/models/authenticatable'
autoload :Confirmable, 'devise/models/confirmable'
autoload :Lockable, 'devise/models/lockable'
autoload :Recoverable, 'devise/models/recoverable'
autoload :Rememberable, 'devise/models/rememberable'
autoload :SessionSerializer, 'devise/models/session_serializer'
autoload :Timeoutable, 'devise/models/timeoutable'
autoload :Trackable, 'devise/models/trackable'
autoload :Validatable, 'devise/models/validatable'
autoload :Registerable, 'devise/models/registerable'
autoload :Timeoutable, 'devise/models/timeoutable'
autoload :Trackable, 'devise/models/trackable'
autoload :Validatable, 'devise/models/validatable'
# Creates configuration values for Devise and for the given module.
#
@@ -28,7 +29,7 @@ module Devise
#
def self.config(mod, *accessors) #:nodoc:
accessors.each do |accessor|
mod.class_eval <<-METHOD, __FILE__, __LINE__
mod.class_eval <<-METHOD, __FILE__, __LINE__ + 1
def #{accessor}
if defined?(@#{accessor})
@#{accessor}
@@ -46,49 +47,22 @@ module Devise
end
end
# Shortcut method for including all devise modules inside your model.
# You can give some extra options while declaring devise in your model:
# Include the chosen devise modules in your model:
#
# * except: convenient option that allows you to add all devise modules,
# removing only the modules you setup here:
# devise :authenticatable, :confirmable, :recoverable
#
# devise :all, :except => :rememberable
#
# You can also give the following configuration values in a hash: :pepper,
# :stretches, :confirm_within and :remember_for. Please check your Devise
# initialiazer for a complete description on those values.
#
# Examples:
#
# # include only authenticatable module
# devise :authenticatable
#
# # include authenticatable + confirmable modules
# devise :authenticatable, :confirmable
#
# # include authenticatable + recoverable modules
# devise :authenticatable, :recoverable
#
# # include authenticatable + rememberable + validatable modules
# devise :authenticatable, :rememberable, :validatable
#
# # shortcut to include all available modules
# devise :all
#
# # include all except recoverable
# devise :all, :except => :recoverable
# You can also give any of the devise configuration values in form of a hash,
# with specific values for this model. Please check your Devise initializer
# for a complete description on those values.
#
def devise(*modules)
raise "You need to give at least one Devise module" if modules.empty?
options = modules.extract_options!
modules += Devise.all if modules.delete(:all)
modules -= Array(options.delete(:except))
modules = Devise::ALL & modules.uniq
Devise.orm_class.included_modules_hook(self, modules) do
modules.each do |m|
devise_modules << m.to_sym
@devise_modules = Devise::ALL & modules.map(&:to_sym).uniq
Devise.orm_class.included_modules_hook(self) do
devise_modules.each do |m|
include Devise::Models.const_get(m.to_s.classify)
end
@@ -135,4 +109,4 @@ module Devise
end
end
end
end
end

2
lib/devise/models/activatable.rb
View File

@@ -5,7 +5,7 @@ module Devise
# This module implements the default API required in activatable hook.
module Activatable
def active?
raise NotImplementedError
true
end
def inactive_message

67
lib/devise/models/authenticatable.rb
View File

@@ -1,5 +1,4 @@
require 'devise/strategies/authenticatable'
require 'devise/models/session_serializer'
module Devise
module Models
@@ -31,14 +30,20 @@ module Devise
def self.included(base)
base.class_eval do
extend ClassMethods
extend SessionSerializer
attr_reader :password, :old_password
attr_reader :password, :current_password
attr_accessor :password_confirmation
end
end
# Regenerates password salt and encrypted password each time password is set.
# TODO Remove me in next release
def old_password
ActiveSupport::Deprecation.warn "old_password is deprecated, please use current_password instead", caller
@old_password
end
# Regenerates password salt and encrypted password each time password is set,
# and then trigger any "after_changed_password"-callbacks.
def password=(new_password)
@password = new_password
@@ -50,7 +55,13 @@ module Devise
# Verifies whether an incoming_password (ie from sign in) is the user password.
def valid_password?(incoming_password)
password_digest(incoming_password) == encrypted_password
password_digest(incoming_password) == self.encrypted_password
end
# Verifies whether an +incoming_authentication_token+ (i.e. from single access URL)
# is the user authentication token.
def valid_authentication_token?(incoming_auth_token)
incoming_auth_token == self.authentication_token
end
# Checks if a resource is valid upon authentication.
@@ -58,39 +69,55 @@ module Devise
valid_password?(attributes[:password])
end
# Update record attributes when :old_password matches, otherwise returns
# error on :old_password.
# Set password and password confirmation to nil
def clean_up_passwords
self.password = self.password_confirmation = nil
end
# Update record attributes when :current_password matches, otherwise returns
# error on :current_password. It also automatically rejects :password and
# :password_confirmation if they are blank.
def update_with_password(params={})
if valid_password?(params[:old_password])
# TODO Remove me in next release
if params[:old_password].present?
params[:current_password] ||= params[:old_password]
ActiveSupport::Deprecation.warn "old_password is deprecated, please use current_password instead", caller
end
params.delete(:password) if params[:password].blank?
params.delete(:password_confirmation) if params[:password_confirmation].blank?
current_password = params.delete(:current_password)
result = if valid_password?(current_password)
update_attributes(params)
else
self.class.add_error_on(self, :old_password, :invalid, false)
message = current_password.blank? ? :blank : :invalid
self.class.add_error_on(self, :current_password, message, false)
self.attributes = params
false
end
clean_up_passwords unless result
result
end
protected
# Digests the password using the configured encryptor.
def password_digest(password)
self.class.encryptor_class.digest(password, self.class.stretches, password_salt, self.class.pepper)
self.class.encryptor_class.digest(password, self.class.stretches, self.password_salt, self.class.pepper)
end
module ClassMethods
Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
# Authenticate a user based on configured attribute keys. Returns the
# authenticated user if it's valid or nil. Attributes are by default
# :email and :password, but the latter is always required.
# authenticated user if it's valid or nil.
def authenticate(attributes={})
return unless authentication_keys.all? { |k| attributes[k].present? }
conditions = attributes.slice(*authentication_keys)
resource = find_for_authentication(conditions)
if respond_to?(:valid_for_authentication)
ActiveSupport::Deprecation.warn "valid_for_authentication class method is deprecated. " <<
"Use valid_for_authentication? in the instance instead."
valid_for_authentication(resource, attributes)
elsif resource.try(:valid_for_authentication?, attributes)
resource
end
resource if resource.try(:valid_for_authentication?, attributes)
end
# Returns the class for the configured encryptor.
@@ -113,8 +140,6 @@ module Devise
def find_for_authentication(conditions)
find(:first, :conditions => conditions)
end
Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
end
end
end

8
lib/devise/models/confirmable.rb
View File

@@ -76,12 +76,16 @@ module Devise
# is already confirmed, it should never be blocked. Otherwise we need to
# calculate if the confirm time has not expired for this user.
def active?
confirmed? || confirmation_period_valid?
super && (confirmed? || confirmation_period_valid?)
end
# The message to be shown if the account is inactive.
def inactive_message
:unconfirmed
if !confirmed?
:unconfirmed
else
super
end
end
# If you don't want confirmation to be sent on create, neither a code

21
lib/devise/models/cookie_serializer.rb
View File

@@ -1,21 +0,0 @@
require 'devise/serializers/cookie'
module Devise
module Models
module CookieSerializer
# Create the cookie key using the record id and remember_token
def serialize_into_cookie(record)
"#{record.id}::#{record.remember_token}"
end
# Recreate the user based on the stored cookie
def serialize_from_cookie(cookie)
record_id, record_token = cookie.split('::')
record = find(:first, :conditions => { :id => record_id }) if record_id
record if record.try(:valid_remember_token?, record_token)
end
Devise::Models.config(self, :remember_for)
end
end
end

21
lib/devise/models/http_authenticatable.rb Normal file
View File

@@ -0,0 +1,21 @@
require 'devise/strategies/http_authenticatable'
module Devise
module Models
# Adds HttpAuthenticatable behavior to your model. It expects that your
# model class responds to authenticate and authentication_keys methods
# (which for example are defined in authenticatable).
module HttpAuthenticatable
def self.included(base)
base.extend ClassMethods
end
module ClassMethods
# Authenticate an user using http.
def authenticate_with_http(username, password)
authenticate(authentication_keys.first => username, :password => password)
end
end
end
end
end

160
lib/devise/models/lockable.rb Normal file
View File

@@ -0,0 +1,160 @@
require 'devise/models/activatable'
module Devise
module Models
# Handles blocking a user access after a certain number of attempts.
# Lockable accepts two different strategies to unlock a user after it's
# blocked: email and time. The former will send an email to the user when
# the lock happens, containing a link to unlock it's account. The second
# will unlock the user automatically after some configured time (ie 2.hours).
# It's also possible to setup lockable to use both email and time strategies.
#
# Configuration:
#
# maximum_attempts: how many attempts should be accepted before blocking the user.
# unlock_strategy: unlock the user account by :time, :email or :both.
# unlock_in: the time you want to lock the user after to lock happens. Only
# available when unlock_strategy is :time or :both.
#
module Lockable
include Devise::Models::Activatable
def self.included(base)
base.class_eval do
extend ClassMethods
end
end
# Lock an user setting it's locked_at to actual time.
def lock
self.locked_at = Time.now
if unlock_strategy_enabled?(:email)
generate_unlock_token
send_unlock_instructions
end
end
# Lock an user also saving the record.
def lock!
lock
save(false)
end
# Unlock an user by cleaning locket_at and failed_attempts.
def unlock!
if_locked do
self.locked_at = nil
self.failed_attempts = 0
self.unlock_token = nil
save(false)
end
end
# Verifies whether a user is locked or not.
def locked?
locked_at && !lock_expired?
end
# Send unlock instructions by email
def send_unlock_instructions
::DeviseMailer.deliver_unlock_instructions(self)
end
# Resend the unlock instructions if the user is locked.
def resend_unlock!
if_locked do
generate_unlock_token unless unlock_token.present?
save(false)
send_unlock_instructions
end
end
# Overwrites active? from Devise::Models::Activatable for locking purposes
# by verifying whether an user is active to sign in or not based on locked?
def active?
super && !locked?
end
# Overwrites invalid_message from Devise::Models::Authenticatable to define
# the correct reason for blocking the sign in.
def inactive_message
if locked?
:locked
else
super
end
end
# Overwrites valid_for_authentication? from Devise::Models::Authenticatable
# for verifying whether an user is allowed to sign in or not. If the user
# is locked, it should never be allowed.
def valid_for_authentication?(attributes)
if result = super
self.failed_attempts = 0
else
self.failed_attempts += 1
lock if failed_attempts > self.class.maximum_attempts
end
save(false) if changed?
result
end
protected
# Generates unlock token
def generate_unlock_token
self.unlock_token = Devise.friendly_token
end
# Tells if the lock is expired if :time unlock strategy is active
def lock_expired?
if unlock_strategy_enabled?(:time)
locked_at && locked_at < self.class.unlock_in.ago
else
false
end
end
# Checks whether the record is locked or not, yielding to the block
# if it's locked, otherwise adds an error to email.
def if_locked
if locked?
yield
else
self.class.add_error_on(self, :email, :not_locked)
false
end
end
# Is the unlock enabled for the given unlock strategy?
def unlock_strategy_enabled?(strategy)
[:both, strategy].include?(self.class.unlock_strategy)
end
module ClassMethods
# Attempt to find a user by it's email. If a record is found, send new
# unlock instructions to it. If not user is found, returns a new user
# with an email not found error.
# Options must contain the user email
def send_unlock_instructions(attributes={})
lockable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
lockable.resend_unlock! unless lockable.new_record?
lockable
end
# Find a user by it's unlock token and try to unlock it.
# If no user is found, returns a new user with an error.
# If the user is not locked, creates an error for the user
# Options must have the unlock_token
def unlock!(attributes={})
lockable = find_or_initialize_with_error_by(:unlock_token, attributes[:unlock_token])
lockable.unlock! unless lockable.new_record?
lockable
end
Devise::Models.config(self, :maximum_attempts, :unlock_strategy, :unlock_in)
end
end
end
end

