AtHeartEngineer/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-09 23:58:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: AtHeartEngineer:v0.8.2
Branches Tags
AtHeartEngineer:main AtHeartEngineer:update-rack-unprocessable_content AtHeartEngineer:ca-devise-locale-throw AtHeartEngineer:password-length-dynamic AtHeartEngineer:4-stable AtHeartEngineer:mf-issue-5140 AtHeartEngineer:mf-check-for-devise-parent-mailer AtHeartEngineer:5-rc AtHeartEngineer:3-stable AtHeartEngineer:let-unsafe-redirect AtHeartEngineer:test-mongoid AtHeartEngineer:drv-improve-reset-token AtHeartEngineer:lm-jruby AtHeartEngineer:4-0-stable AtHeartEngineer:4-1-stable AtHeartEngineer:gh-pages AtHeartEngineer:v3.2 AtHeartEngineer:v2.2 AtHeartEngineer:v3.0 AtHeartEngineer:v3.1 AtHeartEngineer:v2.0 AtHeartEngineer:v2.1 AtHeartEngineer:v1.5 AtHeartEngineer:v1.0 AtHeartEngineer:v1.4 AtHeartEngineer:v1.3 AtHeartEngineer:v1.2 AtHeartEngineer:v1.1
AtHeartEngineer:v5.0.0.rc AtHeartEngineer:v4.9.4 AtHeartEngineer:v4.9.3 AtHeartEngineer:v4.9.2 AtHeartEngineer:v4.9.1 AtHeartEngineer:v4.9.0 AtHeartEngineer:v4.8.1 AtHeartEngineer:v4.8.0 AtHeartEngineer:v4.7.3 AtHeartEngineer:v4.7.2 AtHeartEngineer:v4.7.1 AtHeartEngineer:v4.7.0 AtHeartEngineer:v4.6.2 AtHeartEngineer:v4.6.1 AtHeartEngineer:v4.6.0 AtHeartEngineer:v4.5.0 AtHeartEngineer:v4.4.3 AtHeartEngineer:v4.4.2 AtHeartEngineer:v4.4.1 AtHeartEngineer:v4.4.0 AtHeartEngineer:v4.3.0 AtHeartEngineer:v4.2.1 AtHeartEngineer:v4.2.0 AtHeartEngineer:v3.5.10 AtHeartEngineer:v4.0.3 AtHeartEngineer:v4.1.1 AtHeartEngineer:v4.1.0 AtHeartEngineer:v3.5.9 AtHeartEngineer:v4.0.2 AtHeartEngineer:v4.0.1 AtHeartEngineer:v3.5.8 AtHeartEngineer:v3.5.7 AtHeartEngineer:v4.0.0 AtHeartEngineer:v4.0.0.rc2 AtHeartEngineer:v4.0.0.rc1 AtHeartEngineer:v3.5.6 AtHeartEngineer:v3.5.5 AtHeartEngineer:v3.5.4 AtHeartEngineer:v3.5.3 AtHeartEngineer:v3.5.2 AtHeartEngineer:v3.5.1 AtHeartEngineer:v3.5.0 AtHeartEngineer:v3.4.1 AtHeartEngineer:v3.4.0 AtHeartEngineer:v3.3.0 AtHeartEngineer:v3.2.4 AtHeartEngineer:v3.2.3 AtHeartEngineer:v3.2.2 AtHeartEngineer:v3.2.1 AtHeartEngineer:v2.2.8 AtHeartEngineer:v3.0.4 AtHeartEngineer:v3.1.2 AtHeartEngineer:v3.2.0 AtHeartEngineer:v3.1.1 AtHeartEngineer:v3.1.0 AtHeartEngineer:v2.0.6 AtHeartEngineer:v2.1.4 AtHeartEngineer:v2.2.7 AtHeartEngineer:v3.0.3 AtHeartEngineer:v3.1.0.rc2 AtHeartEngineer:v3.1.0.rc AtHeartEngineer:v2.2.6 AtHeartEngineer:v3.0.2 AtHeartEngineer:v3.0.1 AtHeartEngineer:v2.2.5 AtHeartEngineer:v3.0.0 AtHeartEngineer:v3.0.0.rc AtHeartEngineer:v2.2.4 AtHeartEngineer:v2.2.3 AtHeartEngineer:v2.2.2 AtHeartEngineer:v2.2.1 AtHeartEngineer:v2.2.0 AtHeartEngineer:v2.2.0.rc AtHeartEngineer:v2.1.2 AtHeartEngineer:v2.1.1 AtHeartEngineer:v2.1.0 AtHeartEngineer:v2.1.0.rc2 AtHeartEngineer:v2.1.0.rc AtHeartEngineer:v2.0.4 AtHeartEngineer:v2.0.3 AtHeartEngineer:v2.0.2 AtHeartEngineer:v2.0.1 AtHeartEngineer:v2.0.0 AtHeartEngineer:v2.0.0.rc2 AtHeartEngineer:v2.0.0.rc AtHeartEngineer:v1.5.3 AtHeartEngineer:v1.5.2 AtHeartEngineer:v1.5.1 AtHeartEngineer:v1.5.0 AtHeartEngineer:v1.5.0.rc1 AtHeartEngineer:v1.5.0.rc AtHeartEngineer:v1.4.9 AtHeartEngineer:v1.4.8 AtHeartEngineer:v1.4.7 AtHeartEngineer:v1.4.6 AtHeartEngineer:v1.4.5 AtHeartEngineer:v1.4.4 AtHeartEngineer:v1.4.3 AtHeartEngineer:v1.4.2 AtHeartEngineer:v1.4.1 AtHeartEngineer:v1.4.0 AtHeartEngineer:v1.3.4 AtHeartEngineer:v1.3.3 AtHeartEngineer:v1.3.2 AtHeartEngineer:v1.3.1 AtHeartEngineer:v1.3.0 AtHeartEngineer:v1.2.1 AtHeartEngineer:v1.2.0 AtHeartEngineer:v1.1.9 AtHeartEngineer:v1.0.11 AtHeartEngineer:v1.1.8 AtHeartEngineer:v1.2.rc2 AtHeartEngineer:v1.1.7 AtHeartEngineer:v1.1.6 AtHeartEngineer:v1.1.5 AtHeartEngineer:v1.0.9 AtHeartEngineer:v1.1.4 AtHeartEngineer:v1.2.rc AtHeartEngineer:v1.1.3 AtHeartEngineer:v1.1.2 AtHeartEngineer:v1.1.1 AtHeartEngineer:v1.1.0 AtHeartEngineer:v1.1.rc2 AtHeartEngineer:v1.0.8 AtHeartEngineer:v1.0.7 AtHeartEngineer:v1.1.rc1 AtHeartEngineer:v1.0.6 AtHeartEngineer:v1.1.rc0 AtHeartEngineer:v1.0.5 AtHeartEngineer:v1.0.4 AtHeartEngineer:v1.1.pre4 AtHeartEngineer:v1.1.pre3 AtHeartEngineer:v1.0.3 AtHeartEngineer:v1.1.pre2 AtHeartEngineer:v1.0.2 AtHeartEngineer:v1.1.pre AtHeartEngineer:v1.0.1 AtHeartEngineer:v1.0.0 AtHeartEngineer:v0.9.2 AtHeartEngineer:v0.9.1 AtHeartEngineer:v0.9.0 AtHeartEngineer:v0.8.2 AtHeartEngineer:v0.8.1 AtHeartEngineer:v0.8.0 AtHeartEngineer:v0.7.5
...
compare: AtHeartEngineer:v1.1.pre
Branches Tags
AtHeartEngineer:main AtHeartEngineer:update-rack-unprocessable_content AtHeartEngineer:ca-devise-locale-throw AtHeartEngineer:password-length-dynamic AtHeartEngineer:4-stable AtHeartEngineer:mf-issue-5140 AtHeartEngineer:mf-check-for-devise-parent-mailer AtHeartEngineer:5-rc AtHeartEngineer:3-stable AtHeartEngineer:let-unsafe-redirect AtHeartEngineer:test-mongoid AtHeartEngineer:drv-improve-reset-token AtHeartEngineer:lm-jruby AtHeartEngineer:4-0-stable AtHeartEngineer:4-1-stable AtHeartEngineer:gh-pages AtHeartEngineer:v3.2 AtHeartEngineer:v2.2 AtHeartEngineer:v3.0 AtHeartEngineer:v3.1 AtHeartEngineer:v2.0 AtHeartEngineer:v2.1 AtHeartEngineer:v1.5 AtHeartEngineer:v1.0 AtHeartEngineer:v1.4 AtHeartEngineer:v1.3 AtHeartEngineer:v1.2 AtHeartEngineer:v1.1
AtHeartEngineer:v5.0.0.rc AtHeartEngineer:v4.9.4 AtHeartEngineer:v4.9.3 AtHeartEngineer:v4.9.2 AtHeartEngineer:v4.9.1 AtHeartEngineer:v4.9.0 AtHeartEngineer:v4.8.1 AtHeartEngineer:v4.8.0 AtHeartEngineer:v4.7.3 AtHeartEngineer:v4.7.2 AtHeartEngineer:v4.7.1 AtHeartEngineer:v4.7.0 AtHeartEngineer:v4.6.2 AtHeartEngineer:v4.6.1 AtHeartEngineer:v4.6.0 AtHeartEngineer:v4.5.0 AtHeartEngineer:v4.4.3 AtHeartEngineer:v4.4.2 AtHeartEngineer:v4.4.1 AtHeartEngineer:v4.4.0 AtHeartEngineer:v4.3.0 AtHeartEngineer:v4.2.1 AtHeartEngineer:v4.2.0 AtHeartEngineer:v3.5.10 AtHeartEngineer:v4.0.3 AtHeartEngineer:v4.1.1 AtHeartEngineer:v4.1.0 AtHeartEngineer:v3.5.9 AtHeartEngineer:v4.0.2 AtHeartEngineer:v4.0.1 AtHeartEngineer:v3.5.8 AtHeartEngineer:v3.5.7 AtHeartEngineer:v4.0.0 AtHeartEngineer:v4.0.0.rc2 AtHeartEngineer:v4.0.0.rc1 AtHeartEngineer:v3.5.6 AtHeartEngineer:v3.5.5 AtHeartEngineer:v3.5.4 AtHeartEngineer:v3.5.3 AtHeartEngineer:v3.5.2 AtHeartEngineer:v3.5.1 AtHeartEngineer:v3.5.0 AtHeartEngineer:v3.4.1 AtHeartEngineer:v3.4.0 AtHeartEngineer:v3.3.0 AtHeartEngineer:v3.2.4 AtHeartEngineer:v3.2.3 AtHeartEngineer:v3.2.2 AtHeartEngineer:v3.2.1 AtHeartEngineer:v2.2.8 AtHeartEngineer:v3.0.4 AtHeartEngineer:v3.1.2 AtHeartEngineer:v3.2.0 AtHeartEngineer:v3.1.1 AtHeartEngineer:v3.1.0 AtHeartEngineer:v2.0.6 AtHeartEngineer:v2.1.4 AtHeartEngineer:v2.2.7 AtHeartEngineer:v3.0.3 AtHeartEngineer:v3.1.0.rc2 AtHeartEngineer:v3.1.0.rc AtHeartEngineer:v2.2.6 AtHeartEngineer:v3.0.2 AtHeartEngineer:v3.0.1 AtHeartEngineer:v2.2.5 AtHeartEngineer:v3.0.0 AtHeartEngineer:v3.0.0.rc AtHeartEngineer:v2.2.4 AtHeartEngineer:v2.2.3 AtHeartEngineer:v2.2.2 AtHeartEngineer:v2.2.1 AtHeartEngineer:v2.2.0 AtHeartEngineer:v2.2.0.rc AtHeartEngineer:v2.1.2 AtHeartEngineer:v2.1.1 AtHeartEngineer:v2.1.0 AtHeartEngineer:v2.1.0.rc2 AtHeartEngineer:v2.1.0.rc AtHeartEngineer:v2.0.4 AtHeartEngineer:v2.0.3 AtHeartEngineer:v2.0.2 AtHeartEngineer:v2.0.1 AtHeartEngineer:v2.0.0 AtHeartEngineer:v2.0.0.rc2 AtHeartEngineer:v2.0.0.rc AtHeartEngineer:v1.5.3 AtHeartEngineer:v1.5.2 AtHeartEngineer:v1.5.1 AtHeartEngineer:v1.5.0 AtHeartEngineer:v1.5.0.rc1 AtHeartEngineer:v1.5.0.rc AtHeartEngineer:v1.4.9 AtHeartEngineer:v1.4.8 AtHeartEngineer:v1.4.7 AtHeartEngineer:v1.4.6 AtHeartEngineer:v1.4.5 AtHeartEngineer:v1.4.4 AtHeartEngineer:v1.4.3 AtHeartEngineer:v1.4.2 AtHeartEngineer:v1.4.1 AtHeartEngineer:v1.4.0 AtHeartEngineer:v1.3.4 AtHeartEngineer:v1.3.3 AtHeartEngineer:v1.3.2 AtHeartEngineer:v1.3.1 AtHeartEngineer:v1.3.0 AtHeartEngineer:v1.2.1 AtHeartEngineer:v1.2.0 AtHeartEngineer:v1.1.9 AtHeartEngineer:v1.0.11 AtHeartEngineer:v1.1.8 AtHeartEngineer:v1.2.rc2 AtHeartEngineer:v1.1.7 AtHeartEngineer:v1.1.6 AtHeartEngineer:v1.1.5 AtHeartEngineer:v1.0.9 AtHeartEngineer:v1.1.4 AtHeartEngineer:v1.2.rc AtHeartEngineer:v1.1.3 AtHeartEngineer:v1.1.2 AtHeartEngineer:v1.1.1 AtHeartEngineer:v1.1.0 AtHeartEngineer:v1.1.rc2 AtHeartEngineer:v1.0.8 AtHeartEngineer:v1.0.7 AtHeartEngineer:v1.1.rc1 AtHeartEngineer:v1.0.6 AtHeartEngineer:v1.1.rc0 AtHeartEngineer:v1.0.5 AtHeartEngineer:v1.0.4 AtHeartEngineer:v1.1.pre4 AtHeartEngineer:v1.1.pre3 AtHeartEngineer:v1.0.3 AtHeartEngineer:v1.1.pre2 AtHeartEngineer:v1.0.2 AtHeartEngineer:v1.1.pre AtHeartEngineer:v1.0.1 AtHeartEngineer:v1.0.0 AtHeartEngineer:v0.9.2 AtHeartEngineer:v0.9.1 AtHeartEngineer:v0.9.0 AtHeartEngineer:v0.8.2 AtHeartEngineer:v0.8.1 AtHeartEngineer:v0.8.0 AtHeartEngineer:v0.7.5

84 Commits
v0.8.2 ... v1.1.pre

Author SHA1 Message Date
José Valim
6d6633d1fb Release 1.1.pre which is Rails 3 compatible. 2010-02-17 13:53:05 +01:00
José Valim
fdf06861b0 Load Devise ORM after initialization. 2010-02-17 13:18:08 +01:00
José Valim
f6cc219210 Devise now allows you to have custom controlleers. Check the README for more information. 2010-02-17 13:15:19 +01:00
José Valim
691f9324f5 Use ActiveSupport::Concern. 2010-02-17 12:35:38 +01:00
José Valim
8e21373946 Rename devise/shared/_devise_links to devise/shared/links. 2010-02-17 12:30:08 +01:00
José Valim
02e8c04cde Update views generator and now have scoped views. 2010-02-17 12:26:54 +01:00
José Valim
5bf2eb3850 Updated .gitignore. 2010-02-17 11:11:27 +01:00
José Valim
443a2d8343 Moved devise_install to rails 3 generators. 2010-02-17 11:10:24 +01:00
José Valim
38bfe3f990 First generator for Rails 3. 2010-02-17 11:00:10 +01:00
José Valim
b4bbd3b892 Get all tests passing for ActiveRecord and allow MongoMapper tests to run. 2010-02-17 10:11:43 +01:00
José Valim
33941d1f62 All tests passing (except two which are errors in Rails). Now generators and initialization process. 2010-02-16 21:23:58 +01:00
José Valim
e6e66481b8 Got all tests in test/models and failure app ones passing. 369 tests, 805 assertions, 13 failures, 2 errors. 2010-02-16 17:00:36 +01:00
José Valim
d466849c57 More tests passing for Rails 3 compatibility. 369 tests, 788 assertions, 34 failures, 16 errors. 2010-02-16 16:11:30 +01:00
José Valim
b3e11c5aca Got another bunch of tests passing on Rails 3. 369 tests, 731 assertions, 33 failures, 53 errors. 2010-02-16 14:57:10 +01:00
José Valim
766316b5e7 Got tests running on Rails 3: 369 tests, 486 assertions, 45 failures, 124 errors. 2010-02-16 14:31:49 +01:00
Paul Campbell
6d29bcc467 Add mention of flash[:notice] and flash[:alert] 2010-02-15 22:29:23 +08:00
José Valim
ee87ec398a Updated gemspec. 2010-02-15 14:23:00 +01:00
José Valim
3e37fe8d4d Bump to 1.0.1 2010-02-15 14:19:08 +01:00
José Valim
48a94cdece Avoid mass assignment error messages with current password. 2010-02-15 14:17:12 +01:00
José Valim
bdacffab58 Make HttpAuthenticatable opt-in. 2010-02-15 14:11:33 +01:00
José Valim
085b12a710 Add registerable to defaults. 2010-02-15 14:06:50 +01:00
Carlos Antonio da Silva
3435c53725 Fix typo: autoload Clearance encryptor and not Authlogic one. 2010-02-12 13:02:11 -02:00
Carlos Antonio da Silva
01dec7fc78 README and TODO minor updates. 2010-02-12 01:54:47 -02:00
José Valim
4bfbeea7e6 Release 1.0.0 2010-02-09 02:17:20 +01:00
José Valim
2a9e8dca73 Allow authenticatable to used in change_table statements 2010-02-09 00:26:26 +01:00
José Valim
1b6f1b9752 Add registerable integration tests. 2010-02-09 00:08:57 +01:00
José Valim
732e31528e More changes in update_with_password. 2010-02-08 23:14:03 +01:00
José Valim
d7db5b1eea More work on edit. 2010-02-08 20:38:47 +01:00
José Valim
2761a75437 Refactor on routes. 2010-02-08 20:25:20 +01:00
José Valim
8a15ac6e4a Stub out other views for Registerable. 2010-02-08 19:07:24 +01:00
José Valim
9798ad7455 Allow scoped views to be customized per controller/mailer class. 2010-02-08 17:33:22 +01:00
José Valim
54cd2cc0e8 Use _ instead of . 2010-02-08 17:15:12 +01:00
Carlos Antonio da Silva
445070f6ec Use sign_up instead of registration in routes. Fix issue with users being signed in while attempting to sign up with info from already existing user. Also fix signed up flash. 2010-02-08 11:03:15 -02:00
Carlos Antonio da Silva
9856646fac Merge with master 2010-02-06 09:24:00 -02:00
José Valim
60fd9d26ea Rely on duck type instead of mappings settings. 2010-02-06 10:06:22 +01:00
José Valim
1cf4dc798d Add Http Basic Authentication support. 2010-02-06 01:33:32 +01:00
José Valim
2f441fb60b Commit new gemspec. 2010-02-05 21:38:50 +01:00
José Valim
e02810d528 Move to 0.9.2. 2010-02-05 21:37:28 +01:00
José Valim
c146cad448 Ensure inactive user cannot sign in. 2010-02-05 21:36:19 +01:00
Carlos Antonio da Silva
49d1978863 We do not need to check for registerable active inside the view. 2010-02-05 00:02:49 -02:00
Carlos Antonio da Silva
658059f31a Bring Devise::ALL back to modules and improving lockable docs. 2010-02-04 20:09:53 -02:00
Carlos Antonio da Silva
21359fb433 Refactoring a bit models and lockable. Also remove devise :all deprecation. 2010-02-04 20:09:53 -02:00
Carlos Antonio da Silva
60714cd449 autload Registerable. Extracting default routes and path_names to constants. Fix evals for better debugging and stack trace. 2010-02-04 20:09:53 -02:00
Carlos Antonio da Silva
6b837cb285 Introducing Registerable module, allowing users to sign up. 2010-02-04 20:08:38 -02:00
Carlos Antonio da Silva
4de1e43b7a Fix "return_to" to always save the request_uri, overwriting the return to url when the user types another forbidden url before sign in. 
This way the user will be redirected to the last attempted url and not the first one.
 2010-02-04 08:46:22 -02:00
Matt Powell
02a99b9766 deprecate find(:first) and find(:all) in MongoMapper 2010-02-03 16:53:49 +08:00
José Valim
a9e2337aeb Change EMAIL_REGEXP so it can be used in javascript. 2010-02-02 13:28:47 +01:00
José Valim
3781a0f47b Tidy up token authentication implementation. 2010-02-02 13:21:00 +01:00
Jonas Grimfelt
4878bdb60b Second version of token_authenticatable reflecting feedback: Nuked all hook-stuff. Should be easy to custom-reset authentication tokens by inheritance. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-02 12:37:06 +01:00
Jonas Grimfelt
e1440fb430 Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-02 12:36:44 +01:00
José Valim
c03b4ff339 Add gemspec since it's required by bundler. 2010-02-01 16:32:36 +01:00
José Valim
ca794776c1 Bump to 0.9.1. 2010-01-25 20:19:47 +01:00
José Valim
b4707c2bae Use self. just to stay in the same pattern. 2010-01-25 19:29:14 +01:00
jgeiger
b3fd742aea bcrypt requires the salt to be over 29 chars 2010-01-22 23:04:03 +08:00
David Palm
bc05d28d3f Devise::Mapping#raw_path does not consider relative_url_root so that route helpers work (no more session_path(:user) => '/abc/abc/users/sign_in') 
Devise::Mapping#parsed_path considers relative_url_root so that initial redirects still work with non empty relative_url_roots
 2010-01-22 23:03:48 +08:00
José Valim
e4e9e16623 Bump to 0.9.0. 2010-01-21 15:30:13 +01:00
José Valim
345bf159e2 Add latest commities entries to CHANGELOG. 2010-01-21 09:15:07 +01:00
Jonas Grimfelt
0c7c762c16 Fixed some Ruby 1.9 issues/bugs. 2010-01-21 16:06:19 +08:00
Jonas Grimfelt
f50ec773b2 New convenient helper method for extending Devise with additional modules: Devise::add_module. 2010-01-21 16:06:17 +08:00
Carlos Antonio da Silva
6d80418fd1 Changing flash messages to new Rails defaults :notice/:alert 2010-01-20 17:46:14 -02:00
José Valim
b4183cbaa2 Url helpers should rely find_scope! 2010-01-19 17:19:40 +01:00
José Valim
04ce9d1e6f Should accept path prefixes not starting with slash. 2010-01-16 14:39:57 +01:00
José Valim
ef25da992c Use an OrderedHash to fix problems with test suite working in some machines but no in others. 2010-01-16 14:32:52 +01:00
José Valim
394b1ff444 Bring mongomapper up to date. Remember that you need mongo_ext in order to use MongoMapper with Devise. 2010-01-16 11:22:09 +01:00
José Valim
a5b2ee5171 Improve documentation for after_sign_in_path_for. 2010-01-16 10:56:35 +01:00
José Valim
fdc2e795d7 Simplify links requirement. 2010-01-14 16:04:13 +01:00
José Valim
a32e90a1d6 Update CHANGELOG and dependencies. 2010-01-14 15:53:17 +01:00
José Valim
2afad49a96 Bring rememberable back. 2010-01-14 15:47:14 +01:00
José Valim
f46d1b1d81 Add support to Warden 0.9.0.pre 2010-01-14 13:38:02 +01:00
José Valim
66f4cfd3eb Clean up tests. 2010-01-13 19:53:12 +01:00
José Valim
efc0ae230a Deprecate :all. 2010-01-13 19:45:24 +01:00
José Valim
f075a6babe Tidying up. 2010-01-13 18:46:04 +01:00
José Valim
19f9ecfcb6 Updating CHANGELOG. 2010-01-13 18:27:26 +01:00
José Valim
d4442837d5 Clean up whitespace and remove deprecated stuff. 2010-01-13 18:23:04 +01:00
José Valim
b581f86317 DRY up controllers. 2010-01-13 18:12:13 +01:00
José Valim
d0ccd14c54 Merge remote branch 'mhfs/master' 2010-01-13 17:49:20 +01:00
Marcelo Silveira
f4b438bb1e adding links refactory to changelog 2010-01-09 13:36:04 -02:00
Marcelo Silveira
6c4274fae6 fixing mongo tests 2010-01-09 13:16:07 -02:00
Marcelo Silveira
827d0ce14c refactoring attempts track to avoid saving the model twice 2010-01-09 13:12:24 -02:00
Marcelo Silveira
915afa5f0a forgot the partial.. 2010-01-09 12:59:24 -02:00
Marcelo Silveira
4498acb1d0 moved view links into a partial and I18n'ed them 2010-01-09 12:58:51 -02:00
Marcelo Silveira
9c4ddc6465 - Maximum attempts changed from 5 to 20 
- Lockable is not turned on by default
- Fixed lockable incompatibilities with latest commits
 2010-01-09 11:41:28 -02:00
Marcelo Silveira
32991e13c4 Merge and fix conflicts. 2010-01-09 11:22:27 -02:00
Marcelo Silveira
d2fa737aa0 introducing lockable implementation 2010-01-01 17:57:35 -02:00
165 changed files with 3497 additions and 2274 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -4,5 +4,5 @@
coverage/*
*.sqlite3
rdoc/*
devise.gemspec
pkg
log

