Release pre4 with improved controller handling.

Signed-off-by: José Valim <jose.valim@gmail.com>

.gitignore

@@ -5,3 +5,4 @@ coverage/*
 *.sqlite3
 rdoc/*
 pkg
+log

CHANGELOG.rdoc

@@ -1,3 +1,54 @@
+== 1.1.pre
+
+* enhancements
+  * Rails 3 compatibility.
+  * All controllers and views are namespaced, for example: Devise::SessionsController and "devise/sessions".
+  * You can specify the controller in routes and have specific controllers for each role.
+  * Devise.orm is deprecated. This reduces the required API to hook your ORM with devise.
+  * Use metal for failure app.
+  * HTML e-mails now have proper formatting.
+  * Do not remove options from Datamapper and MongoMapper in find
+
+* deprecations
+  * Rails 3 compatible only.
+  * Scoped views are no longer "sessions/users/new". Now use "users/sessions/new".
+  * Devise.orm is deprecated, just require "devise/orm/YOUR_ORM" instead.
+  * Devise.default_url_options is deprecated, just modify ApplicationController.default_url_options.
+
+== 1.0.3
+
+* enhancements
+  * HTML e-mails now have proper formatting
+  * Do not remove MongoMapper options in find
+
+== 1.0.2
+
+* enhancements
+  * Allows you set mailer content type (by github.com/glennr)
+
+* bug fix
+  * Uses the same content type as request on http authenticatable 401 responses
+
+== 1.0.1
+
+* enhancements
+  * HttpAuthenticatable is not added by default automatically.
+  * Avoid mass assignment error messages with current password.
+
+* bug fix
+  * Fixed encryptors autoload
+
+== 1.0.0
+
+* deprecation
+  * :old_password in update_with_password is deprecated, use :current_password instead
+
+* enhancements
+  * Added Registerable
+  * Added Http Basic Authentication support
+  * Allow scoped_views to be customized per controller/mailer class
+  * [#99] Allow authenticatable to used in change_table statements
+
 == 0.9.2
 
 * bug fix

Gemfile

@@ -0,0 +1,18 @@
+source "http://gemcutter.org"
+
+gem "rails", "3.0.0.beta"
+gem "warden", "0.9.4"
+gem "sqlite3-ruby", :require => "sqlite3"
+gem "webrat", "0.7"
+gem "mocha", :require => false
+gem "bcrypt-ruby", :require => "bcrypt"
+
+if RUBY_VERSION < '1.9'
+  gem "ruby-debug", ">= 0.10.3"
+end
+
+group :mongo_mapper do
+  gem "mongo",        "0.18.3"
+  gem "mongo_ext",    "0.18.3", :require => false
+  gem "mongo_mapper", :git => "git://github.com/merbjedi/mongomapper.git", :branch => "rails3"
+end

README.rdoc

@@ -7,64 +7,72 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 * Allows you to have multiple roles (or models/scopes) signed in at the same time;
 * Is based on a modularity concept: use just what you really need.
 
-Right now it's composed of nine modules:
+Right now it's composed of 12 modules:
 
-* Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
-* Confirmable: responsible for verifying whether an account is already confirmed to sign in, and to send emails with confirmation instructions.
-* Recoverable: takes care of reseting the user password and send reset instructions.
-* Rememberable: manages generating and clearing token for remember the user from a saved cookie.
-* Trackable: tracks sign in count, timestamps and ip.
-* Validatable: creates all needed validations for email and password. It's totally optional, so you're able to to customize validations by yourself.
-* Timeoutable: expires sessions without activity in a certain period of time.
-* Lockable: takes care of locking an account based on the number of failed sign in attempts. Handles unlock via expire and email.
-* Activatable: if you need to activate accounts by other means, which are not through confirmation, use this module.
+* Authenticatable: encrypts a password and validates the authenticity of a user while signing in.
+* Token Authenticatable: validates the authenticity of a user while signing in using an authentication token (also known as "single access token").
+* HttpAuthenticatable: sign in users using basic HTTP authentication.
+* Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
+* Recoverable: resets the user password and sends reset instructions.
+* Registerable: handles signing up users through a registration process.
+* Rememberable: manages generating and clearing a token for remembering the user from a saved cookie.
+* Trackable: tracks sign in count, timestamps and IP address.
+* Timeoutable: expires sessions that have no activity in a specified period of time.
+* Validatable: provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
+* Lockable: locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
+* Activatable: use this module if you need to activate accounts by means other than confirmation.
 
-There's an example application using Devise at http://github.com/plataformatec/devise_example .
+== Examples
+
+* Example application using Devise at http://github.com/plataformatec/devise_example
+* Example Rails 2.3 web app combining subdomains with Devise at http://github.com/fortuity/subdomain-authentication
 
 == Dependencies
 
-Devise is based on Warden (http://github.com/hassox/warden), a Rack Authentication Framework so you need to install it as a gem. Please ensure you have it installed in order to use devise (see installation below).
+Devise is based on Warden (http://github.com/hassox/warden), a Rack Authentication Framework. You need to install Warden as a gem. Please ensure you have it installed in order to use Devise (see installation below).
 
 == Installation
 
-All gems are on gemcutter, so you need to add gemcutter to your sources if you haven't yet:
+Devise master branch now supports Rails 3 and is NOT backward compatible. You can install it as:
 
-  sudo gem sources -a http://gemcutter.org/
+  sudo gem install devise --version=1.1.pre
 
-Install warden gem if you don't have it installed (requires 0.6.4 or higher):
+After installing the Warden and Devise gems, you need to configure the gems inside your gemfile:
 
-  sudo gem install warden
+  gem 'warden'
+  gem 'devise'
 
-Install devise gem:
+And run the generator:
 
-  sudo gem install devise
+	rails generate devise_install
 
-Configure warden and devise gems inside your app:
-
-  config.gem 'warden'
-  config.gem 'devise'
-
-Run the generator:
-
-	ruby script/generate devise_install
-
-And you're ready to go. The generator will install an initializer which describes ALL Devise's configuration options, so be sure to take a look at it and the documentation as well:
+And you're ready to go. The generator will install an initializer which describes ALL Devise's configuration options, so be sure to take a look at it and at the documentation as well:
 
   http://rdoc.info/projects/plataformatec/devise
 
+== Rails 2.3
+
+If you want to use the Rails 2.3.x version, you should do:
+
+  sudo gem install devise --version=1.0.1
+
+Or checkout from the v1.0 branch:
+
+  http://github.com/plataformatec/devise/tree/v1.0
+
 == Basic Usage
 
 This is a walkthrough with all steps you need to setup a devise resource, including model, migration, route files, and optional configuration. You MUST also check out the *Generators* section below to help you start.
 
-Devise must be set up within the model (or models) you want to use, and devise routes must be created inside your config/routes.rb file.
+Devise must be set up within the model (or models) you want to use. Devise routes must be created inside your config/routes.rb file.
 
-We're assuming here you want a User model with some modules, as outlined below:
+We're assuming here you want a User model with some Devise modules, as outlined below:
 
   class User < ActiveRecord::Base
     devise :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
   end
 
-After you choose which modules to use, you need to setup your migrations. Luckily, devise has some helpers to save you from this boring work:
+After you choose which modules to use, you need to set up your migrations. Luckily, Devise has some helpers to save you from this boring work:
 
   create_table :users do |t|
     t.authenticatable
@@ -75,53 +83,53 @@ After you choose which modules to use, you need to setup your migrations. Luckil
     t.timestamps
   end
 
-Remember that Devise don't rely on _attr_accessible_ or _attr_protected_ inside its modules, so be sure to setup what attributes are accessible or protected in your model.
+Devise doesn't use _attr_accessible_ or _attr_protected_ inside its modules, so be sure to define attributes as accessible or protected in your model.
 
-The next setup after setting up your model is to configure your routes. You do this by opening up your config/routes.rb and adding:
+Configure your routes after setting up your model. Open your config/routes.rb file and add:
 
-  map.devise_for :users
+  devise_for :users
 
-This is going to look inside you User model and create a set of needed routes (you can see them by running `rake routes`).
+This will use your User model to create a set of needed routes (you can see them by running `rake routes`).
 
-There are also some options available for configuring your routes, as :class_name (to set the class for that route), :path_prefix, :as and :path_names, where the last two have the same meaning as in common routes. The available :path_names are:
+Options for configuring your routes include :class_name (to set the class for that route), :path_prefix, :as and :path_names, where the last two have the same meaning as in common routes. The available :path_names are:
 
-  map.devise_for :users, :as => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock' }
+  devise_for :users, :as => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :sign_up => 'register', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock' }
 
-Be sure to check devise_for documentation for detailed description.
+Be sure to check devise_for documentation for details.
 
-After this steps, run your migrations, and you are ready to go! But don't finish reading, we still have a lot to tell you:
+After creating your models and routes, run your migrations, and you are ready to go! But don't stop reading here, we still have a lot to tell you:
 
 == Controller filters and helpers
 
-Devise is gonna create some helpers to use inside your controllers and views. To setup a controller that needs user authentication, just add this before_filter:
+Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_filter:
 
   before_filter :authenticate_user!
 
-To verify if a user is signed in, you have the following helper:
+To verify if a user is signed in, use the following helper:
 
   user_signed_in?
 
-And to get the current signed in user this helper is available:
+For the current signed-in user, this helper is available:
 
   current_user
 
-You have also access to the session for this scope:
+You can access the session for this scope:
 
   user_session
 
-After signing in a user, confirming it's account or updating it's password, devise will look for a scoped root path to redirect. Example: For a :user resource, it will use user_root_path if it exists, otherwise default root_path will be used. This means that you need to set the root inside your routes:
+After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. Example: For a :user resource, it will use user_root_path if it exists, otherwise default root_path will be used. This means that you need to set the root inside your routes:
 
-  map.root :controller => 'home'
+  root :to => "home"
 
-You can also overwrite after_sign_in_path_for and after_sign_out_path_for to customize better your redirect hooks.
+You can also overwrite after_sign_in_path_for and after_sign_out_path_for to customize your redirect hooks.
 
-Finally, you also need to setup default url options for the mailer in each environment. Here's is the configuration for config/environments/development.rb:
+Finally, you need to set up default url options for the mailer in each environment. Here is the configuration for config/environments/development.rb:
 
   config.action_mailer.default_url_options = { :host => 'localhost:3000' }
 
 == Tidying up
 
-Devise let's you setup as many roles as you want, so let's say you already have this User model and also want an Admin model with just authentication, trackable, lockable and timeoutable stuff and none of confirmation or password recovery. Just follow the same steps:
+Devise allows you to set up as many roles as you want. For example, you may have a User model and also want an Admin model with just authentication, trackable, lockable and timeoutable features and no confirmation or password-recovery features. Just follow these steps:
 
   # Create a migration with the required fields
   create_table :admins do |t|
@@ -134,7 +142,7 @@ Devise let's you setup as many roles as you want, so let's say you already have
   devise :authenticatable, :trackable, :timeoutable, :lockable
 
   # Inside your routes
-  map.devise_for :admin
+  devise_for :admin
 
   # Inside your protected controller
   before_filter :authenticate_admin!
@@ -146,37 +154,56 @@ Devise let's you setup as many roles as you want, so let's say you already have
 
 == Generators
 
-Devise comes with some generators to help you start:
+Devise has generators to help you get started:
 
-  ruby script/generate devise_install
+  rails generate devise_install
 
-This will generate an initializer, with a description of all configuration values. You can also generate models through:
+This will generate an initializer, with a description of all configuration values.
 
-  ruby script/generate devise Model
+You can also generate models:
 
-A model configured with all devise modules and attr_accessible for default fields will be created. The generator will also create the migration and configure your routes for devise.
+  rails generate devise Model
+
+This will create a model named "Model" configured with default Devise modules and attr_accessible set for default fields. The generator will also create the migration and configure your routes for Devise.
 
 == Model configuration
 
-The devise method in your models also accept some options to configure its modules. For example, you can chose which encryptor to use in authenticatable:
+The devise method in your models also accepts some options to configure its modules. For example, you can choose which encryptor to use in authenticatable:
 
   devise :authenticatable, :confirmable, :recoverable, :encryptor => :bcrypt
 
-Besides :encryptor, you can provide :pepper, :stretches, :confirm_within, :remember_for, :timeout_in, :unlock_in and others. All those are describer in the initializer created when you invoke the devise_install generator describer above.
+Besides :encryptor, you can define :pepper, :stretches, :confirm_within, :remember_for, :timeout_in, :unlock_in and other values. For details, see the initializer file that was created when you invoked the devise_install generator described above.
 
-== Views
+== Configuring controllers and views
 
-Since devise is an engine, it has all default views inside the gem. They are good to get you started, but you will want to customize them at some point. And Devise has a generator to make copy them all to your application:
+We built Devise to help you quickly develop an application that uses authentication. We don't want to be in your way when you need to customize it.
 