8
lib/devise/models/registerable.rb Normal file
View File

@@ -0,0 +1,8 @@
module Devise
module Models
# Registerable is responsible for everything related to registering a new
# resource (ie user sign up).
module Registerable
end
end
end

21
lib/devise/models/rememberable.rb
View File

@@ -1,4 +1,5 @@
require 'devise/models/cookie_serializer'
require 'devise/strategies/rememberable'
require 'devise/hooks/rememberable'
module Devise
module Models
@@ -32,7 +33,7 @@ module Devise
def self.included(base)
base.class_eval do
extend CookieSerializer
extend ClassMethods
# Remember me option available in after_authentication hook.
attr_accessor :remember_me
@@ -70,6 +71,22 @@ module Devise
def remember_expires_at
remember_created_at + self.class.remember_for
end
module ClassMethods
# Create the cookie key using the record id and remember_token
def serialize_into_cookie(record)
"#{record.id}::#{record.remember_token}"
end
# Recreate the user based on the stored cookie
def serialize_from_cookie(cookie)
record_id, record_token = cookie.split('::')
record = find(:first, :conditions => { :id => record_id }) if record_id
record if record.try(:valid_remember_token?, record_token)
end
Devise::Models.config(self, :remember_for)
end
end
end
end

19
lib/devise/models/session_serializer.rb
View File

@@ -1,19 +0,0 @@
require 'devise/serializers/session'
module Devise
module Models
module SessionSerializer
# Hook to serialize user into session. Overwrite if you want.
def serialize_into_session(record)
[record.class, record.id]
end
# Hook to serialize user from session. Overwrite if you want.
def serialize_from_session(keys)
klass, id = keys
raise "#{self} cannot serialize from #{klass} session since it's not one of its ancestors" unless klass <= self
klass.find(:first, :conditions => { :id => id })
end
end
end
end

5
lib/devise/models/timeoutable.rb
View File

@@ -2,7 +2,6 @@ require 'devise/hooks/timeoutable'
module Devise
module Models
# Timeoutable takes care of veryfing whether a user session has already
# expired or not. When a session expires after the configured time, the user
# will be asked for credentials again, it means, he/she will be redirected
@@ -10,14 +9,14 @@ module Devise
#
# Configuration:
#
# timeout: the time you want to timeout the user session without activity.
# timeout_in: the time you want to timeout the user session without activity.
module Timeoutable
def self.included(base)
base.extend ClassMethods
end
# Checks whether the user session has expired based on configured time.
def timeout?(last_access)
def timedout?(last_access)
last_access && last_access <= self.class.timeout_in.ago
end

89
lib/devise/models/token_authenticatable.rb Normal file
View File

@@ -0,0 +1,89 @@
require 'devise/strategies/token_authenticatable'
module Devise
module Models
# Token Authenticatable Module, responsible for generate authentication token and validating
# authenticity of a user while signing in using an authentication token (say follows an URL).
#
# == Configuration:
#
# You can overwrite configuration values by setting in globally in Devise (+Devise.setup+),
# using devise method, or overwriting the respective instance method.
#
# +token_authentication_key+ - Defines name of the authentication token params key. E.g. /users/sign_in?some_key=...
#
# == Examples:
#
# User.authenticate_with_token(:auth_token => '123456789') # returns authenticated user or nil
# User.find(1).valid_authentication_token?('rI1t6PKQ8yP7VetgwdybB') # returns true/false
#
module TokenAuthenticatable
def self.included(base)
base.class_eval do
extend ClassMethods
before_save :ensure_authentication_token
end
end
# Generate new authentication token (a.k.a. "single access token").
def reset_authentication_token
self.authentication_token = self.class.authentication_token
end
# Generate new authentication token and save the record.
def reset_authentication_token!
reset_authentication_token
self.save
end
# Generate authentication token unless already exists.
def ensure_authentication_token
self.reset_authentication_token if self.authentication_token.blank?
end
# Generate authentication token unless already exists and save the record.
def ensure_authentication_token!
self.reset_authentication_token! if self.authentication_token.blank?
end
# Verifies whether an +incoming_authentication_token+ (i.e. from single access URL)
# is the user authentication token.
def valid_authentication_token?(incoming_auth_token)
incoming_auth_token.present? && incoming_auth_token == self.authentication_token
end
module ClassMethods
::Devise::Models.config(self, :token_authentication_key)
# Authenticate a user based on authentication token.
def authenticate_with_token(attributes)
token = attributes[self.token_authentication_key]
resource = self.find_for_token_authentication(token)
resource if resource.try(:valid_authentication_token?, token)
end
def authentication_token
::Devise.friendly_token
end
protected
# Find first record based on conditions given (ie by the sign in form).
# Overwrite to add customized conditions, create a join, or maybe use a
# namedscope to filter records while authenticating.
#
# == Example:
#
# def self.find_for_token_authentication(token, conditions = {})
# conditions = {:active => true}
# self.find_by_authentication_token(token, :conditions => conditions)
# end
#
def find_for_token_authentication(token)
self.find(:first, :conditions => { :authentication_token => token})
end
end
end
end
end

7
lib/devise/orm/active_record.rb
View File

@@ -7,6 +7,8 @@ module Devise
# t.confirmable
# t.recoverable
# t.rememberable
# t.trackable
# t.lockable
# t.timestamps
# end
#
@@ -18,7 +20,7 @@ module Devise
#
module ActiveRecord
# Required ORM hook. Just yield the given block in ActiveRecord.
def self.included_modules_hook(klass, modules)
def self.included_modules_hook(klass)
yield
end
@@ -34,5 +36,6 @@ end
if defined?(ActiveRecord)
ActiveRecord::Base.extend Devise::Models
ActiveRecord::ConnectionAdapters::Table.send :include, Devise::Orm::ActiveRecord
ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord
end
end

8
lib/devise/orm/data_mapper.rb
View File

@@ -11,13 +11,13 @@ module Devise
end
end
def self.included_modules_hook(klass, modules)
klass.send :extend, self
def self.included_modules_hook(klass)
klass.send :extend, self
klass.send :include, InstanceMethods
yield
modules.each do |mod|
klass.devise_modules.each do |mod|
klass.send(mod) if klass.respond_to?(mod)
end
end
@@ -80,4 +80,4 @@ module Devise
end
end
DataMapper::Model.send(:include, Devise::Models)
DataMapper::Model.send(:include, Devise::Models)

34
lib/devise/orm/mongo_mapper.rb
View File

@@ -1,15 +1,35 @@
module Devise
module Orm
module MongoMapper
def self.included_modules_hook(klass, modules)
klass.send :extend, self
yield
modules.each do |mod|
klass.send(mod) if klass.respond_to?(mod)
module InstanceMethods
def save(options={})
if options == false
super(:validate => false)
else
super
end
end
end
def self.included_modules_hook(klass)
klass.send :extend, self
klass.send :include, InstanceMethods
yield
klass.devise_modules.each do |mod|
klass.send(mod) if klass.respond_to?(mod)
end
end
def find(*args)
case args.first
when :first, :all
send(args.shift, *args)
else
super
end
end
include Devise::Schema
# Tell how to apply schema methods. This automatically converts DateTime
@@ -24,4 +44,4 @@ module Devise
end
MongoMapper::Document::ClassMethods.send(:include, Devise::Models)
MongoMapper::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)
MongoMapper::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)

21
lib/devise/rails/routes.rb
View File

@@ -8,7 +8,7 @@ module ActionController::Routing
load_routes_without_devise!
return if Devise.mappings.empty?
ActionController::Base.send :include, Devise::Controllers::Filters
ActionController::Base.send :include, Devise::Controllers::Helpers
ActionController::Base.send :include, Devise::Controllers::UrlHelpers
ActionView::Base.send :include, Devise::Controllers::UrlHelpers
@@ -88,8 +88,8 @@ module ActionController::Routing
route_options = mapping.route_options.merge(:path_prefix => mapping.raw_path, :name_prefix => "#{mapping.name}_")
with_options(route_options) do |routes|
mapping.for.each do |strategy|
send(strategy, routes, mapping) if self.respond_to?(strategy, true)
mapping.for.each do |mod|
send(mod, routes, mapping) if self.respond_to?(mod, true)
end
end
end
@@ -105,14 +105,21 @@ module ActionController::Routing
end
end
def recoverable(routes, mapping)
routes.resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password]
end
def confirmable(routes, mapping)
routes.resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation]
end
def lockable(routes, mapping)
routes.resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock]
end
def recoverable(routes, mapping)
routes.resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password]
end
def registerable(routes, mapping)
routes.resource :registration, :only => [:new, :create, :edit, :update, :destroy], :as => mapping.raw_path[1..-1], :path_prefix => nil, :path_names => { :new => mapping.path_names[:sign_up] }
end
end
end
end

26
lib/devise/rails/warden_compat.rb
View File

@@ -1,12 +1,6 @@
# Taken from RailsWarden, thanks to Hassox. http://github.com/hassox/rails_warden
module Warden::Mixins::Common
def request
return @request if @request
if env['action_controller.rescue.request']
@request = env['action_controller.rescue.request']
else
Rack::Request.new(env)
end
@request ||= env['action_controller.rescue.request']
end
def reset_session!
@@ -15,11 +9,17 @@ module Warden::Mixins::Common
end
def response
return @response if @response
if env['action_controller.rescue.response']
@response = env['action_controller.rescue.response']
else
Rack::Response.new(env)
end
@response ||= env['action_controller.rescue.response']
end
end
class Warden::SessionSerializer
def serialize(record)
[record.class, record.id]
end
def deserialize(keys)
klass, id = keys
klass.find(:first, :conditions => { :id => id })
end
end

23
lib/devise/schema.rb
View File

@@ -9,12 +9,18 @@ module Devise
# * :null - When true, allow columns to be null.
# * :encryptor - The encryptor going to be used, necessary for setting the proper encrypter password length.
def authenticatable(options={})
null = options[:null] || false
encryptor = options[:encryptor] || (respond_to?(:encryptor) ? self.encryptor : :sha1)
null = options[:null] || false
default = options[:default]
encryptor = options[:encryptor] || (respond_to?(:encryptor) ? self.encryptor : :sha1)
apply_schema :email, String, :null => null, :limit => 100
apply_schema :encrypted_password, String, :null => null, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
apply_schema :password_salt, String, :null => null, :limit => 20
apply_schema :email, String, :null => null, :default => default
apply_schema :encrypted_password, String, :null => null, :default => default, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
apply_schema :password_salt, String, :null => null, :default => default
end
# Creates authentication_token.
def token_authenticatable
apply_schema :authentication_token, String, :limit => 20
end
# Creates confirmation_token, confirmed_at and confirmation_sent_at.
@@ -45,6 +51,13 @@ module Devise
apply_schema :last_sign_in_ip, String
end
# Creates failed_attempts, unlock_token and locked_at
def lockable
apply_schema :failed_attempts, Integer, :default => 0
apply_schema :unlock_token, String, :limit => 20
apply_schema :locked_at, DateTime
end
# Overwrite with specific modification to create your own schema.
def apply_schema(name, type, options={})
raise NotImplementedError

23
lib/devise/serializers/base.rb
View File

@@ -1,23 +0,0 @@
require 'devise/strategies/base'
module Devise
module Serializers
module Base
include Devise::Strategies::Base
attr_reader :scope
def serialize(record)
record.class.send(:"serialize_into_#{klass_type}", record)
end
def deserialize(keys)
mapping.to.send(:"serialize_from_#{klass_type}", keys)
end
def fetch(scope)
@scope = scope
super
end
end
end
end