70
CHANGELOG.rdoc
View File

@@ -1,15 +1,81 @@
== 1.1.pre
* enhancements
* Rails 3 compatibility.
* All controllers and views are namespaced, for example: Devise::SessionsController and "devise/sessions".
* You can specify the controller in routes and have specific controllers for each role.
* deprecations
* Rails 3 compatible only.
* Scoped views are no longer "sessions/users/new". Now use "users/sessions/new".
== 1.0.1
* enhancements
* HttpAuthenticatable is not added by default automatically.
* Avoid mass assignment error messages with current password.
* bug fix
* Fixed encryptors autoload
== 1.0.0
* deprecation
* :old_password in update_with_password is deprecated, use :current_password instead
* enhancements
* Added Registerable
* Added Http Basic Authentication support
* Allow scoped_views to be customized per controller/mailer class
* [#99] Allow authenticatable to used in change_table statements
== 0.9.2
* bug fix
* Ensure inactive user cannot sign in
* Ensure redirect to proper url after sign up
* enhancements
* Added gemspec to repo
* Added token authenticatable (by github.com/grimen)
== 0.9.1
* bug fix
* Allow bigger salt size (by github.com/jgeiger)
* Fix relative url root
== 0.9.0
* deprecation
* devise :all is deprecated
* :success and :failure flash messages are now :notice and :alert
* enhancements
* Added devise lockable (by github.com/mhfs)
* Warden 0.9.0 compatibility
* Mongomapper 0.6.10 compatibility
* Added Devise.add_module as hooks for extensions (by github.com/grimen)
* Ruby 1.9.1 compatibility (by github.com/grimen)
* bug fix
* Accept path prefix not starting with slash
* url helpers should rely on find_scope!
== 0.8.2
* enhancements
* Allow Devise.mailer_sender to be a proc (by github/grimen)
* Allow Devise.mailer_sender to be a proc (by github.com/grimen)
* bug fix
* Fix bug with passenger, update is required to anyone deploying on passenger (by github/dvdpalm)
* Fix bug with passenger, update is required to anyone deploying on passenger (by github.com/dvdpalm)
== 0.8.1
* enhancements
* Move salt to encryptors
* Devise::Lockable
* Moved view links into partial and I18n'ed them
* bug fix
* Bcrypt generator was not being loaded neither setting the proper salt

18
Gemfile Normal file
View File

@@ -0,0 +1,18 @@
source "http://gemcutter.org"
gem "rails", "3.0.0.beta"
gem "warden", "0.9.3"
gem "sqlite3-ruby", :require => "sqlite3"
gem "webrat", "0.7"
gem "mocha", :require => false
gem "bcrypt-ruby", :require => "bcrypt"
if RUBY_VERSION < '1.9'
gem "ruby-debug", ">= 0.10.3"
end
group :mongo_mapper do
gem "mongo", "0.18.3"
gem "mongo_ext", "0.18.3", :require => false
gem "mongo_mapper", "0.7.0"
end

152
README.rdoc
View File

@@ -7,19 +7,20 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
* Allows you to have multiple roles (or models/scopes) signed in at the same time;
* Is based on a modularity concept: use just what you really need.
Right now it's composed of six modules included by default when you invoke "devise :all" in your models:
Right now it's composed of 12 modules:
* Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
* Token Authenticatable: validates authenticity of a user while signing in using an authentication token (also known as "single access token").
* HttpAuthenticatable: sign in users using basic HTTP authentication.
* Confirmable: responsible for verifying whether an account is already confirmed to sign in, and to send emails with confirmation instructions.
* Recoverable: takes care of reseting the user password and send reset instructions.
* Registerable: handles signing up users through a registration process.
* Rememberable: manages generating and clearing token for remember the user from a saved cookie.
* Trackable: tracks sign in count, timestamps and ip.
* Validatable: creates all needed validations for email and password. It's totally optional, so you're able to to customize validations by yourself.
And it also includes the optional modules:
* Activatable: if you need to activate accounts by other means, which are not through confirmation, use this module.
* Timeoutable: expires sessions without activity in a certain period of time.
* Validatable: creates all needed validations for email and password. It's totally optional, so you're able to to customize validations by yourself.
* Lockable: takes care of locking an account based on the number of failed sign in attempts. Handles unlock via expire and email.
* Activatable: if you need to activate accounts by other means, which are not through confirmation, use this module.
There's an example application using Devise at http://github.com/plataformatec/devise_example .
@@ -29,36 +30,46 @@ Devise is based on Warden (http://github.com/hassox/warden), a Rack Authenticati
== Installation
All gems are on gemcutter, so you need to add gemcutter to your sources if you haven't yet:
Devise master branch now supports Rails 3 and is NOT backward compatible. You can install it as:
sudo gem sources -a http://gemcutter.org/
sudo gem install devise --version=1.1.pre
Install warden gem if you don't have it installed (requires 0.6.4 or higher):
After installing them, you need configure warden and devise gems inside your gemfile:
sudo gem install warden
gem 'warden'
gem 'devise'
Install devise gem:
And run the generator:
sudo gem install devise
rails generate devise_install
Configure warden and devise gems inside your app:
And you're ready to go. The generator will install an initializer which describes ALL Devise's configuration options, so be sure to take a look at it and at the documentation as well:
config.gem 'warden'
config.gem 'devise'
http://rdoc.info/projects/plataformatec/devise
Run the generator:
== Rails 2.3
ruby script/generate devise_install
If you want to use the Rails 2.3.x version, you should do:
And you're ready to go. The generator will install an initializer which describes Devise's configuration options. Be sure to take a look.
sudo gem install devise --version=1.0.1
Or checkout from the v1.0 branch:
http://github.com/plataformatec/devise/tree/v1.0
== Basic Usage
This is a walkthrough with all steps you need to setup a devise resource, including model, migration, route files, and optional configuration. You can also check out the *Generators* section below to help you start.
This is a walkthrough with all steps you need to setup a devise resource, including model, migration, route files, and optional configuration. You MUST also check out the *Generators* section below to help you start.
Devise must be set up within the model (or models) you want to use, and devise routes must be created inside your config/routes.rb file.
We're assuming here you want a User model. First of all you have to setup a migration with the following fields:
We're assuming here you want a User model with some modules, as outlined below:
class User < ActiveRecord::Base
devise :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
end
After you choose which modules to use, you need to setup your migrations. Luckily, devise has some helpers to save you from this boring work:
create_table :users do |t|
t.authenticatable
@@ -69,48 +80,22 @@ We're assuming here you want a User model. First of all you have to setup a migr
t.timestamps
end
You may also want to add some indexes to improve performance:
add_index :your_table, :email
add_index :your_table, :confirmation_token # for confirmable
add_index :your_table, :reset_password_token # for recoverable
Now let's setup a User model adding the devise line:
class User < ActiveRecord::Base
devise :all
end
This will include the six default modules outlined at the beginning. You can exclude and remove any module at will:
# Include timeout configuration
devise :all, :timeoutable
# Remove validations
devise :all, :except => :validatable
Remember that Devise don't rely on _attr_accessible_ or _attr_protected_ inside its modules, so be sure to setup what attributes are accessible or protected in your model.
== Model configuration
The next setup after setting up your model is to configure your routes. You do this by opening up your config/routes.rb and adding:
In addition to :except, you can provide :pepper, :stretches, :encryptor, :authentication_keys, :confirm_within, :remember_for and :timeout as options to devise method.
All those options are described in "config/initializers/devise.rb", which is generated when you invoke `ruby script/generate devise_install` in your application root.
== Routes
The next step after setting up your model is to configure your routes for devise. You do this by opening up your config/routes.rb and adding:
map.devise_for :users
devise_for :users
This is going to look inside you User model and create a set of needed routes (you can see them by running `rake routes`).
There are also some options available for configuring your routes, as :class_name (to set the class for that route), :as and :path_names, where the last two have the same meaning as in common routes. The available :path_names are:
There are also some options available for configuring your routes, as :class_name (to set the class for that route), :path_prefix, :as and :path_names, where the last two have the same meaning as in common routes. The available :path_names are:
map.devise_for :users, :as => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
devise_for :users, :as => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock' }
Be sure to check devise_for documentation for detailed description.
After this steps, run your migrations, and you are ready to go! But don't finish reading, we still have a lot to tell you:
== Controller filters and helpers
Devise is gonna create some helpers to use inside your controllers and views. To setup a controller that needs user authentication, just add this before_filter:
@@ -129,35 +114,32 @@ You have also access to the session for this scope:
user_session
After signing in a user, confirming it's account or updating it's password, devise will look for a scoped root path to redirect. Example: For a :user resource, it will use user_root_path if it exists, otherwise default root_path will be used. To do it so, you need to create e default root inside your routes for your application:
After signing in a user, confirming it's account or updating it's password, devise will look for a scoped root path to redirect. Example: For a :user resource, it will use user_root_path if it exists, otherwise default root_path will be used. This means that you need to set the root inside your routes:
map.root :controller => 'home'
root :to => "home"
You can also overwrite after_sign_in_path_for and after_sign_out_path_for to customize better your redirect hooks.
Finally, if you are using confirmable or recoverable, you also need to setup default url options for the mailer in each environment. Here's is the configuration for config/environments/development.rb:
Finally, you also need to setup default url options for the mailer in each environment. Here's is the configuration for config/environments/development.rb:
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
== Views
By default devise will use the same views for all scopes/roles you have. But what if you need so different views to each of them? Devise also has an easy way to accomplish it: just setup config,scoped_views to true inside your devise config file, and you will be able to have views based on scope like 'sessions/users/new' and 'sessions/admin/new'. If no view is found within the scope, Devise will fallback to the default view.
== Tidying up
Devise let's you setup as many roles as you want, so let's say you already have this User model and also want an Admin model with just authentication, trackable and timeoutable stuff and none of confirmation or password recovery. Just follow the same steps:
Devise let's you setup as many roles as you want, so let's say you already have this User model and also want an Admin model with just authentication, trackable, lockable and timeoutable stuff and none of confirmation or password recovery. Just follow the same steps:
# Create a migration with the required fields
create_table :admins do |t|
t.authenticatable
t.lockable
t.trackable
end
# Inside your Admin model
devise :authenticatable, :trackable, :timeoutable
devise :authenticatable, :trackable, :timeoutable, :lockable
# Inside your routes
map.devise_for :admin
devise_for :admin
# Inside your protected controller
before_filter :authenticate_admin!
@@ -171,19 +153,48 @@ Devise let's you setup as many roles as you want, so let's say you already have
Devise comes with some generators to help you start:
ruby script/generate devise_install
rails generate devise_install
This will generate an initializer, with a description of all configuration values. You can also generate models through:
ruby script/generate devise Model
rails generate devise Model
A model configured with all devise modules and attr_accessible for default fields will be created. The generator will also create the migration and configure your routes for devise.
You can also copy devise views to your application, being able to modify them based on your needs. To do it so, run the following command:
== Model configuration
ruby script/generate devise_views
The devise method in your models also accept some options to configure its modules. For example, you can chose which encryptor to use in authenticatable simply doing:
This is gonna copy all session, password, confirmation and mailer views to your app/views folder.
devise :authenticatable, :confirmable, :recoverable, :encryptor => :bcrypt
Besides :encryptor, you can provide :pepper, :stretches, :confirm_within, :remember_for, :timeout_in, :unlock_in and others. All those are described in the initializer created when you invoke the devise_install generator describer above.
== Configuring controllers and views
One of Devise goals is to help you bootstrap your application with authentication really fast. Another goal is to not be in your way when you need to customize it.
Since devise is an engine, it has all default views inside the gem. They are good to get you started, but you will want to customize them at some point. And Devise has a generator to copy them all to your application:
rails generate devise_views
If you have more than one role in your application, you will notice that Devise uses the same views for all roles you have. But what if you need so different views to each of them? Devise also has an easy way to accomplish it: just setup config.scoped_views to true inside "config/initializers/devise.rb".
After doing so you will be able to have views based on the scope like "users/sessions/new" and "admins/sessions/new". If no view is found within the scope, Devise will fallback to the default view at "devise/sessions/new".
Finally, if the customization at the views level is not enough, you can customize each controller by following these steps:
1) Create your custom controller, for example a Admins::SessionsController:
class Admins::SessionsController < Devise::SessionsController
end
2) Tell the router to use this controller:
devise_for :admins, :controllers => { :sessions = "admin/sessions" }
3) And finally, since we changed the controller, it won't use "devise/sessions" as views anymore, so remember to make a copy of "devise/sessions" to "admin/sessions".
Remember that Devise uses flash messages to let users know if sign in wass successful or not. Devise expects your application to call "flash[:notice]" and "flash[:alert]" as appropriate.
== I18n
@@ -240,8 +251,7 @@ Devise implements encryption strategies for Clearance, Authlogic and Restful-Aut
== Other ORMs
Devise was made to work from scratch with ActiveRecord. However it currently supports DataMapper and MongoMapper as well.
To use it, just set Devise.orm or configure it in the initialization file (which is created with devise_install).
Devise supports both ActiveRecord (default) and MongoMapper, and has experimental Datamapper supports (in a sense that Devise test suite does not run completely with Datamapper). To choose other ORM, you just need to configure it in the initializer file.
== TODO
@@ -254,9 +264,7 @@ Please refer to TODO file.
== Contributors
* Marcelo Silveira (http://github.com/mhfs)
* Cyril Mougel (http://github.com/shingara)
* Jonas Grimfelt (http://github.com/grimen)
We have a long running list of contributors. Check them in the CHANGELOG or do `git shortlog -s -n` in the cloned repository.
== Bugs and Feedback

5
Rakefile
View File

@@ -43,8 +43,9 @@ begin
s.homepage = "http://github.com/plataformatec/devise"
s.description = "Flexible authentication solution for Rails with Warden"
s.authors = ['José Valim', 'Carlos Antônio']
s.files = FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "init.rb"]
s.add_dependency("warden", "~> 0.8.1")
s.files = FileList["[A-Z]*", "{app,config,lib}/**/*"]
s.extra_rdoc_files = FileList["[A-Z]*"] - %w(Gemfile Rakefile)
s.add_dependency("warden", "~> 0.9.3")
end
Jeweler::GemcutterTasks.new

8
TODO
View File

@@ -1,6 +1,2 @@
* Make test run with DataMapper (ActiveRecord, MongoMapper)
* Add Registerable support
* Add http authentication support
* Extract SessionSerializer tests from Authenticatable
* Extract CookieSerializer tests from Authenticatable
* Extract Activatable tests from Confirmable
* Make test run with DataMapper
* Extract Activatable tests from Confirmable

8
app/controllers/confirmations_controller.rb → app/controllers/devise/confirmations_controller.rb
View File

@@ -1,5 +1,5 @@
class ConfirmationsController < ApplicationController
include Devise::Controllers::Helpers
class Devise::ConfirmationsController < ApplicationController
include Devise::Controllers::InternalHelpers
# GET /resource/confirmation/new
def new
@@ -12,7 +12,7 @@ class ConfirmationsController < ApplicationController
self.resource = resource_class.send_confirmation_instructions(params[resource_name])
if resource.errors.empty?
set_flash_message :success, :send_instructions
set_flash_message :notice, :send_instructions
redirect_to new_session_path(resource_name)
else
render_with_scope :new
@@ -24,7 +24,7 @@ class ConfirmationsController < ApplicationController
self.resource = resource_class.confirm!(:confirmation_token => params[:confirmation_token])
if resource.errors.empty?
set_flash_message :success, :confirmed
set_flash_message :notice, :confirmed
sign_in_and_redirect(resource_name, resource)
else
render_with_scope :new

8
app/controllers/passwords_controller.rb → app/controllers/devise/passwords_controller.rb
View File

@@ -1,5 +1,5 @@
class PasswordsController < ApplicationController
include Devise::Controllers::Helpers
class Devise::PasswordsController < ApplicationController
include Devise::Controllers::InternalHelpers
before_filter :require_no_authentication
@@ -14,7 +14,7 @@ class PasswordsController < ApplicationController
self.resource = resource_class.send_reset_password_instructions(params[resource_name])
if resource.errors.empty?
set_flash_message :success, :send_instructions
set_flash_message :notice, :send_instructions
redirect_to new_session_path(resource_name)
else
render_with_scope :new
@@ -33,7 +33,7 @@ class PasswordsController < ApplicationController
self.resource = resource_class.reset_password!(params[resource_name])
if resource.errors.empty?
set_flash_message :success, :updated
set_flash_message :notice, :updated
sign_in_and_redirect(resource_name, resource)
else
render_with_scope :edit

57
app/controllers/devise/registrations_controller.rb Normal file
View File

@@ -0,0 +1,57 @@
class Devise::RegistrationsController < ApplicationController
include Devise::Controllers::InternalHelpers
before_filter :require_no_authentication, :only => [ :new, :create ]
before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
# GET /resource/sign_in
def new
build_resource
render_with_scope :new
end
# POST /resource/sign_up
def create
build_resource
if resource.save
flash[:"#{resource_name}_signed_up"] = true
set_flash_message :notice, :signed_up
sign_in_and_redirect(resource_name, resource)
else
render_with_scope :new
end
end
# GET /resource/edit
def edit
render_with_scope :edit
end
# PUT /resource
def update
if self.resource.update_with_password(params[resource_name])
set_flash_message :notice, :updated
redirect_to after_sign_in_path_for(self.resource)
else
build_resource
send(:"current_#{resource_name}").reload
render_with_scope :edit
end
end
# DELETE /resource
def destroy
self.resource.destroy
set_flash_message :notice, :destroyed
sign_out_and_redirect(self.resource)
end
protected
# Authenticates the current scope and dup the resource
def authenticate_scope!
send(:"authenticate_#{resource_name}!")
self.resource = send(:"current_#{resource_name}")
end
end

45
app/controllers/devise/sessions_controller.rb Normal file
View File

@@ -0,0 +1,45 @@
class Devise::SessionsController < ApplicationController
include Devise::Controllers::InternalHelpers
before_filter :require_no_authentication, :only => [ :new, :create ]
# GET /resource/sign_in
def new
unless resource_just_signed_up?
Devise::FLASH_MESSAGES.each do |message|
set_now_flash_message :alert, message if params.try(:[], message) == "true"
end
end
build_resource
render_with_scope :new
end
# POST /resource/sign_in
def create
if resource = authenticate(resource_name)
set_flash_message :notice, :signed_in
sign_in_and_redirect(resource_name, resource, true)
else
set_now_flash_message :alert, (warden.message || :invalid)
clean_up_passwords(build_resource)
render_with_scope :new
end
end
# GET /resource/sign_out
def destroy
set_flash_message :notice, :signed_out if signed_in?(resource_name)
sign_out_and_redirect(resource_name)
end
protected
def resource_just_signed_up?
flash[:"#{resource_name}_signed_up"]
end
def clean_up_passwords(object)
object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
end
end