-  ruby script/generate devise_views
+Since Devise is an engine, all its default views are packaged inside the gem. The default views will get you started but you may want to customize them. Devise has a generator to copy the default views to your application. After they've been copied to your application, you can make changes as required:
 
-By default Devise will use the same views for all roles you have. But what if you need so different views to each of them? Devise also has an easy way to accomplish it: just setup config.scoped_views to true inside "config/initializers/devise.rb". 
+  rails generate devise_views
 
-After doing so you will be able to have views based on the scope like 'sessions/users/new' and 'sessions/admin/new'. If no view is found within the scope, Devise will fallback to the default view.
+If you have more than one role in your application (such as "user" and "admin"), you will notice that Devise uses the same views for all roles. You may need different views for each role. Devise offers an easy way to customize views for each role. Just set config.scoped_views to "true" inside "config/initializers/devise.rb".
+
+After doing so you will be able to have views based on the scope like "users/sessions/new" and "admins/sessions/new". If no view is found within the scope, Devise will use the default view at "devise/sessions/new".
+
+Finally, if the customization at the views level is not enough, you can customize each controller by following these steps:
+
+  1) Create your custom controller, for example a Admins::SessionsController:
+
+    class Admins::SessionsController < Devise::SessionsController
+    end
+
+  2) Tell the router to use this controller:
+
+    devise_for :admins, :controllers => { :sessions = "admin/sessions" }
+
+  3) And finally, since we changed the controller, it won't use the "devise/sessions" views, so remember to copy "devise/sessions" to "admin/sessions".
+
+Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call "flash[:notice]" and "flash[:alert]" as appropriate.
 
 == I18n
 
-Devise uses flash messages with I18n with the flash keys :success and :failure. To customize your app, you can setup your locale file this way:
+Devise uses flash messages with I18n with the flash keys :success and :failure. To customize your app, you can set up your locale file:
 
   en:
     devise:
@@ -193,7 +220,7 @@ You can also create distinct messages based on the resource you've configured us
         admin:
           signed_in: 'Hello admin!'
 
-Devise mailer uses the same pattern to create subject messages:
+The Devise mailer uses the same pattern to create subject messages:
 
   en:
     devise:
@@ -221,15 +248,15 @@ You can include the Devise Test Helpers in all of your tests by adding the follo
     include Devise::TestHelpers
   end
 
-Do not use such helpers for integration tests like Cucumber, Webrat... Just fill in the form or explicitly set the user in session. For more tips, check the wiki (http://wiki.github.com/plataformatec/devise).
+Do not use such helpers for integration tests such as Cucumber or Webrat. Instead, fill in the form or explicitly set the user in session. For more tips, check the wiki (http://wiki.github.com/plataformatec/devise).
 
 == Migrating from other solutions
 
-Devise implements encryption strategies for Clearance, Authlogic and Restful-Authentication. To make use of it set the desired encryptor in the encryptor initializer config option. You might also need to rename your encrypted password and salt columns to match Devises's one (encrypted_password and password_salt).
+Devise implements encryption strategies for Clearance, Authlogic and Restful-Authentication. To make use of these strategies, set the desired encryptor in the encryptor initializer config option. You might also need to rename your encrypted password and salt columns to match Devise's fields (encrypted_password and password_salt).
 
 == Other ORMs
 
-Devise supports both ActiveRecord (default) and MongoMapper, and has experimental Datamapper supports (in a sense that Devise test suite does not run completely with Datamapper). To choose other ORM, you just need to configure it in the initializer file.
+Devise supports ActiveRecord (by default) and MongoMapper. We offer experimental Datamapper support (with the limitation that the Devise test suite does not run completely with Datamapper). To choose other ORM, you just need to configure it in the initializer file.
 
 == TODO
 
@@ -242,14 +269,28 @@ Please refer to TODO file.
 
 == Contributors
 
-We have a long running list of contributors. Check them in the CHANGELOG or do `git shortlog -s -n` in the cloned repository.
+We have a long list of valued contributors. See the CHANGELOG or do `git shortlog -s -n` in the cloned repository.
+
+== Related Applications
+
+* http://github.com/scambra/devise_invitable adds support to Devise for sending invitations by email.
+
+* http://github.com/grimen/devise_facebook_connectable adds support for Facebook Connect authentication, and optionally fetching user info from Facebook in the same step.
 
 == Bugs and Feedback
 
-If you discover any bugs or want to drop a line, feel free to create an issue on
-GitHub or send an e-mail to the mailing list.
+If you discover any bugs, please create an issue on GitHub.
 
 http://github.com/plataformatec/devise/issues
+
+For support, send an e-mail to the mailing list.
+
 http://groups.google.com/group/plataformatec-devise
 
+See the wiki for additional documentation and support.
+
+http://wiki.github.com/plataformatec/devise/
+
+== License
+
 MIT License. Copyright 2009 Plataforma Tecnologia. http://blog.plataformatec.com.br

Rakefile

@@ -43,8 +43,9 @@ begin
     s.homepage = "http://github.com/plataformatec/devise"
     s.description = "Flexible authentication solution for Rails with Warden"
     s.authors = ['José Valim', 'Carlos Antônio']
-    s.files =  FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "init.rb"]
-    s.add_dependency("warden", "~> 0.9.0")
+    s.files =  FileList["[A-Z]*", "{app,config,lib}/**/*"]
+    s.extra_rdoc_files = FileList["[A-Z]*"] - %w(Gemfile Rakefile)
+    s.add_dependency("warden", "~> 0.9.4")
   end
 
   Jeweler::GemcutterTasks.new

TODO

@@ -1,4 +1,2 @@
 * Make test run with DataMapper
-* Add Registerable support
-* Add http authentication support
-* Extract Activatable tests from Confirmable
+* Extract Activatable tests from Confirmable

app/controllers/confirmations_controller.rb

@@ -1,22 +0,0 @@
-class ConfirmationsController < ApplicationController
-  include Devise::Controllers::InternalHelpers
-  include Devise::Controllers::Common
-
-  # GET /resource/confirmation?confirmation_token=abcdef
-  def show
-    self.resource = resource_class.confirm!(:confirmation_token => params[:confirmation_token])
-
-    if resource.errors.empty?
-      set_flash_message :notice, :confirmed
-      sign_in_and_redirect(resource_name, resource)
-    else
-      render_with_scope :new
-    end
-  end
-
-  protected
-
-    def send_instructions_with
-      :send_confirmation_instructions
-    end
-end

app/controllers/devise/confirmations_controller.rb

@@ -0,0 +1,33 @@
+class Devise::ConfirmationsController < ApplicationController
+  include Devise::Controllers::InternalHelpers
+
+  # GET /resource/confirmation/new
+  def new
+    build_resource
+    render_with_scope :new
+  end
+
+  # POST /resource/confirmation
+  def create
+    self.resource = resource_class.send_confirmation_instructions(params[resource_name])
+
+    if resource.errors.empty?
+      set_flash_message :notice, :send_instructions
+      redirect_to new_session_path(resource_name)
+    else
+      render_with_scope :new
+    end
+  end
+
+  # GET /resource/confirmation?confirmation_token=abcdef
+  def show
+    self.resource = resource_class.confirm!(:confirmation_token => params[:confirmation_token])
+
+    if resource.errors.empty?
+      set_flash_message :notice, :confirmed
+      sign_in_and_redirect(resource_name, resource)
+    else
+      render_with_scope :new
+    end
+  end
+end

app/controllers/devise/passwords_controller.rb

@@ -1,9 +1,26 @@
-class PasswordsController < ApplicationController
+class Devise::PasswordsController < ApplicationController
   include Devise::Controllers::InternalHelpers
-  include Devise::Controllers::Common
 
   before_filter :require_no_authentication
 
+  # GET /resource/password/new
+  def new
+    build_resource
+    render_with_scope :new
+  end
+
+  # POST /resource/password
+  def create
+    self.resource = resource_class.send_reset_password_instructions(params[resource_name])
+
+    if resource.errors.empty?
+      set_flash_message :notice, :send_instructions
+      redirect_to new_session_path(resource_name)
+    else
+      render_with_scope :new
+    end
+  end
+
   # GET /resource/password/edit?reset_password_token=abcdef
   def edit
     self.resource = resource_class.new
@@ -22,10 +39,4 @@ class PasswordsController < ApplicationController
       render_with_scope :edit
     end
   end
-
-  protected
-
-    def send_instructions_with
-      :send_reset_password_instructions
-    end
 end

app/controllers/devise/registrations_controller.rb

@@ -0,0 +1,57 @@
+class Devise::RegistrationsController < ApplicationController
+  include Devise::Controllers::InternalHelpers
+
+  before_filter :require_no_authentication, :only => [ :new, :create ]
+  before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
+
+  # GET /resource/sign_up
+  def new
+    build_resource
+    render_with_scope :new
+  end
+
+  # POST /resource/sign_up
+  def create
+    build_resource
+
+    if resource.save
+      flash[:"#{resource_name}_signed_up"] = true
+      set_flash_message :notice, :signed_up
+      sign_in_and_redirect(resource_name, resource)
+    else
+      render_with_scope :new
+    end
+  end
+
+  # GET /resource/edit
+  def edit
+    render_with_scope :edit
+  end
+
+  # PUT /resource
+  def update
+    if resource.update_with_password(params[resource_name])
+      set_flash_message :notice, :updated
+      redirect_to after_sign_in_path_for(self.resource)
+    else
+      render_with_scope :edit
+    end
+  end
+
+  # DELETE /resource
+  def destroy
+    resource.destroy
+    set_flash_message :notice, :destroyed
+    sign_out_and_redirect(self.resource)
+  end
+
+  protected
+
+    # Authenticates the current scope and gets a copy of the current resource.
+    # We need to use a copy because we don't want actions like update changing
+    # the current user in place.
+    def authenticate_scope!
+      send(:"authenticate_#{resource_name}!")
+      self.resource = resource_class.find(send(:"current_#{resource_name}").id)
+    end
+end

app/controllers/devise/sessions_controller.rb

@@ -1,15 +1,18 @@
-class SessionsController < ApplicationController
+class Devise::SessionsController < ApplicationController
   include Devise::Controllers::InternalHelpers
-  include Devise::Controllers::Common
 
   before_filter :require_no_authentication, :only => [ :new, :create ]
 
   # GET /resource/sign_in
   def new
-    Devise::FLASH_MESSAGES.each do |message|
-      set_now_flash_message :alert, message if params.try(:[], message) == "true"
+    unless resource_just_signed_up?
+      Devise::FLASH_MESSAGES.each do |message|
+        set_now_flash_message :alert, message if params.try(:[], message) == "true"
+      end
     end
-    super
+
+    build_resource
+    render_with_scope :new
   end
 
   # POST /resource/sign_in
@@ -19,7 +22,7 @@ class SessionsController < ApplicationController
       sign_in_and_redirect(resource_name, resource, true)
     else
       set_now_flash_message :alert, (warden.message || :invalid)
-      build_resource
+      clean_up_passwords(build_resource)
       render_with_scope :new
     end
   end
@@ -30,4 +33,13 @@ class SessionsController < ApplicationController
     sign_out_and_redirect(resource_name)
   end
 
+  protected
+
+  def resource_just_signed_up?
+    flash[:"#{resource_name}_signed_up"]
+  end
+
+  def clean_up_passwords(object)
+    object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
+  end
 end

app/controllers/devise/unlocks_controller.rb

@@ -0,0 +1,33 @@
+class Devise::UnlocksController < ApplicationController
+  include Devise::Controllers::InternalHelpers
+
+  # GET /resource/unlock/new
+  def new
+    build_resource
+    render_with_scope :new
+  end
+
+  # POST /resource/unlock
+  def create
+    self.resource = resource_class.send_unlock_instructions(params[resource_name])
+
+    if resource.errors.empty?
+      set_flash_message :notice, :send_instructions
+      redirect_to new_session_path(resource_name)
+    else
+      render_with_scope :new
+    end
+  end
+
+  # GET /resource/unlock?unlock_token=abcdef
+  def show
+    self.resource = resource_class.unlock!(:unlock_token => params[:unlock_token])
+
+    if resource.errors.empty?
+      set_flash_message :notice, :unlocked
+      sign_in_and_redirect(resource_name, resource)
+    else
+      render_with_scope :new
+    end
+  end
+end

app/controllers/unlocks_controller.rb

@@ -1,22 +0,0 @@
-class UnlocksController < ApplicationController
-  include Devise::Controllers::InternalHelpers
-  include Devise::Controllers::Common
-
-  # GET /resource/unlock?unlock_token=abcdef
-  def show
-    self.resource = resource_class.unlock!(:unlock_token => params[:unlock_token])
-
-    if resource.errors.empty?
-      set_flash_message :notice, :unlocked
-      sign_in_and_redirect(resource_name, resource)
-    else
-      render_with_scope :new
-    end
-  end
-
-  protected
-
-    def send_instructions_with
-      :send_unlock_instructions
-    end
-end

app/models/devise/mailer.rb

@@ -0,0 +1,55 @@
+class Devise::Mailer < ::ActionMailer::Base
+  include Devise::Controllers::ScopedViews
+
+  attr_reader :devise_mapping, :resource
+
+  def confirmation_instructions(record)
+    setup_mail(record, :confirmation_instructions)
+  end
+
+  def reset_password_instructions(record)
+    setup_mail(record, :reset_password_instructions)
+  end
+
+  def unlock_instructions(record)
+    setup_mail(record, :unlock_instructions)
+  end
+
+  private
+
+    # Configure default email options
+    def setup_mail(record, action)
+      @devise_mapping = Devise::Mapping.find_by_class(record.class)
+
+      raise "Invalid devise resource #{record}" unless @devise_mapping
+      @resource = instance_variable_set("@#{@devise_mapping.name}", record)
+
+      mail(:subject => translate(@devise_mapping, action),
+           :from => mailer_sender(@devise_mapping), :to => record.email) do |format|
+        format.html { render_with_scope(action, :controller => "mailer") }
+      end
+    end
+
+    def mailer_sender(mapping)
+      if Devise.mailer_sender.is_a?(Proc)
+        block_args = mapping.name if Devise.mailer_sender.arity > 0
+        Devise.mailer_sender.call(block_args)
+      else
+        Devise.mailer_sender
+      end
+    end
+
+    # Setup subject namespaced by model. It means you're able to setup your
+    # messages using specific resource scope, or provide a default one.
+    # Example (i18n locale file):
+    #
+    #   en:
+    #     devise:
+    #       mailer:
+    #         confirmation_instructions: '...'
+    #         user:
+    #           confirmation_instructions: '...'
+    def translate(mapping, key)
+      I18n.t(:"#{mapping.name}.#{key}", :scope => [:devise, :mailer], :default => key)
+    end
+end