43
lib/devise/serializers/cookie.rb
View File

@@ -1,43 +0,0 @@
require 'devise/serializers/base'
module Devise
module Serializers
# This is a cookie serializer which stores the information if a :remember_me
# is sent in the params and if the model responds to remember_me! as well.
# As in Session serializer, the invoked methods are:
#
# User.serialize_into_cookie(@user)
# User.serialize_from_cookie(*args)
#
# An implementation for such methods can be found at Devise::Models::Rememberable.
#
# Differently from session, this approach is based in a token which is stored in
# the database. So if you want to sign out all clients at once, you just need to
# clean up the token column.
#
class Cookie < Warden::Serializers::Cookie
include Devise::Serializers::Base
def store(record, scope)
remember_me = params[scope].try(:fetch, :remember_me, nil)
if Devise::TRUE_VALUES.include?(remember_me) && record.respond_to?(:remember_me!)
record.remember_me!
super
end
end
def default_options(record)
super.merge!(:expires => record.remember_expires_at)
end
def delete(scope, record=nil)
if record && record.respond_to?(:forget_me!)
record.forget_me!
super
end
end
end
end
end
Warden::Serializers.add(:cookie, Devise::Serializers::Cookie)

22
lib/devise/serializers/session.rb
View File

@@ -1,22 +0,0 @@
require 'devise/serializers/base'
module Devise
module Serializers
# This serializer stores sign in information in th client session. It just
# extends Warden own serializer to move all the serialization logic to a
# class. For example, if a @user resource is given, it will call the following
# two methods to serialize and deserialize a record:
#
# User.serialize_into_session(@user)
# User.serialize_from_session(*args)
#
# This can be used any strategy and the default implementation is available
# at Devise::Models::SessionSerializer.
#
class Session < Warden::Serializers::Session
include Devise::Serializers::Base
end
end
end
Warden::Serializers.add(:session, Devise::Serializers::Session)

16
lib/devise/strategies/authenticatable.rb
View File

@@ -4,11 +4,9 @@ module Devise
module Strategies
# Default strategy for signing in a user, based on his email and password.
# Redirects to sign_in page if it's not authenticated
class Authenticatable < Warden::Strategies::Base
include Devise::Strategies::Base
class Authenticatable < Base
def valid?
super && params[scope] && params[scope][:password].present?
valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate)
end
# Authenticate a user based on email and password params, returning to warden
@@ -21,6 +19,16 @@ module Devise
fail!(:invalid)
end
end
protected
def valid_controller?
params[:controller] =~ /sessions$/
end
def valid_params?
params[scope] && params[scope][:password].present?
end
end
end
end

20
lib/devise/strategies/base.rb
View File

@@ -1,23 +1,15 @@
module Devise
module Strategies
# Base strategy for Devise. Responsible for verifying correct scope and mapping.
module Base
# Validate strategy. By default will raise an error if no scope or an
# invalid mapping is found.
def valid?
raise "Could not find mapping for #{scope}" unless mapping
mapping.for.include?(klass_type)
end
class Base < ::Warden::Strategies::Base
# Checks if a valid scope was given for devise and find mapping based on
# this scope.
def mapping
Devise.mappings[scope]
end
# Store this class type.
def klass_type
@klass_type ||= self.class.name.split("::").last.underscore.to_sym
@mapping ||= begin
mapping = Devise.mappings[scope]
raise "Could not find mapping for #{scope}" unless mapping
mapping
end
end
end
end

59
lib/devise/strategies/http_authenticatable.rb Normal file
View File

@@ -0,0 +1,59 @@
require 'devise/strategies/base'
module Devise
module Strategies
# Sign in an user using HTTP authentication.
class HttpAuthenticatable < Base
def valid?
http_authentication? && mapping.to.respond_to?(:authenticate_with_http)
end
def authenticate!
username, password = username_and_password
if resource = mapping.to.authenticate_with_http(username, password)
success!(resource)
else
custom!([401, custom_headers, [response_body]])
end
end
private
def username_and_password
decode_credentials(request).split(/:/, 2)
end
def response_body
body = "HTTP Basic: Access denied."
method = :"to_#{request_format.to_sym}"
{}.respond_to?(method) ? { :error => body }.send(method) : body
end
def http_authentication
request.env['HTTP_AUTHORIZATION'] ||
request.env['X-HTTP_AUTHORIZATION'] ||
request.env['X_HTTP_AUTHORIZATION'] ||
request.env['REDIRECT_X_HTTP_AUTHORIZATION']
end
alias :http_authentication? :http_authentication
def decode_credentials(request)
ActiveSupport::Base64.decode64(http_authentication.split(' ', 2).last || '')
end
def custom_headers
{
"Content-Type" => request_format.to_s,
"WWW-Authenticate" => %(Basic realm="#{Devise.http_authentication_realm.gsub(/"/, "")}")
}
end
def request_format
@request_format ||= Mime::Type.lookup_by_extension(request.template_format.to_s)
end
end
end
end
Warden::Strategies.add(:http_authenticatable, Devise::Strategies::HttpAuthenticatable)

37
lib/devise/strategies/rememberable.rb Normal file
View File

@@ -0,0 +1,37 @@
require 'devise/strategies/base'
module Devise
module Strategies
# Remember the user through the remember token. This strategy is responsible
# to verify whether there is a cookie with the remember token, and to
# recreate the user from this cookie if it exists. Must be called *before*
# authenticatable.
class Rememberable < Devise::Strategies::Base
# A valid strategy for rememberable needs a remember token in the cookies.
def valid?
remember_me_cookie.present? && mapping.to.respond_to?(:serialize_from_cookie)
end
# To authenticate a user we deserialize the cookie and attempt finding
# the record in the database. If the attempt fails, we pass to another
# strategy handle the authentication.
def authenticate!
if resource = mapping.to.serialize_from_cookie(remember_me_cookie)
success!(resource)
else
pass
end
end
private
# Accessor for remember cookie
def remember_me_cookie
@remember_me_cookie ||= request.cookies["remember_#{mapping.name}_token"]
end
end
end
end
Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)

37
lib/devise/strategies/token_authenticatable.rb Normal file
View File

@@ -0,0 +1,37 @@
require 'devise/strategies/base'
module Devise
module Strategies
# Strategy for signing in a user, based on a authenticatable token.
# Redirects to sign_in page if it's not authenticated.
class TokenAuthenticatable < Base
def valid?
mapping.to.respond_to?(:authenticate_with_token) && authentication_token(scope).present?
end
# Authenticate a user based on authenticatable token params, returning to warden
# success and the authenticated user if everything is okay. Otherwise redirect
# to sign in page.
def authenticate!
if resource = mapping.to.authenticate_with_token(params[scope] || params)
success!(resource)
else
fail!(:invalid_token)
end
end
private
# Detect authentication token in params: scoped or not.
def authentication_token(scope)
if params[scope]
params[scope][mapping.to.token_authentication_key]
else
params[mapping.to.token_authentication_key]
end
end
end
end
end
Warden::Strategies.add(:token_authenticatable, Devise::Strategies::TokenAuthenticatable)

2
lib/devise/test_helpers.rb
View File

@@ -66,7 +66,7 @@ module Devise
def sign_in(resource_or_scope, resource=nil)
scope ||= Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
session["warden.user.#{scope}.key"] = resource.class.serialize_into_session(resource)
warden.session_serializer.store(resource, scope)
end
# Sign out a given resource or scope by calling logout on Warden.

2
lib/devise/version.rb
View File

@@ -1,3 +1,3 @@
module Devise
VERSION = "0.8.2".freeze
VERSION = "1.0.4".freeze
end

0
init.rb → rails/init.rb
View File

177
test/controllers/filters_test.rb
View File

@@ -1,177 +0,0 @@
require 'test/test_helper'
require 'ostruct'
class MockController < ApplicationController
attr_accessor :env
def request
self
end
def path
''
end
end
class ControllerAuthenticableTest < ActionController::TestCase
tests MockController
def setup
@controller = MockController.new
@mock_warden = OpenStruct.new
@controller.env = { 'warden' => @mock_warden }
@controller.session = {}
end
test 'setup warden' do
assert_not_nil @controller.warden
end
test 'provide access to warden instance' do
assert_equal @controller.warden, @controller.env['warden']
end
test 'run authenticate? with scope on warden' do
@mock_warden.expects(:authenticated?).with(:my_scope)
@controller.signed_in?(:my_scope)
end
test 'proxy signed_in? to authenticated' do
@mock_warden.expects(:authenticated?).with(:my_scope)
@controller.signed_in?(:my_scope)
end
test 'run user with scope on warden' do
@mock_warden.expects(:user).with(:admin).returns(true)
@controller.current_admin
@mock_warden.expects(:user).with(:user).returns(true)
@controller.current_user
end
test 'proxy user_authenticate! to authenticate with user scope' do
@mock_warden.expects(:authenticate!).with(:scope => :user)
@controller.authenticate_user!
end
test 'proxy admin_authenticate! to authenticate with admin scope' do
@mock_warden.expects(:authenticate!).with(:scope => :admin)
@controller.authenticate_admin!
end
test 'proxy user_authenticated? to authenticate with user scope' do
@mock_warden.expects(:authenticated?).with(:user)
@controller.user_signed_in?
end
test 'proxy admin_authenticated? to authenticate with admin scope' do
@mock_warden.expects(:authenticated?).with(:admin)
@controller.admin_signed_in?
end
test 'proxy user_session to session scope in warden' do
@mock_warden.expects(:session).with(:user).returns({})
@controller.user_session
end
test 'proxy admin_session to session scope in warden' do
@mock_warden.expects(:session).with(:admin).returns({})
@controller.admin_session
end
test 'sign in proxy to set_user on warden' do
user = User.new
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.sign_in(:user, user)
end
test 'sign in accepts a resource as argument' do
user = User.new
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.sign_in(user)
end
test 'sign out proxy to logout on warden' do
@mock_warden.expects(:user).with(:user).returns(true)
@mock_warden.expects(:logout).with(:user).returns(true)
@controller.sign_out(:user)
end
test 'sign out accepts a resource as argument' do
@mock_warden.expects(:user).with(:user).returns(true)
@mock_warden.expects(:logout).with(:user).returns(true)
@controller.sign_out(User.new)
end
test 'stored location for returns the location for a given scope' do
assert_nil @controller.stored_location_for(:user)
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
end
test 'stored location for accepts a resource as argument' do
assert_nil @controller.stored_location_for(:user)
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(User.new)
end
test 'stored location cleans information after reading' do
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
assert_nil @controller.session[:"user.return_to"]
end
test 'after sign in path defaults to root path if none by was specified for the given scope' do
assert_equal root_path, @controller.after_sign_in_path_for(:user)
end
test 'after sign in path defaults to the scoped root path' do
assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
end
test 'after sign out path defaults to the root path' do
assert_equal root_path, @controller.after_sign_out_path_for(:admin)
assert_equal root_path, @controller.after_sign_out_path_for(:user)
end
test 'sign in and redirect uses the stored location' do
user = User.new
@controller.session[:"user.return_to"] = "/foo.bar"
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.expects(:redirect_to).with("/foo.bar")
@controller.sign_in_and_redirect(user)
end
test 'sign in and redirect uses the configured after sign in path' do
admin = Admin.new
@mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true)
@controller.expects(:redirect_to).with(admin_root_path)
@controller.sign_in_and_redirect(admin)
end
test 'only redirect if just a symbol is given' do
@controller.expects(:redirect_to).with(admin_root_path)
@controller.sign_in_and_redirect(:admin)
end
test 'sign out and redirect uses the configured after sign out path' do
@mock_warden.expects(:user).with(:admin).returns(true)
@mock_warden.expects(:logout).with(:admin).returns(true)
@controller.expects(:redirect_to).with(admin_root_path)
@controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
@controller.sign_out_and_redirect(:admin)
end
test 'is not a devise controller' do
assert_not @controller.devise_controller?
end
test 'default url options are retrieved from devise' do
begin
Devise.default_url_options {{ :locale => I18n.locale }}
assert_equal({ :locale => :en }, @controller.send(:default_url_options))
ensure
Devise.default_url_options {{ }}
end
end
end