33
app/controllers/devise/unlocks_controller.rb Normal file
View File

@@ -0,0 +1,33 @@
class Devise::UnlocksController < ApplicationController
include Devise::Controllers::InternalHelpers
# GET /resource/unlock/new
def new
build_resource
render_with_scope :new
end
# POST /resource/unlock
def create
self.resource = resource_class.send_unlock_instructions(params[resource_name])
if resource.errors.empty?
set_flash_message :notice, :send_instructions
redirect_to new_session_path(resource_name)
else
render_with_scope :new
end
end
# GET /resource/unlock?unlock_token=abcdef
def show
self.resource = resource_class.unlock!(:unlock_token => params[:unlock_token])
if resource.errors.empty?
set_flash_message :notice, :unlocked
sign_in_and_redirect(resource_name, resource)
else
render_with_scope :new
end
end
end

33
app/controllers/sessions_controller.rb
View File

@@ -1,33 +0,0 @@
class SessionsController < ApplicationController
include Devise::Controllers::Helpers
before_filter :require_no_authentication, :only => [ :new, :create ]
# GET /resource/sign_in
def new
Devise::FLASH_MESSAGES.each do |message|
set_now_flash_message :failure, message if params.try(:[], message) == "true"
end
build_resource
render_with_scope :new
end
# POST /resource/sign_in
def create
if authenticate(resource_name)
set_flash_message :success, :signed_in
sign_in_and_redirect(resource_name)
else
set_now_flash_message :failure, warden.message || :invalid
build_resource
render_with_scope :new
end
end
# GET /resource/sign_out
def destroy
set_flash_message :success, :signed_out if signed_in?(resource_name)
sign_out_and_redirect(resource_name)
end
end

55
app/models/devise/mailer.rb Normal file
View File

@@ -0,0 +1,55 @@
class Devise::Mailer < ::ActionMailer::Base
include Devise::Controllers::ScopedViews
attr_reader :devise_mapping, :resource
def confirmation_instructions(record)
setup_mail(record, :confirmation_instructions)
end
def reset_password_instructions(record)
setup_mail(record, :reset_password_instructions)
end
def unlock_instructions(record)
setup_mail(record, :unlock_instructions)
end
private
# Configure default email options
def setup_mail(record, action)
@devise_mapping = Devise::Mapping.find_by_class(record.class)
raise "Invalid devise resource #{record}" unless @devise_mapping
@resource = instance_variable_set("@#{@devise_mapping.name}", record)
mail(:subject => translate(@devise_mapping, action),
:from => mailer_sender(@devise_mapping), :to => record.email) do |format|
format.html { render_with_scope(action, :controller => "mailer") }
end
end
def mailer_sender(mapping)
if Devise.mailer_sender.is_a?(Proc)
block_args = mapping.name if Devise.mailer_sender.arity > 0
Devise.mailer_sender.call(block_args)
else
Devise.mailer_sender
end
end
# Setup subject namespaced by model. It means you're able to setup your
# messages using specific resource scope, or provide a default one.
# Example (i18n locale file):
#
# en:
# devise:
# mailer:
# confirmation_instructions: '...'
# user:
# confirmation_instructions: '...'
def translate(mapping, key)
I18n.t(:"#{mapping.name}.#{key}", :scope => [:devise, :mailer], :default => key)
end
end

62
app/models/devise_mailer.rb
View File

@@ -1,62 +0,0 @@
class DeviseMailer < ::ActionMailer::Base
# Deliver confirmation instructions when the user is created or its email is
# updated, and also when confirmation is manually requested
def confirmation_instructions(record)
setup_mail(record, :confirmation_instructions)
end
# Deliver reset password instructions when manually requested
def reset_password_instructions(record)
setup_mail(record, :reset_password_instructions)
end
private
# Configure default email options
def setup_mail(record, key)
mapping = Devise::Mapping.find_by_class(record.class)
raise "Invalid devise resource #{record}" unless mapping
subject translate(mapping, key)
from mailer_sender(mapping)
recipients record.email
sent_on Time.now
content_type 'text/html'
body render_with_scope(key, mapping, mapping.name => record, :resource => record)
end
def render_with_scope(key, mapping, assigns)
if Devise.scoped_views
begin
render :file => "devise_mailer/#{mapping.as}/#{key}", :body => assigns
rescue ActionView::MissingTemplate
render :file => "devise_mailer/#{key}", :body => assigns
end
else
render :file => "devise_mailer/#{key}", :body => assigns
end
end
def mailer_sender(mapping)
if Devise.mailer_sender.is_a?(Proc)
Devise.mailer_sender.call(mapping.name)
else
Devise.mailer_sender
end
end
# Setup subject namespaced by model. It means you're able to setup your
# messages using specific resource scope, or provide a default one.
# Example (i18n locale file):
#
# en:
# devise:
# mailer:
# confirmation_instructions: '...'
# user:
# confirmation_instructions: '...'
def translate(mapping, key)
I18n.t(:"#{mapping.name}.#{key}", :scope => [:devise, :mailer], :default => key)
end
end

6
app/views/confirmations/new.html.erb → app/views/devise/confirmations/new.html.erb
View File

@@ -9,8 +9,4 @@
<p><%= f.submit "Resend confirmation instructions" %></p>
<% end %>
<%= link_to "Sign in", new_session_path(resource_name) %><br />
<%- if devise_mapping.recoverable? %>
<%= link_to "Forgot password?", new_password_path(resource_name) %><br />
<% end -%>
<%= render :partial => "devise/shared/links" %>

0
app/views/devise_mailer/confirmation_instructions.html.erb → app/views/devise/mailer/confirmation_instructions.html.erb
View File

0
app/views/devise_mailer/reset_password_instructions.html.erb → app/views/devise/mailer/reset_password_instructions.html.erb
View File

7
app/views/devise/mailer/unlock_instructions.html.erb Normal file
View File

@@ -0,0 +1,7 @@
Hello <%= @resource.email %>!
Your account has been locked due to an excessive amount of unsuccessful sign in attempts.
Click the link below to unlock your account:
<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %>

6
app/views/passwords/edit.html.erb → app/views/devise/passwords/edit.html.erb
View File

@@ -13,8 +13,4 @@
<p><%= f.submit "Change my password" %></p>
<% end %>
<%= link_to "Sign in", new_session_path(resource_name) %><br />
<%- if devise_mapping.confirmable? %>
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
<% end -%>
<%= render :partial => "devise/shared/links" %>

6
app/views/passwords/new.html.erb → app/views/devise/passwords/new.html.erb
View File

@@ -9,8 +9,4 @@
<p><%= f.submit "Send me reset password instructions" %></p>
<% end %>
<%= link_to "Sign in", new_session_path(resource_name) %><br />
<%- if devise_mapping.confirmable? %>
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
<% end -%>
<%= render :partial => "devise/shared/links" %>

25
app/views/devise/registrations/edit.html.erb Normal file
View File

@@ -0,0 +1,25 @@
<h2>Edit <%= resource_name.to_s.humanize %></h2>
<% form_for resource_name, resource, :url => registration_path(resource_name), :html => { :method => :put } do |f| -%>
<%= f.error_messages %>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.label :password %> <i>(leave blank if you don't want to change it)</i></p>
<p><%= f.password_field :password %></p>
<p><%= f.label :password_confirmation %></p>
<p><%= f.password_field :password_confirmation %></p>
<p><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i></p>
<p><%= f.password_field :current_password %></p>
<p><%= f.submit "Update" %></p>
<% end -%>
<h3>Cancel my account</h3>
<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>
<%= link_to "Back", :back %>

17
app/views/devise/registrations/new.html.erb Normal file
View File

@@ -0,0 +1,17 @@
<h2>Sign up</h2>
<% form_for resource_name, resource, :url => registration_path(resource_name) do |f| -%>
<%= f.error_messages %>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.label :password %></p>
<p><%= f.password_field :password %></p>
<p><%= f.label :password_confirmation %></p>
<p><%= f.password_field :password_confirmation %></p>
<p><%= f.submit "Sign up" %></p>
<% end -%>
<%= render :partial => "devise/shared/links" %>

17
app/views/devise/sessions/new.html.erb Normal file
View File

@@ -0,0 +1,17 @@
<h2>Sign in</h2>
<% form_for resource_name, resource, :url => session_path(resource_name) do |f| -%>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.label :password %></p>
<p><%= f.password_field :password %></p>
<% if devise_mapping.rememberable? -%>
<p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
<% end -%>
<p><%= f.submit "Sign in" %></p>
<% end -%>
<%= render :partial => "devise/shared/links" %>

19
app/views/devise/shared/_links.erb Normal file
View File

@@ -0,0 +1,19 @@
<%- if controller_name != 'sessions' %>
<%= link_to t('devise.sessions.link'), new_session_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
<%= link_to t('devise.registrations.link'), new_registration_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
<%= link_to t('devise.passwords.link'), new_password_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
<%= link_to t('devise.confirmations.link'), new_confirmation_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.lockable? && controller_name != 'unlocks' %>
<%= link_to t('devise.unlocks.link'), new_unlock_path(resource_name) %><br />
<% end -%>

12
app/views/devise/unlocks/new.html.erb Normal file
View File

@@ -0,0 +1,12 @@
<h2>Resend unlock instructions</h2>
<% form_for resource_name, resource, :url => unlock_path(resource_name) do |f| %>
<%= f.error_messages %>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.submit "Resend unlock instructions" %></p>
<% end %>
<%= render :partial => "devise/shared/links" %>

25
app/views/sessions/new.html.erb
View File

@@ -1,25 +0,0 @@
<h2>Sign in</h2>
<%- if devise_mapping.authenticatable? %>
<% form_for resource_name, resource, :url => session_path(resource_name) do |f| -%>
<p><%= f.label :email %></p>
<p><%= f.text_field :email %></p>
<p><%= f.label :password %></p>
<p><%= f.password_field :password %></p>
<% if devise_mapping.rememberable? -%>
<p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
<% end -%>
<p><%= f.submit "Sign in" %></p>
<% end -%>
<% end%>
<%- if devise_mapping.recoverable? %>
<%= link_to "Forgot password?", new_password_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.confirmable? %>
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
<% end -%>

22
lib/devise/locales/en.yml → config/locales/en.yml
View File

@@ -1,21 +1,41 @@
en:
errors:
messages:
not_found: "not found"
already_confirmed: "was already confirmed"
not_locked: "was not locked"
devise:
sessions:
link: 'Sign in'
signed_in: 'Signed in successfully.'
signed_out: 'Signed out successfully.'
unauthenticated: 'You need to sign in or sign up before continuing.'
unconfirmed: 'You have to confirm your account before continuing.'
locked: 'Your account is locked.'
invalid: 'Invalid email or password.'
invalid_token: 'Invalid authentication token.'
timeout: 'Your session expired, please sign in again to continue.'
inactive: 'Your account was not activated yet.'
passwords:
link: 'Forgot password?'
send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
updated: 'Your password was changed successfully. You are now signed in.'
confirmations:
link: "Didn't receive confirmation instructions?"
send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
confirmed: 'Your account was successfully confirmed. You are now signed in.'
registrations:
link: 'Sign up'
signed_up: 'You have signed up successfully.'
updated: 'You updated your account successfully.'
destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
unlocks:
link: "Didn't receive unlock instructions?"
send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
unlocked: 'Your account was successfully unlocked. You are now signed in.'
mailer:
confirmation_instructions: 'Confirmation instructions'
reset_password_instructions: 'Reset password instructions'
unlock_instructions: 'Unlock Instructions'

182
devise.gemspec Normal file
View File

@@ -0,0 +1,182 @@
# Generated by jeweler
# DO NOT EDIT THIS FILE DIRECTLY
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
# -*- encoding: utf-8 -*-
Gem::Specification.new do |s|
s.name = %q{devise}
s.version = "1.1.pre"
s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
s.authors = ["Jos\303\251 Valim", "Carlos Ant\303\264nio"]
s.date = %q{2010-02-17}
s.description = %q{Flexible authentication solution for Rails with Warden}
s.email = %q{contact@plataformatec.com.br}
s.extra_rdoc_files = [
"CHANGELOG.rdoc",
"MIT-LICENSE",
"README.rdoc",
"TODO"
]
s.files = [
"CHANGELOG.rdoc",
"Gemfile",
"MIT-LICENSE",
"README.rdoc",
"Rakefile",
"TODO",
"app/controllers/devise/confirmations_controller.rb",
"app/controllers/devise/passwords_controller.rb",
"app/controllers/devise/registrations_controller.rb",
"app/controllers/devise/sessions_controller.rb",
"app/controllers/devise/unlocks_controller.rb",
"app/models/devise/mailer.rb",
"app/views/devise/confirmations/new.html.erb",
"app/views/devise/mailer/confirmation_instructions.html.erb",
"app/views/devise/mailer/reset_password_instructions.html.erb",
"app/views/devise/mailer/unlock_instructions.html.erb",
"app/views/devise/passwords/edit.html.erb",
"app/views/devise/passwords/new.html.erb",
"app/views/devise/registrations/edit.html.erb",
"app/views/devise/registrations/new.html.erb",
"app/views/devise/sessions/new.html.erb",
"app/views/devise/shared/_links.erb",
"app/views/devise/unlocks/new.html.erb",
"config/locales/en.yml",
"lib/devise.rb",
"lib/devise/controllers/helpers.rb",
"lib/devise/controllers/internal_helpers.rb",
"lib/devise/controllers/scoped_views.rb",
"lib/devise/controllers/url_helpers.rb",
"lib/devise/encryptors/authlogic_sha512.rb",
"lib/devise/encryptors/base.rb",
"lib/devise/encryptors/bcrypt.rb",
"lib/devise/encryptors/clearance_sha1.rb",
"lib/devise/encryptors/restful_authentication_sha1.rb",
"lib/devise/encryptors/sha1.rb",
"lib/devise/encryptors/sha512.rb",
"lib/devise/failure_app.rb",
"lib/devise/hooks/activatable.rb",
"lib/devise/hooks/rememberable.rb",
"lib/devise/hooks/timeoutable.rb",
"lib/devise/hooks/trackable.rb",
"lib/devise/mapping.rb",
"lib/devise/models.rb",
"lib/devise/models/activatable.rb",
"lib/devise/models/authenticatable.rb",
"lib/devise/models/confirmable.rb",
"lib/devise/models/http_authenticatable.rb",
"lib/devise/models/lockable.rb",
"lib/devise/models/recoverable.rb",
"lib/devise/models/registerable.rb",
"lib/devise/models/rememberable.rb",
"lib/devise/models/timeoutable.rb",
"lib/devise/models/token_authenticatable.rb",
"lib/devise/models/trackable.rb",
"lib/devise/models/validatable.rb",
"lib/devise/orm/active_record.rb",
"lib/devise/orm/data_mapper.rb",
"lib/devise/orm/mongo_mapper.rb",
"lib/devise/rails.rb",
"lib/devise/rails/routes.rb",
"lib/devise/rails/warden_compat.rb",
"lib/devise/schema.rb",
"lib/devise/strategies/authenticatable.rb",
"lib/devise/strategies/base.rb",
"lib/devise/strategies/http_authenticatable.rb",
"lib/devise/strategies/rememberable.rb",
"lib/devise/strategies/token_authenticatable.rb",
"lib/devise/test_helpers.rb",
"lib/devise/version.rb",
"lib/generators/devise/devise_generator.rb",
"lib/generators/devise/templates/migration.rb",
"lib/generators/devise_install/devise_install_generator.rb",
"lib/generators/devise_install/templates/README",
"lib/generators/devise_install/templates/devise.rb",
"lib/generators/devise_views/devise_views_generator.rb"
]
s.homepage = %q{http://github.com/plataformatec/devise}
s.rdoc_options = ["--charset=UTF-8"]
s.require_paths = ["lib"]
s.rubygems_version = %q{1.3.5}
s.summary = %q{Flexible authentication solution for Rails with Warden}
s.test_files = [
"test/controllers/helpers_test.rb",
"test/controllers/internal_helpers_test.rb",
"test/controllers/url_helpers_test.rb",
"test/devise_test.rb",
"test/encryptors_test.rb",
"test/failure_app_test.rb",
"test/integration/authenticatable_test.rb",
"test/integration/confirmable_test.rb",
"test/integration/http_authenticatable_test.rb",
"test/integration/lockable_test.rb",
"test/integration/recoverable_test.rb",
"test/integration/registerable_test.rb",
"test/integration/rememberable_test.rb",
"test/integration/timeoutable_test.rb",
"test/integration/token_authenticatable_test.rb",
"test/integration/trackable_test.rb",
"test/mailers/confirmation_instructions_test.rb",
"test/mailers/reset_password_instructions_test.rb",
"test/mailers/unlock_instructions_test.rb",
"test/mapping_test.rb",
"test/models/authenticatable_test.rb",
"test/models/confirmable_test.rb",
"test/models/http_authenticatable_test.rb",
"test/models/lockable_test.rb",
"test/models/recoverable_test.rb",
"test/models/rememberable_test.rb",
"test/models/timeoutable_test.rb",
"test/models/token_authenticatable_test.rb",
"test/models/trackable_test.rb",
"test/models/validatable_test.rb",
"test/models_test.rb",
"test/orm/active_record.rb",
"test/orm/mongo_mapper.rb",
"test/rails_app/app/active_record/admin.rb",
"test/rails_app/app/active_record/user.rb",
"test/rails_app/app/controllers/admins_controller.rb",
"test/rails_app/app/controllers/application_controller.rb",
"test/rails_app/app/controllers/home_controller.rb",
"test/rails_app/app/controllers/sessions_controller.rb",
"test/rails_app/app/controllers/users_controller.rb",
"test/rails_app/app/helpers/application_helper.rb",
"test/rails_app/app/mongo_mapper/admin.rb",
"test/rails_app/app/mongo_mapper/user.rb",
"test/rails_app/config/application.rb",
"test/rails_app/config/boot.rb",
"test/rails_app/config/environment.rb",
"test/rails_app/config/environments/development.rb",
"test/rails_app/config/environments/production.rb",
"test/rails_app/config/environments/test.rb",
"test/rails_app/config/initializers/backtrace_silencers.rb",
"test/rails_app/config/initializers/cookie_verification_secret.rb",
"test/rails_app/config/initializers/devise.rb",
"test/rails_app/config/initializers/inflections.rb",
"test/rails_app/config/initializers/session_store.rb",
"test/rails_app/config/routes.rb",
"test/routes_test.rb",
"test/support/assertions.rb",
"test/support/helpers.rb",
"test/support/integration.rb",
"test/support/test_silencer.rb",
"test/support/webrat/integrations/rails.rb",
"test/test_helper.rb",
"test/test_helpers_test.rb"
]
if s.respond_to? :specification_version then
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
s.specification_version = 3
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
s.add_runtime_dependency(%q<warden>, ["~> 0.9.3"])
else
s.add_dependency(%q<warden>, ["~> 0.9.3"])
end
else
s.add_dependency(%q<warden>, ["~> 0.9.3"])
end
end

5
generators/devise/USAGE
View File

@@ -1,5 +0,0 @@
To create a devise resource user:
script/generate devise User
This will generate a model named User, a route map for devise called :users, and a migration file for table :users with all devise modules.