app/models/devise_mailer.rb

@@ -1,67 +0,0 @@
-class DeviseMailer < ::ActionMailer::Base
-
-  # Deliver confirmation instructions when the user is created or its email is
-  # updated, and also when confirmation is manually requested
-  def confirmation_instructions(record)
-    setup_mail(record, :confirmation_instructions)
-  end
-
-  # Deliver reset password instructions when manually requested
-  def reset_password_instructions(record)
-    setup_mail(record, :reset_password_instructions)
-  end
-
-  def unlock_instructions(record)
-    setup_mail(record, :unlock_instructions)
-  end
-
-  private
-
-    # Configure default email options
-    def setup_mail(record, key)
-      mapping = Devise::Mapping.find_by_class(record.class)
-      raise "Invalid devise resource #{record}" unless mapping
-
-      subject      translate(mapping, key)
-      from         mailer_sender(mapping)
-      recipients   record.email
-      sent_on      Time.now
-      content_type 'text/html'
-      body         render_with_scope(key, mapping, mapping.name => record, :resource => record)
-    end
-
-    def render_with_scope(key, mapping, assigns)
-      if Devise.scoped_views
-        begin
-          render :file => "devise_mailer/#{mapping.as}/#{key}", :body => assigns
-        rescue ActionView::MissingTemplate
-          render :file => "devise_mailer/#{key}", :body => assigns
-        end
-      else
-        render :file => "devise_mailer/#{key}", :body => assigns
-      end
-    end
-
-    def mailer_sender(mapping)
-      if Devise.mailer_sender.is_a?(Proc)
-        block_args = mapping.name if Devise.mailer_sender.arity > 0
-        Devise.mailer_sender.call(*block_args)
-      else
-        Devise.mailer_sender
-      end
-    end
-
-    # Setup subject namespaced by model. It means you're able to setup your
-    # messages using specific resource scope, or provide a default one.
-    # Example (i18n locale file):
-    #
-    #   en:
-    #     devise:
-    #       mailer:
-    #         confirmation_instructions: '...'
-    #         user:
-    #           confirmation_instructions: '...'
-    def translate(mapping, key)
-      I18n.t(:"#{mapping.name}.#{key}", :scope => [:devise, :mailer], :default => key)
-    end
-end

app/views/devise/confirmations/new.html.erb

@@ -9,4 +9,4 @@
   <p><%= f.submit "Resend confirmation instructions" %></p>
 <% end %>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

app/views/devise/mailer/confirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+<p>Welcome <%= @resource.email %>!</p>
+
+<p>You can confirm your account through the link below:</p>
+
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %></p>

app/views/devise/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
+
+<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
+
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the link above and create a new one.</p>

app/views/devise/mailer/unlock_instructions.html.erb

@@ -0,0 +1,7 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Your account has been locked due to an excessive amount of unsuccessful sign in attempts.</p>
+
+<p>Click the link below to unlock your account:</p>
+
+<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p>

app/views/devise/passwords/edit.html.erb

@@ -13,4 +13,4 @@
   <p><%= f.submit "Change my password" %></p>
 <% end %>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

app/views/devise/passwords/new.html.erb

@@ -9,4 +9,4 @@
   <p><%= f.submit "Send me reset password instructions" %></p>
 <% end %>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

app/views/devise/registrations/edit.html.erb

@@ -0,0 +1,25 @@
+<h2>Edit <%= resource_name.to_s.humanize %></h2>
+
+<% form_for resource_name, resource, :url => registration_path(resource_name), :html => { :method => :put } do |f| -%>
+  <%= f.error_messages %>
+
+  <p><%= f.label :email %></p>
+  <p><%= f.text_field :email %></p>
+
+  <p><%= f.label :password %> <i>(leave blank if you don't want to change it)</i></p>
+  <p><%= f.password_field :password %></p>
+
+  <p><%= f.label :password_confirmation %></p>
+  <p><%= f.password_field :password_confirmation %></p>
+
+  <p><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i></p>
+  <p><%= f.password_field :current_password %></p>
+
+  <p><%= f.submit "Update" %></p>
+<% end -%>
+
+<h3>Cancel my account</h3>
+
+<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>
+
+<%= link_to "Back", :back %>

app/views/devise/registrations/new.html.erb

@@ -0,0 +1,17 @@
+<h2>Sign up</h2>
+
+<% form_for resource_name, resource, :url => registration_path(resource_name) do |f| -%>
+  <%= f.error_messages %>
+  <p><%= f.label :email %></p>
+  <p><%= f.text_field :email %></p>
+
+  <p><%= f.label :password %></p>
+  <p><%= f.password_field :password %></p>
+
+  <p><%= f.label :password_confirmation %></p>
+  <p><%= f.password_field :password_confirmation %></p>
+
+  <p><%= f.submit "Sign up" %></p>
+<% end -%>
+
+<%= render :partial => "devise/shared/links" %>

app/views/devise/sessions/new.html.erb

@@ -0,0 +1,17 @@
+<h2>Sign in</h2>
+
+<% form_for resource_name, resource, :url => session_path(resource_name) do |f| -%>
+  <p><%= f.label :email %></p>
+  <p><%= f.text_field :email %></p>
+
+  <p><%= f.label :password %></p>
+  <p><%= f.password_field :password %></p>
+
+  <% if devise_mapping.rememberable? -%>
+    <p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
+  <% end -%>
+
+  <p><%= f.submit "Sign in" %></p>
+<% end -%>
+
+<%= render :partial => "devise/shared/links" %>

app/views/devise/shared/_links.erb

@@ -2,6 +2,10 @@
   <%= link_to t('devise.sessions.link'), new_session_path(resource_name) %><br />
 <% end -%>
 
+<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
+  <%= link_to t('devise.registrations.link'), new_registration_path(resource_name) %><br />
+<% end -%>
+
 <%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
   <%= link_to t('devise.passwords.link'), new_password_path(resource_name) %><br />
 <% end -%>
@@ -12,4 +16,4 @@
 
 <%- if devise_mapping.lockable? && controller_name != 'unlocks' %>
   <%= link_to t('devise.unlocks.link'), new_unlock_path(resource_name) %><br />
-<% end -%>
+<% end -%>

app/views/devise/unlocks/new.html.erb

@@ -9,4 +9,4 @@
   <p><%= f.submit "Resend unlock instructions" %></p>
 <% end %>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

app/views/devise_mailer/confirmation_instructions.html.erb

@@ -1,5 +0,0 @@
-Welcome <%= @resource.email %>!
-
-You can confirm your account through the link below:
-
-<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %>

app/views/devise_mailer/reset_password_instructions.html.erb

@@ -1,8 +0,0 @@
-Hello <%= @resource.email %>!
-
-Someone has requested a link to change your password, and you can do this through the link below.
-
-<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %>
-
-If you didn't request this, please ignore this email.
-Your password won't change until you access the link above and create a new one.

app/views/devise_mailer/unlock_instructions.html.erb

@@ -1,7 +0,0 @@
-Hello <%= @resource.email %>!
-
-Your account has been locked due to an excessive amount of unsuccessful sign in attempts.
-
-Click the link below to unlock your account:
-
-<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %>

app/views/sessions/new.html.erb

@@ -1,19 +0,0 @@
-<h2>Sign in</h2>
-
-<%- if devise_mapping.authenticatable? %>
-  <% form_for resource_name, resource, :url => session_path(resource_name) do |f| -%>
-    <p><%= f.label :email %></p>
-    <p><%= f.text_field :email %></p>
-
-    <p><%= f.label :password %></p>
-    <p><%= f.password_field :password %></p>
-
-    <% if devise_mapping.rememberable? -%>
-      <p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
-    <% end -%>
-
-    <p><%= f.submit "Sign in" %></p>
-  <% end -%>
-<% end%>
-
-<%= render :partial => "shared/devise_links" %>

config/locales/en.yml

@@ -1,4 +1,10 @@
 en:
+  errors:
+    messages:
+      not_found: "not found"
+      already_confirmed: "was already confirmed"
+      not_locked: "was not locked"
+
   devise:
     sessions:
       link: 'Sign in'
@@ -19,6 +25,11 @@ en:
       link: "Didn't receive confirmation instructions?"
       send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
       confirmed: 'Your account was successfully confirmed. You are now signed in.'
+    registrations:
+      link: 'Sign up'
+      signed_up: 'You have signed up successfully.'
+      updated: 'You updated your account successfully.'
+      destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
     unlocks:
       link: "Didn't receive unlock instructions?"
       send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
@@ -27,3 +38,4 @@ en:
       confirmation_instructions: 'Confirmation instructions'
       reset_password_instructions: 'Reset password instructions'
       unlock_instructions: 'Unlock Instructions'
+