218
test/controllers/helpers_test.rb
View File

@@ -1,55 +1,177 @@
require 'test/test_helper'
require 'ostruct'
class MyController < ApplicationController
include Devise::Controllers::Helpers
end
class MockController < ApplicationController
attr_accessor :env
class HelpersTest < ActionController::TestCase
tests MyController
test 'get resource name from request path' do
@request.path = '/users/session'
assert_equal :user, @controller.resource_name
def request
self
end
test 'get resource name from specific request path' do
@request.path = '/admin_area/session'
assert_equal :admin, @controller.resource_name
end
test 'get resource class from request path' do
@request.path = '/users/session'
assert_equal User, @controller.resource_class
end
test 'get resource instance variable from request path' do
@request.path = '/admin_area/session'
@controller.instance_variable_set(:@admin, admin = Admin.new)
assert_equal admin, @controller.resource
end
test 'set resource instance variable from request path' do
@request.path = '/admin_area/session'
admin = @controller.send(:resource_class).new
@controller.send(:resource=, admin)
assert_equal admin, @controller.send(:resource)
assert_equal admin, @controller.instance_variable_get(:@admin)
end
test 'resources methods are not controller actions' do
assert @controller.class.action_methods.empty?
end
test 'require no authentication tests current mapping' do
@controller.expects(:resource_name).returns(:user).twice
@mock_warden.expects(:authenticated?).with(:user).returns(true)
@controller.expects(:redirect_to).with(root_path)
@controller.send :require_no_authentication
end
test 'is a devise controller' do
assert @controller.devise_controller?
def path
''
end
end
class ControllerAuthenticableTest < ActionController::TestCase
tests MockController
def setup
@controller = MockController.new
@mock_warden = OpenStruct.new
@controller.env = { 'warden' => @mock_warden }
@controller.session = {}
end
test 'setup warden' do
assert_not_nil @controller.warden
end
test 'provide access to warden instance' do
assert_equal @controller.warden, @controller.env['warden']
end
test 'proxy signed_in? to authenticated' do
@mock_warden.expects(:authenticate?).with(:scope => :my_scope)
@controller.signed_in?(:my_scope)
end
test 'proxy current_admin to authenticate with admin scope' do
@mock_warden.expects(:authenticate).with(:scope => :admin)
@controller.current_admin
end
test 'proxy current_user to authenticate with user scope' do
@mock_warden.expects(:authenticate).with(:scope => :user)
@controller.current_user
end
test 'proxy user_authenticate! to authenticate with user scope' do
@mock_warden.expects(:authenticate!).with(:scope => :user)
@controller.authenticate_user!
end
test 'proxy admin_authenticate! to authenticate with admin scope' do
@mock_warden.expects(:authenticate!).with(:scope => :admin)
@controller.authenticate_admin!
end
test 'proxy user_signed_in? to authenticate? with user scope' do
@mock_warden.expects(:authenticate?).with(:scope => :user)
@controller.user_signed_in?
end
test 'proxy admin_signed_in? to authenticate? with admin scope' do
@mock_warden.expects(:authenticate?).with(:scope => :admin)
@controller.admin_signed_in?
end
test 'proxy user_session to session scope in warden' do
@mock_warden.expects(:authenticate).with(:scope => :user).returns(true)
@mock_warden.expects(:session).with(:user).returns({})
@controller.user_session
end
test 'proxy admin_session to session scope in warden' do
@mock_warden.expects(:authenticate).with(:scope => :admin).returns(true)
@mock_warden.expects(:session).with(:admin).returns({})
@controller.admin_session
end
test 'sign in proxy to set_user on warden' do
user = User.new
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.sign_in(:user, user)
end
test 'sign in accepts a resource as argument' do
user = User.new
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.sign_in(user)
end
test 'sign out proxy to logout on warden' do
@mock_warden.expects(:user).with(:user).returns(true)
@mock_warden.expects(:logout).with(:user).returns(true)
@controller.sign_out(:user)
end
test 'sign out accepts a resource as argument' do
@mock_warden.expects(:user).with(:user).returns(true)
@mock_warden.expects(:logout).with(:user).returns(true)
@controller.sign_out(User.new)
end
test 'stored location for returns the location for a given scope' do
assert_nil @controller.stored_location_for(:user)
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
end
test 'stored location for accepts a resource as argument' do
assert_nil @controller.stored_location_for(:user)
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(User.new)
end
test 'stored location cleans information after reading' do
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
assert_nil @controller.session[:"user.return_to"]
end
test 'after sign in path defaults to root path if none by was specified for the given scope' do
assert_equal root_path, @controller.after_sign_in_path_for(:user)
end
test 'after sign in path defaults to the scoped root path' do
assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
end
test 'after sign out path defaults to the root path' do
assert_equal root_path, @controller.after_sign_out_path_for(:admin)
assert_equal root_path, @controller.after_sign_out_path_for(:user)
end
test 'sign in and redirect uses the stored location' do
user = User.new
@controller.session[:"user.return_to"] = "/foo.bar"
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.expects(:redirect_to).with("/foo.bar")
@controller.sign_in_and_redirect(user)
end
test 'sign in and redirect uses the configured after sign in path' do
admin = Admin.new
@mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true)
@controller.expects(:redirect_to).with(admin_root_path)
@controller.sign_in_and_redirect(admin)
end
test 'only redirect if skip is given' do
admin = Admin.new
@controller.expects(:redirect_to).with(admin_root_path)
@controller.sign_in_and_redirect(:admin, admin, true)
end
test 'sign out and redirect uses the configured after sign out path' do
@mock_warden.expects(:user).with(:admin).returns(true)
@mock_warden.expects(:logout).with(:admin).returns(true)
@controller.expects(:redirect_to).with(admin_root_path)
@controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
@controller.sign_out_and_redirect(:admin)
end
test 'is not a devise controller' do
assert_not @controller.devise_controller?
end
test 'default url options are retrieved from devise' do
begin
Devise.default_url_options {{ :locale => I18n.locale }}
assert_equal({ :locale => :en }, @controller.send(:default_url_options))
ensure
Devise.default_url_options {{ }}
end
end
end

55
test/controllers/internal_helpers_test.rb Normal file
View File

@@ -0,0 +1,55 @@
require 'test/test_helper'
class MyController < ApplicationController
include Devise::Controllers::InternalHelpers
end
class HelpersTest < ActionController::TestCase
tests MyController
test 'get resource name from request path' do
@request.path = '/users/session'
assert_equal :user, @controller.resource_name
end
test 'get resource name from specific request path' do
@request.path = '/admin_area/session'
assert_equal :admin, @controller.resource_name
end
test 'get resource class from request path' do
@request.path = '/users/session'
assert_equal User, @controller.resource_class
end
test 'get resource instance variable from request path' do
@request.path = '/admin_area/session'
@controller.instance_variable_set(:@admin, admin = Admin.new)
assert_equal admin, @controller.resource
end
test 'set resource instance variable from request path' do
@request.path = '/admin_area/session'
admin = @controller.send(:resource_class).new
@controller.send(:resource=, admin)
assert_equal admin, @controller.send(:resource)
assert_equal admin, @controller.instance_variable_get(:@admin)
end
test 'resources methods are not controller actions' do
assert @controller.class.action_methods.empty?
end
test 'require no authentication tests current mapping' do
@controller.expects(:resource_name).returns(:user).twice
@mock_warden.expects(:authenticated?).with(:user).returns(true)
@controller.expects(:redirect_to).with(root_path)
@controller.send :require_no_authentication
end
test 'is a devise controller' do
assert @controller.devise_controller?
end
end

27
test/devise_test.rb
View File

@@ -2,7 +2,7 @@ require 'test/test_helper'
module Devise
def self.clean_warden_config!
@warden_config = nil
@warden_config = nil
end
end
@@ -25,10 +25,9 @@ class DeviseTest < ActiveSupport::TestCase
Devise.configure_warden(config)
assert_equal Devise::FailureApp, config.failure_app
assert_equal [:authenticatable], config.default_strategies
assert_equal [:rememberable, :http_authenticatable, :token_authenticatable, :authenticatable], config.default_strategies
assert_equal :user, config.default_scope
assert config.silence_missing_strategies?
assert config.silence_missing_serializers?
end
test 'warden manager user configuration through a block' do
@@ -45,4 +44,26 @@ class DeviseTest < ActiveSupport::TestCase
Devise.clean_warden_config!
end
end
test 'add new module using the helper method' do
assert_nothing_raised(Exception) { Devise.add_module(:coconut) }
assert_equal 1, Devise::ALL.select { |v| v == :coconut }.size
assert_not Devise::STRATEGIES.include?(:coconut)
assert_not defined?(Devise::Models::Coconut)
Devise::ALL.delete(:coconut)
assert_nothing_raised(Exception) { Devise.add_module(:banana, :strategy => true) }
assert_equal 1, Devise::STRATEGIES.select { |v| v == :banana }.size
Devise::ALL.delete(:banana)
Devise::STRATEGIES.delete(:banana)
assert_nothing_raised(Exception) { Devise.add_module(:kivi, :controller => :fruits) }
assert_not_nil Devise::CONTROLLERS[:fruits]
assert_equal 1, Devise::CONTROLLERS[:fruits].select { |v| v == :kivi }.size
Devise::ALL.delete(:kivi)
Devise::CONTROLLERS.delete(:fruits)
assert_nothing_raised(Exception) { Devise.add_module(:authenticatable_again, :model => 'devise/model/authenticatable') }
assert defined?(Devise::Models::AuthenticatableAgain)
end
end

4
test/encryptors_test.rb
View File

@@ -1,3 +1,5 @@
gem 'bcrypt-ruby'
class Encryptors < ActiveSupport::TestCase
test 'should match a password created by authlogic' do
@@ -17,7 +19,7 @@ class Encryptors < ActiveSupport::TestCase
encryptor = Devise::Encryptors::ClearanceSha1.digest('123mudar', nil, '65c58472c207c829f28c68619d3e3aefed18ab3f', nil)
assert_equal clearance, encryptor
end
Devise::ENCRYPTORS_LENGTH.each do |key, value|
test "should have length #{value} for #{key.inspect}" do
swap Devise, :encryptor => key do