15
generators/devise/devise_generator.rb
View File

@@ -1,15 +0,0 @@
require File.expand_path(File.dirname(__FILE__) + "/lib/route_devise.rb")
class DeviseGenerator < Rails::Generator::NamedBase
def manifest
record do |m|
m.directory(File.join('app', 'models', class_path))
m.template 'model.rb', File.join('app', 'models', "#{file_path}.rb")
m.migration_template 'migration.rb', 'db/migrate', :migration_file_name => "devise_create_#{table_name}"
m.route_devise table_name
end
end
end

32
generators/devise/lib/route_devise.rb
View File

@@ -1,32 +0,0 @@
module Rails
module Generator
module Commands
class Create < Base
# Create devise route. Based on route_resources
def route_devise(*resources)
resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
sentinel = 'ActionController::Routing::Routes.draw do |map|'
logger.route "map.devise_for #{resource_list}"
unless options[:pretend]
gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
"#{match}\n map.devise_for #{resource_list}\n"
end
end
end
end
class Destroy < RewindBase
# Destroy devise route. Based on route_resources
def route_devise(*resources)
resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
look_for = "\n map.devise_for #{resource_list}\n"
logger.route "map.devise_for #{resource_list}"
gsub_file 'config/routes.rb', /(#{look_for})/mi, ''
end
end
end
end
end

5
generators/devise/templates/model.rb
View File

@@ -1,5 +0,0 @@
class <%= class_name %> < ActiveRecord::Base
devise :all
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation
end

3
generators/devise_install/USAGE
View File

@@ -1,3 +0,0 @@
To copy a Devise initializer to your Rails App, with some configuration values, just do:
script/generate devise_install

15
generators/devise_install/devise_install_generator.rb
View File

@@ -1,15 +0,0 @@
class DeviseInstallGenerator < Rails::Generator::Base
def manifest
record do |m|
m.directory "config/initializers"
m.template "devise.rb", "config/initializers/devise.rb"
m.directory "config/locales"
m.file "../../../lib/devise/locales/en.yml", "config/locales/devise.en.yml"
m.readme "README"
end
end
end

3
generators/devise_views/USAGE
View File

@@ -1,3 +0,0 @@
To copy all session, password, confirmation and mailer views from devise to your app just run the following command:
script/generate devise_views

21
generators/devise_views/devise_views_generator.rb
View File

@@ -1,21 +0,0 @@
class DeviseViewsGenerator < Rails::Generator::Base
def initialize(*args)
super
@source_root = options[:source] || File.join(spec.path, '..', '..')
end
def manifest
record do |m|
m.directory "app/views"
Dir[File.join(@source_root, "app", "views", "**/*.erb")].each do |file|
file = file.gsub(@source_root, "")[1..-1]
m.directory File.dirname(file)
m.file file, file
end
end
end
end

2
init.rb
View File

@@ -1,2 +0,0 @@
# We need to load devise here to ensure routes extensions are loaded.
require 'devise'

116
lib/devise.rb
View File

@@ -1,12 +1,12 @@
module Devise
autoload :FailureApp, 'devise/failure_app'
autoload :Mapping, 'devise/mapping'
autoload :Schema, 'devise/schema'
autoload :TestHelpers, 'devise/test_helpers'
module Controllers
autoload :Filters, 'devise/controllers/filters'
autoload :Helpers, 'devise/controllers/helpers'
autoload :InternalHelpers, 'devise/controllers/internal_helpers'
autoload :ScopedViews, 'devise/controllers/scoped_views'
autoload :UrlHelpers, 'devise/controllers/url_helpers'
end
@@ -14,7 +14,7 @@ module Devise
autoload :Base, 'devise/encryptors/base'
autoload :Bcrypt, 'devise/encryptors/bcrypt'
autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
autoload :AuthlogicSha1, 'devise/encryptors/authlogic_sha1'
autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1'
autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
autoload :Sha512, 'devise/encryptors/sha512'
autoload :Sha1, 'devise/encryptors/sha1'
@@ -26,22 +26,38 @@ module Devise
autoload :MongoMapper, 'devise/orm/mongo_mapper'
end
ALL = [:authenticatable, :activatable, :confirmable, :recoverable, :rememberable,
:timeoutable, :trackable, :validatable]
ALL = []
# Maps controller names to devise modules
# Authentication ones first
ALL.push :authenticatable, :http_authenticatable, :token_authenticatable, :rememberable
# Misc after
ALL.push :recoverable, :registerable, :validatable
# The ones which can sign out after
ALL.push :activatable, :confirmable, :lockable, :timeoutable
# Stats for last, so we make sure the user is really signed in
ALL.push :trackable
# Maps controller names to devise modules.
CONTROLLERS = {
:sessions => [:authenticatable],
:sessions => [:authenticatable, :token_authenticatable],
:passwords => [:recoverable],
:confirmations => [:confirmable]
:confirmations => [:confirmable],
:registrations => [:registerable],
:unlocks => [:lockable]
}
STRATEGIES = [:authenticatable]
SERIALIZERS = [:session, :cookie]
# Routes for generating url helpers.
ROUTES = [:session, :password, :confirmation, :registration, :unlock]
STRATEGIES = [:rememberable, :http_authenticatable, :token_authenticatable, :authenticatable]
TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
# Maps the messages types that are used in flash message.
FLASH_MESSAGES = [ :unauthenticated, :unconfirmed, :invalid, :timeout, :inactive ]
FLASH_MESSAGES = [:unauthenticated, :unconfirmed, :invalid, :invalid_token, :timeout, :inactive, :locked]
# Declare encryptors length which are used in migrations.
ENCRYPTORS_LENGTH = {
@@ -53,8 +69,8 @@ module Devise
:bcrypt => 60
}
# Email regex used to validate email formats. Retrieved from authlogic.
EMAIL_REGEX = /\A[\w\.%\+\-]+@(?:[A-Z0-9\-]+\.)+(?:[A-Z]{2,4}|museum|travel)\z/i
# Email regex used to validate email formats. Adapted from authlogic.
EMAIL_REGEX = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
# Used to encrypt password. Please generate one with rake secret.
mattr_accessor :pepper
@@ -86,15 +102,15 @@ module Devise
# Store scopes mappings.
mattr_accessor :mappings
@@mappings = {}
@@mappings = ActiveSupport::OrderedHash.new
# Stores the chosen ORM.
mattr_accessor :orm
@@orm = :active_record
# Configure default options used in :all.
# TODO Remove
mattr_accessor :all
@@all = Devise::ALL.dup
@@all = []
# Tells if devise should apply the schema in ORMs where devise declaration
# and schema belongs to the same class (as Datamapper and MongoMapper).
@@ -106,9 +122,22 @@ module Devise
mattr_accessor :scoped_views
@@scoped_views = false
# Number of authentication tries before locking an account
mattr_accessor :maximum_attempts
@@maximum_attempts = 20
# Defines which strategy can be used to unlock an account.
# Values: :email, :time, :both
mattr_accessor :unlock_strategy
@@unlock_strategy = :both
# Time interval to unlock the account if :time is defined as unlock_strategy.
mattr_accessor :unlock_in
@@unlock_in = 1.hour
# Tell when to use the default scope, if one cannot be found from routes.
mattr_accessor :use_default_scope
@@use_default_scope
@@use_default_scope = false
# The default scope which is used by warden.
mattr_accessor :default_scope
@@ -116,7 +145,15 @@ module Devise
# Address which sends Devise e-mails.
mattr_accessor :mailer_sender
@@mailer_sender
@@mailer_sender = nil
# Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
mattr_accessor :token_authentication_key
@@token_authentication_key = :auth_token
# The realm used in Http Basic Authentication
mattr_accessor :http_authentication_realm
@@http_authentication_realm = "Application"
class << self
# Default way to setup Devise. Run script/generate devise_install to create
@@ -149,10 +186,8 @@ module Devise
# block.
def configure_warden(config) #:nodoc:
config.default_strategies *Devise::STRATEGIES
config.default_serializers *Devise::SERIALIZERS
config.failure_app = Devise::FailureApp
config.silence_missing_strategies!
config.silence_missing_serializers!
config.default_scope = Devise.default_scope
# If the user provided a warden hook, call it now.
@@ -168,6 +203,42 @@ module Devise
def friendly_token
ActiveSupport::SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
end
# Make Devise aware of an 3rd party Devise-module. For convenience.
#
# == Options:
#
# +strategy+ - Boolean value representing if this module got a custom *strategy*.
# Default is +false+. Note: Devise will auto-detect this in such case if this is true.
# +model+ - String representing a load path to a custom *model* for this module (to autoload).
# Default is +nil+ (i.e. +false+).
# +controller+ - Symbol representing a name of an exisiting or custom *controller* for this module.
# Default is +nil+ (i.e. +false+).
#
# == Examples:
#
# Devise.add_module(:party_module)
# Devise.add_module(:party_module, :strategy => true, :controller => :sessions)
# Devise.add_module(:party_module, :model => 'party_module/model')
#
def add_module(module_name, options = {})
Devise::ALL.unshift module_name unless Devise::ALL.include?(module_name)
Devise::STRATEGIES.unshift module_name if options[:strategy] && !Devise::STRATEGIES.include?(module_name)
if options[:controller]
controller = options[:controller].to_sym
Devise::CONTROLLERS[controller] ||= []
Devise::CONTROLLERS[controller].unshift module_name unless Devise::CONTROLLERS[controller].include?(module_name)
end
if options[:model]
Devise::Models.module_eval do
autoload :"#{module_name.to_s.classify}", options[:model]
end
end
Devise::Mapping.register module_name
end
end
end
@@ -178,8 +249,5 @@ rescue
require 'warden'
end
# Clear some Warden default configuration which will be overwritten
Warden::Strategies.clear!
Warden::Serializers.clear!
require 'devise/mapping'
require 'devise/rails'

186
lib/devise/controllers/filters.rb
View File

@@ -1,186 +0,0 @@
module Devise
module Controllers
# Those filters are convenience methods added to ApplicationController to
# deal with Warden.
module Filters
def self.included(base)
base.class_eval do
helper_method :warden, :signed_in?, :devise_controller?,
*Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
# Use devise default_url_options. We have to declare it here to overwrite
# default definitions.
def default_url_options(options=nil)
Devise::Mapping.default_url_options
end
end
end
# The main accessor for the warden proxy instance
def warden
request.env['warden']
end
# Return true if it's a devise_controller. false to all controllers unless
# the controllers defined inside devise. Useful if you want to apply a before
# filter to all controller, except the ones in devise:
#
# before_filter :my_filter, :unless => { |c| c.devise_controller? }
def devise_controller?
false
end
# Attempts to authenticate the given scope by running authentication hooks,
# but does not redirect in case of failures.
def authenticate(scope)
warden.authenticate(:scope => scope)
end
# Attempts to authenticate the given scope by running authentication hooks,
# redirecting in case of failures.
def authenticate!(scope)
warden.authenticate!(:scope => scope)
end
# Check if the given scope is signed in session, without running
# authentication hooks.
def signed_in?(scope)
warden.authenticated?(scope)
end
# Sign in an user that already was authenticated. This helper is useful for logging
# users in after sign up.
#
# Examples:
#
# sign_in :user, @user # sign_in(scope, resource)
# sign_in @user # sign_in(resource)
#
def sign_in(resource_or_scope, resource=nil)
scope ||= Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
warden.set_user(resource, :scope => scope)
end
# Sign out a given user or scope. This helper is useful for signing out an user
# after deleting accounts.
#
# Examples:
#
# sign_out :user # sign_out(scope)
# sign_out @user # sign_out(resource)
#
def sign_out(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
warden.user(scope) # Without loading user here, before_logout hook is not called
warden.raw_session.inspect # Without this inspect here. The session does not clear.
warden.logout(scope)
end
# Returns and delete the url stored in the session for the given scope. Useful
# for giving redirect backs after sign up:
#
# Example:
#
# redirect_to stored_location_for(:user) || root_path
#
def stored_location_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
session.delete(:"#{scope}.return_to")
end
# The default url to be used after signing in. This is used by all Devise
# controllers and you can overwrite it in your ApplicationController to
# provide a custom hook for a custom resource.
#
# By default, it first tries to find a resource_root_path, otherwise it
# uses the root path. For a user scope, you can define the default url in
# the following way:
#
# map.user_root '/users', :controller => 'users' # creates user_root_path
#
# map.resources :users do |users|
# users.root # creates user_root_path
# end
#
# If none of these are defined, root_path is used.
def after_sign_in_path_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
home_path = :"#{scope}_root_path"
respond_to?(home_path, true) ? send(home_path) : root_path
end
# The default to be used after signing out. This is used by all Devise
# controllers and you can overwrite it in your ApplicationController to
# provide a custom hook for a custom resource.
#
# By default is the root_path.
def after_sign_out_path_for(resource_or_scope)
root_path
end
# Sign in an user and tries to redirect first to the stored location and
# then to the url specified by after_sign_in_path_for.
#
# If just a symbol is given, consider that the user was already signed in
# through other means and just perform the redirection.
def sign_in_and_redirect(*args)
sign_in(*args) unless args.size == 1 && args.first.is_a?(Symbol)
redirect_to stored_location_for(args.first) || after_sign_in_path_for(args.first)
end
# Sign out an user and tries to redirect to the url specified by
# after_sign_out_path_for.
def sign_out_and_redirect(resource_or_scope)
sign_out(resource_or_scope)
redirect_to after_sign_out_path_for(resource_or_scope)
end
# Define authentication filters and accessor helpers based on mappings.
# These filters should be used inside the controllers as before_filters,
# so you can control the scope of the user who should be signed in to
# access that specific controller/action.
# Example:
#
# Maps:
# User => :authenticatable
# Admin => :authenticatable
#
# Generated methods:
# authenticate_user! # Signs user in or redirect
# authenticate_admin! # Signs admin in or redirect
# user_signed_in? # Checks whether there is an user signed in or not
# admin_signed_in? # Checks whether there is an admin signed in or not
# current_user # Current signed in user
# current_admin # Currend signed in admin
# user_session # Session data available only to the user scope
# admin_session # Session data available only to the admin scope
#
# Use:
# before_filter :authenticate_user! # Tell devise to use :user map
# before_filter :authenticate_admin! # Tell devise to use :admin map
#
Devise.mappings.each_key do |mapping|
class_eval <<-METHODS, __FILE__, __LINE__
def authenticate_#{mapping}!
warden.authenticate!(:scope => :#{mapping})
end
def #{mapping}_signed_in?
warden.authenticated?(:#{mapping})
end
def current_#{mapping}
@current_#{mapping} ||= warden.user(:#{mapping})
end
def #{mapping}_session
warden.session(:#{mapping})
end
METHODS
end
end
end
end

253
lib/devise/controllers/helpers.rb
View File

@@ -1,118 +1,197 @@
module Devise
module Controllers
# Those helpers are used only inside Devise controllers and should not be
# included in ApplicationController since they all depend on the url being
# accessed.
# Those helpers are convenience methods added to ApplicationController.
module Helpers
extend ActiveSupport::Concern
def self.included(base)
base.class_eval do
unloadable
included do
helper_method :warden, :signed_in?, :devise_controller?,
*Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
helper_method :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
hide_action :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
before_filter :is_devise_resource?
# Use devise default_url_options. We have to declare it here to overwrite
# default definitions.
def default_url_options(options=nil)
Devise::Mapping.default_url_options
end
end
# Gets the actual resource stored in the instance variable
def resource
instance_variable_get(:"@#{resource_name}")
# The main accessor for the warden proxy instance
def warden
request.env['warden']
end
# Proxy to devise map name
def resource_name
devise_mapping.name
end
alias :scope_name :resource_name
# Proxy to devise map class
def resource_class
devise_mapping.to
end
# Attempt to find the mapped route for devise based on request path
def devise_mapping
@devise_mapping ||= begin
mapping = Devise::Mapping.find_by_path(request.path)
mapping ||= Devise.mappings[Devise.default_scope] if Devise.use_default_scope
mapping
end
end
# Overwrites devise_controller? to return true
# Return true if it's a devise_controller. false to all controllers unless
# the controllers defined inside devise. Useful if you want to apply a before
# filter to all controller, except the ones in devise:
#
# before_filter :my_filter, :unless => { |c| c.devise_controller? }
def devise_controller?
true
false
end
protected
# Checks whether it's a devise mapped resource or not.
def is_devise_resource? #:nodoc:
raise ActionController::UnknownAction unless devise_mapping && devise_mapping.allows?(controller_name)
# Attempts to authenticate the given scope by running authentication hooks,
# but does not redirect in case of failures.
def authenticate(scope)
warden.authenticate(:scope => scope)
end
# Sets the resource creating an instance variable
def resource=(new_resource)
instance_variable_set(:"@#{resource_name}", new_resource)
# Attempts to authenticate the given scope by running authentication hooks,
# redirecting in case of failures.
def authenticate!(scope)
warden.authenticate!(:scope => scope)
end
# Build a devise resource without setting password and password confirmation fields.
def build_resource
self.resource ||= begin
attributes = params[resource_name].try(:except, :password, :password_confirmation)
resource_class.new(attributes || {})
end
# Check if the given scope is signed in session, without running
# authentication hooks.
def signed_in?(scope)
warden.authenticate?(:scope => scope)
end
# Helper for use in before_filters where no authentication is required.
# Sign in an user that already was authenticated. This helper is useful for logging
# users in after sign up.
#
# Examples:
#
# sign_in :user, @user # sign_in(scope, resource)
# sign_in @user # sign_in(resource)
#
def sign_in(resource_or_scope, resource=nil)
scope = Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
warden.set_user(resource, :scope => scope)
end
# Sign out a given user or scope. This helper is useful for signing out an user
# after deleting accounts.
#
# Examples:
#
# sign_out :user # sign_out(scope)
# sign_out @user # sign_out(resource)
#
def sign_out(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
warden.user(scope) # Without loading user here, before_logout hook is not called
warden.raw_session.inspect # Without this inspect here. The session does not clear.
warden.logout(scope)
end
# Returns and delete the url stored in the session for the given scope. Useful
# for giving redirect backs after sign up:
#
# Example:
# before_filter :require_no_authentication, :only => :new
def require_no_authentication
redirect_to after_sign_in_path_for(resource_name) if warden.authenticated?(resource_name)
end
# Sets the flash message with :key, using I18n. By default you are able
# to setup your messages using specific resource scope, and if no one is
# found we look to default scope.
# Example (i18n locale file):
#
# en:
# devise:
# passwords:
# #default_scope_messages - only if resource_scope is not found
# user:
# #resource_scope_messages
# redirect_to stored_location_for(:user) || root_path
#
# Please refer to README or en.yml locale file to check what messages are
# available.
def set_flash_message(key, kind, now=false)
flash_hash = now ? flash.now : flash
flash_hash[key] = I18n.t(:"#{resource_name}.#{kind}",
:scope => [:devise, controller_name.to_sym], :default => kind)
def stored_location_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
session.delete(:"#{scope}.return_to")
end
# Shortcut to set flash.now message. Same rules applied from set_flash_message
def set_now_flash_message(key, kind)
set_flash_message(key, kind, true)
# The default url to be used after signing in. This is used by all Devise
# controllers and you can overwrite it in your ApplicationController to
# provide a custom hook for a custom resource.
#
# By default, it first tries to find a resource_root_path, otherwise it
# uses the root path. For a user scope, you can define the default url in
# the following way:
#
# map.user_root '/users', :controller => 'users' # creates user_root_path
#
# map.resources :users do |users|
# users.root # creates user_root_path
# end
#
#
# If none of these are defined, root_path is used. However, if this default
# is not enough, you can customize it, for example:
#
# def after_sign_in_path_for(resource)
# if resource.is_a?(User) && resource.can_publish?
# publisher_url
# else
# super
# end
# end
#
def after_sign_in_path_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
home_path = :"#{scope}_root_path"
respond_to?(home_path, true) ? send(home_path) : root_path
end
# Render a view for the specified scope. Turned off by default.
# Accepts just :controller as option.
def render_with_scope(action, options={})
controller_name = options.delete(:controller) || self.controller_name
if Devise.scoped_views
begin
render :template => "#{controller_name}/#{devise_mapping.as}/#{action}"
rescue ActionView::MissingTemplate
render action, :controller => controller_name
# Method used by sessions controller to sign out an user. You can overwrite
# it in your ApplicationController to provide a custom hook for a custom
# scope. Notice that differently from +after_sign_in_path_for+ this method
# receives a symbol with the scope, and not the resource.
#
# By default is the root_path.
def after_sign_out_path_for(resource_or_scope)
root_path
end
# Sign in an user and tries to redirect first to the stored location and
# then to the url specified by after_sign_in_path_for.
#
# If just a symbol is given, consider that the user was already signed in
# through other means and just perform the redirection.
def sign_in_and_redirect(resource_or_scope, resource=nil, skip=false)
scope = Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
sign_in(scope, resource) unless skip
redirect_to stored_location_for(scope) || after_sign_in_path_for(resource)
end
# Sign out an user and tries to redirect to the url specified by
# after_sign_out_path_for.
def sign_out_and_redirect(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
sign_out(scope)
redirect_to after_sign_out_path_for(scope)
end
# Define authentication filters and accessor helpers based on mappings.
# These filters should be used inside the controllers as before_filters,
# so you can control the scope of the user who should be signed in to
# access that specific controller/action.
# Example:
#
# Maps:
# User => :authenticatable
# Admin => :authenticatable
#
# Generated methods:
# authenticate_user! # Signs user in or redirect
# authenticate_admin! # Signs admin in or redirect
# user_signed_in? # Checks whether there is an user signed in or not
# admin_signed_in? # Checks whether there is an admin signed in or not
# current_user # Current signed in user
# current_admin # Currend signed in admin
# user_session # Session data available only to the user scope
# admin_session # Session data available only to the admin scope
#
# Use:
# before_filter :authenticate_user! # Tell devise to use :user map
# before_filter :authenticate_admin! # Tell devise to use :admin map
#
Devise.mappings.each_key do |mapping|
class_eval <<-METHODS, __FILE__, __LINE__ + 1
def authenticate_#{mapping}!
warden.authenticate!(:scope => :#{mapping})
end
else
render action, :controller => controller_name
end
def #{mapping}_signed_in?
warden.authenticate?(:scope => :#{mapping})
end
def current_#{mapping}
@current_#{mapping} ||= warden.authenticate(:scope => :#{mapping})
end
def #{mapping}_session
current_#{mapping} && warden.session(:#{mapping})
end
METHODS
end
end

103
lib/devise/controllers/internal_helpers.rb Normal file
View File

@@ -0,0 +1,103 @@
module Devise
module Controllers
# Those helpers are used only inside Devise controllers and should not be
# included in ApplicationController since they all depend on the url being
# accessed.
module InternalHelpers #:nodoc:
extend ActiveSupport::Concern
include Devise::Controllers::ScopedViews
included do
helpers = [:resource, :scope_name, :resource_name,
:resource_class, :devise_mapping, :devise_controller?]
hide_action *helpers
helper_method *helpers
before_filter :is_devise_resource?
skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
end
# Gets the actual resource stored in the instance variable
def resource
instance_variable_get(:"@#{resource_name}")
end
# Proxy to devise map name
def resource_name
devise_mapping.name
end
alias :scope_name :resource_name
# Proxy to devise map class
def resource_class
devise_mapping.to
end
# Attempt to find the mapped route for devise based on request path
def devise_mapping
@devise_mapping ||= begin
mapping = Devise::Mapping.find_by_path(request.path)
mapping ||= Devise.mappings[Devise.default_scope] if Devise.use_default_scope
mapping
end
end
# Overwrites devise_controller? to return true
def devise_controller?
true
end
protected
# Checks whether it's a devise mapped resource or not.
def is_devise_resource? #:nodoc:
raise ActionController::UnknownAction unless devise_mapping && devise_mapping.allows?(controller_name)
end
# Sets the resource creating an instance variable
def resource=(new_resource)
instance_variable_set(:"@#{resource_name}", new_resource)
end
# Build a devise resource.
def build_resource
self.resource = resource_class.new(params[resource_name] || {})
end
# Helper for use in before_filters where no authentication is required.
#
# Example:
# before_filter :require_no_authentication, :only => :new
def require_no_authentication
redirect_to after_sign_in_path_for(resource_name) if warden.authenticated?(resource_name)
end
# Sets the flash message with :key, using I18n. By default you are able
# to setup your messages using specific resource scope, and if no one is
# found we look to default scope.
# Example (i18n locale file):
#
# en:
# devise:
# passwords:
# #default_scope_messages - only if resource_scope is not found
# user:
# #resource_scope_messages
#
# Please refer to README or en.yml locale file to check what messages are
# available.
def set_flash_message(key, kind, now=false)
flash_hash = now ? flash.now : flash
flash_hash[key] = I18n.t(:"#{resource_name}.#{kind}",
:scope => [:devise, controller_name.to_sym], :default => kind)
end
# Shortcut to set flash.now message. Same rules applied from set_flash_message
def set_now_flash_message(key, kind)
set_flash_message(key, kind, true)
end
end
end
end