devise.gemspec

@@ -5,53 +5,48 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise}
-  s.version = "0.9.1"
+  s.version = "1.1.pre4"
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
   s.authors = ["Jos\303\251 Valim", "Carlos Ant\303\264nio"]
-  s.date = %q{2010-02-01}
+  s.date = %q{2010-03-03}
   s.description = %q{Flexible authentication solution for Rails with Warden}
   s.email = %q{contact@plataformatec.com.br}
   s.extra_rdoc_files = [
-    "README.rdoc",
+    "CHANGELOG.rdoc",
+     "MIT-LICENSE",
+     "README.rdoc",
      "TODO"
   ]
   s.files = [
     "CHANGELOG.rdoc",
+     "Gemfile",
      "MIT-LICENSE",
      "README.rdoc",
      "Rakefile",
      "TODO",
-     "app/controllers/confirmations_controller.rb",
-     "app/controllers/passwords_controller.rb",
-     "app/controllers/sessions_controller.rb",
-     "app/controllers/unlocks_controller.rb",
-     "app/models/devise_mailer.rb",
-     "app/views/confirmations/new.html.erb",
-     "app/views/devise_mailer/confirmation_instructions.html.erb",
-     "app/views/devise_mailer/reset_password_instructions.html.erb",
-     "app/views/devise_mailer/unlock_instructions.html.erb",
-     "app/views/passwords/edit.html.erb",
-     "app/views/passwords/new.html.erb",
-     "app/views/sessions/new.html.erb",
-     "app/views/shared/_devise_links.erb",
-     "app/views/unlocks/new.html.erb",
-     "generators/devise/USAGE",
-     "generators/devise/devise_generator.rb",
-     "generators/devise/lib/route_devise.rb",
-     "generators/devise/templates/migration.rb",
-     "generators/devise/templates/model.rb",
-     "generators/devise_install/USAGE",
-     "generators/devise_install/devise_install_generator.rb",
-     "generators/devise_install/templates/README",
-     "generators/devise_install/templates/devise.rb",
-     "generators/devise_views/USAGE",
-     "generators/devise_views/devise_views_generator.rb",
-     "init.rb",
+     "app/controllers/devise/confirmations_controller.rb",
+     "app/controllers/devise/passwords_controller.rb",
+     "app/controllers/devise/registrations_controller.rb",
+     "app/controllers/devise/sessions_controller.rb",
+     "app/controllers/devise/unlocks_controller.rb",
+     "app/models/devise/mailer.rb",
+     "app/views/devise/confirmations/new.html.erb",
+     "app/views/devise/mailer/confirmation_instructions.html.erb",
+     "app/views/devise/mailer/reset_password_instructions.html.erb",
+     "app/views/devise/mailer/unlock_instructions.html.erb",
+     "app/views/devise/passwords/edit.html.erb",
+     "app/views/devise/passwords/new.html.erb",
+     "app/views/devise/registrations/edit.html.erb",
+     "app/views/devise/registrations/new.html.erb",
+     "app/views/devise/sessions/new.html.erb",
+     "app/views/devise/shared/_links.erb",
+     "app/views/devise/unlocks/new.html.erb",
+     "config/locales/en.yml",
      "lib/devise.rb",
-     "lib/devise/controllers/common.rb",
      "lib/devise/controllers/helpers.rb",
      "lib/devise/controllers/internal_helpers.rb",
+     "lib/devise/controllers/scoped_views.rb",
      "lib/devise/controllers/url_helpers.rb",
      "lib/devise/encryptors/authlogic_sha512.rb",
      "lib/devise/encryptors/base.rb",
@@ -65,18 +60,21 @@ Gem::Specification.new do |s|
      "lib/devise/hooks/rememberable.rb",
      "lib/devise/hooks/timeoutable.rb",
      "lib/devise/hooks/trackable.rb",
-     "lib/devise/locales/en.yml",
      "lib/devise/mapping.rb",
      "lib/devise/models.rb",
      "lib/devise/models/activatable.rb",
      "lib/devise/models/authenticatable.rb",
      "lib/devise/models/confirmable.rb",
+     "lib/devise/models/http_authenticatable.rb",
      "lib/devise/models/lockable.rb",
      "lib/devise/models/recoverable.rb",
+     "lib/devise/models/registerable.rb",
      "lib/devise/models/rememberable.rb",
      "lib/devise/models/timeoutable.rb",
+     "lib/devise/models/token_authenticatable.rb",
      "lib/devise/models/trackable.rb",
      "lib/devise/models/validatable.rb",
+     "lib/devise/modules.rb",
      "lib/devise/orm/active_record.rb",
      "lib/devise/orm/data_mapper.rb",
      "lib/devise/orm/mongo_mapper.rb",
@@ -86,9 +84,17 @@ Gem::Specification.new do |s|
      "lib/devise/schema.rb",
      "lib/devise/strategies/authenticatable.rb",
      "lib/devise/strategies/base.rb",
+     "lib/devise/strategies/http_authenticatable.rb",
      "lib/devise/strategies/rememberable.rb",
+     "lib/devise/strategies/token_authenticatable.rb",
      "lib/devise/test_helpers.rb",
-     "lib/devise/version.rb"
+     "lib/devise/version.rb",
+     "lib/generators/devise/devise_generator.rb",
+     "lib/generators/devise/templates/migration.rb",
+     "lib/generators/devise_install/devise_install_generator.rb",
+     "lib/generators/devise_install/templates/README",
+     "lib/generators/devise_install/templates/devise.rb",
+     "lib/generators/devise_views/devise_views_generator.rb"
   ]
   s.homepage = %q{http://github.com/plataformatec/devise}
   s.rdoc_options = ["--charset=UTF-8"]
@@ -104,10 +110,13 @@ Gem::Specification.new do |s|
      "test/failure_app_test.rb",
      "test/integration/authenticatable_test.rb",
      "test/integration/confirmable_test.rb",
+     "test/integration/http_authenticatable_test.rb",
      "test/integration/lockable_test.rb",
      "test/integration/recoverable_test.rb",
+     "test/integration/registerable_test.rb",
      "test/integration/rememberable_test.rb",
      "test/integration/timeoutable_test.rb",
+     "test/integration/token_authenticatable_test.rb",
      "test/integration/trackable_test.rb",
      "test/mailers/confirmation_instructions_test.rb",
      "test/mailers/reset_password_instructions_test.rb",
@@ -115,10 +124,12 @@ Gem::Specification.new do |s|
      "test/mapping_test.rb",
      "test/models/authenticatable_test.rb",
      "test/models/confirmable_test.rb",
+     "test/models/http_authenticatable_test.rb",
      "test/models/lockable_test.rb",
      "test/models/recoverable_test.rb",
      "test/models/rememberable_test.rb",
      "test/models/timeoutable_test.rb",
+     "test/models/token_authenticatable_test.rb",
      "test/models/trackable_test.rb",
      "test/models/validatable_test.rb",
      "test/models_test.rb",
@@ -129,25 +140,29 @@ Gem::Specification.new do |s|
      "test/rails_app/app/controllers/admins_controller.rb",
      "test/rails_app/app/controllers/application_controller.rb",
      "test/rails_app/app/controllers/home_controller.rb",
+     "test/rails_app/app/controllers/sessions_controller.rb",
      "test/rails_app/app/controllers/users_controller.rb",
      "test/rails_app/app/helpers/application_helper.rb",
      "test/rails_app/app/mongo_mapper/admin.rb",
      "test/rails_app/app/mongo_mapper/user.rb",
+     "test/rails_app/config/application.rb",
      "test/rails_app/config/boot.rb",
      "test/rails_app/config/environment.rb",
      "test/rails_app/config/environments/development.rb",
      "test/rails_app/config/environments/production.rb",
      "test/rails_app/config/environments/test.rb",
+     "test/rails_app/config/initializers/backtrace_silencers.rb",
+     "test/rails_app/config/initializers/cookie_verification_secret.rb",
      "test/rails_app/config/initializers/devise.rb",
      "test/rails_app/config/initializers/inflections.rb",
-     "test/rails_app/config/initializers/new_rails_defaults.rb",
      "test/rails_app/config/initializers/session_store.rb",
      "test/rails_app/config/routes.rb",
      "test/routes_test.rb",
-     "test/support/assertions_helper.rb",
-     "test/support/integration_tests_helper.rb",
-     "test/support/model_tests_helper.rb",
+     "test/support/assertions.rb",
+     "test/support/helpers.rb",
+     "test/support/integration.rb",
      "test/support/test_silencer.rb",
+     "test/support/webrat/integrations/rails.rb",
      "test/test_helper.rb",
      "test/test_helpers_test.rb"
   ]
@@ -157,12 +172,12 @@ Gem::Specification.new do |s|
     s.specification_version = 3
 
     if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<warden>, ["~> 0.9.0"])
+      s.add_runtime_dependency(%q<warden>, ["~> 0.9.4"])
     else
-      s.add_dependency(%q<warden>, ["~> 0.9.0"])
+      s.add_dependency(%q<warden>, ["~> 0.9.4"])
     end
   else
-    s.add_dependency(%q<warden>, ["~> 0.9.0"])
+    s.add_dependency(%q<warden>, ["~> 0.9.4"])
   end
 end
 

generators/devise/USAGE

@@ -1,5 +0,0 @@
-To create a devise resource user:
-
-    script/generate devise User
-
-This will generate a model named User, a route map for devise called :users, and a migration file for table :users with all devise modules.

generators/devise/devise_generator.rb

@@ -1,15 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + "/lib/route_devise.rb")
-
-class DeviseGenerator < Rails::Generator::NamedBase
-
-  def manifest
-    record do |m|
-      m.directory(File.join('app', 'models', class_path))
-      m.template 'model.rb', File.join('app', 'models', "#{file_path}.rb")
-
-      m.migration_template 'migration.rb', 'db/migrate', :migration_file_name => "devise_create_#{table_name}"
-      m.route_devise table_name
-    end
-  end
-
-end

generators/devise/lib/route_devise.rb

@@ -1,32 +0,0 @@
-module Rails
-  module Generator
-    module Commands
-      class Create < Base
-
-        # Create devise route. Based on route_resources
-        def route_devise(*resources)
-          resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
-          sentinel = 'ActionController::Routing::Routes.draw do |map|'
-
-          logger.route "map.devise_for #{resource_list}"
-          unless options[:pretend]
-            gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
-              "#{match}\n  map.devise_for #{resource_list}\n"
-            end
-          end
-        end
-      end
-
-      class Destroy < RewindBase
-
-        # Destroy devise route. Based on route_resources
-        def route_devise(*resources)
-          resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
-          look_for = "\n  map.devise_for #{resource_list}\n"
-          logger.route "map.devise_for #{resource_list}"
-          gsub_file 'config/routes.rb', /(#{look_for})/mi, ''
-        end
-      end
-    end
-  end
-end

generators/devise/templates/model.rb

@@ -1,8 +0,0 @@
-class <%= class_name %> < ActiveRecord::Base
-  # Include default devise modules.
-  # Others available are :lockable, :timeoutable and :activatable.
-  devise :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
-
-  # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation
-end

generators/devise_install/USAGE

@@ -1,3 +0,0 @@
-To copy a Devise initializer to your Rails App, with some configuration values, just do:
-
-    script/generate devise_install

generators/devise_install/devise_install_generator.rb

@@ -1,15 +0,0 @@
-class DeviseInstallGenerator < Rails::Generator::Base
-
-  def manifest
-    record do |m|
-      m.directory "config/initializers"
-      m.template  "devise.rb", "config/initializers/devise.rb"
-
-      m.directory "config/locales"
-      m.file      "../../../lib/devise/locales/en.yml", "config/locales/devise.en.yml"
-
-      m.readme "README"
-    end
-  end
-
-end

generators/devise_views/USAGE

@@ -1,3 +0,0 @@
-To copy all session, password, confirmation and mailer views from devise to your app just run the following command:
-
-    script/generate devise_views

generators/devise_views/devise_views_generator.rb

@@ -1,21 +0,0 @@
-class DeviseViewsGenerator < Rails::Generator::Base
-
-  def initialize(*args)
-    super
-    @source_root = options[:source] || File.join(spec.path, '..', '..')
-  end
-
-  def manifest
-    record do |m|
-      m.directory "app/views"
-
-      Dir[File.join(@source_root, "app", "views", "**/*.erb")].each do |file|
-        file = file.gsub(@source_root, "")[1..-1]
-
-        m.directory  File.dirname(file)
-        m.file       file, file
-      end
-    end
-  end
-
-end

init.rb

@@ -1,2 +0,0 @@
-# We need to load devise here to ensure routes extensions are loaded.
-require 'devise'

lib/devise.rb

@@ -4,9 +4,9 @@ module Devise
   autoload :TestHelpers, 'devise/test_helpers'
 
   module Controllers
-    autoload :Common, 'devise/controllers/common'
     autoload :Helpers, 'devise/controllers/helpers'
     autoload :InternalHelpers, 'devise/controllers/internal_helpers'
+    autoload :ScopedViews, 'devise/controllers/scoped_views'
     autoload :UrlHelpers, 'devise/controllers/url_helpers'
   end
 
@@ -14,47 +14,23 @@ module Devise
     autoload :Base, 'devise/encryptors/base'
     autoload :Bcrypt, 'devise/encryptors/bcrypt'
     autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
-    autoload :AuthlogicSha1, 'devise/encryptors/authlogic_sha1'
+    autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1'
     autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
     autoload :Sha512, 'devise/encryptors/sha512'
     autoload :Sha1, 'devise/encryptors/sha1'
   end
 
-  module Orm
-    autoload :ActiveRecord, 'devise/orm/active_record'
-    autoload :DataMapper, 'devise/orm/data_mapper'
-    autoload :MongoMapper, 'devise/orm/mongo_mapper'
-  end
-
-  ALL = []
-
-  # Authentication ones first
-  ALL.push :authenticatable, :token_authenticatable, :rememberable
-
-  # Misc after
-  ALL.push :recoverable, :validatable
-
-  # The ones which can sign out after
-  ALL.push :activatable, :confirmable, :lockable, :timeoutable
-
-  # Stats for last, so we make sure the user is really signed in
-  ALL.push :trackable
-
-  # Maps controller names to devise modules
-  CONTROLLERS = {
-    :sessions => [:authenticatable, :token_authenticatable],
-    :passwords => [:recoverable],
-    :confirmations => [:confirmable],
-    :unlocks => [:lockable]
-  }
-
-  STRATEGIES  = [:rememberable, :token_authenticatable, :authenticatable]
+  # Constants which holds devise configuration for extensions. Those should
+  # not be modified by the "end user".
+  ALL            = []
+  CONTROLLERS    = {}
+  ROUTES         = []
+  STRATEGIES     = []
+  FLASH_MESSAGES = [:unauthenticated]
 
+  # True values used to check params
   TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
 
-  # Maps the messages types that are used in flash message.
-  FLASH_MESSAGES = [ :unauthenticated, :unconfirmed, :invalid, :invalid_token, :timeout, :inactive, :locked ]
-
   # Declare encryptors length which are used in migrations.
   ENCRYPTORS_LENGTH = {
     :sha1   => 40,
@@ -100,14 +76,6 @@ module Devise
   mattr_accessor :mappings
   @@mappings = ActiveSupport::OrderedHash.new
 
-  # Stores the chosen ORM.
-  mattr_accessor :orm
-  @@orm = :active_record
-
-  # TODO Remove
-  mattr_accessor :all
-  @@all = []
-
   # Tells if devise should apply the schema in ORMs where devise declaration
   # and schema belongs to the same class (as Datamapper and MongoMapper).
   mattr_accessor :apply_schema
@@ -133,7 +101,7 @@ module Devise
 
   # Tell when to use the default scope, if one cannot be found from routes.
   mattr_accessor :use_default_scope
-  @@use_default_scope
+  @@use_default_scope = false
 
   # The default scope which is used by warden.
   mattr_accessor :default_scope
@@ -141,105 +109,100 @@ module Devise
 
   # Address which sends Devise e-mails.
   mattr_accessor :mailer_sender
-  @@mailer_sender
+  @@mailer_sender = nil
 
   # Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
   mattr_accessor :token_authentication_key
   @@token_authentication_key = :auth_token
 
-  class << self
-    # Default way to setup Devise. Run script/generate devise_install to create
-    # a fresh initializer with all configuration values.
-    def setup
-      yield self
+  # The realm used in Http Basic Authentication
+  mattr_accessor :http_authentication_realm
+  @@http_authentication_realm = "Application"
+
+  # Default way to setup Devise. Run rails generate devise_install to create
+  # a fresh initializer with all configuration values.
+  def self.setup
+    yield self
+  end
+
+  # Make Devise aware of an 3rd party Devise-module. For convenience.
+  #
+  # == Options:
+  #
+  #   +strategy+    - Boolean value representing if this module got a custom *strategy*.
+  #                   Default is +false+. Note: Devise will auto-detect this in such case if this is true.
+  #   +model+       - String representing the load path to a custom *model* for this module (to autoload.)
+  #                   Default is +nil+ (i.e. +false+).
+  #   +controller+  - Symbol representing the name of an exisiting or custom *controller* for this module.
+  #                   Default is +nil+ (i.e. +false+).
+  #   +route+       - Symbol representing the named *router* helper for this module.
+  #                   Default is +nil+ (i.e. +false+).
+  #   +flash+       - Symbol representing the *flash messages* used by this helper.
+  #                   Default is +nil+ (i.e. +false+).
+  #
+  # == Examples:
+  #
+  #   Devise.add_module(:party_module)
+  #   Devise.add_module(:party_module, :strategy => true, :controller => :sessions)
+  #   Devise.add_module(:party_module, :autoload => 'party_module/model')
+  #
+  def self.add_module(module_name, options = {})
+    ALL << module_name
+    options.assert_valid_keys(:strategy, :model, :controller, :route, :flash)
+
+    { :strategy => STRATEGIES, :flash => FLASH_MESSAGES, :route => ROUTES }.each do |key, value|
+      next unless options[key]
+      name = (options[key] == true ? module_name : options[key])
+      value.unshift(name) unless value.include?(name)
     end
 