139
test/integration/authenticatable_test.rb
View File

@@ -1,8 +1,7 @@
require 'test/test_helper'
class AuthenticationTest < ActionController::IntegrationTest
test 'home should be accessible without signed in' do
class AuthenticationSanityTest < ActionController::IntegrationTest
test 'home should be accessible without sign in' do
visit '/'
assert_response :success
assert_template 'home/index'
@@ -76,43 +75,6 @@ class AuthenticationTest < ActionController::IntegrationTest
assert_contain 'Welcome Admin'
end
test 'sign in as user should not authenticate if not using proper authentication keys' do
swap Devise, :authentication_keys => [:username] do
sign_in_as_user
assert_not warden.authenticated?(:user)
end
end
test 'admin signing in with invalid email should return to sign in form with error message' do
sign_in_as_admin do
fill_in 'email', :with => 'wrongemail@test.com'
end
assert_contain 'Invalid email or password'
assert_not warden.authenticated?(:admin)
end
test 'admin signing in with invalid pasword should return to sign in form with error message' do
sign_in_as_admin do
fill_in 'password', :with => 'abcdef'
end
assert_contain 'Invalid email or password'
assert_not warden.authenticated?(:admin)
end
test 'error message is configurable by resource name' do
store_translations :en, :devise => {
:sessions => { :admin => { :invalid => "Invalid credentials" } }
} do
sign_in_as_admin do
fill_in 'password', :with => 'abcdef'
end
assert_contain 'Invalid credentials'
end
end
test 'authenticated admin should not be able to sign as admin again' do
sign_in_as_admin
get new_admin_session_path
@@ -143,6 +105,45 @@ class AuthenticationTest < ActionController::IntegrationTest
get root_path
assert_not_contain 'Signed out successfully'
end
end
class AuthenticationTest < ActionController::IntegrationTest
test 'sign in should not authenticate if not using proper authentication keys' do
swap Devise, :authentication_keys => [:username] do
sign_in_as_user
assert_not warden.authenticated?(:user)
end
end
test 'sign in with invalid email should return to sign in form with error message' do
sign_in_as_admin do
fill_in 'email', :with => 'wrongemail@test.com'
end
assert_contain 'Invalid email or password'
assert_not warden.authenticated?(:admin)
end
test 'sign in with invalid pasword should return to sign in form with error message' do
sign_in_as_admin do
fill_in 'password', :with => 'abcdef'
end
assert_contain 'Invalid email or password'
assert_not warden.authenticated?(:admin)
end
test 'error message is configurable by resource name' do
store_translations :en, :devise => {
:sessions => { :admin => { :invalid => "Invalid credentials" } }
} do
sign_in_as_admin do
fill_in 'password', :with => 'abcdef'
end
assert_contain 'Invalid credentials'
end
end
test 'redirect from warden shows sign in or sign up message' do
get admins_path
@@ -154,43 +155,61 @@ class AuthenticationTest < ActionController::IntegrationTest
assert_contain 'You need to sign in or sign up before continuing.'
end
test 'return to default url if no other was requested' do
test 'redirect to default url if no other was configured' do
sign_in_as_user
assert_template 'home/index'
assert_nil session[:return_to]
assert_nil session[:"user.return_to"]
end
test 'return to given url after sign in' do
test 'redirect to requested url after sign in' do
get users_path
assert_redirected_to new_user_session_path(:unauthenticated => true)
assert_equal users_path, session[:"user.return_to"]
follow_redirect!
follow_redirect!
sign_in_as_user :visit => false
assert_template 'users/index'
assert_nil session[:"user.return_to"]
end
test 'return to configured home path after sign in' do
test 'redirect to last requested url overwriting the stored return_to option' do
get expire_user_path(create_user)
assert_redirected_to new_user_session_path(:unauthenticated => true)
assert_equal expire_user_path(create_user), session[:"user.return_to"]
get users_path
assert_redirected_to new_user_session_path(:unauthenticated => true)
assert_equal users_path, session[:"user.return_to"]
follow_redirect!
sign_in_as_user :visit => false
assert_template 'users/index'
assert_nil session[:"user.return_to"]
end
test 'redirect to configured home path for a given scope after sign in' do
sign_in_as_admin
assert_equal "/admin_area/home", @request.path
end
test 'destroyed account is signed out' do
sign_in_as_user
visit 'users/index'
User.destroy_all
visit 'users/index'
assert_redirected_to '/users/sign_in?unauthenticated=true'
end
test 'allows session to be set by a given scope' do
sign_in_as_user
visit 'users/index'
assert_equal "Cart", @controller.user_session[:cart]
end
test 'destroyed account is logged out' do
sign_in_as_user
visit 'users/index'
User.destroy_all
visit 'users/index'
assert_redirected_to '/users/sign_in?unauthenticated=true'
end
test 'renders the scoped view if turned on and view is available' do
swap Devise, :scoped_views => true do
assert_raise Webrat::NotFoundError do
@@ -200,6 +219,20 @@ class AuthenticationTest < ActionController::IntegrationTest
end
end
test 'renders the scoped view if turned on in an specific controller' do
begin
SessionsController.scoped_views = true
assert_raise Webrat::NotFoundError do
sign_in_as_user
end
assert_match /Special user view/, response.body
assert !PasswordsController.scoped_views
ensure
SessionsController.send :remove_instance_variable, :@scoped_views
end
end
test 'does not render the scoped view if turned off' do
swap Devise, :scoped_views => false do
assert_nothing_raised do

52
test/integration/http_authenticatable_test.rb Normal file
View File

@@ -0,0 +1,52 @@
require 'test/test_helper'
class HttpAuthenticationTest < ActionController::IntegrationTest
test 'sign in should authenticate with http' do
sign_in_as_new_user_with_http
assert_response :success
assert_template 'users/index'
assert_contain 'Welcome'
assert warden.authenticated?(:user)
end
test 'returns a custom response with www-authenticate header on failures' do
sign_in_as_new_user_with_http("unknown")
assert_equal 401, status
assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
end
test 'uses the request format as response content type' do
sign_in_as_new_user_with_http("unknown", "123456", :xml)
assert_equal 401, status
assert_equal "application/xml", headers["Content-Type"]
# Cannot assert this due to a bug between integration tests and rack on 2.3
# assert response.body.include?("<error>HTTP Basic: Access denied.</error>")
end
test 'returns a custom response with www-authenticate and chosen realm' do
swap Devise, :http_authentication_realm => "MyApp" do
sign_in_as_new_user_with_http("unknown")
assert_equal 401, status
assert_equal 'Basic realm="MyApp"', headers["WWW-Authenticate"]
end
end
test 'sign in should authenticate with http even with specific authentication keys' do
swap Devise, :authentication_keys => [:username] do
sign_in_as_new_user_with_http "usertest"
assert_response :success
assert_template 'users/index'
assert_contain 'Welcome'
assert warden.authenticated?(:user)
end
end
private
def sign_in_as_new_user_with_http(username="user@test.com", password="123456", format=:html)
user = create_user
get users_path(:format => format), {}, :authorization => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
user
end
end

83
test/integration/lockable_test.rb Normal file
View File

@@ -0,0 +1,83 @@
require 'test/test_helper'
class LockTest < ActionController::IntegrationTest
def visit_user_unlock_with_token(unlock_token)
visit user_unlock_path(:unlock_token => unlock_token)
end
test 'user should be able to request a new unlock token' do
user = create_user(:locked => true)
ActionMailer::Base.deliveries.clear
visit new_user_session_path
click_link 'Didn\'t receive unlock instructions?'
fill_in 'email', :with => user.email
click_button 'Resend unlock instructions'
assert_template 'sessions/new'
assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes'
assert_equal 1, ActionMailer::Base.deliveries.size
end
test 'unlocked user should not be able to request a unlock token' do
user = create_user(:locked => false)
ActionMailer::Base.deliveries.clear
visit new_user_session_path
click_link 'Didn\'t receive unlock instructions?'
fill_in 'email', :with => user.email
click_button 'Resend unlock instructions'
assert_template 'unlocks/new'
assert_contain 'not locked'
assert_equal 0, ActionMailer::Base.deliveries.size
end
test 'user with invalid unlock token should not be able to unlock an account' do
visit_user_unlock_with_token('invalid_token')
assert_response :success
assert_template 'unlocks/new'
assert_have_selector '#errorExplanation'
assert_contain /Unlock token(.*)invalid/
end
test "locked user should be able to unlock account" do
user = create_user(:locked => true)
assert user.locked?
visit_user_unlock_with_token(user.unlock_token)
assert_template 'home/index'
assert_contain 'Your account was successfully unlocked.'
assert_not user.reload.locked?
end
test "sign in user automatically after unlocking it's account" do
user = create_user(:locked => true)
visit_user_unlock_with_token(user.unlock_token)
assert warden.authenticated?(:user)
end
test "user should not be able to sign in when locked" do
user = sign_in_as_user(:locked => true)
assert_template 'sessions/new'
assert_contain 'Your account is locked.'
assert_not warden.authenticated?(:user)
end
test 'error message is configurable by resource name' do
store_translations :en, :devise => {
:sessions => { :admin => { :locked => "You are locked!" } }
} do
get new_admin_session_path(:locked => true)
assert_contain 'You are locked!'
end
end
end

10
test/integration/recoverable_test.rb
View File

@@ -128,4 +128,14 @@ class PasswordTest < ActionController::IntegrationTest
assert warden.authenticated?(:user)
end
test 'does not sign in user automatically after changing it\'s password if it\'s not active' do
user = create_user(:confirm => false)
request_forgot_password
reset_password :reset_password_token => user.reload.reset_password_token
assert_redirected_to new_user_session_path(:unconfirmed => true)
assert !warden.authenticated?(:user)
end
end

130
test/integration/registerable_test.rb Normal file
View File

@@ -0,0 +1,130 @@
require 'test/test_helper'
class RegistrationTest < ActionController::IntegrationTest
test 'a guest admin should be able to sign in successfully' do
visit new_admin_session_path
click_link 'Sign up'
assert_template 'registrations/new'
fill_in 'email', :with => 'new_user@test.com'
fill_in 'password', :with => 'new_user123'
fill_in 'password confirmation', :with => 'new_user123'
click_button 'Sign up'
assert_contain 'You have signed up successfully.'
assert warden.authenticated?(:admin)
admin = Admin.last
assert_equal admin.email, 'new_user@test.com'
end
test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
visit new_user_registration_path
fill_in 'email', :with => 'new_user@test.com'
fill_in 'password', :with => 'new_user123'
fill_in 'password confirmation', :with => 'new_user123'
click_button 'Sign up'
assert_equal true, @controller.send(:flash)[:"user_signed_up"]
assert_equal "You have signed up successfully.", @controller.send(:flash)[:notice]
# For some reason flash is not being set correctly, so instead of getting the
# "signed_up" message we get the unconfirmed one. Seems to be an issue with
# the internal redirect by the hook and the tests.
# follow_redirect!
# assert_contain 'You have signed up successfully.'
# assert_not_contain 'confirm your account'
assert_not warden.authenticated?(:user)
user = User.last
assert_equal user.email, 'new_user@test.com'
assert_not user.confirmed?
end
test 'a guest user cannot sign up with invalid information' do
visit new_user_registration_path
fill_in 'email', :with => 'invalid_email'
fill_in 'password', :with => 'new_user123'
fill_in 'password confirmation', :with => 'new_user321'
click_button 'Sign up'
assert_template 'registrations/new'
assert_have_selector '#errorExplanation'
assert_contain "Email is invalid"
assert_contain "Password doesn't match confirmation"
assert_nil User.first
assert_not warden.authenticated?(:user)
end
test 'a guest should not sign up with email/password that already exists' do
user = create_user
visit new_user_registration_path
fill_in 'email', :with => 'user@test.com'
fill_in 'password', :with => '123456'
fill_in 'password confirmation', :with => '123456'
click_button 'Sign up'
assert_template 'registrations/new'
assert_contain 'Email has already been taken'
assert_not warden.authenticated?(:user)
end
test 'a guest should not be able to change account' do
visit edit_user_registration_path
follow_redirect!
assert_template 'sessions/new'
end
test 'a signed in user should not be able to access sign up' do
sign_in_as_user
visit new_user_registration_path
assert_template 'home/index'
end
test 'a signed in user should be able to edit his account' do
sign_in_as_user
visit edit_user_registration_path
fill_in 'email', :with => 'user.new@email.com'
fill_in 'current password', :with => '123456'
click_button 'Update'
assert_template 'home/index'
assert_contain 'You updated your account successfully.'
assert_equal "user.new@email.com", User.first.email
end
test 'a signed in user should be able to edit his password' do
sign_in_as_user
visit edit_user_registration_path
fill_in 'password', :with => 'pas123'
fill_in 'password confirmation', :with => 'pas123'
fill_in 'current password', :with => '123456'
click_button 'Update'
assert_template 'home/index'
assert_contain 'You updated your account successfully.'
assert User.first.valid_password?('pas123')
end
test 'a signed in user should be able to cancel his account' do
sign_in_as_user
visit edit_user_registration_path
click_link "Cancel my account"
assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
assert User.all.empty?
end
end