35
lib/devise/controllers/scoped_views.rb Normal file
View File

@@ -0,0 +1,35 @@
module Devise
module Controllers
module ScopedViews
extend ActiveSupport::Concern
module ClassMethods
def scoped_views
defined?(@scoped_views) ? @scoped_views : Devise.scoped_views
end
def scoped_views=(value)
@scoped_views = value
end
end
protected
# Render a view for the specified scope. Turned off by default.
# Accepts just :controller as option.
def render_with_scope(action, options={})
controller_name = options.delete(:controller) || self.controller_name
if self.class.scoped_views
begin
render :template => "#{devise_mapping.as}/#{controller_name}/#{action}"
rescue ActionView::MissingTemplate
render :template => "#{controller_path}/#{action}"
end
else
render :template => "#{controller_path}/#{action}"
end
end
end
end
end

22
lib/devise/controllers/url_helpers.rb
View File

@@ -19,25 +19,17 @@ module Devise
# Those helpers are added to your ApplicationController.
module UrlHelpers
[:session, :password, :confirmation].each do |module_name|
Devise::ROUTES.each do |module_name|
[:path, :url].each do |path_or_url|
actions = [ nil, :new_ ]
actions << :edit_ if module_name == :password
actions << :destroy_ if module_name == :session
actions << :edit_ if [:password, :registration].include?(module_name)
actions << :destroy_ if [:session].include?(module_name)
actions.each do |action|
class_eval <<-URL_HELPERS
def #{action}#{module_name}_#{path_or_url}(resource, *args)
resource = case resource
when Symbol, String
resource
when Class
resource.name.underscore
else
resource.class.name.underscore
end
send("#{action}\#{resource}_#{module_name}_#{path_or_url}", *args)
class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
def #{action}#{module_name}_#{path_or_url}(resource_or_scope, *args)
scope = Devise::Mapping.find_scope!(resource_or_scope)
send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
end
URL_HELPERS
end

4
lib/devise/encryptors/bcrypt.rb
View File

@@ -2,10 +2,10 @@ require "bcrypt"
module Devise
module Encryptors
# = BCrypt
# = BCrypt
# Uses the BCrypt hash algorithm to encrypt passwords.
class Bcrypt < Base
# Gererates a default password digest based on stretches, salt, pepper and the
# incoming password. We don't strech it ourselves since BCrypt does so internally.
def self.digest(password, stretches, salt, pepper)

2
lib/devise/failure_app.rb
View File

@@ -59,7 +59,7 @@ module Devise
# yet, but we still need to store the uri based on scope, so different scopes
# would never use the same uri to redirect.
def store_location!(scope)
session[:"#{scope}.return_to"] ||= request.request_uri if request && request.get?
session[:"#{scope}.return_to"] = request.request_uri if request && request.get?
end
end
end

5
lib/devise/hooks/activatable.rb
View File

@@ -1,7 +1,4 @@
# Each time the user is set we verify if it is still able to really sign in.
# This is done by checking the time frame the user is able to sign in without
# confirming it's account. If the user has not confirmed it's account during
# this time frame, he/she will not able to sign in anymore.
# Deny user access whenever his account is not active yet.
Warden::Manager.after_set_user do |record, warden, options|
if record && record.respond_to?(:active?) && !record.active?
scope = options[:scope]

30
lib/devise/hooks/rememberable.rb Normal file
View File

@@ -0,0 +1,30 @@
# After authenticate hook to verify if the user in the given scope asked to be
# remembered while he does not sign out. Generates a new remember token for
# that specific user and adds a cookie with this user info to sign in this user
# automatically without asking for credentials. Refer to rememberable strategy
# for more info.
Warden::Manager.prepend_after_authentication do |record, warden, options|
scope = options[:scope]
remember_me = warden.params[scope].try(:fetch, :remember_me, nil)
if Devise::TRUE_VALUES.include?(remember_me) &&
warden.authenticated?(scope) && record.respond_to?(:remember_me!)
record.remember_me!
warden.response.set_cookie "remember_#{scope}_token", {
:value => record.class.serialize_into_cookie(record),
:expires => record.remember_expires_at,
:path => "/"
}
end
end
# Before logout hook to forget the user in the given scope, only if rememberable
# is activated for this scope. Also clear remember token to ensure the user
# won't be remembered again.
Warden::Manager.before_logout do |record, warden, scope|
if record.respond_to?(:forget_me!)
record.forget_me!
warden.response.delete_cookie "remember_#{scope}_token"
end
end

6
lib/devise/hooks/timeoutable.rb
View File

@@ -5,12 +5,14 @@
# verify timeout in the following request.
Warden::Manager.after_set_user do |record, warden, options|
scope = options[:scope]
if record && record.respond_to?(:timeout?) && warden.authenticated?(scope)
if record && record.respond_to?(:timedout?) && warden.authenticated?(scope)
last_request_at = warden.session(scope)['last_request_at']
if record.timeout?(last_request_at)
if record.timedout?(last_request_at)
warden.logout(scope)
throw :warden, :scope => scope, :message => :timeout
end
warden.session(scope)['last_request_at'] = Time.now.utc
end
end

2
lib/devise/hooks/trackable.rb
View File

@@ -13,6 +13,6 @@ Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
record.sign_in_count ||= 0
record.sign_in_count += 1
record.save(false)
record.save(:validate => false)
end
end

56
lib/devise/mapping.rb
View File

@@ -22,7 +22,7 @@ module Devise
# # is the modules included in the class
#
class Mapping #:nodoc:
attr_reader :name, :as, :path_names, :path_prefix, :route_options
attr_reader :name, :as, :path_names, :path_prefix
# Loop through all mappings looking for a map that matches with the requested
# path (ie /users/sign_in). If a path prefix is given, it's taken into account.
@@ -36,13 +36,17 @@ module Devise
# Find a mapping by a given class. It takes into account single table inheritance as well.
def self.find_by_class(klass)
Devise.mappings.values.find { |m| return m if klass <= m.to }
Devise.mappings.each_value do |mapping|
return mapping if klass <= mapping.to
end
nil
end
# Receives an object and find a scope for it. If a scope cannot be found,
# raises an error. If a symbol is given, it's considered to be the scope.
def self.find_scope!(duck)
if duck.is_a?(Symbol)
case duck
when String, Symbol
duck
else
klass = duck.is_a?(Class) ? duck : duck.class
@@ -61,12 +65,10 @@ module Devise
@as = (options.delete(:as) || name).to_sym
@klass = (options.delete(:class_name) || name.to_s.classify).to_s
@name = (options.delete(:scope) || name.to_s.singularize).to_sym
@path_names = options.delete(:path_names) || {}
@path_prefix = options.delete(:path_prefix).to_s
@path_prefix << "/" unless @path_prefix[-1] == ?/
@route_options = options || {}
setup_path_names
@path_prefix = "/#{options.delete(:path_prefix)}/".squeeze("/")
@path_names = Hash.new { |h,k| h[k] = k.to_s }
@path_names.merge!(options.delete(:path_names) || {})
end
# Return modules for the mapping.
@@ -92,19 +94,16 @@ module Devise
self.path_prefix.count("/")
end
# Returns the raw path using the current relative_url_root, path_prefix and as.
# Returns the raw path using path_prefix and as.
def raw_path
ActionController::Base.relative_url_root.to_s + path_prefix + as.to_s
path_prefix + as.to_s
end
# Returns the parsed path. If you need meta information in your path_prefix,
# you should overwrite this method to use it. The only information supported
# by default is I18n.locale.
#
# Returns the parsed path taking into account the relative url root and raw path.
def parsed_path
returning raw_path do |path|
returning (ActionController::Base.relative_url_root.to_s + raw_path) do |path|
self.class.default_url_options.each do |key, value|
path.gsub!(key.inspect, value.to_s)
path.gsub!(key.inspect, value.to_param)
end
end
end
@@ -116,22 +115,15 @@ module Devise
# self.for.include?(:confirmable)
# end
#
ALL.each do |m|
class_eval <<-METHOD, __FILE__, __LINE__
def #{m}?
self.for.include?(:#{m})
end
METHOD
end
private
# Configure default path names, allowing the user overwrite defaults by
# passing a hash in :path_names.
def setup_path_names
[:sign_in, :sign_out, :password, :confirmation].each do |path_name|
@path_names[path_name] ||= path_name.to_s
end
def self.register(*modules)
modules.each do |m|
class_eval <<-METHOD, __FILE__, __LINE__ + 1
def #{m}?
self.for.include?(:#{m})
end
METHOD
end
end
Devise::Mapping.register *ALL
end
end

79
lib/devise/models.rb
View File

@@ -1,14 +1,15 @@
module Devise
module Models
autoload :Activatable, 'devise/models/activatable'
autoload :Authenticatable, 'devise/models/authenticatable'
autoload :Confirmable, 'devise/models/confirmable'
autoload :Recoverable, 'devise/models/recoverable'
autoload :Authenticatable, 'devise/models/authenticatable'
autoload :Confirmable, 'devise/models/confirmable'
autoload :Lockable, 'devise/models/lockable'
autoload :Recoverable, 'devise/models/recoverable'
autoload :Rememberable, 'devise/models/rememberable'
autoload :SessionSerializer, 'devise/models/session_serializer'
autoload :Timeoutable, 'devise/models/timeoutable'
autoload :Trackable, 'devise/models/trackable'
autoload :Validatable, 'devise/models/validatable'
autoload :Registerable, 'devise/models/registerable'
autoload :Timeoutable, 'devise/models/timeoutable'
autoload :Trackable, 'devise/models/trackable'
autoload :Validatable, 'devise/models/validatable'
# Creates configuration values for Devise and for the given module.
#
@@ -28,7 +29,7 @@ module Devise
#
def self.config(mod, *accessors) #:nodoc:
accessors.each do |accessor|
mod.class_eval <<-METHOD, __FILE__, __LINE__
mod.class_eval <<-METHOD, __FILE__, __LINE__ + 1
def #{accessor}
if defined?(@#{accessor})
@#{accessor}
@@ -46,49 +47,22 @@ module Devise
end
end
# Shortcut method for including all devise modules inside your model.
# You can give some extra options while declaring devise in your model:
# Include the chosen devise modules in your model:
#
# * except: convenient option that allows you to add all devise modules,
# removing only the modules you setup here:
# devise :authenticatable, :confirmable, :recoverable
#
# devise :all, :except => :rememberable
#
# You can also give the following configuration values in a hash: :pepper,
# :stretches, :confirm_within and :remember_for. Please check your Devise
# initialiazer for a complete description on those values.
#
# Examples:
#
# # include only authenticatable module
# devise :authenticatable
#
# # include authenticatable + confirmable modules
# devise :authenticatable, :confirmable
#
# # include authenticatable + recoverable modules
# devise :authenticatable, :recoverable
#
# # include authenticatable + rememberable + validatable modules
# devise :authenticatable, :rememberable, :validatable
#
# # shortcut to include all available modules
# devise :all
#
# # include all except recoverable
# devise :all, :except => :recoverable
# You can also give any of the devise configuration values in form of a hash,
# with specific values for this model. Please check your Devise initializer
# for a complete description on those values.
#
def devise(*modules)
raise "You need to give at least one Devise module" if modules.empty?
options = modules.extract_options!
modules += Devise.all if modules.delete(:all)
modules -= Array(options.delete(:except))
modules = Devise::ALL & modules.uniq
Devise.orm_class.included_modules_hook(self, modules) do
modules.each do |m|
devise_modules << m.to_sym
@devise_modules = Devise::ALL & modules.map(&:to_sym).uniq
Devise.orm_class.included_modules_hook(self) do
devise_modules.each do |m|
include Devise::Models.const_get(m.to_s.classify)
end
@@ -115,24 +89,13 @@ module Devise
if value.present?
record.send(:"#{attribute}=", value)
else
error, skip_default = :blank, true
error = :blank
end
add_error_on(record, attribute, error, !skip_default)
record.errors.add(attribute, error)
end
record
end
# Wraps add error logic in a method that works for different frameworks.
def add_error_on(record, attribute, error, add_default=true)
options = add_default ? { :default => error.to_s.gsub("_", " ") } : {}
begin
record.errors.add(attribute, error, options)
rescue ArgumentError
record.errors.add(attribute, error.to_s.gsub("_", " "))
end
end
end
end
end

2
lib/devise/models/activatable.rb
View File

@@ -5,7 +5,7 @@ module Devise
# This module implements the default API required in activatable hook.
module Activatable
def active?
raise NotImplementedError
true
end
def inactive_message

63
lib/devise/models/authenticatable.rb
View File

@@ -1,5 +1,4 @@
require 'devise/strategies/authenticatable'
require 'devise/models/session_serializer'
module Devise
module Models
@@ -28,17 +27,15 @@ module Devise
# User.find(1).valid_password?('password123') # returns true/false
#
module Authenticatable
def self.included(base)
base.class_eval do
extend ClassMethods
extend SessionSerializer
extend ActiveSupport::Concern
attr_reader :password, :old_password
attr_accessor :password_confirmation
end
included do
attr_reader :password, :current_password
attr_accessor :password_confirmation
end
# Regenerates password salt and encrypted password each time password is set.
# Regenerates password salt and encrypted password each time password is set,
# and then trigger any "after_changed_password"-callbacks.
def password=(new_password)
@password = new_password
@@ -50,7 +47,13 @@ module Devise
# Verifies whether an incoming_password (ie from sign in) is the user password.
def valid_password?(incoming_password)
password_digest(incoming_password) == encrypted_password
password_digest(incoming_password) == self.encrypted_password
end
# Verifies whether an +incoming_authentication_token+ (i.e. from single access URL)
# is the user authentication token.
def valid_authentication_token?(incoming_auth_token)
incoming_auth_token == self.authentication_token
end
# Checks if a resource is valid upon authentication.
@@ -58,39 +61,49 @@ module Devise
valid_password?(attributes[:password])
end
# Update record attributes when :old_password matches, otherwise returns
# error on :old_password.
# Set password and password confirmation to nil
def clean_up_passwords
self.password = self.password_confirmation = nil
end
# Update record attributes when :current_password matches, otherwise returns
# error on :current_password. It also automatically rejects :password and
# :password_confirmation if they are blank.
def update_with_password(params={})
if valid_password?(params[:old_password])
current_password = params.delete(:current_password)
params.delete(:password) if params[:password].blank?
params.delete(:password_confirmation) if params[:password_confirmation].blank?
result = if valid_password?(current_password)
update_attributes(params)
else
self.class.add_error_on(self, :old_password, :invalid, false)
self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
self.attributes = params
false
end
clean_up_passwords unless result
result
end
protected
# Digests the password using the configured encryptor.
def password_digest(password)
self.class.encryptor_class.digest(password, self.class.stretches, password_salt, self.class.pepper)
self.class.encryptor_class.digest(password, self.class.stretches, self.password_salt, self.class.pepper)
end
module ClassMethods
Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
# Authenticate a user based on configured attribute keys. Returns the
# authenticated user if it's valid or nil. Attributes are by default
# :email and :password, but the latter is always required.
# authenticated user if it's valid or nil.
def authenticate(attributes={})
return unless authentication_keys.all? { |k| attributes[k].present? }
conditions = attributes.slice(*authentication_keys)
resource = find_for_authentication(conditions)
if respond_to?(:valid_for_authentication)
ActiveSupport::Deprecation.warn "valid_for_authentication class method is deprecated. " <<
"Use valid_for_authentication? in the instance instead."
valid_for_authentication(resource, attributes)
elsif resource.try(:valid_for_authentication?, attributes)
resource
end
resource if resource.try(:valid_for_authentication?, attributes)
end
# Returns the class for the configured encryptor.
@@ -113,8 +126,6 @@ module Devise
def find_for_authentication(conditions)
find(:first, :conditions => conditions)
end
Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
end
end
end

27
lib/devise/models/confirmable.rb
View File

@@ -29,15 +29,12 @@ module Devise
# User.find(1).send_confirmation_instructions # manually send instructions
# User.find(1).resend_confirmation! # generates a new token and resent it
module Confirmable
extend ActiveSupport::Concern
include Devise::Models::Activatable
def self.included(base)
base.class_eval do
extend ClassMethods
before_create :generate_confirmation_token, :if => :confirmation_required?
after_create :send_confirmation_instructions, :if => :confirmation_required?
end
included do
before_create :generate_confirmation_token, :if => :confirmation_required?
after_create :send_confirmation_instructions, :if => :confirmation_required?
end
# Confirm a user by setting it's confirmed_at to actual time. If the user
@@ -46,7 +43,7 @@ module Devise
unless_confirmed do
self.confirmation_token = nil
self.confirmed_at = Time.now
save(false)
save(:validate => false)
end
end
@@ -57,7 +54,7 @@ module Devise
# Send confirmation instructions by email
def send_confirmation_instructions
::DeviseMailer.deliver_confirmation_instructions(self)
::Devise::Mailer.confirmation_instructions(self).deliver
end
# Remove confirmation date and send confirmation instructions, to ensure
@@ -66,7 +63,7 @@ module Devise
def resend_confirmation!
unless_confirmed do
generate_confirmation_token
save(false)
save(:validate => false)
send_confirmation_instructions
end
end
@@ -76,12 +73,16 @@ module Devise
# is already confirmed, it should never be blocked. Otherwise we need to
# calculate if the confirm time has not expired for this user.
def active?
confirmed? || confirmation_period_valid?
super && (confirmed? || confirmation_period_valid?)
end
# The message to be shown if the account is inactive.
def inactive_message
:unconfirmed
if !confirmed?
:unconfirmed
else
super
end
end
# If you don't want confirmation to be sent on create, neither a code
@@ -127,7 +128,7 @@ module Devise
unless confirmed?
yield
else
self.class.add_error_on(self, :email, :already_confirmed)
self.errors.add(:email, :already_confirmed)
false
end
end

21
lib/devise/models/cookie_serializer.rb
View File

@@ -1,21 +0,0 @@
require 'devise/serializers/cookie'
module Devise
module Models
module CookieSerializer
# Create the cookie key using the record id and remember_token
def serialize_into_cookie(record)
"#{record.id}::#{record.remember_token}"
end
# Recreate the user based on the stored cookie
def serialize_from_cookie(cookie)
record_id, record_token = cookie.split('::')
record = find(:first, :conditions => { :id => record_id }) if record_id
record if record.try(:valid_remember_token?, record_token)
end
Devise::Models.config(self, :remember_for)
end
end
end

19
lib/devise/models/http_authenticatable.rb Normal file
View File

@@ -0,0 +1,19 @@
require 'devise/strategies/http_authenticatable'
module Devise
module Models
# Adds HttpAuthenticatable behavior to your model. It expects that your
# model class responds to authenticate and authentication_keys methods
# (which for example are defined in authenticatable).
module HttpAuthenticatable
extend ActiveSupport::Concern
module ClassMethods
# Authenticate an user using http.
def authenticate_with_http(username, password)
authenticate(authentication_keys.first => username, :password => password)
end
end
end
end
end

155
lib/devise/models/lockable.rb Normal file
View File

@@ -0,0 +1,155 @@
require 'devise/models/activatable'
module Devise
module Models
# Handles blocking a user access after a certain number of attempts.
# Lockable accepts two different strategies to unlock a user after it's
# blocked: email and time. The former will send an email to the user when
# the lock happens, containing a link to unlock it's account. The second
# will unlock the user automatically after some configured time (ie 2.hours).
# It's also possible to setup lockable to use both email and time strategies.
#
# Configuration:
#
# maximum_attempts: how many attempts should be accepted before blocking the user.
# unlock_strategy: unlock the user account by :time, :email or :both.
# unlock_in: the time you want to lock the user after to lock happens. Only
# available when unlock_strategy is :time or :both.
#
module Lockable
extend ActiveSupport::Concern
include Devise::Models::Activatable
# Lock an user setting it's locked_at to actual time.
def lock
self.locked_at = Time.now
if unlock_strategy_enabled?(:email)
generate_unlock_token
send_unlock_instructions
end
end
# Lock an user also saving the record.
def lock!
lock
save(:validate => false)
end
# Unlock an user by cleaning locket_at and failed_attempts.
def unlock!
if_locked do
self.locked_at = nil
self.failed_attempts = 0
self.unlock_token = nil
save(:validate => false)
end
end
# Verifies whether a user is locked or not.
def locked?
locked_at && !lock_expired?
end
# Send unlock instructions by email
def send_unlock_instructions
::Devise::Mailer.unlock_instructions(self).deliver
end
# Resend the unlock instructions if the user is locked.
def resend_unlock!
if_locked do
generate_unlock_token unless unlock_token.present?
save(:validate => false)
send_unlock_instructions
end
end
# Overwrites active? from Devise::Models::Activatable for locking purposes
# by verifying whether an user is active to sign in or not based on locked?
def active?
super && !locked?
end
# Overwrites invalid_message from Devise::Models::Authenticatable to define
# the correct reason for blocking the sign in.
def inactive_message
if locked?
:locked
else
super
end
end
# Overwrites valid_for_authentication? from Devise::Models::Authenticatable
# for verifying whether an user is allowed to sign in or not. If the user
# is locked, it should never be allowed.
def valid_for_authentication?(attributes)
if result = super
self.failed_attempts = 0
else
self.failed_attempts += 1
lock if failed_attempts > self.class.maximum_attempts
end
save(:validate => false) if changed?
result
end
protected
# Generates unlock token
def generate_unlock_token
self.unlock_token = Devise.friendly_token
end
# Tells if the lock is expired if :time unlock strategy is active
def lock_expired?
if unlock_strategy_enabled?(:time)
locked_at && locked_at < self.class.unlock_in.ago
else
false
end
end
# Checks whether the record is locked or not, yielding to the block
# if it's locked, otherwise adds an error to email.
def if_locked
if locked?
yield
else
self.errors.add(:email, :not_locked)
false
end
end
# Is the unlock enabled for the given unlock strategy?
def unlock_strategy_enabled?(strategy)
[:both, strategy].include?(self.class.unlock_strategy)
end
module ClassMethods
# Attempt to find a user by it's email. If a record is found, send new
# unlock instructions to it. If not user is found, returns a new user
# with an email not found error.
# Options must contain the user email
def send_unlock_instructions(attributes={})
lockable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
lockable.resend_unlock! unless lockable.new_record?
lockable
end
# Find a user by it's unlock token and try to unlock it.
# If no user is found, returns a new user with an error.
# If the user is not locked, creates an error for the user
# Options must have the unlock_token
def unlock!(attributes={})
lockable = find_or_initialize_with_error_by(:unlock_token, attributes[:unlock_token])
lockable.unlock! unless lockable.new_record?
lockable
end
Devise::Models.config(self, :maximum_attempts, :unlock_strategy, :unlock_in)
end
end
end
end