-    # Sets warden configuration using a block that will be invoked on warden
-    # initialization.
-    #
-    #  Devise.initialize do |config|
-    #    config.confirm_within = 2.days
-    #
-    #    config.warden do |manager|
-    #      # Configure warden to use other strategies, like oauth.
-    #      manager.oauth(:twitter)
-    #    end
-    #  end
-    def warden(&block)
-      @warden_config = block
+    if options[:controller]
+      Devise::CONTROLLERS[module_name] = options[:controller].to_sym
     end
 
-    # Configure default url options to be used within Devise and ActionController.
-    def default_url_options(&block)
-      Devise::Mapping.metaclass.send :define_method, :default_url_options, &block
+    if options[:model]
+      model_path = (options[:model] == true ? "devise/models/#{module_name}" : options[:model])
+      Devise::Models.send(:autoload, module_name.to_s.camelize.to_sym, model_path)
     end
 
-    # A method used internally to setup warden manager from the Rails initialize
-    # block.
-    def configure_warden(config) #:nodoc:
-      config.default_strategies *Devise::STRATEGIES
-      config.failure_app = Devise::FailureApp
-      config.silence_missing_strategies!
-      config.default_scope = Devise.default_scope
+    Devise::Mapping.register module_name
+  end
 
-      # If the user provided a warden hook, call it now.
-      @warden_config.try :call, config
-    end
+  # Sets warden configuration using a block that will be invoked on warden
+  # initialization.
+  #
+  #  Devise.initialize do |config|
+  #    config.confirm_within = 2.days
+  #
+  #    config.warden do |manager|
+  #      # Configure warden to use other strategies, like oauth.
+  #      manager.oauth(:twitter)
+  #    end
+  #  end
+  def self.warden(&block)
+    @warden_config = block
+  end
 
-    # The class of the configured ORM
-    def orm_class
-      Devise::Orm.const_get(@@orm.to_s.camelize.to_sym)
-    end
+  # A method used internally to setup warden manager from the Rails initialize
+  # block.
+  def self.configure_warden(config) #:nodoc:
+    config.default_strategies *Devise::STRATEGIES
+    config.failure_app = Devise::FailureApp
+    config.silence_missing_strategies!
+    config.default_scope = Devise.default_scope
 
-    # Generate a friendly string randomically to be used as token.
-    def friendly_token
-      ActiveSupport::SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
-    end
+    # If the user provided a warden hook, call it now.
+    @warden_config.try :call, config
+  end
 
-    # Make Devise aware of an 3rd party Devise-module. For convenience.
-    #
-    # == Options:
-    #
-    #   +strategy+    - Boolean value representing if this module got a custom *strategy*.
-    #                   Default is +false+. Note: Devise will auto-detect this in such case if this is true.
-    #   +model+       - String representing a load path to a custom *model* for this module (to autoload).
-    #                   Default is +nil+ (i.e. +false+).
-    #   +controller+  - Symbol representing a name of an exisiting or custom *controller* for this module.
-    #                   Default is +nil+ (i.e. +false+).
-    #
-    # == Examples:
-    #
-    #   Devise.add_module(:party_module)
-    #   Devise.add_module(:party_module, :strategy => true, :controller => :sessions)
-    #   Devise.add_module(:party_module, :model => 'party_module/model')
-    #
-    def add_module(module_name, options = {})
-      Devise::ALL.unshift module_name        unless Devise::ALL.include?(module_name)
-      Devise::STRATEGIES.unshift module_name if options[:strategy] && !Devise::STRATEGIES.include?(module_name)
-
-      if options[:controller]
-        controller = options[:controller].to_sym
-        Devise::CONTROLLERS[controller] ||= []
-        Devise::CONTROLLERS[controller].unshift module_name unless Devise::CONTROLLERS[controller].include?(module_name)
-      end
-
-      if options[:model]
-        Devise::Models.module_eval do
-          autoload :"#{module_name.to_s.classify}", options[:model]
-        end
-      end
-
-      Devise::Mapping.register module_name
-    end
+  # Generate a friendly string randomically to be used as token.
+  def self.friendly_token
+    ActiveSupport::SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
   end
 end
 
-begin
-  require 'warden'
-rescue
-  gem 'warden'
-  require 'warden'
-end
-
+require 'warden'
 require 'devise/mapping'
-require 'devise/rails'
+require 'devise/models'
+require 'devise/modules'
+require 'devise/rails'

lib/devise/controllers/common.rb

@@ -1,24 +0,0 @@
-module Devise
-  module Controllers
-    # Common actions shared between Devise controllers
-    module Common #:nodoc:
-      # GET /resource/controller/new
-      def new
-        build_resource
-        render_with_scope :new
-      end
-
-      # POST /resource/controller
-      def create
-        self.resource = resource_class.send(send_instructions_with, params[resource_name])
-
-        if resource.errors.empty?
-          set_flash_message :notice, :send_instructions
-          redirect_to new_session_path(resource_name)
-        else
-          render_with_scope :new
-        end
-      end
-    end
-  end
-end

lib/devise/controllers/helpers.rb

@@ -2,18 +2,11 @@ module Devise
   module Controllers
     # Those helpers are convenience methods added to ApplicationController.
     module Helpers
+      extend ActiveSupport::Concern
 
-      def self.included(base)
-        base.class_eval do
-          helper_method :warden, :signed_in?, :devise_controller?,
-                        *Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
-
-          # Use devise default_url_options. We have to declare it here to overwrite
-          # default definitions.
-          def default_url_options(options=nil)
-            Devise::Mapping.default_url_options
-          end
-        end
+      included do
+        helper_method :warden, :signed_in?, :devise_controller?,
+                      *Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
       end
 
       # The main accessor for the warden proxy instance
@@ -176,7 +169,7 @@ module Devise
       #     before_filter :authenticate_admin! # Tell devise to use :admin map
       #
       Devise.mappings.each_key do |mapping|
-        class_eval <<-METHODS, __FILE__, __LINE__
+        class_eval <<-METHODS, __FILE__, __LINE__ + 1
           def authenticate_#{mapping}!
             warden.authenticate!(:scope => :#{mapping})
           end

lib/devise/controllers/internal_helpers.rb

@@ -4,17 +4,18 @@ module Devise
     # included in ApplicationController since they all depend on the url being
     # accessed.
     module InternalHelpers #:nodoc:
+      extend ActiveSupport::Concern
+      include Devise::Controllers::ScopedViews
 
-      def self.included(base)
-        base.class_eval do
-          unloadable
+      included do
+        helpers = [:resource, :scope_name, :resource_name,
+                  :resource_class, :devise_mapping, :devise_controller?]
 
-          helper_method :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
-          hide_action   :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
+        hide_action *helpers
+        helper_method *helpers
 
-          skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
-          before_filter :is_devise_resource?
-        end
+        before_filter :is_devise_resource?
+        skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
       end
 
       # Gets the actual resource stored in the instance variable
@@ -51,7 +52,8 @@ module Devise
 
       # Checks whether it's a devise mapped resource or not.
       def is_devise_resource? #:nodoc:
-        raise ActionController::UnknownAction unless devise_mapping && devise_mapping.allows?(controller_name)
+        raise ActionController::UnknownAction unless devise_mapping &&
+          devise_mapping.allowed_controllers.include?(controller_path)
       end
 
       # Sets the resource creating an instance variable
@@ -59,12 +61,9 @@ module Devise
         instance_variable_set(:"@#{resource_name}", new_resource)
       end
 
-      # Build a devise resource without setting password and password confirmation fields.
+      # Build a devise resource.
       def build_resource
-        self.resource ||= begin
-          attributes = params[resource_name].try(:except, :password, :password_confirmation)
-          resource_class.new(attributes || {})
-        end
+        self.resource = resource_class.new(params[resource_name] || {})
       end
 
       # Helper for use in before_filters where no authentication is required.
@@ -100,21 +99,6 @@ module Devise
         set_flash_message(key, kind, true)
       end
 
-      # Render a view for the specified scope. Turned off by default.
-      # Accepts just :controller as option.
-      def render_with_scope(action, options={})
-        controller_name = options.delete(:controller) || self.controller_name
-        if Devise.scoped_views
-          begin
-            render :template => "#{controller_name}/#{devise_mapping.as}/#{action}"
-          rescue ActionView::MissingTemplate
-            render action, :controller => controller_name
-          end
-        else
-          render action, :controller => controller_name
-        end
-      end
-
     end
   end
 end

lib/devise/controllers/scoped_views.rb

@@ -0,0 +1,35 @@
+module Devise
+  module Controllers
+    module ScopedViews
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        def scoped_views
+          defined?(@scoped_views) ? @scoped_views : Devise.scoped_views
+        end
+
+        def scoped_views=(value)
+          @scoped_views = value
+        end
+      end
+
+    protected
+
+      # Render a view for the specified scope. Turned off by default.
+      # Accepts just :controller as option.
+      def render_with_scope(action, options={})
+        controller_name = options.delete(:controller) || self.controller_name
+
+        if self.class.scoped_views
+          begin
+            render :template => "#{devise_mapping.as}/#{controller_name}/#{action}"
+          rescue ActionView::MissingTemplate
+            render :template => "#{controller_path}/#{action}"
+          end
+        else
+          render :template => "#{controller_path}/#{action}"
+        end
+      end
+    end
+  end
+end

lib/devise/controllers/url_helpers.rb

@@ -19,17 +19,17 @@ module Devise
     # Those helpers are added to your ApplicationController.
     module UrlHelpers
 
-      [:session, :password, :confirmation, :unlock].each do |module_name|
+      Devise::ROUTES.each do |module_name|
         [:path, :url].each do |path_or_url|
           actions = [ nil, :new_ ]
-          actions << :edit_    if module_name == :password
-          actions << :destroy_ if module_name == :session
+          actions << :edit_    if [:password, :registration].include?(module_name)
+          actions << :destroy_ if [:session].include?(module_name)
 
           actions.each do |action|
-            class_eval <<-URL_HELPERS
-              def #{action}#{module_name}_#{path_or_url}(resource, *args)
-                resource = Devise::Mapping.find_scope!(resource)
-                send("#{action}\#{resource}_#{module_name}_#{path_or_url}", *args)
+            class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
+              def #{action}#{module_name}_#{path_or_url}(resource_or_scope, *args)
+                scope = Devise::Mapping.find_scope!(resource_or_scope)
+                send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
               end
             URL_HELPERS
           end

lib/devise/failure_app.rb

@@ -1,57 +1,54 @@
+require "action_controller/metal"
+
 module Devise
   # Failure application that will be called every time :warden is thrown from
   # any strategy or hook. Responsible for redirect the user to the sign in
   # page based on current scope and mapping. If no scope is given, redirect
   # to the default_url.
-  class FailureApp
-    attr_reader :env
-    include Warden::Mixins::Common
+  class FailureApp < ActionController::Metal
+    include ActionController::RackDelegation
+    include ActionController::UrlFor
+    include ActionController::Redirecting
 
-    cattr_accessor :default_url, :default_message, :instance_writer => false
-    @@default_message = :unauthenticated
+    mattr_accessor :default_message
+    self.default_message = :unauthenticated
 
     def self.call(env)
-      new(env).respond!
+      action(:respond).call(env)
     end
 
-    def initialize(env)
-      @env = env
+    def self.default_url_options(*args)
+      ApplicationController.default_url_options(*args)
     end
 
-    def respond!
-      options = @env['warden.options']
-      scope   = options[:scope]
-
-      redirect_path = if mapping = Devise.mappings[scope]
-        "#{mapping.parsed_path}/#{mapping.path_names[:sign_in]}"
-      else
-        "/#{default_url}"
-      end
-      query_string = query_string_for(options)
+    def respond
+      scope = warden_options[:scope]
       store_location!(scope)
-
-      headers = {}
-      headers["Location"] = redirect_path
-      headers["Location"] << "?" << query_string unless query_string.empty?
-      headers["Content-Type"] = 'text/plain'
-
-      [302, headers, ["You are being redirected to #{redirect_path}"]]
+      redirect_to send(:"new_#{scope}_session_path", query_string_params)
     end
 
+  protected
+
     # Build the proper query string based on the given message.
-    def query_string_for(options)
-      message = @env['warden'].try(:message) || options[:message] || default_message
+    def query_string_params
+      message = warden.try(:message) || warden_options[:message] || self.class.default_message
 
-      params = case message
-        when Symbol
-          { message => true }
-        when String
-          { :message => message }
-        else
-          {}
+      case message
+      when Symbol
+        { message => true }
+      when String
+        { :message => message }
+      else
+        {}
       end
+    end
 
-      Rack::Utils.build_query(params)
+    def warden
+      env['warden']
+    end
+
+    def warden_options
+      env['warden.options']
     end
 