10
test/integration/rememberable_test.rb
View File

@@ -6,7 +6,7 @@ class RememberMeTest < ActionController::IntegrationTest
Devise.remember_for = 1
user = create_user
user.remember_me!
cookies['warden.user.user.key'] = User.serialize_into_cookie(user) + add_to_token
cookies['remember_user_token'] = User.serialize_into_cookie(user) + add_to_token
user
end
@@ -28,6 +28,14 @@ class RememberMeTest < ActionController::IntegrationTest
assert warden.user(:user) == user
end
test 'does not remember other scopes' do
user = create_user_and_remember
get root_path
assert_response :success
assert warden.authenticated?(:user)
assert_not warden.authenticated?(:admin)
end
test 'do not remember with invalid token' do
user = create_user_and_remember('add')
get users_path

55
test/integration/token_authenticatable_test.rb Normal file
View File

@@ -0,0 +1,55 @@
require 'test/test_helper'
class TokenAuthenticationTest < ActionController::IntegrationTest
test 'sign in should authenticate with valid authentication token and proper authentication token key' do
swap Devise, :token_authentication_key => :secret_token do
sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
assert_response :success
assert_template 'users/index'
assert_contain 'Welcome'
assert warden.authenticated?(:user)
end
end
test 'signing in with valid authentication token - but improper authentication token key - return to sign in form with error message' do
swap Devise, :token_authentication_key => :donald_duck_token do
sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
assert_redirected_to new_user_session_path(:unauthenticated => true)
follow_redirect!
assert_contain 'You need to sign in or sign up before continuing'
assert_contain 'Sign in'
assert_not warden.authenticated?(:user)
end
end
test 'signing in with invalid authentication token should return to sign in form with error message' do
store_translations :en, :devise => {:sessions => {:invalid_token => 'LOL, that was not a single character correct.'}} do
sign_in_as_new_user_with_token(:auth_token => '*** INVALID TOKEN ***')
assert_redirected_to new_user_session_path(:invalid_token => true)
follow_redirect!
assert_response :success
assert_contain 'LOL, that was not a single character correct.'
assert_contain 'Sign in'
assert_not warden.authenticated?(:user)
end
end
private
def sign_in_as_new_user_with_token(options = {})
options[:auth_token_key] ||= Devise.token_authentication_key
options[:auth_token] ||= VALID_AUTHENTICATION_TOKEN
user = create_user(options)
user.authentication_token = VALID_AUTHENTICATION_TOKEN
user.save
visit users_path(options[:auth_token_key].to_sym => options[:auth_token])
user
end
end

15
test/mailers/confirmation_instructions_test.rb
View File

@@ -63,6 +63,21 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
end
end
test 'content type should be set to plain when manually configured' do
swap Devise, :mailer_content_type => "text/plain" do
assert_equal "text/plain", mail.content_type
end
end
test 'renders a scoped if scoped_views is set in the mailer class' do
begin
DeviseMailer.scoped_views = true
assert_equal user.email, mail.body
ensure
DeviseMailer.send :remove_instance_variable, :@scoped_views
end
end
test 'mailer sender accepts a proc' do
swap Devise, :mailer_sender => lambda { "another@example.com" } do
assert_equal ['another@example.com'], mail.from

62
test/mailers/unlock_instructions_test.rb Normal file
View File

@@ -0,0 +1,62 @@
require 'test/test_helper'
class UnlockInstructionsTest < ActionMailer::TestCase
def setup
setup_mailer
Devise.mailer_sender = 'test@example.com'
end
def user
@user ||= begin
user = create_user
user.lock!
user
end
end
def mail
@mail ||= begin
user
ActionMailer::Base.deliveries.last
end
end
test 'email sent after locking the user' do
assert_not_nil mail
end
test 'content type should be set to html' do
assert_equal 'text/html', mail.content_type
end
test 'send unlock instructions to the user email' do
assert_equal [user.email], mail.to
end
test 'setup sender from configuration' do
assert_equal ['test@example.com'], mail.from
end
test 'setup subject from I18n' do
store_translations :en, :devise => { :mailer => { :unlock_instructions => 'Unlock instructions' } } do
assert_equal 'Unlock instructions', mail.subject
end
end
test 'subject namespaced by model' do
store_translations :en, :devise => { :mailer => { :user => { :unlock_instructions => 'User Unlock Instructions' } } } do
assert_equal 'User Unlock Instructions', mail.subject
end
end
test 'body should have user info' do
assert_match /#{user.email}/, mail.body
end
test 'body should have link to unlock the account' do
host = ActionMailer::Base.default_url_options[:host]
unlock_url_regexp = %r{<a href=\"http://#{host}/users/unlock\?unlock_token=#{user.unlock_token}">}
assert_match unlock_url_regexp, mail.body
end
end

42
test/mapping_test.rb
View File

@@ -63,18 +63,22 @@ class MappingTest < ActiveSupport::TestCase
test 'return default path names' do
mapping = Devise.mappings[:user]
assert_equal 'sign_in', mapping.path_names[:sign_in]
assert_equal 'sign_out', mapping.path_names[:sign_out]
assert_equal 'password', mapping.path_names[:password]
assert_equal 'sign_in', mapping.path_names[:sign_in]
assert_equal 'sign_out', mapping.path_names[:sign_out]
assert_equal 'password', mapping.path_names[:password]
assert_equal 'confirmation', mapping.path_names[:confirmation]
assert_equal 'sign_up', mapping.path_names[:sign_up]
assert_equal 'unlock', mapping.path_names[:unlock]
end
test 'allow custom path names to be given' do
mapping = Devise.mappings[:manager]
assert_equal 'login', mapping.path_names[:sign_in]
assert_equal 'logout', mapping.path_names[:sign_out]
assert_equal 'secret', mapping.path_names[:password]
assert_equal 'login', mapping.path_names[:sign_in]
assert_equal 'logout', mapping.path_names[:sign_out]
assert_equal 'secret', mapping.path_names[:password]
assert_equal 'verification', mapping.path_names[:confirmation]
assert_equal 'register', mapping.path_names[:sign_up]
assert_equal 'unblock', mapping.path_names[:unlock]
end
test 'has an empty path as default path prefix' do
@@ -86,7 +90,7 @@ class MappingTest < ActiveSupport::TestCase
mapping = Devise.mappings[:manager]
assert_equal '/:locale/', mapping.path_prefix
end
test 'retrieve as from the proper position' do
assert_equal 1, Devise.mappings[:user].as_position
assert_equal 2, Devise.mappings[:manager].as_position
@@ -96,15 +100,9 @@ class MappingTest < ActiveSupport::TestCase
assert_equal '/users', Devise.mappings[:user].raw_path
assert_equal '/:locale/accounts', Devise.mappings[:manager].raw_path
end
test 'raw path adds in the relative_url_root' do
swap ActionController::Base, :relative_url_root => '/abc' do
assert_equal '/abc/users', Devise.mappings[:user].raw_path
end
end
test 'raw path deals with a nil relative_url_root' do
swap ActionController::Base, :relative_url_root => nil do
test 'raw path ignores the relative_url_root' do
swap ActionController::Base, :relative_url_root => "/abc" do
assert_equal '/users', Devise.mappings[:user].raw_path
end
end
@@ -118,13 +116,19 @@ class MappingTest < ActiveSupport::TestCase
Devise.default_url_options {{ }}
end
end
test 'parsed path deals with non-standard relative_url_roots' do
swap ActionController::Base, :relative_url_root => "/abc" do
test 'parsed path adds in the relative_url_root' do
swap ActionController::Base, :relative_url_root => '/abc' do
assert_equal '/abc/users', Devise.mappings[:user].parsed_path
end
end
test 'parsed path deals with a nil relative_url_root' do
swap ActionController::Base, :relative_url_root => nil do
assert_equal '/users', Devise.mappings[:user].raw_path
end
end
test 'should have default route options' do
assert_equal({}, Devise.mappings[:user].route_options)
end

63
test/models/authenticatable_test.rb
View File

@@ -119,7 +119,7 @@ class AuthenticatableTest < ActiveSupport::TestCase
test 'should use authentication keys to retrieve users' do
swap Devise, :authentication_keys => [:username] do
user = create_user(:username => "josevalim")
user = create_user
assert_nil User.authenticate(:email => user.email, :password => user.password)
assert_not_nil User.authenticate(:username => user.username, :password => user.password)
end
@@ -130,52 +130,51 @@ class AuthenticatableTest < ActiveSupport::TestCase
assert_not_nil Admin.authenticate(:email => admin.email, :password => admin.password)
end
test 'should serialize user into session' do
user = create_user
assert_equal [User, user.id], User.serialize_into_session(user)
test 'should respond to current password' do
assert new_user.respond_to?(:current_password)
end
test 'should serialize user from session' do
test 'should update password with valid current password' do
user = create_user
assert_equal user.id, User.serialize_from_session([User, user.id]).id
end
test 'should serialize another klass from session if it is an ancestors' do
user = create_user
klass = Class.new(User)
assert_equal user.id, User.serialize_from_session([klass, user.id]).id
end
test 'should not serialize another klass from session if not an ancestors' do
user = create_user
assert_raise RuntimeError, /ancestors/ do
User.serialize_from_session([Admin, user.id])
end
end
test 'should respond to old password' do
assert new_user.respond_to?(:old_password)
end
test 'should update password with valid old password' do
user = create_user
assert user.update_with_password(:old_password => '123456',
assert user.update_with_password(:current_password => '123456',
:password => 'pass321', :password_confirmation => 'pass321')
assert user.reload.valid_password?('pass321')
end
test 'should add an error to old password when it is invalid' do
test 'should add an error to current password when it is invalid' do
user = create_user
assert_not user.update_with_password(:old_password => 'other',
assert_not user.update_with_password(:current_password => 'other',
:password => 'pass321', :password_confirmation => 'pass321')
assert user.reload.valid_password?('123456')
assert_match /invalid/, user.errors[:old_password]
assert_match /invalid/, user.errors[:current_password]
end
test 'should add an error to current password when it is blank' do
user = create_user
assert_not user.update_with_password(:password => 'pass321',
:password_confirmation => 'pass321')
assert user.reload.valid_password?('123456')
assert_match /blank/, user.errors[:current_password]
end
test 'should ignore password and its confirmation if they are blank' do
user = create_user
assert user.update_with_password(:current_password => '123456', :email => "new@email.com")
assert_equal "new@email.com", user.email
end
test 'should not update password with invalid confirmation' do
user = create_user
assert_not user.update_with_password(:old_password => '123456',
assert_not user.update_with_password(:current_password => '123456',
:password => 'pass321', :password_confirmation => 'other')
assert user.reload.valid_password?('123456')
end
test 'should clean up password fields on failure' do
user = create_user
assert_not user.update_with_password(:current_password => '123456',
:password => 'pass321', :password_confirmation => 'other')
assert user.password.blank?
assert user.password_confirmation.blank?
end
end

2
test/models/confirmable_test.rb
View File

@@ -216,7 +216,7 @@ class ConfirmableTest < ActiveSupport::TestCase
Devise.confirm_within = 0.days
user = create_user
user.confirmation_sent_at = Date.today
assert_not user.active?
assert_not user.reload.active?
end
test 'should not be active without confirmation' do