10
lib/devise/models/recoverable.rb
View File

@@ -14,11 +14,7 @@ module Devise
# # creates a new token and send it with instructions about how to reset the password
# User.find(1).send_reset_password_instructions
module Recoverable
def self.included(base)
base.class_eval do
extend ClassMethods
end
end
extend ActiveSupport::Concern
# Update password saving the record and clearing token. Returns true if
# the passwords are valid and the record was saved, false otherwise.
@@ -32,7 +28,7 @@ module Devise
# Resets reset password token and send reset password instructions by email
def send_reset_password_instructions
generate_reset_password_token!
::DeviseMailer.deliver_reset_password_instructions(self)
::Devise::Mailer.reset_password_instructions(self).deliver
end
protected
@@ -45,7 +41,7 @@ module Devise
# Resets the reset password token with and save the record without
# validating
def generate_reset_password_token!
generate_reset_password_token && save(false)
generate_reset_password_token && save(:validate => false)
end
# Removes reset_password token

8
lib/devise/models/registerable.rb Normal file
View File

@@ -0,0 +1,8 @@
module Devise
module Models
# Registerable is responsible for everything related to registering a new
# resource (ie user sign up).
module Registerable
end
end
end

34
lib/devise/models/rememberable.rb
View File

@@ -1,4 +1,5 @@
require 'devise/models/cookie_serializer'
require 'devise/strategies/rememberable'
require 'devise/hooks/rememberable'
module Devise
module Models
@@ -29,21 +30,18 @@ module Devise
# # lookup the user based on the incoming cookie information
# User.serialize_from_cookie(cookie_string)
module Rememberable
extend ActiveSupport::Concern
def self.included(base)
base.class_eval do
extend CookieSerializer
# Remember me option available in after_authentication hook.
attr_accessor :remember_me
end
included do
# Remember me option available in after_authentication hook.
attr_accessor :remember_me
end
# Generate a new remember token and save the record without validations.
def remember_me!
self.remember_token = Devise.friendly_token
self.remember_created_at = Time.now.utc
save(false)
save(:validate => false)
end
# Removes the remember token only if it exists, and save the record
@@ -52,7 +50,7 @@ module Devise
if remember_token
self.remember_token = nil
self.remember_created_at = nil
save(false)
save(:validate => false)
end
end
@@ -70,6 +68,22 @@ module Devise
def remember_expires_at
remember_created_at + self.class.remember_for
end
module ClassMethods
# Create the cookie key using the record id and remember_token
def serialize_into_cookie(record)
"#{record.id}::#{record.remember_token}"
end
# Recreate the user based on the stored cookie
def serialize_from_cookie(cookie)
record_id, record_token = cookie.split('::')
record = find(:first, :conditions => { :id => record_id }) if record_id
record if record.try(:valid_remember_token?, record_token)
end
Devise::Models.config(self, :remember_for)
end
end
end
end

19
lib/devise/models/session_serializer.rb
View File

@@ -1,19 +0,0 @@
require 'devise/serializers/session'
module Devise
module Models
module SessionSerializer
# Hook to serialize user into session. Overwrite if you want.
def serialize_into_session(record)
[record.class, record.id]
end
# Hook to serialize user from session. Overwrite if you want.
def serialize_from_session(keys)
klass, id = keys
raise "#{self} cannot serialize from #{klass} session since it's not one of its ancestors" unless klass <= self
klass.find(:first, :conditions => { :id => id })
end
end
end
end

9
lib/devise/models/timeoutable.rb
View File

@@ -2,7 +2,6 @@ require 'devise/hooks/timeoutable'
module Devise
module Models
# Timeoutable takes care of veryfing whether a user session has already
# expired or not. When a session expires after the configured time, the user
# will be asked for credentials again, it means, he/she will be redirected
@@ -10,14 +9,12 @@ module Devise
#
# Configuration:
#
# timeout: the time you want to timeout the user session without activity.
# timeout_in: the time you want to timeout the user session without activity.
module Timeoutable
def self.included(base)
base.extend ClassMethods
end
extend ActiveSupport::Concern
# Checks whether the user session has expired based on configured time.
def timeout?(last_access)
def timedout?(last_access)
last_access && last_access <= self.class.timeout_in.ago
end

88
lib/devise/models/token_authenticatable.rb Normal file
View File

@@ -0,0 +1,88 @@
require 'devise/strategies/token_authenticatable'
module Devise
module Models
# Token Authenticatable Module, responsible for generate authentication token and validating
# authenticity of a user while signing in using an authentication token (say follows an URL).
#
# == Configuration:
#
# You can overwrite configuration values by setting in globally in Devise (+Devise.setup+),
# using devise method, or overwriting the respective instance method.
#
# +token_authentication_key+ - Defines name of the authentication token params key. E.g. /users/sign_in?some_key=...
#
# == Examples:
#
# User.authenticate_with_token(:auth_token => '123456789') # returns authenticated user or nil
# User.find(1).valid_authentication_token?('rI1t6PKQ8yP7VetgwdybB') # returns true/false
#
module TokenAuthenticatable
extend ActiveSupport::Concern
included do
before_save :ensure_authentication_token
end
# Generate new authentication token (a.k.a. "single access token").
def reset_authentication_token
self.authentication_token = self.class.authentication_token
end
# Generate new authentication token and save the record.
def reset_authentication_token!
reset_authentication_token
self.save
end
# Generate authentication token unless already exists.
def ensure_authentication_token
self.reset_authentication_token if self.authentication_token.blank?
end
# Generate authentication token unless already exists and save the record.
def ensure_authentication_token!
self.reset_authentication_token! if self.authentication_token.blank?
end
# Verifies whether an +incoming_authentication_token+ (i.e. from single access URL)
# is the user authentication token.
def valid_authentication_token?(incoming_auth_token)
incoming_auth_token.present? && incoming_auth_token == self.authentication_token
end
module ClassMethods
::Devise::Models.config(self, :token_authentication_key)
# Authenticate a user based on authentication token.
def authenticate_with_token(attributes)
token = attributes[self.token_authentication_key]
resource = self.find_for_token_authentication(token)
resource if resource.try(:valid_authentication_token?, token)
end
def authentication_token
::Devise.friendly_token
end
protected
# Find first record based on conditions given (ie by the sign in form).
# Overwrite to add customized conditions, create a join, or maybe use a
# namedscope to filter records while authenticating.
#
# == Example:
#
# def self.find_for_token_authentication(token, conditions = {})
# conditions = {:active => true}
# self.find_by_authentication_token(token, :conditions => conditions)
# end
#
def find_for_token_authentication(token)
self.find(:first, :conditions => { :authentication_token => token})
end
end
end
end
end

7
lib/devise/orm/active_record.rb
View File

@@ -7,6 +7,8 @@ module Devise
# t.confirmable
# t.recoverable
# t.rememberable
# t.trackable
# t.lockable
# t.timestamps
# end
#
@@ -18,7 +20,7 @@ module Devise
#
module ActiveRecord
# Required ORM hook. Just yield the given block in ActiveRecord.
def self.included_modules_hook(klass, modules)
def self.included_modules_hook(klass)
yield
end
@@ -34,5 +36,6 @@ end
if defined?(ActiveRecord)
ActiveRecord::Base.extend Devise::Models
ActiveRecord::ConnectionAdapters::Table.send :include, Devise::Orm::ActiveRecord
ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord
end
end

8
lib/devise/orm/data_mapper.rb
View File

@@ -11,13 +11,13 @@ module Devise
end
end
def self.included_modules_hook(klass, modules)
klass.send :extend, self
def self.included_modules_hook(klass)
klass.send :extend, self
klass.send :include, InstanceMethods
yield
modules.each do |mod|
klass.devise_modules.each do |mod|
klass.send(mod) if klass.respond_to?(mod)
end
end
@@ -80,4 +80,4 @@ module Devise
end
end
DataMapper::Model.send(:include, Devise::Models)
DataMapper::Model.send(:include, Devise::Models)

20
lib/devise/orm/mongo_mapper.rb
View File

@@ -1,15 +1,27 @@
module Devise
module Orm
module MongoMapper
def self.included_modules_hook(klass, modules)
def self.included_modules_hook(klass)
klass.send :extend, self
yield
modules.each do |mod|
klass.devise_modules.each do |mod|
klass.send(mod) if klass.respond_to?(mod)
end
end
def find(*args)
options = args.extract_options!
case args.first
when :first
first(options)
when :all
all(options)
else
super
end
end
include Devise::Schema
# Tell how to apply schema methods. This automatically converts DateTime
@@ -24,4 +36,4 @@ module Devise
end
MongoMapper::Document::ClassMethods.send(:include, Devise::Models)
MongoMapper::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)
MongoMapper::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)

20
lib/devise/rails.rb
View File

@@ -1,14 +1,16 @@
require 'devise/rails/routes'
require 'devise/rails/warden_compat'
Rails.configuration.after_initialize do
require "devise/orm/#{Devise.orm}"
module Devise
class Engine < ::Rails::Engine
engine_name :devise
# Adds Warden Manager to Rails middleware stack, configuring default devise
# strategy and also the failure app.
Rails.configuration.middleware.use Warden::Manager do |config|
Devise.configure_warden(config)
config.middleware.use Warden::Manager do |config|
Devise.configure_warden(config)
end
config.after_initialize do
require "devise/orm/#{Devise.orm}"
end
end
I18n.load_path.unshift File.expand_path(File.join(File.dirname(__FILE__), 'locales', 'en.yml'))
end
end

219
lib/devise/rails/routes.rb
View File

@@ -1,118 +1,139 @@
module ActionController::Routing
module ActionDispatch::Routing
class RouteSet #:nodoc:
# Ensure Devise modules are included only after loading routes, because we
# need devise_for mappings already declared to create magic filters and
# helpers.
def load_routes_with_devise!
load_routes_without_devise!
def finalize_with_devise!
finalize_without_devise!
return if Devise.mappings.empty?
ActionController::Base.send :include, Devise::Controllers::Filters
ActionController::Base.send :include, Devise::Controllers::Helpers
ActionController::Base.send :include, Devise::Controllers::UrlHelpers
ActionView::Base.send :include, Devise::Controllers::UrlHelpers
end
alias_method_chain :load_routes!, :devise
alias_method_chain :finalize!, :devise
end
class Mapper #:doc:
# Includes devise_for method for routes. This method is responsible to
# generate all needed routes for devise, based on what modules you have
# defined in your model.
# Examples: Let's say you have an User model configured to use
# authenticatable, confirmable and recoverable modules. After creating this
# inside your routes:
#
# map.devise_for :users
#
# this method is going to look inside your User model and create the
# needed routes:
#
# # Session routes for Authenticatable (default)
# new_user_session GET /users/sign_in {:controller=>"sessions", :action=>"new"}
# user_session POST /users/sign_in {:controller=>"sessions", :action=>"create"}
# destroy_user_session GET /users/sign_out {:controller=>"sessions", :action=>"destroy"}
#
# # Password routes for Recoverable, if User model has :recoverable configured
# new_user_password GET /users/password/new(.:format) {:controller=>"passwords", :action=>"new"}
# edit_user_password GET /users/password/edit(.:format) {:controller=>"passwords", :action=>"edit"}
# user_password PUT /users/password(.:format) {:controller=>"passwords", :action=>"update"}
# POST /users/password(.:format) {:controller=>"passwords", :action=>"create"}
#
# # Confirmation routes for Confirmable, if User model has :confirmable configured
# new_user_confirmation GET /users/confirmation/new(.:format) {:controller=>"confirmations", :action=>"new"}
# user_confirmation GET /users/confirmation(.:format) {:controller=>"confirmations", :action=>"show"}
# POST /users/confirmation(.:format) {:controller=>"confirmations", :action=>"create"}
#
# You can configure your routes with some options:
#
# * :class_name => setup a different class to be looked up by devise, if it cannot be correctly find by the route name.
#
# map.devise_for :users, :class_name => 'Account'
#
# * :as => allows you to setup path name that will be used, as rails routes does. The following route configuration would setup your route as /accounts instead of /users:
#
# map.devise_for :users, :as => 'accounts'
#
# * :scope => setup the scope name. This is used as the instance variable name in controller, as the name in routes and the scope given to warden. Defaults to the singular of the given name:
#
# map.devise_for :users, :scope => :account
#
# * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :password and :confirmation.
#
# map.devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
#
# * :path_prefix => the path prefix to be used in all routes.
#
# map.devise_for :users, :path_prefix => "/:locale"
#
# Any other options will be passed to route definition. If you need conditions for your routes, just map:
#
# map.devise_for :users, :conditions => { :subdomain => /.+/ }
#
# If you are using a dynamic prefix, like :locale above, you need to configure default_url_options through Devise. You can do that in config/initializers/devise.rb or setting a Devise.default_url_options:
#
# Devise.default_url_options do
# { :locale => I18n.locale }
# end
#
def devise_for(*resources)
options = resources.extract_options!
class Mapper
# Includes devise_for method for routes. This method is responsible to
# generate all needed routes for devise, based on what modules you have
# defined in your model.
# Examples: Let's say you have an User model configured to use
# authenticatable, confirmable and recoverable modules. After creating this
# inside your routes:
#
# devise_for :users
#
# this method is going to look inside your User model and create the
# needed routes:
#
# # Session routes for Authenticatable (default)
# new_user_session GET /users/sign_in {:controller=>"sessions", :action=>"new"}
# user_session POST /users/sign_in {:controller=>"sessions", :action=>"create"}
# destroy_user_session GET /users/sign_out {:controller=>"sessions", :action=>"destroy"}
#
# # Password routes for Recoverable, if User model has :recoverable configured
# new_user_password GET /users/password/new(.:format) {:controller=>"passwords", :action=>"new"}
# edit_user_password GET /users/password/edit(.:format) {:controller=>"passwords", :action=>"edit"}
# user_password PUT /users/password(.:format) {:controller=>"passwords", :action=>"update"}
# POST /users/password(.:format) {:controller=>"passwords", :action=>"create"}
#
# # Confirmation routes for Confirmable, if User model has :confirmable configured
# new_user_confirmation GET /users/confirmation/new(.:format) {:controller=>"confirmations", :action=>"new"}
# user_confirmation GET /users/confirmation(.:format) {:controller=>"confirmations", :action=>"show"}
# POST /users/confirmation(.:format) {:controller=>"confirmations", :action=>"create"}
#
# You can configure your routes with some options:
#
# * :class_name => setup a different class to be looked up by devise,
# if it cannot be correctly find by the route name.
#
# devise_for :users, :class_name => 'Account'
#
# * :as => allows you to setup path name that will be used, as rails routes does.
# The following route configuration would setup your route as /accounts instead of /users:
#
# devise_for :users, :as => 'accounts'
#
# * :scope => setup the scope name. This is used as the instance variable name in controller,
# as the name in routes and the scope given to warden. Defaults to the singular of the given name:
#
# devise_for :users, :scope => :account
#
# * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
# :password, :confirmation, :unlock.
#
# devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
#
# * :path_prefix => the path prefix to be used in all routes.
#
# devise_for :users, :path_prefix => "/:locale"
#
# If you are using a dynamic prefix, like :locale above, you need to configure default_url_options through Devise.
# You can do that in config/initializers/devise.rb or setting a Devise.default_url_options:
#
# Devise.default_url_options do
# { :locale => I18n.locale }
# end
#
# * :controllers => the controller which should be used. All routes by default points to Devise controllers.
# However, if you want them to point to custom controller, you should do:
#
# devise_for :users, :controllers => { :sessions => "users/sessions" }
#
def devise_for(*resources)
options = resources.extract_options!
resources.map!(&:to_sym)
resources.map!(&:to_sym)
resources.each do |resource|
mapping = Devise::Mapping.new(resource, options.dup)
Devise.default_scope ||= mapping.name
Devise.mappings[mapping.name] = mapping
controllers = Hash.new { |h,k| h[k] = "devise/#{k}" }
controllers.merge!(options.delete(:controllers) || {})
route_options = mapping.route_options.merge(:path_prefix => mapping.raw_path, :name_prefix => "#{mapping.name}_")
resources.each do |resource|
mapping = Devise::Mapping.new(resource, options.dup)
with_options(route_options) do |routes|
mapping.for.each do |strategy|
send(strategy, routes, mapping) if self.respond_to?(strategy, true)
end
end
Devise.default_scope ||= mapping.name
Devise.mappings[mapping.name] = mapping
mapping.for.each do |mod|
send(mod, mapping, controllers) if self.respond_to?(mod, true)
end
end
end
protected
def authenticatable(mapping, controllers)
scope mapping.raw_path do
get mapping.path_names[:sign_in], :to => "#{controllers[:sessions]}#new", :as => :"new_#{mapping.name}_session"
post mapping.path_names[:sign_in], :to => "#{controllers[:sessions]}#create", :as => :"#{mapping.name}_session"
get mapping.path_names[:sign_out], :to => "#{controllers[:sessions]}#destroy", :as => :"destroy_#{mapping.name}_session"
end
end
def recoverable(mapping, controllers)
scope mapping.raw_path, :name_prefix => mapping.name do
resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password], :controller => controllers[:passwords]
end
end
def confirmable(mapping, controllers)
scope mapping.raw_path, :name_prefix => mapping.name do
resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation], :controller => controllers[:confirmations]
end
end
def lockable(mapping, controllers)
scope mapping.raw_path, :name_prefix => mapping.name do
resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock], :controller => controllers[:unlocks]
end
end
protected
def authenticatable(routes, mapping)
routes.with_options(:controller => 'sessions', :name_prefix => nil) do |session|
session.send(:"new_#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'new', :conditions => { :method => :get })
session.send(:"#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'create', :conditions => { :method => :post })
session.send(:"destroy_#{mapping.name}_session", mapping.path_names[:sign_out], :action => 'destroy', :conditions => { :method => :get })
end
def registerable(mapping, controllers)
scope :name_prefix => mapping.name do
resource :registration, :only => [:new, :create, :edit, :update, :destroy], :as => mapping.raw_path[1..-1],
:path_names => { :new => mapping.path_names[:sign_up] }, :controller => controllers[:registrations]
end
def recoverable(routes, mapping)
routes.resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password]
end
def confirmable(routes, mapping)
routes.resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation]
end
end
end
end
end
end

26
lib/devise/rails/warden_compat.rb
View File

@@ -1,12 +1,6 @@
# Taken from RailsWarden, thanks to Hassox. http://github.com/hassox/rails_warden
module Warden::Mixins::Common
def request
return @request if @request
if env['action_controller.rescue.request']
@request = env['action_controller.rescue.request']
else
Rack::Request.new(env)
end
@request ||= ActionDispatch::Request.new(env)
end
def reset_session!
@@ -15,11 +9,17 @@ module Warden::Mixins::Common
end
def response
return @response if @response
if env['action_controller.rescue.response']
@response = env['action_controller.rescue.response']
else
Rack::Response.new(env)
end
@response ||= env['action_controller.instance'].response
end
end
class Warden::SessionSerializer
def serialize(record)
[record.class, record.id]
end
def deserialize(keys)
klass, id = keys
klass.find(:first, :conditions => { :id => id })
end
end

16
lib/devise/schema.rb
View File

@@ -12,9 +12,14 @@ module Devise
null = options[:null] || false
encryptor = options[:encryptor] || (respond_to?(:encryptor) ? self.encryptor : :sha1)
apply_schema :email, String, :null => null, :limit => 100
apply_schema :email, String, :null => null
apply_schema :encrypted_password, String, :null => null, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
apply_schema :password_salt, String, :null => null, :limit => 20
apply_schema :password_salt, String, :null => null
end
# Creates authentication_token.
def token_authenticatable
apply_schema :authentication_token, String, :limit => 20
end
# Creates confirmation_token, confirmed_at and confirmation_sent_at.
@@ -45,6 +50,13 @@ module Devise
apply_schema :last_sign_in_ip, String
end
# Creates failed_attempts, unlock_token and locked_at
def lockable
apply_schema :failed_attempts, Integer, :default => 0
apply_schema :unlock_token, String, :limit => 20
apply_schema :locked_at, DateTime
end
# Overwrite with specific modification to create your own schema.
def apply_schema(name, type, options={})
raise NotImplementedError

23
lib/devise/serializers/base.rb
View File

@@ -1,23 +0,0 @@
require 'devise/strategies/base'
module Devise
module Serializers
module Base
include Devise::Strategies::Base
attr_reader :scope
def serialize(record)
record.class.send(:"serialize_into_#{klass_type}", record)
end
def deserialize(keys)
mapping.to.send(:"serialize_from_#{klass_type}", keys)
end
def fetch(scope)
@scope = scope
super
end
end
end
end

43
lib/devise/serializers/cookie.rb
View File

@@ -1,43 +0,0 @@
require 'devise/serializers/base'
module Devise
module Serializers
# This is a cookie serializer which stores the information if a :remember_me
# is sent in the params and if the model responds to remember_me! as well.
# As in Session serializer, the invoked methods are:
#
# User.serialize_into_cookie(@user)
# User.serialize_from_cookie(*args)
#
# An implementation for such methods can be found at Devise::Models::Rememberable.
#
# Differently from session, this approach is based in a token which is stored in
# the database. So if you want to sign out all clients at once, you just need to
# clean up the token column.
#
class Cookie < Warden::Serializers::Cookie
include Devise::Serializers::Base
def store(record, scope)
remember_me = params[scope].try(:fetch, :remember_me, nil)
if Devise::TRUE_VALUES.include?(remember_me) && record.respond_to?(:remember_me!)
record.remember_me!
super
end
end
def default_options(record)
super.merge!(:expires => record.remember_expires_at)
end
def delete(scope, record=nil)
if record && record.respond_to?(:forget_me!)
record.forget_me!
super
end
end
end
end
end
Warden::Serializers.add(:cookie, Devise::Serializers::Cookie)