     # Stores requested uri to redirect the user after signing in. We cannot use

lib/devise/hooks/rememberable.rb

@@ -3,7 +3,7 @@
 # that specific user and adds a cookie with this user info to sign in this user
 # automatically without asking for credentials. Refer to rememberable strategy
 # for more info.
-Warden::Manager.after_authentication do |record, warden, options|
+Warden::Manager.prepend_after_authentication do |record, warden, options|
   scope = options[:scope]
   remember_me = warden.params[scope].try(:fetch, :remember_me, nil)
 
@@ -22,9 +22,11 @@ end
 # Before logout hook to forget the user in the given scope, only if rememberable
 # is activated for this scope. Also clear remember token to ensure the user
 # won't be remembered again.
+# Notice that we forget the user if the record is frozen. This usually means the
+# user was just deleted.
 Warden::Manager.before_logout do |record, warden, scope|
   if record.respond_to?(:forget_me!)
-    record.forget_me!
+    record.forget_me! unless record.frozen?
     warden.response.delete_cookie "remember_#{scope}_token"
   end
 end

lib/devise/hooks/trackable.rb

@@ -1,18 +1,7 @@
 # After each sign in, update sign in time, sign in count and sign in IP.
 Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
   scope = options[:scope]
-  if Devise.mappings[scope].try(:trackable?) && warden.authenticated?(scope)
-    old_current, new_current  = record.current_sign_in_at, Time.now
-    record.last_sign_in_at    = old_current || new_current
-    record.current_sign_in_at = new_current
-
-    old_current, new_current  = record.current_sign_in_ip, warden.request.remote_ip
-    record.last_sign_in_ip    = old_current || new_current
-    record.current_sign_in_ip = new_current
-
-    record.sign_in_count ||= 0
-    record.sign_in_count += 1
-
-    record.save(false)
+  if record.respond_to?(:update_tracked_fields!) && warden.authenticated?(scope)
+    record.update_tracked_fields!(warden.request)
   end
 end

lib/devise/mapping.rb

@@ -18,11 +18,11 @@ module Devise
   #   mapping.to   #=> User
   #   # is the class to be loaded from routes, given in the route as :class_name.
   #
-  #   mapping.for  #=> [:authenticatable]
+  #   mapping.modules  #=> [:authenticatable]
   #   # is the modules included in the class
   #
   class Mapping #:nodoc:
-    attr_reader :name, :as, :path_names, :path_prefix, :route_options
+    attr_reader :name, :as, :controllers, :path_names, :path_prefix
 
     # Loop through all mappings looking for a map that matches with the requested
     # path (ie /users/sign_in). If a path prefix is given, it's taken into account.
@@ -36,7 +36,10 @@ module Devise
 
     # Find a mapping by a given class. It takes into account single table inheritance as well.
     def self.find_by_class(klass)
-      Devise.mappings.values.find { |m| return m if klass <= m.to }
+      Devise.mappings.each_value do |mapping|
+        return mapping if klass <= mapping.to
+      end
+      nil
     end
 
     # Receives an object and find a scope for it. If a scope cannot be found,
@@ -53,27 +56,26 @@ module Devise
       end
     end
 
-    # Default url options which can be used as prefix.
-    def self.default_url_options
-      {}
-    end
-
     def initialize(name, options) #:nodoc:
       @as    = (options.delete(:as) || name).to_sym
       @klass = (options.delete(:class_name) || name.to_s.classify).to_s
       @name  = (options.delete(:scope) || name.to_s.singularize).to_sym
-      @path_names = options.delete(:path_names) || {}
-      @path_prefix = "/#{options.delete(:path_prefix)}/".squeeze("/")
-      @route_options = options || {}
 
-      setup_path_names
+      @path_prefix = "/#{options.delete(:path_prefix)}/".squeeze("/")
+
+      @controllers = Hash.new { |h,k| h[k] = "devise/#{k}" }
+      @controllers.merge!(options.delete(:controllers) || {})
+
+      @path_names  = Hash.new { |h,k| h[k] = k.to_s }
+      @path_names.merge!(options.delete(:path_names) || {})
     end
 
     # Return modules for the mapping.
-    def for
-      @for ||= to.devise_modules
+    def modules
+      @modules ||= to.devise_modules
     end
 
+    # Gives the class the mapping points to.
     # Reload mapped class each time when cache_classes is false.
     def to
       return @to if @to
@@ -82,9 +84,14 @@ module Devise
       klass
     end
 
-    # Check if the respective controller has a module in the mapping class.
-    def allows?(controller)
-      (self.for & CONTROLLERS[controller.to_sym]).present?
+    # Keep a list of allowed controllers for this mapping. It's useful to ensure
+    # that an Admin cannot access the registrations controller unless it has
+    # :registerable in the model.
+    def allowed_controllers
+      @allowed_controllers ||= begin
+        canonical = CONTROLLERS.values_at(*self.modules).compact
+        @controllers.values_at(*canonical)
+      end
     end
 
     # Return in which position in the path prefix devise should find the as mapping.
@@ -93,45 +100,23 @@ module Devise
     end
 
     # Returns the raw path using path_prefix and as.
-    def raw_path
+    def path
       path_prefix + as.to_s
     end
 
-    # Returns the parsed path taking into account the relative url root and raw path.
-    def parsed_path
-      returning (ActionController::Base.relative_url_root.to_s + raw_path) do |path|
-        self.class.default_url_options.each do |key, value|
-          path.gsub!(key.inspect, value.to_param)
-        end
-      end
-    end
-
     # Create magic predicates for verifying what module is activated by this map.
     # Example:
     #
     #   def confirmable?
-    #     self.for.include?(:confirmable)
+    #     self.modules.include?(:confirmable)
     #   end
     #
-    def self.register(*modules)
-      modules.each do |m|
-        class_eval <<-METHOD, __FILE__, __LINE__
-          def #{m}?
-            self.for.include?(:#{m})
-          end
-        METHOD
-      end
-    end
-    Devise::Mapping.register *ALL
-
-    private
-
-      # Configure default path names, allowing the user overwrite defaults by
-      # passing a hash in :path_names.
-      def setup_path_names
-        [:sign_in, :sign_out, :password, :confirmation].each do |path_name|
-          @path_names[path_name] ||= path_name.to_s
+    def self.register(m)
+      class_eval <<-METHOD, __FILE__, __LINE__ + 1
+        def #{m}?
+          self.modules.include?(:#{m})
         end
-      end
+      METHOD
+    end
   end
 end

lib/devise/models.rb

@@ -1,15 +1,5 @@
 module Devise
   module Models
-    autoload :Activatable, 'devise/models/activatable'
-    autoload :Authenticatable, 'devise/models/authenticatable'
-    autoload :Confirmable, 'devise/models/confirmable'
-    autoload :Lockable, 'devise/models/lockable'
-    autoload :Recoverable, 'devise/models/recoverable'
-    autoload :Rememberable, 'devise/models/rememberable'
-    autoload :Timeoutable, 'devise/models/timeoutable'
-    autoload :Trackable, 'devise/models/trackable'
-    autoload :Validatable, 'devise/models/validatable'
-
     # Creates configuration values for Devise and for the given module.
     #
     #   Devise::Models.config(Devise::Authenticable, :stretches, 10)
@@ -28,7 +18,7 @@ module Devise
     #
     def self.config(mod, *accessors) #:nodoc:
       accessors.each do |accessor|
-        mod.class_eval <<-METHOD, __FILE__, __LINE__
+        mod.class_eval <<-METHOD, __FILE__, __LINE__ + 1
           def #{accessor}
             if defined?(@#{accessor})
               @#{accessor}
@@ -50,29 +40,18 @@ module Devise
     #
     #   devise :authenticatable, :confirmable, :recoverable
     #
-    # You can also give the following configuration values in a hash: :pepper,
-    # :stretches, :confirm_within and :remember_for. Please check your Devise
-    # initialiazer for a complete description on those values.
+    # You can also give any of the devise configuration values in form of a hash,
+    # with specific values for this model. Please check your Devise initializer
+    # for a complete description on those values.
     #
     def devise(*modules)
       raise "You need to give at least one Devise module" if modules.empty?
-      options  = modules.extract_options!
 
-      # TODO Remove me
-      if modules.delete(:all)
-        ActiveSupport::Deprecation.warn "devise :all is deprecated. List your modules instead", caller
-        modules += Devise.all
-      end
-
-      modules -= Array(options.delete(:except))
-      modules  = Devise::ALL & modules.uniq
-
-      Devise.orm_class.included_modules_hook(self, modules) do
-        modules.each do |m|
-          devise_modules << m.to_sym
-          include Devise::Models.const_get(m.to_s.classify)
-        end
+      options = modules.extract_options!
+      @devise_modules = Devise::ALL & modules.map(&:to_sym).uniq
 
+      devise_modules_hook! do
+        devise_modules.each { |m| include Devise::Models.const_get(m.to_s.classify) }
         options.each { |key, value| send(:"#{key}=", value) }
       end
     end
@@ -83,6 +62,12 @@ module Devise
       @devise_modules ||= []
     end
 
+    # The hook which is called inside devise. So your ORM can include devise
+    # compatibility stuff.
+    def devise_modules_hook!
+      yield
+    end
+
     # Find an initialize a record setting an error if it can't be found.
     def find_or_initialize_with_error_by(attribute, value, error=:invalid)
       if value.present?
@@ -96,24 +81,13 @@ module Devise
         if value.present?
           record.send(:"#{attribute}=", value)
         else
-          error, skip_default = :blank, true
+          error = :blank
         end
 
-        add_error_on(record, attribute, error, !skip_default)
+        record.errors.add(attribute, error)
       end
 
       record
     end
-
-    # Wraps add error logic in a method that works for different frameworks.
-    def add_error_on(record, attribute, error, add_default=true)
-      options = add_default ? { :default => error.to_s.gsub("_", " ") } : {}
-
-      begin
-        record.errors.add(attribute, error, options)
-      rescue ArgumentError
-        record.errors.add(attribute, error.to_s.gsub("_", " "))
-      end
-    end
   end
-end
+end

lib/devise/models/authenticatable.rb

@@ -27,13 +27,11 @@ module Devise
     #    User.find(1).valid_password?('password123')         # returns true/false
     #
     module Authenticatable
-      def self.included(base)
-        base.class_eval do
-          extend ClassMethods
+      extend ActiveSupport::Concern
 
-          attr_reader :password, :old_password
-          attr_accessor :password_confirmation
-        end
+      included do
+        attr_reader :password, :current_password
+        attr_accessor :password_confirmation
       end
 
       # Regenerates password salt and encrypted password each time password is set,
@@ -63,15 +61,30 @@ module Devise
         valid_password?(attributes[:password])
       end
 
-      # Update record attributes when :old_password matches, otherwise returns
-      # error on :old_password.
+      # Set password and password confirmation to nil
+      def clean_up_passwords
+        self.password = self.password_confirmation = nil
+      end
+
+      # Update record attributes when :current_password matches, otherwise returns
+      # error on :current_password. It also automatically rejects :password and
+      # :password_confirmation if they are blank.
       def update_with_password(params={})
-        if valid_password?(params[:old_password])
+        current_password = params.delete(:current_password)
+
+        params.delete(:password)              if params[:password].blank?
+        params.delete(:password_confirmation) if params[:password_confirmation].blank?
+
+        result = if valid_password?(current_password)
           update_attributes(params)
         else
-          self.class.add_error_on(self, :old_password, :invalid, false)
+          self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
+          self.attributes = params
           false
         end
+
+        clean_up_passwords unless result
+        result
       end
 
       protected
@@ -82,12 +95,10 @@ module Devise
         end
 
       module ClassMethods
-
         Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
 
         # Authenticate a user based on configured attribute keys. Returns the
-        # authenticated user if it's valid or nil. Attributes are by default
-        # :email and :password, but the latter is always required.
+        # authenticated user if it's valid or nil.
         def authenticate(attributes={})
           return unless authentication_keys.all? { |k| attributes[k].present? }
           conditions = attributes.slice(*authentication_keys)
@@ -115,7 +126,6 @@ module Devise
         def find_for_authentication(conditions)
           find(:first, :conditions => conditions)
         end
-
       end
     end
   end

lib/devise/models/confirmable.rb

@@ -29,15 +29,12 @@ module Devise
     #   User.find(1).send_confirmation_instructions # manually send instructions
     #   User.find(1).resend_confirmation! # generates a new token and resent it
     module Confirmable
+      extend ActiveSupport::Concern
       include Devise::Models::Activatable
 
-      def self.included(base)
-        base.class_eval do
-          extend ClassMethods
-
-          before_create :generate_confirmation_token, :if => :confirmation_required?
-          after_create  :send_confirmation_instructions, :if => :confirmation_required?
-        end
+      included do
+        before_create :generate_confirmation_token, :if => :confirmation_required?
+        after_create  :send_confirmation_instructions, :if => :confirmation_required?
       end
 
       # Confirm a user by setting it's confirmed_at to actual time. If the user
@@ -46,7 +43,7 @@ module Devise
         unless_confirmed do
           self.confirmation_token = nil
           self.confirmed_at = Time.now
-          save(false)
+          save(:validate => false)
         end
       end
 
@@ -57,7 +54,7 @@ module Devise
 
       # Send confirmation instructions by email
       def send_confirmation_instructions
-        ::DeviseMailer.deliver_confirmation_instructions(self)
+        ::Devise::Mailer.confirmation_instructions(self).deliver
       end
 