202
test/models/lockable_test.rb Normal file
View File

@@ -0,0 +1,202 @@
require 'test/test_helper'
class LockableTest < ActiveSupport::TestCase
def setup
setup_mailer
end
test "should increment failed attempts on unsuccessful authentication" do
user = create_user
assert_equal 0, user.failed_attempts
authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword")
assert_equal 1, user.reload.failed_attempts
end
test "should lock account base on maximum_attempts" do
user = create_user
attempts = Devise.maximum_attempts + 1
attempts.times { authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword") }
assert user.reload.locked?
end
test "should respect maximum attempts configuration" do
user = create_user
swap Devise, :maximum_attempts => 2 do
3.times { authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword") }
assert user.reload.locked?
end
end
test "should clear failed_attempts on successfull sign in" do
user = create_user
User.authenticate(:email => user.email, :password => "anotherpassword")
assert_equal 1, user.reload.failed_attempts
User.authenticate(:email => user.email, :password => "123456")
assert_equal 0, user.reload.failed_attempts
end
test "should verify wheter a user is locked or not" do
user = create_user
assert_not user.locked?
user.lock!
assert user.locked?
end
test "active? should be the opposite of locked?" do
user = create_user
user.confirm!
assert user.active?
user.lock!
assert_not user.active?
end
test "should unlock an user by cleaning locked_at, falied_attempts and unlock_token" do
user = create_user
user.lock!
assert_not_nil user.reload.locked_at
assert_not_nil user.reload.unlock_token
user.unlock!
assert_nil user.reload.locked_at
assert_nil user.reload.unlock_token
assert 0, user.reload.failed_attempts
end
test 'should not unlock an unlocked user' do
user = create_user
assert_not user.unlock!
assert_match /not locked/, user.errors[:email]
end
test "new user should not be locked and should have zero failed_attempts" do
assert_not new_user.locked?
assert_equal 0, create_user.failed_attempts
end
test "should unlock user after unlock_in period" do
swap Devise, :unlock_in => 3.hours do
user = new_user
user.locked_at = 2.hours.ago
assert user.locked?
Devise.unlock_in = 1.hour
assert_not user.locked?
end
end
test "should not unlock in 'unlock_in' if :time unlock strategy is not set" do
swap Devise, :unlock_strategy => :email do
user = new_user
user.locked_at = 2.hours.ago
assert user.locked?
end
end
test "should set unlock_token when locking" do
user = create_user
assert_nil user.unlock_token
user.lock!
assert_not_nil user.unlock_token
end
test 'should not regenerate unlock token if it already exists' do
user = create_user
user.lock!
3.times do
token = user.unlock_token
user.resend_unlock!
assert_equal token, user.unlock_token
end
end
test "should never generate the same unlock token for different users" do
unlock_tokens = []
3.times do
user = create_user
user.lock!
token = user.unlock_token
assert !unlock_tokens.include?(token)
unlock_tokens << token
end
end
test "should not generate unlock_token when :email is not an unlock strategy" do
swap Devise, :unlock_strategy => :time do
user = create_user
user.lock!
assert_nil user.unlock_token
end
end
test "should send email with unlock instructions when :email is an unlock strategy" do
swap Devise, :unlock_strategy => :email do
user = create_user
assert_email_sent do
user.lock!
end
end
end
test "should not send email with unlock instructions when :email is not an unlock strategy" do
swap Devise, :unlock_strategy => :time do
user = create_user
assert_email_not_sent do
user.lock!
end
end
end
test 'should find and unlock an user automatically' do
user = create_user
user.lock!
locked_user = User.unlock!(:unlock_token => user.unlock_token)
assert_equal locked_user, user
assert_not user.reload.locked?
end
test 'should return a new record with errors when a invalid token is given' do
locked_user = User.unlock!(:unlock_token => 'invalid_token')
assert locked_user.new_record?
assert_match /invalid/, locked_user.errors[:unlock_token]
end
test 'should return a new record with errors when a blank token is given' do
locked_user = User.unlock!(:unlock_token => '')
assert locked_user.new_record?
assert_match /blank/, locked_user.errors[:unlock_token]
end
test 'should authenticate a unlocked user' do
user = create_user
user.lock!
user.unlock!
authenticated_user = User.authenticate(:email => user.email, :password => user.password)
assert_equal authenticated_user, user
end
test 'should find a user to send unlock instructions' do
user = create_user
user.lock!
unlock_user = User.send_unlock_instructions(:email => user.email)
assert_equal unlock_user, user
end
test 'should return a new user if no email was found' do
unlock_user = User.send_unlock_instructions(:email => "invalid@email.com")
assert unlock_user.new_record?
end
test 'should add error to new user email if no email was found' do
unlock_user = User.send_unlock_instructions(:email => "invalid@email.com")
assert unlock_user.errors[:email]
assert_equal 'not found', unlock_user.errors[:email]
end
test 'should not be able to send instructions if the user is not locked' do
user = create_user
assert_not user.resend_unlock!
assert_not user.locked?
assert_equal 'not locked', user.errors[:email]
end
end

14
test/models/timeoutable_test.rb
View File

@@ -3,26 +3,26 @@ require 'test/test_helper'
class TimeoutableTest < ActiveSupport::TestCase
test 'should be expired' do
assert new_user.timeout?(31.minutes.ago)
assert new_user.timedout?(31.minutes.ago)
end
test 'should not be expired' do
assert_not new_user.timeout?(29.minutes.ago)
assert_not new_user.timedout?(29.minutes.ago)
end
test 'should not be expired when params is nil' do
assert_not new_user.timeout?(nil)
assert_not new_user.timedout?(nil)
end
test 'fallback to Devise config option' do
swap Devise, :timeout_in => 1.minute do
user = new_user
assert user.timeout?(2.minutes.ago)
assert_not user.timeout?(30.seconds.ago)
assert user.timedout?(2.minutes.ago)
assert_not user.timedout?(30.seconds.ago)
Devise.timeout_in = 5.minutes
assert_not user.timeout?(2.minutes.ago)
assert user.timeout?(6.minutes.ago)
assert_not user.timedout?(2.minutes.ago)
assert user.timedout?(6.minutes.ago)
end
end
end

51
test/models/token_authenticatable_test.rb Normal file
View File

@@ -0,0 +1,51 @@
require 'test/test_helper'
class TokenAuthenticatableTest < ActiveSupport::TestCase
test 'should generate friendly authentication token on create' do
User.expects(:authentication_token).returns(VALID_AUTHENTICATION_TOKEN)
user = create_user
assert_present user.authentication_token
assert_equal VALID_AUTHENTICATION_TOKEN, user.authentication_token
end
test 'should reset authentication token' do
user = new_user
user.reset_authentication_token
previous_token = user.authentication_token
user.reset_authentication_token
assert_not_equal previous_token, user.authentication_token
end
test 'should ensure authentication token' do
user = new_user
user.ensure_authentication_token
previous_token = user.authentication_token
user.ensure_authentication_token
assert_equal previous_token, user.authentication_token
end
test 'should test for a valid authentication token' do
User.expects(:authentication_token).returns(VALID_AUTHENTICATION_TOKEN)
user = create_user
assert user.valid_authentication_token?(VALID_AUTHENTICATION_TOKEN)
assert_not user.valid_authentication_token?(VALID_AUTHENTICATION_TOKEN.reverse)
end
test 'should authenticate a valid user with authentication token and return it' do
User.expects(:authentication_token).returns(VALID_AUTHENTICATION_TOKEN)
user = create_user
user.confirm!
authenticated_user = User.authenticate_with_token(:auth_token => user.authentication_token)
assert_equal authenticated_user, user
end
test 'should return nil when authenticating an invalid user by authentication token' do
User.expects(:authentication_token).returns(VALID_AUTHENTICATION_TOKEN)
user = create_user
user.confirm!
authenticated_user = User.authenticate_with_token(:auth_token => user.authentication_token.reverse)
assert_nil authenticated_user
end
end

4
test/models/validatable_test.rb
View File

@@ -18,7 +18,7 @@ class ValidatableTest < ActiveSupport::TestCase
user.email = existing_user.email
assert user.invalid?
assert user.errors[:email]
assert_equal 1, user.errors[:email].to_a.size
assert_equal 1, [*user.errors[:email]].size
assert_equal 'has already been taken', user.errors[:email]
end
@@ -30,7 +30,7 @@ class ValidatableTest < ActiveSupport::TestCase
user.email = email
assert user.invalid?, 'should be invalid with email ' << email
assert user.errors[:email]
assert_equal 1, user.errors[:email].to_a.size
assert_equal 1, [*user.errors[:email]].size
assert_equal 'is invalid', user.errors[:email]
end
end

85
test/models_test.rb
View File

@@ -1,47 +1,9 @@
require 'test/test_helper'
class Authenticatable < User
devise :authenticatable
end
class Confirmable < User
devise :authenticatable, :confirmable
end
class Recoverable < User
devise :authenticatable, :recoverable
end
class Rememberable < User
devise :authenticatable, :rememberable
end
class Trackable < User
devise :authenticatable, :trackable
end
class Timeoutable < User
devise :authenticatable, :timeoutable
end
class IsValidatable < User
devise :authenticatable, :validatable
end
class Devisable < User
devise :all
end
class Exceptable < User
devise :all, :except => [:recoverable, :rememberable, :validatable]
end
class Configurable < User
devise :all, :timeoutable, :stretches => 15,
:pepper => 'abcdef',
:confirm_within => 5.days,
:remember_for => 7.days,
:timeout_in => 15.minutes
devise :authenticatable, :confirmable, :rememberable, :timeoutable, :lockable,
:stretches => 15, :pepper => 'abcdef', :confirm_within => 5.days,
:remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days
end
class ActiveRecordTest < ActiveSupport::TestCase
@@ -60,41 +22,8 @@ class ActiveRecordTest < ActiveSupport::TestCase
end
end
test 'add authenticatable module only' do
assert_include_modules Authenticatable, :authenticatable
end
test 'add confirmable module only' do
assert_include_modules Confirmable, :authenticatable, :confirmable
end
test 'add recoverable module only' do
assert_include_modules Recoverable, :authenticatable, :recoverable
end
test 'add rememberable module only' do
assert_include_modules Rememberable, :authenticatable, :rememberable
end
test 'add trackable module only' do
assert_include_modules Trackable, :authenticatable, :trackable
end
test 'add timeoutable module only' do
assert_include_modules Timeoutable, :authenticatable, :timeoutable
end
test 'add validatable module only' do
assert_include_modules IsValidatable, :authenticatable, :validatable
end
test 'add all modules' do
assert_include_modules Devisable,
:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
end
test 'configure modules with except option' do
assert_include_modules Exceptable, :authenticatable, :confirmable, :trackable
test 'add modules cherry pick' do
assert_include_modules Admin, :authenticatable, :registerable, :timeoutable
end
test 'set a default value for stretches' do
@@ -117,6 +46,10 @@ class ActiveRecordTest < ActiveSupport::TestCase
assert_equal 15.minutes, Configurable.timeout_in
end
test 'set a default value for unlock_in' do
assert_equal 10.days, Configurable.unlock_in
end
test 'set null fields on migrations' do
Admin.create!
end

2
test/orm/active_record.rb
View File

@@ -16,6 +16,8 @@ ActiveRecord::Schema.define(:version => 1) do
t.recoverable
t.rememberable
t.trackable
t.lockable
t.token_authenticatable
end
t.timestamps

1
test/orm/mongo_mapper.rb
View File

@@ -16,6 +16,5 @@ class ActiveSupport::TestCase
setup do
User.delete_all
Admin.delete_all
Account.delete_all
end
end