22
lib/devise/serializers/session.rb
View File

@@ -1,22 +0,0 @@
require 'devise/serializers/base'
module Devise
module Serializers
# This serializer stores sign in information in th client session. It just
# extends Warden own serializer to move all the serialization logic to a
# class. For example, if a @user resource is given, it will call the following
# two methods to serialize and deserialize a record:
#
# User.serialize_into_session(@user)
# User.serialize_from_session(*args)
#
# This can be used any strategy and the default implementation is available
# at Devise::Models::SessionSerializer.
#
class Session < Warden::Serializers::Session
include Devise::Serializers::Base
end
end
end
Warden::Serializers.add(:session, Devise::Serializers::Session)

16
lib/devise/strategies/authenticatable.rb
View File

@@ -4,11 +4,9 @@ module Devise
module Strategies
# Default strategy for signing in a user, based on his email and password.
# Redirects to sign_in page if it's not authenticated
class Authenticatable < Warden::Strategies::Base
include Devise::Strategies::Base
class Authenticatable < Base
def valid?
super && params[scope] && params[scope][:password].present?
valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate)
end
# Authenticate a user based on email and password params, returning to warden
@@ -21,6 +19,16 @@ module Devise
fail!(:invalid)
end
end
protected
def valid_controller?
params[:controller] =~ /sessions$/
end
def valid_params?
params[scope] && params[scope][:password].present?
end
end
end
end

20
lib/devise/strategies/base.rb
View File

@@ -1,23 +1,15 @@
module Devise
module Strategies
# Base strategy for Devise. Responsible for verifying correct scope and mapping.
module Base
# Validate strategy. By default will raise an error if no scope or an
# invalid mapping is found.
def valid?
raise "Could not find mapping for #{scope}" unless mapping
mapping.for.include?(klass_type)
end
class Base < ::Warden::Strategies::Base
# Checks if a valid scope was given for devise and find mapping based on
# this scope.
def mapping
Devise.mappings[scope]
end
# Store this class type.
def klass_type
@klass_type ||= self.class.name.split("::").last.underscore.to_sym
@mapping ||= begin
mapping = Devise.mappings[scope]
raise "Could not find mapping for #{scope}" unless mapping
mapping
end
end
end
end

41
lib/devise/strategies/http_authenticatable.rb Normal file
View File

@@ -0,0 +1,41 @@
require 'devise/strategies/base'
module Devise
module Strategies
# Sign in an user using HTTP authentication.
class HttpAuthenticatable < Base
def valid?
request.authorization && mapping.to.respond_to?(:authenticate_with_http)
end
def authenticate!
username, password = username_and_password
if resource = mapping.to.authenticate_with_http(username, password)
success!(resource)
else
custom!([401, custom_headers, ["HTTP Basic: Access denied.\n"]])
end
end
private
def username_and_password
decode_credentials(request).split(/:/, 2)
end
def decode_credentials(request)
ActiveSupport::Base64.decode64(request.authorization.split(' ', 2).last || '')
end
def custom_headers
{
"Content-Type" => "text/plain",
"WWW-Authenticate" => %(Basic realm="#{Devise.http_authentication_realm.gsub(/"/, "")}")
}
end
end
end
end
Warden::Strategies.add(:http_authenticatable, Devise::Strategies::HttpAuthenticatable)

37
lib/devise/strategies/rememberable.rb Normal file
View File

@@ -0,0 +1,37 @@
require 'devise/strategies/base'
module Devise
module Strategies
# Remember the user through the remember token. This strategy is responsible
# to verify whether there is a cookie with the remember token, and to
# recreate the user from this cookie if it exists. Must be called *before*
# authenticatable.
class Rememberable < Devise::Strategies::Base
# A valid strategy for rememberable needs a remember token in the cookies.
def valid?
remember_me_cookie.present? && mapping.to.respond_to?(:serialize_from_cookie)
end
# To authenticate a user we deserialize the cookie and attempt finding
# the record in the database. If the attempt fails, we pass to another
# strategy handle the authentication.
def authenticate!
if resource = mapping.to.serialize_from_cookie(remember_me_cookie)
success!(resource)
else
pass
end
end
private
# Accessor for remember cookie
def remember_me_cookie
@remember_me_cookie ||= request.cookies["remember_#{mapping.name}_token"]
end
end
end
end
Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)

37
lib/devise/strategies/token_authenticatable.rb Normal file
View File

@@ -0,0 +1,37 @@
require 'devise/strategies/base'
module Devise
module Strategies
# Strategy for signing in a user, based on a authenticatable token.
# Redirects to sign_in page if it's not authenticated.
class TokenAuthenticatable < Base
def valid?
mapping.to.respond_to?(:authenticate_with_token) && authentication_token(scope).present?
end
# Authenticate a user based on authenticatable token params, returning to warden
# success and the authenticated user if everything is okay. Otherwise redirect
# to sign in page.
def authenticate!
if resource = mapping.to.authenticate_with_token(params[scope] || params)
success!(resource)
else
fail!(:invalid_token)
end
end
private
# Detect authentication token in params: scoped or not.
def authentication_token(scope)
if params[scope]
params[scope][mapping.to.token_authentication_key]
else
params[mapping.to.token_authentication_key]
end
end
end
end
end
Warden::Strategies.add(:token_authenticatable, Devise::Strategies::TokenAuthenticatable)

7
lib/devise/test_helpers.rb
View File

@@ -45,10 +45,7 @@ module Devise
# We need to setup the environment variables and the response in the controller.
def setup_controller_for_warden #:nodoc:
@request.env['action_controller.rescue.request'] = @request
@request.env['action_controller.rescue.response'] = @response
@request.env['rack.session'] = session
@controller.response = @response
@request.env['action_controller.instance'] = @controller
end
# Quick access to Warden::Proxy.
@@ -66,7 +63,7 @@ module Devise
def sign_in(resource_or_scope, resource=nil)
scope ||= Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
session["warden.user.#{scope}.key"] = resource.class.serialize_into_session(resource)
warden.session_serializer.store(resource, scope)
end
# Sign out a given resource or scope by calling logout on Warden.

2
lib/devise/version.rb
View File

@@ -1,3 +1,3 @@
module Devise
VERSION = "0.8.2".freeze
VERSION = "1.1.pre".freeze
end

57
lib/generators/devise/devise_generator.rb Normal file
View File

@@ -0,0 +1,57 @@
require 'rails/generators/migration'
class DeviseGenerator < Rails::Generators::NamedBase
include Rails::Generators::Migration
desc "Generates a model with the given NAME (if one does not exist) with devise " <<
"configuration plus a migration file and devise routes."
def self.source_root
@_devise_source_root ||= File.expand_path("../templates", __FILE__)
end
def self.orm_has_migration?
Rails::Generators.options[:rails][:orm] == :active_record
end
def self.next_migration_number(path)
Time.now.utc.strftime("%Y%m%d%H%M%S")
end
class_option :migration, :type => :boolean, :default => orm_has_migration?
def invoke_orm_model
if File.exists?(File.join(destination_root, model_path))
say "* Model already exists. Adding Devise behavior."
else
invoke "model", [name], :migration => false
end
end
def inject_devise_config_into_model
inject_into_class model_path, class_name, <<-CONTENT
# Include default devise modules. Others available are:
# :http_authenticatable, :token_authenticatable, :lockable, :timeoutable and :activatable
devise :registerable, :authenticatable, :confirmable, :recoverable,
:rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation
CONTENT
end
def copy_migration_template
return unless options.migration?
migration_template "migration.rb", "db/migrate/devise_create_#{table_name}"
end
def add_devise_routes
route "devise_for :#{table_name}"
end
protected
def model_path
@model_path ||= File.join("app", "models", "#{file_path}.rb")
end
end

2
generators/devise/templates/migration.rb → lib/generators/devise/templates/migration.rb
View File

@@ -6,6 +6,7 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
t.recoverable
t.rememberable
t.trackable
# t.lockable
t.timestamps
end
@@ -13,6 +14,7 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
add_index :<%= table_name %>, :email, :unique => true
add_index :<%= table_name %>, :confirmation_token, :unique => true
add_index :<%= table_name %>, :reset_password_token, :unique => true
# add_index :<%= table_name %>, :unlock_token, :unique => true
end
def self.down

25
lib/generators/devise_install/devise_install_generator.rb Normal file
View File

@@ -0,0 +1,25 @@
class DeviseInstallGenerator < Rails::Generators::Base
desc "Creates a Devise initializer and copy locale files to your application."
def self.source_root
@_devise_source_root ||= File.expand_path("../templates", __FILE__)
end
def copy_initializer
template "devise.rb", "config/initializers/devise.rb"
end
def copy_locale
copy_file "../../../../config/locales/en.yml", "config/locales/devise.en.yml"
end
def show_readme
readme "README"
end
protected
def readme(path)
say File.read(File.expand_path(path, self.class.source_root))
end
end

0
generators/devise_install/templates/README → lib/generators/devise_install/templates/README
View File

38
generators/devise_install/templates/devise.rb → lib/generators/devise_install/templates/devise.rb
View File

@@ -1,18 +1,10 @@
# Use this hook to configure devise mailer, warden hooks and so forth. The first
# four configuration values can also be set straight in your models.
Devise.setup do |config|
# Configure Devise modules used by default. You should always set this value
# because if Devise adds a new strategy, it won't be added to your application
# by default, unless you configure it here.
#
# Remember that Devise includes other modules on its own (like :activatable
# and :timeoutable) which are not included here and also plugins. So be sure
# to check the docs for a complete set.
config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable]
# Configure the e-mail address which will be shown in DeviseMailer.
config.mailer_sender = "please-change-me@config-initializers-devise.com"
# ==> Configuration for :authenticatable
# Invoke `rake secret` and use the printed value to setup a pepper to generate
# the encrypted password. By default no pepper is used.
# config.pepper = "rake secret output"
@@ -34,18 +26,43 @@ Devise.setup do |config|
# session. If you need permissions, you should implement that in a before filter.
# config.authentication_keys = [ :email ]
# The realm used in Http Basic Authentication
# config.http_authentication_realm = "Application"
# ==> Configuration for :confirmable
# The time you want give to your user to confirm his account. During this time
# he will be able to access your application without confirming. Default is nil.
# config.confirm_within = 2.days
# ==> Configuration for :rememberable
# The time the user will be remembered without asking for credentials again.
# config.remember_for = 2.weeks
# ==> Configuration for :timeoutable
# The time you want to timeout the user session without activity. After this
# time the user will be asked for credentials again.
# config.timeout_in = 10.minutes
# Load and configure the ORM. Supports :active_record, :data_mapper and :mongo_mapper.
# ==> Configuration for :lockable
# Number of authentication tries before locking an account.
# config.maximum_attempts = 20
# Defines which strategy will be used to unlock an account.
# :email = Sends an unlock link to the user email
# :time = Reanables login after a certain ammount of time (see :unlock_in below)
# :both = enables both strategies
# config.unlock_strategy = :both
# Time interval to unlock the account if :time is enabled as unlock_strategy.
# config.unlock_in = 1.hour
# ==> Configuration for :token_authenticatable
# Defines name of the authentication token params key
# config.token_authentication_key = :auth_token
# ==> General configuration
# Load and configure the ORM. Supports :active_record (default), :mongo_mapper
# (requires mongo_ext installed) and :data_mapper (experimental).
# require 'devise/orm/mongo_mapper'
# config.orm = :mongo_mapper
@@ -79,7 +96,6 @@ Devise.setup do |config|
# Configure default_url_options if you are using dynamic segments in :path_prefix
# for devise_for.
#
# config.default_url_options do
# { :locale => I18n.locale }
# end

11
lib/generators/devise_views/devise_views_generator.rb Normal file
View File

@@ -0,0 +1,11 @@
class DeviseViewsGenerator < Rails::Generators::Base
desc "Copies all Devise views to your application."
def self.source_root
@_devise_source_root ||= File.expand_path("../../../../app/views", __FILE__)
end
def copy_views
directory "devise"
end
end

177
test/controllers/filters_test.rb
View File

@@ -1,177 +0,0 @@
require 'test/test_helper'
require 'ostruct'
class MockController < ApplicationController
attr_accessor :env
def request
self
end
def path
''
end
end
class ControllerAuthenticableTest < ActionController::TestCase
tests MockController
def setup
@controller = MockController.new
@mock_warden = OpenStruct.new
@controller.env = { 'warden' => @mock_warden }
@controller.session = {}
end
test 'setup warden' do
assert_not_nil @controller.warden
end
test 'provide access to warden instance' do
assert_equal @controller.warden, @controller.env['warden']
end
test 'run authenticate? with scope on warden' do
@mock_warden.expects(:authenticated?).with(:my_scope)
@controller.signed_in?(:my_scope)
end
test 'proxy signed_in? to authenticated' do
@mock_warden.expects(:authenticated?).with(:my_scope)
@controller.signed_in?(:my_scope)
end
test 'run user with scope on warden' do
@mock_warden.expects(:user).with(:admin).returns(true)
@controller.current_admin
@mock_warden.expects(:user).with(:user).returns(true)
@controller.current_user
end
test 'proxy user_authenticate! to authenticate with user scope' do
@mock_warden.expects(:authenticate!).with(:scope => :user)
@controller.authenticate_user!
end
test 'proxy admin_authenticate! to authenticate with admin scope' do
@mock_warden.expects(:authenticate!).with(:scope => :admin)
@controller.authenticate_admin!
end
test 'proxy user_authenticated? to authenticate with user scope' do
@mock_warden.expects(:authenticated?).with(:user)
@controller.user_signed_in?
end
test 'proxy admin_authenticated? to authenticate with admin scope' do
@mock_warden.expects(:authenticated?).with(:admin)
@controller.admin_signed_in?
end
test 'proxy user_session to session scope in warden' do
@mock_warden.expects(:session).with(:user).returns({})
@controller.user_session
end
test 'proxy admin_session to session scope in warden' do
@mock_warden.expects(:session).with(:admin).returns({})
@controller.admin_session
end
test 'sign in proxy to set_user on warden' do
user = User.new
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.sign_in(:user, user)
end
test 'sign in accepts a resource as argument' do
user = User.new
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.sign_in(user)
end
test 'sign out proxy to logout on warden' do
@mock_warden.expects(:user).with(:user).returns(true)
@mock_warden.expects(:logout).with(:user).returns(true)
@controller.sign_out(:user)
end
test 'sign out accepts a resource as argument' do
@mock_warden.expects(:user).with(:user).returns(true)
@mock_warden.expects(:logout).with(:user).returns(true)
@controller.sign_out(User.new)
end
test 'stored location for returns the location for a given scope' do
assert_nil @controller.stored_location_for(:user)
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
end
test 'stored location for accepts a resource as argument' do
assert_nil @controller.stored_location_for(:user)
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(User.new)
end
test 'stored location cleans information after reading' do
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
assert_nil @controller.session[:"user.return_to"]
end
test 'after sign in path defaults to root path if none by was specified for the given scope' do
assert_equal root_path, @controller.after_sign_in_path_for(:user)
end
test 'after sign in path defaults to the scoped root path' do
assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
end
test 'after sign out path defaults to the root path' do
assert_equal root_path, @controller.after_sign_out_path_for(:admin)
assert_equal root_path, @controller.after_sign_out_path_for(:user)
end
test 'sign in and redirect uses the stored location' do
user = User.new
@controller.session[:"user.return_to"] = "/foo.bar"
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.expects(:redirect_to).with("/foo.bar")
@controller.sign_in_and_redirect(user)
end
test 'sign in and redirect uses the configured after sign in path' do
admin = Admin.new
@mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true)
@controller.expects(:redirect_to).with(admin_root_path)
@controller.sign_in_and_redirect(admin)
end
test 'only redirect if just a symbol is given' do
@controller.expects(:redirect_to).with(admin_root_path)
@controller.sign_in_and_redirect(:admin)
end
test 'sign out and redirect uses the configured after sign out path' do
@mock_warden.expects(:user).with(:admin).returns(true)
@mock_warden.expects(:logout).with(:admin).returns(true)
@controller.expects(:redirect_to).with(admin_root_path)
@controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
@controller.sign_out_and_redirect(:admin)
end
test 'is not a devise controller' do
assert_not @controller.devise_controller?
end
test 'default url options are retrieved from devise' do
begin
Devise.default_url_options {{ :locale => I18n.locale }}
assert_equal({ :locale => :en }, @controller.send(:default_url_options))
ensure
Devise.default_url_options {{ }}
end
end
end

215
test/controllers/helpers_test.rb
View File

@@ -1,55 +1,190 @@
require 'test/test_helper'
require 'ostruct'
class MyController < ApplicationController
include Devise::Controllers::Helpers
end
class MockController < ApplicationController
attr_accessor :env
class HelpersTest < ActionController::TestCase
tests MyController
test 'get resource name from request path' do
@request.path = '/users/session'
assert_equal :user, @controller.resource_name
def request
self
end
test 'get resource name from specific request path' do
@request.path = '/admin_area/session'
assert_equal :admin, @controller.resource_name
def path
''
end
test 'get resource class from request path' do
@request.path = '/users/session'
assert_equal User, @controller.resource_class
def index
end
test 'get resource instance variable from request path' do
@request.path = '/admin_area/session'
@controller.instance_variable_set(:@admin, admin = Admin.new)
assert_equal admin, @controller.resource
def host_with_port
"test.host:3000"
end
test 'set resource instance variable from request path' do
@request.path = '/admin_area/session'
admin = @controller.send(:resource_class).new
@controller.send(:resource=, admin)
assert_equal admin, @controller.send(:resource)
assert_equal admin, @controller.instance_variable_get(:@admin)
def protocol
"http"
end
test 'resources methods are not controller actions' do
assert @controller.class.action_methods.empty?
end
test 'require no authentication tests current mapping' do
@controller.expects(:resource_name).returns(:user).twice
@mock_warden.expects(:authenticated?).with(:user).returns(true)
@controller.expects(:redirect_to).with(root_path)
@controller.send :require_no_authentication
end
test 'is a devise controller' do
assert @controller.devise_controller?
def symbolized_path_parameters
{}
end
end
class ControllerAuthenticableTest < ActionController::TestCase
tests MockController
def setup
@mock_warden = OpenStruct.new
@controller.env = { 'warden' => @mock_warden }
end
test 'setup warden' do
assert_not_nil @controller.warden
end
test 'provide access to warden instance' do
assert_equal @controller.warden, @controller.env['warden']
end
test 'proxy signed_in? to authenticated' do
@mock_warden.expects(:authenticate?).with(:scope => :my_scope)
@controller.signed_in?(:my_scope)
end
test 'proxy current_admin to authenticate with admin scope' do
@mock_warden.expects(:authenticate).with(:scope => :admin)
@controller.current_admin
end
test 'proxy current_user to authenticate with user scope' do
@mock_warden.expects(:authenticate).with(:scope => :user)
@controller.current_user
end
test 'proxy user_authenticate! to authenticate with user scope' do
@mock_warden.expects(:authenticate!).with(:scope => :user)
@controller.authenticate_user!
end
test 'proxy admin_authenticate! to authenticate with admin scope' do
@mock_warden.expects(:authenticate!).with(:scope => :admin)
@controller.authenticate_admin!
end
test 'proxy user_signed_in? to authenticate? with user scope' do
@mock_warden.expects(:authenticate?).with(:scope => :user)
@controller.user_signed_in?
end
test 'proxy admin_signed_in? to authenticate? with admin scope' do
@mock_warden.expects(:authenticate?).with(:scope => :admin)
@controller.admin_signed_in?
end
test 'proxy user_session to session scope in warden' do
@mock_warden.expects(:authenticate).with(:scope => :user).returns(true)
@mock_warden.expects(:session).with(:user).returns({})
@controller.user_session
end
test 'proxy admin_session to session scope in warden' do
@mock_warden.expects(:authenticate).with(:scope => :admin).returns(true)
@mock_warden.expects(:session).with(:admin).returns({})
@controller.admin_session
end
test 'sign in proxy to set_user on warden' do
user = User.new
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.sign_in(:user, user)
end
test 'sign in accepts a resource as argument' do
user = User.new
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.sign_in(user)
end
test 'sign out proxy to logout on warden' do
@mock_warden.expects(:user).with(:user).returns(true)
@mock_warden.expects(:logout).with(:user).returns(true)
@controller.sign_out(:user)
end
test 'sign out accepts a resource as argument' do
@mock_warden.expects(:user).with(:user).returns(true)
@mock_warden.expects(:logout).with(:user).returns(true)
@controller.sign_out(User.new)
end
test 'stored location for returns the location for a given scope' do
assert_nil @controller.stored_location_for(:user)
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
end
test 'stored location for accepts a resource as argument' do
assert_nil @controller.stored_location_for(:user)
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(User.new)
end
test 'stored location cleans information after reading' do
@controller.session[:"user.return_to"] = "/foo.bar"
assert_equal "/foo.bar", @controller.stored_location_for(:user)
assert_nil @controller.session[:"user.return_to"]
end
test 'after sign in path defaults to root path if none by was specified for the given scope' do
assert_equal root_path, @controller.after_sign_in_path_for(:user)
end
test 'after sign in path defaults to the scoped root path' do
assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
end
test 'after sign out path defaults to the root path' do
assert_equal root_path, @controller.after_sign_out_path_for(:admin)
assert_equal root_path, @controller.after_sign_out_path_for(:user)
end
test 'sign in and redirect uses the stored location' do
user = User.new
@controller.session[:"user.return_to"] = "/foo.bar"
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@controller.expects(:redirect_to).with("/foo.bar")
@controller.sign_in_and_redirect(user)
end
test 'sign in and redirect uses the configured after sign in path' do
admin = Admin.new
@mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true)
@controller.expects(:redirect_to).with(admin_root_path)
@controller.sign_in_and_redirect(admin)
end
test 'only redirect if skip is given' do
admin = Admin.new
@controller.expects(:redirect_to).with(admin_root_path)
@controller.sign_in_and_redirect(:admin, admin, true)
end
test 'sign out and redirect uses the configured after sign out path' do
@mock_warden.expects(:user).with(:admin).returns(true)
@mock_warden.expects(:logout).with(:admin).returns(true)
@controller.expects(:redirect_to).with(admin_root_path)
@controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
@controller.sign_out_and_redirect(:admin)
end
test 'is not a devise controller' do
assert_not @controller.devise_controller?
end
test 'default url options are retrieved from devise' do
begin
Devise.default_url_options {{ :locale => I18n.locale }}
assert_equal({ :locale => :en }, @controller.send(:default_url_options))
ensure
Devise.default_url_options {{ }}
end
end
end