       # Remove confirmation date and send confirmation instructions, to ensure
@@ -66,7 +63,7 @@ module Devise
       def resend_confirmation!
         unless_confirmed do
           generate_confirmation_token
-          save(false)
+          save(:validate => false)
           send_confirmation_instructions
         end
       end
@@ -131,7 +128,7 @@ module Devise
           unless confirmed?
             yield
           else
-            self.class.add_error_on(self, :email, :already_confirmed)
+            self.errors.add(:email, :already_confirmed)
             false
           end
         end

lib/devise/models/http_authenticatable.rb

@@ -0,0 +1,19 @@
+require 'devise/strategies/http_authenticatable'
+
+module Devise
+  module Models
+    # Adds HttpAuthenticatable behavior to your model. It expects that your
+    # model class responds to authenticate and authentication_keys methods
+    # (which for example are defined in authenticatable).
+    module HttpAuthenticatable
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        # Authenticate an user using http.
+        def authenticate_with_http(username, password)
+          authenticate(authentication_keys.first => username, :password => password)
+        end
+      end
+    end
+  end
+end

lib/devise/models/lockable.rb

@@ -3,56 +3,64 @@ require 'devise/models/activatable'
 module Devise
   module Models
 
+    # Handles blocking a user access after a certain number of attempts.
+    # Lockable accepts two different strategies to unlock a user after it's
+    # blocked: email and time. The former will send an email to the user when
+    # the lock happens, containing a link to unlock it's account. The second
+    # will unlock the user automatically after some configured time (ie 2.hours).
+    # It's also possible to setup lockable to use both email and time strategies.
+    #
+    # Configuration:
+    #
+    #   maximum_attempts: how many attempts should be accepted before blocking the user.
+    #   unlock_strategy: unlock the user account by :time, :email or :both.
+    #   unlock_in: the time you want to lock the user after to lock happens. Only
+    #              available when unlock_strategy is :time or :both.
+    #
     module Lockable
+      extend ActiveSupport::Concern
       include Devise::Models::Activatable
-      include Devise::Models::Authenticatable
-
-      def self.included(base)
-        base.class_eval do
-          extend ClassMethods
-        end
-      end
 
       # Lock an user setting it's locked_at to actual time.
       def lock
         self.locked_at = Time.now
-        if [:both, :email].include?(self.class.unlock_strategy)
+        if unlock_strategy_enabled?(:email)
           generate_unlock_token
-          self.send_unlock_instructions
+          send_unlock_instructions
         end
       end
 
-      # calls lock and save the model
+      # Lock an user also saving the record.
       def lock!
-        self.lock
-        save(false)
+        lock
+        save(:validate => false)
       end
 
-      # Unlock an user by cleaning locket_at and failed_attempts
+      # Unlock an user by cleaning locket_at and failed_attempts.
       def unlock!
         if_locked do
           self.locked_at = nil
           self.failed_attempts = 0
           self.unlock_token = nil
-          save(false)
+          save(:validate => false)
         end
       end
 
-      # Verifies whether a user is locked or not
+      # Verifies whether a user is locked or not.
       def locked?
-        self.locked_at && !lock_expired?
+        locked_at && !lock_expired?
       end
 
       # Send unlock instructions by email
       def send_unlock_instructions
-        ::DeviseMailer.deliver_unlock_instructions(self)
+        ::Devise::Mailer.unlock_instructions(self).deliver
       end
 
-      # Resend the unlock instructions if the user is locked
+      # Resend the unlock instructions if the user is locked.
       def resend_unlock!
         if_locked do
-          generate_unlock_token unless self.unlock_token.present?
-          save(false)
+          generate_unlock_token unless unlock_token.present?
+          save(:validate => false)
           send_unlock_instructions
         end
       end
@@ -63,20 +71,6 @@ module Devise
         super && !locked?
       end
 
-      # Overwrites valid_for_authentication? from Devise::Models::Authenticatable
-      # for verifying whether an user is allowed to sign in or not. If the user
-      # is locked, it should never be allowed.
-      def valid_for_authentication?(attributes)
-        if result = super
-          self.failed_attempts = 0
-        else
-          self.failed_attempts += 1
-          self.lock if self.failed_attempts > self.class.maximum_attempts
-        end
-        save(false) if changed?
-        result
-      end
-
       # Overwrites invalid_message from Devise::Models::Authenticatable to define
       # the correct reason for blocking the sign in.
       def inactive_message
@@ -87,6 +81,20 @@ module Devise
         end
       end
 
+      # Overwrites valid_for_authentication? from Devise::Models::Authenticatable
+      # for verifying whether an user is allowed to sign in or not. If the user
+      # is locked, it should never be allowed.
+      def valid_for_authentication?(attributes)
+        if result = super
+          self.failed_attempts = 0
+        else
+          self.failed_attempts += 1
+          lock if failed_attempts > self.class.maximum_attempts
+        end
+        save(:validate => false) if changed?
+        result
+      end
+
       protected
 
         # Generates unlock token
@@ -96,8 +104,8 @@ module Devise
 
         # Tells if the lock is expired if :time unlock strategy is active
         def lock_expired?
-          if [:both, :time].include?(self.class.unlock_strategy)
-            self.locked_at && self.locked_at < self.class.unlock_in.ago
+          if unlock_strategy_enabled?(:time)
+            locked_at && locked_at < self.class.unlock_in.ago
           else
             false
           end
@@ -109,11 +117,16 @@ module Devise
           if locked?
             yield
           else
-            self.class.add_error_on(self, :email, :not_locked)
+            self.errors.add(:email, :not_locked)
             false
           end
         end
 
+        # Is the unlock enabled for the given unlock strategy?
+        def unlock_strategy_enabled?(strategy)
+          [:both, strategy].include?(self.class.unlock_strategy)
+        end
+
       module ClassMethods
         # Attempt to find a user by it's email. If a record is found, send new
         # unlock instructions to it. If not user is found, returns a new user
@@ -139,4 +152,4 @@ module Devise
       end
     end
   end
-end
+end

lib/devise/models/recoverable.rb

@@ -14,11 +14,7 @@ module Devise
     #   # creates a new token and send it with instructions about how to reset the password
     #   User.find(1).send_reset_password_instructions
     module Recoverable
-      def self.included(base)
-        base.class_eval do
-          extend ClassMethods
-        end
-      end
+      extend ActiveSupport::Concern
 
       # Update password saving the record and clearing token. Returns true if
       # the passwords are valid and the record was saved, false otherwise.
@@ -32,7 +28,7 @@ module Devise
       # Resets reset password token and send reset password instructions by email
       def send_reset_password_instructions
         generate_reset_password_token!
-        ::DeviseMailer.deliver_reset_password_instructions(self)
+        ::Devise::Mailer.reset_password_instructions(self).deliver
       end
 
       protected
@@ -45,7 +41,7 @@ module Devise
         # Resets the reset password token with and save the record without
         # validating
         def generate_reset_password_token!
-          generate_reset_password_token && save(false)
+          generate_reset_password_token && save(:validate => false)
         end
 
         # Removes reset_password token

lib/devise/models/registerable.rb

@@ -0,0 +1,8 @@
+module Devise
+  module Models
+    # Registerable is responsible for everything related to registering a new
+    # resource (ie user sign up).
+    module Registerable
+    end
+  end
+end

lib/devise/models/rememberable.rb

@@ -30,21 +30,18 @@ module Devise
     #   # lookup the user based on the incoming cookie information
     #   User.serialize_from_cookie(cookie_string)
     module Rememberable
+      extend ActiveSupport::Concern
 
-      def self.included(base)
-        base.class_eval do
-          extend ClassMethods
-
-          # Remember me option available in after_authentication hook.
-          attr_accessor :remember_me
-        end
+      included do
+        # Remember me option available in after_authentication hook.
+        attr_accessor :remember_me
       end
 
       # Generate a new remember token and save the record without validations.
       def remember_me!
         self.remember_token = Devise.friendly_token
         self.remember_created_at = Time.now.utc
-        save(false)
+        save(:validate => false)
       end
 
       # Removes the remember token only if it exists, and save the record
@@ -53,7 +50,7 @@ module Devise
         if remember_token
           self.remember_token = nil
           self.remember_created_at = nil
-          save(false)
+          save(:validate => false)
         end
       end
 

lib/devise/models/timeoutable.rb

@@ -9,11 +9,9 @@ module Devise
     #
     # Configuration:
     #
-    #   timeout: the time you want to timeout the user session without activity.
+    #   timeout_in: the time you want to timeout the user session without activity.
     module Timeoutable
-      def self.included(base)
-        base.extend ClassMethods
-      end
+      extend ActiveSupport::Concern
 
       # Checks whether the user session has expired based on configured time.
       def timedout?(last_access)

lib/devise/models/token_authenticatable.rb

@@ -3,7 +3,7 @@ require 'devise/strategies/token_authenticatable'
 module Devise
   module Models
     # Token Authenticatable Module, responsible for generate authentication token and validating
-    # authenticity of a user while signing in using a authentication token (say follows an URL).
+    # authenticity of a user while signing in using an authentication token (say follows an URL).
     #
     # == Configuration:
     #
@@ -18,11 +18,10 @@ module Devise
     #    User.find(1).valid_authentication_token?('rI1t6PKQ8yP7VetgwdybB')  # returns true/false
     #
     module TokenAuthenticatable
-      def self.included(base)
-        base.class_eval do
-          extend ClassMethods
-          before_save :ensure_authentication_token
-        end
+      extend ActiveSupport::Concern
+
+      included do
+        before_save :ensure_authentication_token
       end
 
       # Generate new authentication token (a.k.a. "single access token").

lib/devise/models/trackable.rb

@@ -11,6 +11,20 @@ module Devise
     # * last_sign_in_at    - Holds the remote ip of the previous sign in
     #
     module Trackable
+      def update_tracked_fields!(request)
+        old_current, new_current = self.current_sign_in_at, Time.now
+        self.last_sign_in_at     = old_current || new_current
+        self.current_sign_in_at  = new_current
+
+        old_current, new_current = self.current_sign_in_ip, request.remote_ip
+        self.last_sign_in_ip     = old_current || new_current
+        self.current_sign_in_ip  = new_current
+
+        self.sign_in_count ||= 0
+        self.sign_in_count += 1
+
+        save(:validate => false)
+      end
     end
   end
 end

lib/devise/modules.rb

@@ -0,0 +1,25 @@
+require 'active_support/core_ext/object/with_options'
+
+Devise.with_options :model => true do |d|
+  # Strategies first
+  d.with_options :strategy => true do |s|
+    s.add_module :authenticatable,       :controller => :sessions, :flash => :invalid,       :route => :session
+    s.add_module :http_authenticatable
+    s.add_module :token_authenticatable, :controller => :sessions, :flash => :invalid_token, :route => :session
+    s.add_module :rememberable
+  end
+
+  # Misc after   
+  d.add_module :recoverable,  :controller => :passwords,     :route => :password
+  d.add_module :registerable, :controller => :registrations, :route => :registration
+  d.add_module :validatable
+
+  # The ones which can sign out after
+  d.add_module :activatable,                                 :flash => :inactive
+  d.add_module :confirmable,  :controller => :confirmations, :flash => :unconfirmed, :route => :confirmation
+  d.add_module :lockable,     :controller => :unlocks,       :flash => :locked,      :route => :unlock
+  d.add_module :timeoutable,                                 :flash => :timeout
+
+  # Stats for last, so we make sure the user is really signed in
+  d.add_module :trackable
+end

lib/devise/orm/active_record.rb

@@ -19,16 +19,13 @@ module Devise
     #   add_index "accounts", ["reset_password_token"], :name => "reset_password_token", :unique => true
     #
     module ActiveRecord
-      # Required ORM hook. Just yield the given block in ActiveRecord.
-      def self.included_modules_hook(klass, modules)
-        yield
-      end
+      module Schema
+        include Devise::Schema
 