243
test/rails_app/README
View File

@@ -1,243 +0,0 @@
== Welcome to Rails
Rails is a web-application framework that includes everything needed to create
database-backed web applications according to the Model-View-Control pattern.
This pattern splits the view (also called the presentation) into "dumb" templates
that are primarily responsible for inserting pre-built data in between HTML tags.
The model contains the "smart" domain objects (such as Account, Product, Person,
Post) that holds all the business logic and knows how to persist themselves to
a database. The controller handles the incoming requests (such as Save New Account,
Update Product, Show Post) by manipulating the model and directing data to the view.
In Rails, the model is handled by what's called an object-relational mapping
layer entitled Active Record. This layer allows you to present the data from
database rows as objects and embellish these data objects with business logic
methods. You can read more about Active Record in
link:files/vendor/rails/activerecord/README.html.
The controller and view are handled by the Action Pack, which handles both
layers by its two parts: Action View and Action Controller. These two layers
are bundled in a single package due to their heavy interdependence. This is
unlike the relationship between the Active Record and Action Pack that is much
more separate. Each of these packages can be used independently outside of
Rails. You can read more about Action Pack in
link:files/vendor/rails/actionpack/README.html.
== Getting Started
1. At the command prompt, start a new Rails application using the <tt>rails</tt> command
and your application name. Ex: rails myapp
2. Change directory into myapp and start the web server: <tt>script/server</tt> (run with --help for options)
3. Go to http://localhost:3000/ and get "Welcome aboard: You're riding the Rails!"
4. Follow the guidelines to start developing your application
== Web Servers
By default, Rails will try to use Mongrel if it's are installed when started with script/server, otherwise Rails will use WEBrick, the webserver that ships with Ruby. But you can also use Rails
with a variety of other web servers.
Mongrel is a Ruby-based webserver with a C component (which requires compilation) that is
suitable for development and deployment of Rails applications. If you have Ruby Gems installed,
getting up and running with mongrel is as easy as: <tt>gem install mongrel</tt>.
More info at: http://mongrel.rubyforge.org
Say other Ruby web servers like Thin and Ebb or regular web servers like Apache or LiteSpeed or
Lighttpd or IIS. The Ruby web servers are run through Rack and the latter can either be setup to use
FCGI or proxy to a pack of Mongrels/Thin/Ebb servers.
== Apache .htaccess example for FCGI/CGI
# General Apache options
AddHandler fastcgi-script .fcgi
AddHandler cgi-script .cgi
Options +FollowSymLinks +ExecCGI
# If you don't want Rails to look in certain directories,
# use the following rewrite rules so that Apache won't rewrite certain requests
#
# Example:
# RewriteCond %{REQUEST_URI} ^/notrails.*
# RewriteRule .* - [L]
# Redirect all requests not available on the filesystem to Rails
# By default the cgi dispatcher is used which is very slow
#
# For better performance replace the dispatcher with the fastcgi one
#
# Example:
# RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]
RewriteEngine On
# If your Rails application is accessed via an Alias directive,
# then you MUST also set the RewriteBase in this htaccess file.
#
# Example:
# Alias /myrailsapp /path/to/myrailsapp/public
# RewriteBase /myrailsapp
RewriteRule ^$ index.html [QSA]
RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ dispatch.cgi [QSA,L]
# In case Rails experiences terminal errors
# Instead of displaying this message you can supply a file here which will be rendered instead
#
# Example:
# ErrorDocument 500 /500.html
ErrorDocument 500 "<h2>Application error</h2>Rails application failed to start properly"
== Debugging Rails
Sometimes your application goes wrong. Fortunately there are a lot of tools that
will help you debug it and get it back on the rails.
First area to check is the application log files. Have "tail -f" commands running
on the server.log and development.log. Rails will automatically display debugging
and runtime information to these files. Debugging info will also be shown in the
browser on requests from 127.0.0.1.
You can also log your own messages directly into the log file from your code using
the Ruby logger class from inside your controllers. Example:
class WeblogController < ActionController::Base
def destroy
@weblog = Weblog.find(params[:id])
@weblog.destroy
logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!")
end
end
The result will be a message in your log file along the lines of:
Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1
More information on how to use the logger is at http://www.ruby-doc.org/core/
Also, Ruby documentation can be found at http://www.ruby-lang.org/ including:
* The Learning Ruby (Pickaxe) Book: http://www.ruby-doc.org/docs/ProgrammingRuby/
* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide)
These two online (and free) books will bring you up to speed on the Ruby language
and also on programming in general.
== Debugger
Debugger support is available through the debugger command when you start your Mongrel or
Webrick server with --debugger. This means that you can break out of execution at any point
in the code, investigate and change the model, AND then resume execution!
You need to install ruby-debug to run the server in debugging mode. With gems, use 'gem install ruby-debug'
Example:
class WeblogController < ActionController::Base
def index
@posts = Post.find(:all)
debugger
end
end
So the controller will accept the action, run the first line, then present you
with a IRB prompt in the server window. Here you can do things like:
>> @posts.inspect
=> "[#<Post:0x14a6be8 @attributes={\"title\"=>nil, \"body\"=>nil, \"id\"=>\"1\"}>,
#<Post:0x14a6620 @attributes={\"title\"=>\"Rails you know!\", \"body\"=>\"Only ten..\", \"id\"=>\"2\"}>]"
>> @posts.first.title = "hello from a debugger"
=> "hello from a debugger"
...and even better is that you can examine how your runtime objects actually work:
>> f = @posts.first
=> #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
>> f.
Display all 152 possibilities? (y or n)
Finally, when you're ready to resume execution, you enter "cont"
== Console
You can interact with the domain model by starting the console through <tt>script/console</tt>.
Here you'll have all parts of the application configured, just like it is when the
application is running. You can inspect domain models, change values, and save to the
database. Starting the script without arguments will launch it in the development environment.
Passing an argument will specify a different environment, like <tt>script/console production</tt>.
To reload your controllers and models after launching the console run <tt>reload!</tt>
== dbconsole
You can go to the command line of your database directly through <tt>script/dbconsole</tt>.
You would be connected to the database with the credentials defined in database.yml.
Starting the script without arguments will connect you to the development database. Passing an
argument will connect you to a different database, like <tt>script/dbconsole production</tt>.
Currently works for mysql, postgresql and sqlite.
== Description of Contents
app
Holds all the code that's specific to this particular application.
app/controllers
Holds controllers that should be named like weblogs_controller.rb for
automated URL mapping. All controllers should descend from ApplicationController
which itself descends from ActionController::Base.
app/models
Holds models that should be named like post.rb.
Most models will descend from ActiveRecord::Base.
app/views
Holds the template files for the view that should be named like
weblogs/index.html.erb for the WeblogsController#index action. All views use eRuby
syntax.
app/views/layouts
Holds the template files for layouts to be used with views. This models the common
header/footer method of wrapping views. In your views, define a layout using the
<tt>layout :default</tt> and create a file named default.html.erb. Inside default.html.erb,
call <% yield %> to render the view using this layout.
app/helpers
Holds view helpers that should be named like weblogs_helper.rb. These are generated
for you automatically when using script/generate for controllers. Helpers can be used to
wrap functionality for your views into methods.
config
Configuration files for the Rails environment, the routing map, the database, and other dependencies.
db
Contains the database schema in schema.rb. db/migrate contains all
the sequence of Migrations for your schema.
doc
This directory is where your application documentation will be stored when generated
using <tt>rake doc:app</tt>
lib
Application specific libraries. Basically, any kind of custom code that doesn't
belong under controllers, models, or helpers. This directory is in the load path.
public
The directory available for the web server. Contains subdirectories for images, stylesheets,
and javascripts. Also contains the dispatchers and the default HTML files. This should be
set as the DOCUMENT_ROOT of your web server.
script
Helper scripts for automation and generation.
test
Unit and functional tests along with fixtures. When using the script/generate scripts, template
test files will be generated for you and placed in this directory.
vendor
External libraries that the application depends on. Also includes the plugins subdirectory.
If the app has frozen rails, those gems also go here, under vendor/rails/.
This directory is in the load path.

7
test/rails_app/app/active_record/account.rb
View File

@@ -1,7 +0,0 @@
class Account < ActiveRecord::Base
devise :all
def self.find_for_authentication(conditions)
nil
end
end

2
test/rails_app/app/active_record/admin.rb
View File

@@ -1,5 +1,5 @@
class Admin < ActiveRecord::Base
devise :all, :timeoutable, :except => [:recoverable, :confirmable, :rememberable, :validatable, :trackable]
devise :authenticatable, :registerable, :timeoutable
def self.find_for_authentication(conditions)
last(:conditions => conditions)

5
test/rails_app/app/active_record/user.rb
View File

@@ -1,4 +1,7 @@
class User < ActiveRecord::Base
devise :all, :timeoutable
devise :authenticatable, :http_authenticatable, :confirmable, :lockable, :recoverable,
:registerable, :rememberable, :timeoutable, :token_authenticatable,
:trackable, :validatable
attr_accessible :username, :email, :password, :password_confirmation
end

9
test/rails_app/app/mongo_mapper/account.rb
View File

@@ -1,9 +0,0 @@
class Account
include MongoMapper::Document
devise :all
def self.find_for_authentication(conditions)
nil
end
end

10
test/rails_app/app/mongo_mapper/admin.rb
View File

@@ -1,9 +1,13 @@
class Admin
include MongoMapper::Document
devise :all, :timeoutable, :except => [:recoverable, :confirmable, :rememberable, :validatable, :trackable]
devise :authenticatable, :registerable, :timeoutable
def self.find_for_authentication(conditions)
last(:conditions => conditions, :order => "email")
last(:conditions => conditions)
end
def self.last(options={})
options.merge!(:order => 'email')
super options
end
end

10
test/rails_app/app/mongo_mapper/user.rb
View File

@@ -1,6 +1,14 @@
class User
include MongoMapper::Document
key :created_at, DateTime
devise :all, :timeoutable
devise :authenticatable, :http_authenticatable, :confirmable, :lockable, :recoverable,
:registerable, :rememberable, :timeoutable, :token_authenticatable,
:trackable, :validatable
# attr_accessible :username, :email, :password, :password_confirmation
def self.last(options={})
options.merge!(:order => 'email')
super options
end
end

6
test/rails_app/app/views/layouts/application.html.erb
View File

@@ -7,9 +7,13 @@
<body>
<div id="container">
<%- flash.each do |name, msg| -%>
<%= content_tag :div, msg, :id => "flash_#{name}" %>
<%= content_tag :div, msg, :id => "flash_#{name}" if msg.is_a?(String) %>
<%- end -%>
<% if user_signed_in? -%>
<p>Hello User! You are signed in!</p>
<% end -%>
<%= yield %>
</div>
</body>

26
test/rails_app/config/initializers/devise.rb
View File

@@ -1,15 +1,6 @@
# Use this hook to configure devise mailer, warden hooks and so forth. The first
# four configuration values can also be set straight in your models.
Devise.setup do |config|
# Configure Devise modules used by default. You should always set this value
# because if Devise adds a new strategy, it won't be added to your application
# by default, unless you configure it here.
#
# Remember that Devise includes other modules on its own (like :activatable
# and :timeoutable) which are not included here and also plugins. So be sure
# to check the docs for a complete set.
config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable]
# Invoke `rake secret` and use the printed value to setup a pepper to generate
# the encrypted password. By default no pepper is used.
# config.pepper = "rake secret output"
@@ -43,7 +34,10 @@ Devise.setup do |config|
# config.timeout_in = 10.minutes
# Configure the e-mail address which will be shown in DeviseMailer.
# config.mailer_sender = "foo.bar@yourapp.com"
config.mailer_sender = "please-change-me-omg@yourapp.com"
# Configure the content type of DeviseMailer mails (defaults to text/html")
# config.mailer_content_type = "text/plain"
# Load and configure the ORM. Supports :active_record, :data_mapper and :mongo_mapper.
require "devise/orm/#{DEVISE_ORM}"
@@ -54,6 +48,18 @@ Devise.setup do |config|
# are using only default views.
# config.scoped_views = true
# Number of authentication tries before locking an account.
# config.maximum_attempts = 20
# Defines which strategy will be used to unlock an account.
# :email = Sends an unlock link to the user email
# :time = Reanables login after a certain ammount of time (see :unlock_in below)
# :both = enables both strategies
# config.unlock_strategy = :both
# Time interval to unlock the account if :time is enabled as unlock_strategy.
# config.unlock_in = 1.hour
# If you want to use other strategies, that are not (yet) supported by Devise,
# you can configure them inside the config.warden block. The example below
# allows you to setup OAuth, using http://github.com/roman/warden_oauth

Some files were not shown because too many files have changed in this diff Show More