55
test/controllers/internal_helpers_test.rb Normal file
View File

@@ -0,0 +1,55 @@
require 'test/test_helper'
class MyController < ApplicationController
include Devise::Controllers::InternalHelpers
end
class HelpersTest < ActionController::TestCase
tests MyController
test 'get resource name from request path' do
@request.path = '/users/session'
assert_equal :user, @controller.resource_name
end
test 'get resource name from specific request path' do
@request.path = '/admin_area/session'
assert_equal :admin, @controller.resource_name
end
test 'get resource class from request path' do
@request.path = '/users/session'
assert_equal User, @controller.resource_class
end
test 'get resource instance variable from request path' do
@request.path = '/admin_area/session'
@controller.instance_variable_set(:@admin, admin = Admin.new)
assert_equal admin, @controller.resource
end
test 'set resource instance variable from request path' do
@request.path = '/admin_area/session'
admin = @controller.send(:resource_class).new
@controller.send(:resource=, admin)
assert_equal admin, @controller.send(:resource)
assert_equal admin, @controller.instance_variable_get(:@admin)
end
test 'resources methods are not controller actions' do
assert @controller.class.action_methods.empty?
end
test 'require no authentication tests current mapping' do
@controller.expects(:resource_name).returns(:user).twice
@mock_warden.expects(:authenticated?).with(:user).returns(true)
@controller.expects(:redirect_to).with(root_path)
@controller.send :require_no_authentication
end
test 'is a devise controller' do
assert @controller.devise_controller?
end
end

27
test/devise_test.rb
View File

@@ -2,7 +2,7 @@ require 'test/test_helper'
module Devise
def self.clean_warden_config!
@warden_config = nil
@warden_config = nil
end
end
@@ -25,10 +25,9 @@ class DeviseTest < ActiveSupport::TestCase
Devise.configure_warden(config)
assert_equal Devise::FailureApp, config.failure_app
assert_equal [:authenticatable], config.default_strategies
assert_equal [:rememberable, :http_authenticatable, :token_authenticatable, :authenticatable], config.default_strategies
assert_equal :user, config.default_scope
assert config.silence_missing_strategies?
assert config.silence_missing_serializers?
end
test 'warden manager user configuration through a block' do
@@ -45,4 +44,26 @@ class DeviseTest < ActiveSupport::TestCase
Devise.clean_warden_config!
end
end
test 'add new module using the helper method' do
assert_nothing_raised(Exception) { Devise.add_module(:coconut) }
assert_equal 1, Devise::ALL.select { |v| v == :coconut }.size
assert_not Devise::STRATEGIES.include?(:coconut)
assert_not defined?(Devise::Models::Coconut)
Devise::ALL.delete(:coconut)
assert_nothing_raised(Exception) { Devise.add_module(:banana, :strategy => true) }
assert_equal 1, Devise::STRATEGIES.select { |v| v == :banana }.size
Devise::ALL.delete(:banana)
Devise::STRATEGIES.delete(:banana)
assert_nothing_raised(Exception) { Devise.add_module(:kivi, :controller => :fruits) }
assert_not_nil Devise::CONTROLLERS[:fruits]
assert_equal 1, Devise::CONTROLLERS[:fruits].select { |v| v == :kivi }.size
Devise::ALL.delete(:kivi)
Devise::CONTROLLERS.delete(:fruits)
assert_nothing_raised(Exception) { Devise.add_module(:authenticatable_again, :model => 'devise/model/authenticatable') }
assert defined?(Devise::Models::AuthenticatableAgain)
end
end

3
test/encryptors_test.rb
View File

@@ -1,5 +1,4 @@
class Encryptors < ActiveSupport::TestCase
test 'should match a password created by authlogic' do
authlogic = "b623c3bc9c775b0eb8edb218a382453396fec4146422853e66ecc4b6bc32d7162ee42074dcb5f180a770dc38b5df15812f09bbf497a4a1b95fe5e7d2b8eb7eb4"
encryptor = Devise::Encryptors::AuthlogicSha512.digest('123mudar', 20, 'usZK_z_EAaF61Gwkw-ed', '')
@@ -17,7 +16,7 @@ class Encryptors < ActiveSupport::TestCase
encryptor = Devise::Encryptors::ClearanceSha1.digest('123mudar', nil, '65c58472c207c829f28c68619d3e3aefed18ab3f', nil)
assert_equal clearance, encryptor
end
Devise::ENCRYPTORS_LENGTH.each do |key, value|
test "should have length #{value} for #{key.inspect}" do
swap Devise, :encryptor => key do

7
test/failure_app_test.rb
View File

@@ -4,7 +4,12 @@ require 'ostruct'
class FailureTest < ActiveSupport::TestCase
def call_failure(env_params={})
env = {'warden.options' => { :scope => :user }}.merge!(env_params)
env = {
'warden.options' => { :scope => :user },
'REQUEST_URI' => 'http://test.host/',
'REQUEST_METHOD' => 'GET',
'rack.session' => {}
}.merge!(env_params)
Devise::FailureApp.call(env)
end

168
test/integration/authenticatable_test.rb
View File

@@ -1,8 +1,7 @@
require 'test/test_helper'
class AuthenticationTest < ActionController::IntegrationTest
test 'home should be accessible without signed in' do
class AuthenticationSanityTest < ActionController::IntegrationTest
test 'home should be accessible without sign in' do
visit '/'
assert_response :success
assert_template 'home/index'
@@ -76,43 +75,6 @@ class AuthenticationTest < ActionController::IntegrationTest
assert_contain 'Welcome Admin'
end
test 'sign in as user should not authenticate if not using proper authentication keys' do
swap Devise, :authentication_keys => [:username] do
sign_in_as_user
assert_not warden.authenticated?(:user)
end
end
test 'admin signing in with invalid email should return to sign in form with error message' do
sign_in_as_admin do
fill_in 'email', :with => 'wrongemail@test.com'
end
assert_contain 'Invalid email or password'
assert_not warden.authenticated?(:admin)
end
test 'admin signing in with invalid pasword should return to sign in form with error message' do
sign_in_as_admin do
fill_in 'password', :with => 'abcdef'
end
assert_contain 'Invalid email or password'
assert_not warden.authenticated?(:admin)
end
test 'error message is configurable by resource name' do
store_translations :en, :devise => {
:sessions => { :admin => { :invalid => "Invalid credentials" } }
} do
sign_in_as_admin do
fill_in 'password', :with => 'abcdef'
end
assert_contain 'Invalid credentials'
end
end
test 'authenticated admin should not be able to sign as admin again' do
sign_in_as_admin
get new_admin_session_path
@@ -143,6 +105,43 @@ class AuthenticationTest < ActionController::IntegrationTest
get root_path
assert_not_contain 'Signed out successfully'
end
end
class AuthenticationTest < ActionController::IntegrationTest
test 'sign in should not authenticate if not using proper authentication keys' do
swap Devise, :authentication_keys => [:username] do
sign_in_as_user
assert_not warden.authenticated?(:user)
end
end
test 'sign in with invalid email should return to sign in form with error message' do
sign_in_as_admin do
fill_in 'email', :with => 'wrongemail@test.com'
end
assert_contain 'Invalid email or password'
assert_not warden.authenticated?(:admin)
end
test 'sign in with invalid pasword should return to sign in form with error message' do
sign_in_as_admin do
fill_in 'password', :with => 'abcdef'
end
assert_contain 'Invalid email or password'
assert_not warden.authenticated?(:admin)
end
test 'error message is configurable by resource name' do
store_translations :en, :devise => { :sessions => { :admin => { :invalid => "Invalid credentials" } } } do
sign_in_as_admin do
fill_in 'password', :with => 'abcdef'
end
assert_contain 'Invalid credentials'
end
end
test 'redirect from warden shows sign in or sign up message' do
get admins_path
@@ -154,43 +153,62 @@ class AuthenticationTest < ActionController::IntegrationTest
assert_contain 'You need to sign in or sign up before continuing.'
end
test 'return to default url if no other was requested' do
test 'redirect to default url if no other was configured' do
sign_in_as_user
assert_template 'home/index'
assert_nil session[:return_to]
assert_nil session[:"user.return_to"]
end
test 'return to given url after sign in' do
test 'redirect to requested url after sign in' do
get users_path
assert_redirected_to new_user_session_path(:unauthenticated => true)
assert_equal users_path, session[:"user.return_to"]
follow_redirect!
follow_redirect!
sign_in_as_user :visit => false
assert_template 'users/index'
assert_nil session[:"user.return_to"]
end
test 'return to configured home path after sign in' do
test 'redirect to last requested url overwriting the stored return_to option' do
get expire_user_path(create_user)
assert_redirected_to new_user_session_path(:unauthenticated => true)
assert_equal expire_user_path(create_user), session[:"user.return_to"]
get users_path
assert_redirected_to new_user_session_path(:unauthenticated => true)
assert_equal users_path, session[:"user.return_to"]
follow_redirect!
sign_in_as_user :visit => false
assert_template 'users/index'
assert_nil session[:"user.return_to"]
end
test 'redirect to configured home path for a given scope after sign in' do
sign_in_as_admin
assert_equal "/admin_area/home", @request.path
end
test 'allows session to be set by a given scope' do
test 'destroyed account is signed out' do
sign_in_as_user
visit 'users/index'
assert_equal "Cart", @controller.user_session[:cart]
end
get '/users'
test 'destroyed account is logged out' do
sign_in_as_user
visit 'users/index'
User.destroy_all
visit 'users/index'
get '/users'
assert_redirected_to '/users/sign_in?unauthenticated=true'
end
test 'allows session to be set by a given scope' do
sign_in_as_user
get '/users'
assert_equal "Cart", @controller.user_session[:cart]
end
# Scoped views
test 'renders the scoped view if turned on and view is available' do
swap Devise, :scoped_views => true do
assert_raise Webrat::NotFoundError do
@@ -200,6 +218,20 @@ class AuthenticationTest < ActionController::IntegrationTest
end
end
test 'renders the scoped view if turned on in an specific controller' do
begin
Devise::SessionsController.scoped_views = true
assert_raise Webrat::NotFoundError do
sign_in_as_user
end
assert_match /Special user view/, response.body
assert !Devise::PasswordsController.scoped_views
ensure
Devise::SessionsController.send :remove_instance_variable, :@scoped_views
end
end
test 'does not render the scoped view if turned off' do
swap Devise, :scoped_views => false do
assert_nothing_raised do
@@ -216,23 +248,33 @@ class AuthenticationTest < ActionController::IntegrationTest
end
end
# Default scope
test 'uses the mapping from the default scope if specified' do
swap Devise, :use_default_scope => true do
get '/sign_in'
assert_response :ok
assert_contain 'Sign in'
end
end
# Custom controller
test 'uses the custom controller with the custom controller view' do
get '/admin_area/sign_in'
assert_contain 'Sign in'
assert_contain 'Welcome to "sessions" controller!'
assert_contain 'Welcome to "sessions/new" view!'
end
# Access
test 'render 404 on roles without permission' do
get 'admin_area/password/new'
get '/admin_area/password/new', {}, "action_dispatch.show_exceptions" => true
assert_response :not_found
assert_not_contain 'Send me reset password instructions'
end
test 'render 404 on roles without mapping' do
get 'sign_in'
get '/sign_in', {}, "action_dispatch.show_exceptions" => true
assert_response :not_found
assert_not_contain 'Sign in'
end
test 'uses the mapping from the default scope if specified' do
swap Devise, :use_default_scope => true do
get 'sign_in'
assert_response :ok
assert_contain 'Sign in'
end
end
end

44
test/integration/http_authenticatable_test.rb Normal file
View File

@@ -0,0 +1,44 @@
require 'test/test_helper'
class HttpAuthenticationTest < ActionController::IntegrationTest
test 'sign in should authenticate with http' do
sign_in_as_new_user_with_http
assert_response :success
assert_template 'users/index'
assert_contain 'Welcome'
assert warden.authenticated?(:user)
end
test 'returns a custom response with www-authenticate header on failures' do
sign_in_as_new_user_with_http("unknown")
assert_equal 401, status
assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
end
test 'returns a custom response with www-authenticate and chosen realm' do
swap Devise, :http_authentication_realm => "MyApp" do
sign_in_as_new_user_with_http("unknown")
assert_equal 401, status
assert_equal 'Basic realm="MyApp"', headers["WWW-Authenticate"]
end
end
test 'sign in should authenticate with http even with specific authentication keys' do
swap Devise, :authentication_keys => [:username] do
sign_in_as_new_user_with_http "usertest"
assert_response :success
assert_template 'users/index'
assert_contain 'Welcome'
assert warden.authenticated?(:user)
end
end
private
def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
user = create_user
get users_path, {}, "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
user
end
end

83
test/integration/lockable_test.rb Normal file
View File

@@ -0,0 +1,83 @@
require 'test/test_helper'
class LockTest < ActionController::IntegrationTest
def visit_user_unlock_with_token(unlock_token)
visit user_unlock_path(:unlock_token => unlock_token)
end
test 'user should be able to request a new unlock token' do
user = create_user(:locked => true)
ActionMailer::Base.deliveries.clear
visit new_user_session_path
click_link 'Didn\'t receive unlock instructions?'
fill_in 'email', :with => user.email
click_button 'Resend unlock instructions'
assert_template 'sessions/new'
assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes'
assert_equal 1, ActionMailer::Base.deliveries.size
end
test 'unlocked user should not be able to request a unlock token' do
user = create_user(:locked => false)
ActionMailer::Base.deliveries.clear
visit new_user_session_path
click_link 'Didn\'t receive unlock instructions?'
fill_in 'email', :with => user.email
click_button 'Resend unlock instructions'
assert_template 'unlocks/new'
assert_contain 'not locked'
assert_equal 0, ActionMailer::Base.deliveries.size
end
test 'user with invalid unlock token should not be able to unlock an account' do
visit_user_unlock_with_token('invalid_token')
assert_response :success
assert_template 'unlocks/new'
assert_have_selector '#errorExplanation'
assert_contain /Unlock token(.*)invalid/
end
test "locked user should be able to unlock account" do
user = create_user(:locked => true)
assert user.locked?
visit_user_unlock_with_token(user.unlock_token)
assert_template 'home/index'
assert_contain 'Your account was successfully unlocked.'
assert_not user.reload.locked?
end
test "sign in user automatically after unlocking it's account" do
user = create_user(:locked => true)
visit_user_unlock_with_token(user.unlock_token)
assert warden.authenticated?(:user)
end
test "user should not be able to sign in when locked" do
user = sign_in_as_user(:locked => true)
assert_template 'sessions/new'
assert_contain 'Your account is locked.'
assert_not warden.authenticated?(:user)
end
test 'error message is configurable by resource name' do
store_translations :en, :devise => {
:sessions => { :admin => { :locked => "You are locked!" } }
} do
get new_admin_session_path(:locked => true)
assert_contain 'You are locked!'
end
end
end

10
test/integration/recoverable_test.rb
View File

@@ -128,4 +128,14 @@ class PasswordTest < ActionController::IntegrationTest
assert warden.authenticated?(:user)
end
test 'does not sign in user automatically after changing it\'s password if it\'s not active' do
user = create_user(:confirm => false)
request_forgot_password
reset_password :reset_password_token => user.reload.reset_password_token
assert_current_path new_user_session_path(:unconfirmed => true)
assert !warden.authenticated?(:user)
end
end

139
test/integration/registerable_test.rb Normal file
View File

@@ -0,0 +1,139 @@
require 'test/test_helper'
class RegistrationTest < ActionController::IntegrationTest
test 'a guest admin should be able to sign in successfully' do
get new_admin_session_path
click_link 'Sign up'
assert_template 'registrations/new'
fill_in 'email', :with => 'new_user@test.com'
fill_in 'password', :with => 'new_user123'
fill_in 'password confirmation', :with => 'new_user123'
click_button 'Sign up'
assert_contain 'You have signed up successfully.'
assert warden.authenticated?(:admin)
admin = Admin.last
assert_equal admin.email, 'new_user@test.com'
end
test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
get new_user_registration_path
fill_in 'email', :with => 'new_user@test.com'
fill_in 'password', :with => 'new_user123'
fill_in 'password confirmation', :with => 'new_user123'
click_button 'Sign up'
assert_contain 'You have signed up successfully.'
assert_contain 'Sign in'
assert_not_contain 'Confirm your account'
assert_not warden.authenticated?(:user)
user = User.last
assert_equal user.email, 'new_user@test.com'
assert_not user.confirmed?
end
test 'a guest user cannot sign up with invalid information' do
get new_user_registration_path
fill_in 'email', :with => 'invalid_email'
fill_in 'password', :with => 'new_user123'
fill_in 'password confirmation', :with => 'new_user321'
click_button 'Sign up'
assert_template 'registrations/new'
assert_have_selector '#errorExplanation'
assert_contain "Email is invalid"
assert_contain "Password doesn't match confirmation"
assert_nil User.first
assert_not warden.authenticated?(:user)
end
test 'a guest should not sign up with email/password that already exists' do
user = create_user
get new_user_registration_path
fill_in 'email', :with => 'user@test.com'
fill_in 'password', :with => '123456'
fill_in 'password confirmation', :with => '123456'
click_button 'Sign up'
assert_template 'registrations/new'
assert_contain 'Email has already been taken'
assert_not warden.authenticated?(:user)
end
test 'a guest should not be able to change account' do
get edit_user_registration_path
assert_redirected_to new_user_session_path(:unauthenticated => true)
end
test 'a signed in user should not be able to access sign up' do
sign_in_as_user
get new_user_registration_path
assert_redirected_to root_path
end
test 'a signed in user should be able to edit his account' do
sign_in_as_user
get edit_user_registration_path
fill_in 'email', :with => 'user.new@email.com'
fill_in 'current password', :with => '123456'
click_button 'Update'
assert_template 'home/index'
assert_contain 'You updated your account successfully.'
assert_equal "user.new@email.com", User.first.email
end
test 'a signed in user should not change his current user with invalid password' do
sign_in_as_user
get edit_user_registration_path
fill_in 'email', :with => 'user.new@email.com'
fill_in 'current password', :with => 'invalid'
click_button 'Update'
assert_template 'registrations/edit'
assert_contain 'user@test.com'
assert_have_selector 'form input[value="user.new@email.com"]'
assert_equal "user@test.com", User.first.email
end
test 'a signed in user should be able to edit his password' do
sign_in_as_user
get edit_user_registration_path
fill_in 'password', :with => 'pas123'
fill_in 'password confirmation', :with => 'pas123'
fill_in 'current password', :with => '123456'
click_button 'Update'
assert_template 'home/index'
assert_contain 'You updated your account successfully.'
assert User.first.valid_password?('pas123')
end
test 'a signed in user should be able to cancel his account' do
sign_in_as_user
get edit_user_registration_path
click_link "Cancel my account", :method => :delete
assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
assert User.all.empty?
end
end

13
test/integration/rememberable_test.rb
View File

@@ -6,7 +6,7 @@ class RememberMeTest < ActionController::IntegrationTest
Devise.remember_for = 1
user = create_user
user.remember_me!
cookies['warden.user.user.key'] = User.serialize_into_cookie(user) + add_to_token
cookies['remember_user_token'] = User.serialize_into_cookie(user) + add_to_token
user
end
@@ -31,16 +31,17 @@ class RememberMeTest < ActionController::IntegrationTest
test 'do not remember with invalid token' do
user = create_user_and_remember('add')
get users_path
assert_response :success
assert_not warden.authenticated?(:user)
assert_redirected_to new_user_session_path(:unauthenticated => true)
end
test 'do not remember with token expired' do
user = create_user_and_remember
Devise.remember_for = 0
get users_path
assert_response :success
assert_not warden.authenticated?(:user)
swap Devise, :remember_for => 0 do
get users_path
assert_not warden.authenticated?(:user)
assert_redirected_to new_user_session_path(:unauthenticated => true)
end
end
test 'forget the user before sign out' do

53
test/integration/token_authenticatable_test.rb Normal file
View File

@@ -0,0 +1,53 @@
require 'test/test_helper'
class TokenAuthenticationTest < ActionController::IntegrationTest
test 'sign in should authenticate with valid authentication token and proper authentication token key' do
swap Devise, :token_authentication_key => :secret_token do
sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
assert_response :success
assert_template 'users/index'
assert_contain 'Welcome'
assert warden.authenticated?(:user)
end
end
test 'signing in with valid authentication token - but improper authentication token key - return to sign in form with error message' do
swap Devise, :token_authentication_key => :donald_duck_token do
sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
assert_current_path new_user_session_path(:unauthenticated => true)
assert_contain 'You need to sign in or sign up before continuing'
assert_contain 'Sign in'
assert_not warden.authenticated?(:user)
end
end
test 'signing in with invalid authentication token should return to sign in form with error message' do
store_translations :en, :devise => {:sessions => {:invalid_token => 'LOL, that was not a single character correct.'}} do
sign_in_as_new_user_with_token(:auth_token => '*** INVALID TOKEN ***')
assert_current_path new_user_session_path(:invalid_token => true)
assert_response :success
assert_contain 'LOL, that was not a single character correct.'
assert_contain 'Sign in'
assert_not warden.authenticated?(:user)
end
end
private
def sign_in_as_new_user_with_token(options = {})
options[:auth_token_key] ||= Devise.token_authentication_key
options[:auth_token] ||= VALID_AUTHENTICATION_TOKEN
user = create_user(options)
user.authentication_token = VALID_AUTHENTICATION_TOKEN
user.save
visit users_path(options[:auth_token_key].to_sym => options[:auth_token])
user
end
end

11
test/mailers/confirmation_instructions_test.rb
View File

@@ -59,7 +59,16 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
test 'renders a scoped if scoped_views is set to true' do
swap Devise, :scoped_views => true do
assert_equal user.email, mail.body
assert_equal user.email, mail.body.decoded
end
end
test 'renders a scoped if scoped_views is set in the mailer class' do
begin
Devise::Mailer.scoped_views = true
assert_equal user.email, mail.body.decoded
ensure
Devise::Mailer.send :remove_instance_variable, :@scoped_views
end
end

Some files were not shown because too many files have changed in this diff Show More