-      include Devise::Schema
-
-      # Tell how to apply schema methods.
-      def apply_schema(name, type, options={})
-        column name, type.to_s.downcase.to_sym, options
+        # Tell how to apply schema methods.
+        def apply_schema(name, type, options={})
+          column name, type.to_s.downcase.to_sym, options
+        end
       end
     end
   end
@@ -36,5 +33,6 @@ end
 
 if defined?(ActiveRecord)
   ActiveRecord::Base.extend Devise::Models
-  ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord
-end
+  ActiveRecord::ConnectionAdapters::Table.send :include, Devise::Orm::ActiveRecord::Schema
+  ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord::Schema
+end

lib/devise/orm/data_mapper.rb

@@ -1,83 +1,86 @@
 module Devise
   module Orm
     module DataMapper
-      module InstanceMethods
-        def save(flag=nil)
-          if flag == false
+      module Hook
+        def devise_modules_hook!
+          extend Schema
+          include Compatibility
+          yield
+          return unless Devise.apply_schema
+          devise_modules.each { |m| send(m) if respond_to?(m, true) }
+        end
+      end
+
+      module Schema
+        include Devise::Schema
+
+        SCHEMA_OPTIONS = {
+          :null  => :required,
+          :limit => :length
+        }
+
+        # Tell how to apply schema methods. This automatically maps :limit to
+        # :length and :null to :required.
+        def apply_schema(name, type, options={})
+          SCHEMA_OPTIONS.each do |old_key, new_key|
+            next unless options.key?(old_key)
+            options[new_key] = !options.delete(old_key)
+          end
+
+          property name, type, options
+        end
+      end
+
+      module Compatibility
+        extend ActiveSupport::Concern
+
+        module ClassMethods
+          # Hooks for confirmable
+          def before_create(*args)
+            wrap_hook(:before, *args)
+          end
+
+          def after_create(*args)
+            wrap_hook(:after, *args)
+          end
+
+          def wrap_hook(action, *args)
+            options = args.extract_options!
+
+            args.each do |callback|
+              send action, :create, callback
+              class_eval <<-METHOD, __FILE__, __LINE__ + 1
+                def #{callback}
+                  super if #{options[:if] || true}
+                end
+              METHOD
+            end
+          end
+
+          # Add ActiveRecord like finder
+          def find(*args)
+            case args.first
+            when :first, :all
+              send(args.shift, *args)
+            else
+              get(*args)
+            end
+          end
+        end
+
+        def save(options=nil)
+          if options.is_a?(Hash) && options[:validate] == false
             save!
           else
             super()
           end
         end
       end
-
-      def self.included_modules_hook(klass, modules)
-        klass.send :extend,  self
-        klass.send :include, InstanceMethods
-
-        yield
-
-        modules.each do |mod|
-          klass.send(mod) if klass.respond_to?(mod)
-        end
-      end
-
-      include Devise::Schema
-
-      SCHEMA_OPTIONS = {
-        :null  => :nullable,
-        :limit => :length
-      }
-
-      # Hooks for confirmable
-      def before_create(*args)
-        wrap_hook(:before, *args)
-      end
-
-      def after_create(*args)
-        wrap_hook(:after, *args)
-      end
-
-      def wrap_hook(action, *args)
-        options = args.extract_options!
-
-        args.each do |callback|
-          send action, :create, callback
-          class_eval <<-METHOD, __FILE__, __LINE__ + 1
-            def #{callback}
-              super if #{options[:if] || true}
-            end
-          METHOD
-        end
-      end
-
-      # Add ActiveRecord like finder
-      def find(*args)
-        options = args.extract_options!
-        case args.first
-          when :first
-            first(options)
-          when :all
-            all(options)
-          else
-            get(*args)
-        end
-      end
-
-      # Tell how to apply schema methods. This automatically maps :limit to
-      # :length and :null to :nullable.
-      def apply_schema(name, type, options={})
-        return unless Devise.apply_schema
-
-        SCHEMA_OPTIONS.each do |old_key, new_key|
-          next unless options.key?(old_key)
-          options[new_key] = options.delete(old_key)
-        end
-
-        property name, type, options
-      end
     end
   end
 end
 
-DataMapper::Model.send(:include, Devise::Models)
+DataMapper::Model.class_eval do
+  extend  Devise::ORM::DataMapper::Hook
+  include Devise::Models
+end

lib/devise/orm/mongo_mapper.rb

@@ -1,50 +1,49 @@
 module Devise
   module Orm
     module MongoMapper
-      module InstanceMethods
-        def save(options={})
-          if options == false
-            super(:validate => false)
-          else
-            super
+      module Hook
+        def devise_modules_hook!
+          extend Schema
+          include Compatibility
+          yield
+          return unless Devise.apply_schema
+          devise_modules.each { |m| send(m) if respond_to?(m, true) }
+        end
+      end
+
+      module Schema
+        include Devise::Schema
+
+        # Tell how to apply schema methods. This automatically converts DateTime
+        # to Time, since MongoMapper does not recognize the former.
+        def apply_schema(name, type, options={})
+          type = Time if type == DateTime
+          key name, type, options
+        end
+      end
+
+      module Compatibility
+        extend ActiveSupport::Concern
+
+        module ClassMethods
+          def find(*args)
+            case args.first
+            when :first, :all
+              send(args.shift, *args)
+            else
+              super
+            end
           end
         end
       end
 
-      def self.included_modules_hook(klass, modules)
-        klass.send :extend,  self
-        klass.send :include, InstanceMethods
-        yield
-
-        modules.each do |mod|
-          klass.send(mod) if klass.respond_to?(mod)
-        end
-      end
-      
-      def find(*args)
-        options = args.extract_options!
-        case args.first
-          when :first
-            first(options)
-          when :all
-            all(options)
-          else
-            super
-        end
-      end
-      
-      include Devise::Schema
-
-      # Tell how to apply schema methods. This automatically converts DateTime
-      # to Time, since MongoMapper does not recognize the former.
-      def apply_schema(name, type, options={})
-        return unless Devise.apply_schema
-        type = Time if type == DateTime
-        key name, type, options
-      end
     end
   end
 end
 
-MongoMapper::Document::ClassMethods.send(:include, Devise::Models)
-MongoMapper::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)
+[MongoMapper::Document, MongoMapper::EmbeddedDocument].each do |mod|
+  mod::ClassMethods.class_eval do
+    include Devise::Models
+    include Devise::Orm::MongoMapper::Hook
+  end
+end

lib/devise/rails.rb

@@ -1,14 +1,12 @@
 require 'devise/rails/routes'
 require 'devise/rails/warden_compat'
 
-Rails.configuration.after_initialize do
-  require "devise/orm/#{Devise.orm}"
+module Devise
+  class Engine < ::Rails::Engine
+    engine_name :devise
 
-  # Adds Warden Manager to Rails middleware stack, configuring default devise
-  # strategy and also the failure app.
-  Rails.configuration.middleware.use Warden::Manager do |config|
-    Devise.configure_warden(config)
+    config.middleware.use Warden::Manager do |config|
+      Devise.configure_warden(config)
+    end
   end
-
-  I18n.load_path.unshift File.expand_path(File.join(File.dirname(__FILE__), 'locales', 'en.yml'))
-end
+end

lib/devise/rails/routes.rb

@@ -1,11 +1,9 @@
-module ActionController::Routing
+module ActionDispatch::Routing
   class RouteSet #:nodoc:
-
     # Ensure Devise modules are included only after loading routes, because we
-    # need devise_for mappings already declared to create magic filters and
-    # helpers.
-    def load_routes_with_devise!
-      load_routes_without_devise!
+    # need devise_for mappings already declared to create filters and helpers.
+    def finalize_with_devise!
+      finalize_without_devise!
       return if Devise.mappings.empty?
 
       ActionController::Base.send :include, Devise::Controllers::Helpers
@@ -13,110 +11,133 @@ module ActionController::Routing
 
       ActionView::Base.send :include, Devise::Controllers::UrlHelpers
     end
-    alias_method_chain :load_routes!, :devise
+    alias_method_chain :finalize!, :devise
+  end
 
-    class Mapper #:doc:
-      # Includes devise_for method for routes. This method is responsible to
-      # generate all needed routes for devise, based on what modules you have
-      # defined in your model.
-      # Examples: Let's say you have an User model configured to use
-      # authenticatable, confirmable and recoverable modules. After creating this
-      # inside your routes:
-      #
-      #   map.devise_for :users
-      #
-      # this method is going to look inside your User model and create the
-      # needed routes:
-      #
-      #  # Session routes for Authenticatable (default)
-      #       new_user_session GET  /users/sign_in                    {:controller=>"sessions", :action=>"new"}
-      #           user_session POST /users/sign_in                    {:controller=>"sessions", :action=>"create"}
-      #   destroy_user_session GET  /users/sign_out                   {:controller=>"sessions", :action=>"destroy"}
-      #
-      #  # Password routes for Recoverable, if User model has :recoverable configured
-      #      new_user_password GET  /users/password/new(.:format)     {:controller=>"passwords", :action=>"new"}
-      #     edit_user_password GET  /users/password/edit(.:format)    {:controller=>"passwords", :action=>"edit"}
-      #          user_password PUT  /users/password(.:format)         {:controller=>"passwords", :action=>"update"}
-      #                        POST /users/password(.:format)         {:controller=>"passwords", :action=>"create"}
-      #
-      #  # Confirmation routes for Confirmable, if User model has :confirmable configured
-      #  new_user_confirmation GET  /users/confirmation/new(.:format) {:controller=>"confirmations", :action=>"new"}
-      #      user_confirmation GET  /users/confirmation(.:format)     {:controller=>"confirmations", :action=>"show"}
-      #                        POST /users/confirmation(.:format)     {:controller=>"confirmations", :action=>"create"}
-      #
-      # You can configure your routes with some options:
-      #
-      #  * :class_name => setup a different class to be looked up by devise, if it cannot be correctly find by the route name.
-      #
-      #    map.devise_for :users, :class_name => 'Account'
-      #
-      #  * :as => allows you to setup path name that will be used, as rails routes does. The following route configuration would setup your route as /accounts instead of /users:
-      #
-      #    map.devise_for :users, :as => 'accounts'
-      #
-      #  * :scope => setup the scope name. This is used as the instance variable name in controller, as the name in routes and the scope given to warden. Defaults to the singular of the given name:
-      #
-      #    map.devise_for :users, :scope => :account
-      #
-      #  * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :password and :confirmation.
-      #
-      #    map.devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
-      #
-      #  * :path_prefix => the path prefix to be used in all routes.
-      #
-      #    map.devise_for :users, :path_prefix => "/:locale"
-      #
-      #  Any other options will be passed to route definition. If you need conditions for your routes, just map:
-      #
-      #    map.devise_for :users, :conditions => { :subdomain => /.+/ }
-      #
-      #  If you are using a dynamic prefix, like :locale above, you need to configure default_url_options through Devise. You can do that in config/initializers/devise.rb or setting a Devise.default_url_options:
-      #
-      #    Devise.default_url_options do
-      #      { :locale => I18n.locale }
-      #    end
-      #
-      def devise_for(*resources)
-        options = resources.extract_options!
+  class Mapper
+    # Includes devise_for method for routes. This method is responsible to
+    # generate all needed routes for devise, based on what modules you have
+    # defined in your model.
+    # Examples: Let's say you have an User model configured to use
+    # authenticatable, confirmable and recoverable modules. After creating this
+    # inside your routes:
+    #
+    #   devise_for :users
+    #
+    # this method is going to look inside your User model and create the
+    # needed routes:
+    #
+    #  # Session routes for Authenticatable (default)
+    #       new_user_session GET  /users/sign_in                    {:controller=>"sessions", :action=>"new"}
+    #           user_session POST /users/sign_in                    {:controller=>"sessions", :action=>"create"}
+    #   destroy_user_session GET  /users/sign_out                   {:controller=>"sessions", :action=>"destroy"}
+    #
+    #  # Password routes for Recoverable, if User model has :recoverable configured
+    #      new_user_password GET  /users/password/new(.:format)     {:controller=>"passwords", :action=>"new"}
+    #     edit_user_password GET  /users/password/edit(.:format)    {:controller=>"passwords", :action=>"edit"}
+    #          user_password PUT  /users/password(.:format)         {:controller=>"passwords", :action=>"update"}
+    #                        POST /users/password(.:format)         {:controller=>"passwords", :action=>"create"}
+    #
+    #  # Confirmation routes for Confirmable, if User model has :confirmable configured
+    #  new_user_confirmation GET  /users/confirmation/new(.:format) {:controller=>"confirmations", :action=>"new"}
+    #      user_confirmation GET  /users/confirmation(.:format)     {:controller=>"confirmations", :action=>"show"}
+    #                        POST /users/confirmation(.:format)     {:controller=>"confirmations", :action=>"create"}
+    #
+    # You can configure your routes with some options:
+    #
+    #  * :class_name => setup a different class to be looked up by devise,
+    #                   if it cannot be correctly find by the route name.
+    #
+    #    devise_for :users, :class_name => 'Account'
+    #
+    #  * :as => allows you to setup path name that will be used, as rails routes does.
+    #           The following route configuration would setup your route as /accounts instead of /users:
+    #
+    #    devise_for :users, :as => 'accounts'
+    #
+    #  * :scope => setup the scope name. This is used as the instance variable name in controller,
+    #              as the name in routes and the scope given to warden. Defaults to the singular of the given name:
+    #
+    #    devise_for :users, :scope => :account
+    #
+    #  * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
+    #                   :password, :confirmation, :unlock.
+    #
+    #    devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
+    #
+    #  * :path_prefix => the path prefix to be used in all routes.
+    #
+    #    devise_for :users, :path_prefix => "/:locale"
+    #
+    #  If you are using a dynamic prefix, like :locale above, you need to configure default_url_options in your ApplicationController
+    #  class level, so Devise can pick it:
+    #
+    #    class ApplicationController < ActionController::Base
+    #      def self.default_url_options
+    #        { :locale => I18n.locale }
+    #      end
+    #    end
+    #
+    #  * :controllers => the controller which should be used. All routes by default points to Devise controllers.
+    #    However, if you want them to point to custom controller, you should do:
+    #
+    #    devise_for :users, :controllers => { :sessions => "users/sessions" }
+    #
+    def devise_for(*resources)
+      options = resources.extract_options!
+      resources.map!(&:to_sym)
 
-        resources.map!(&:to_sym)
-        resources.each do |resource|
-          mapping = Devise::Mapping.new(resource, options.dup)
-          Devise.default_scope ||= mapping.name
-          Devise.mappings[mapping.name] = mapping
+      resources.each do |resource|
+        mapping = Devise::Mapping.new(resource, options)
 
-          route_options = mapping.route_options.merge(:path_prefix => mapping.raw_path, :name_prefix => "#{mapping.name}_")
+        unless mapping.to.respond_to?(:devise)
+          raise "#{mapping.to.name} does not respond to 'devise' method. This usually means you haven't " <<
+            "loaded your ORM file or it's being loaded to late. To fix it, be sure to require 'devise/orm/YOUR_ORM' " <<
+            "inside 'config/initializers/devise.rb' or before your application definition in 'config/application.rb'"
+        end
 
-          with_options(route_options) do |routes|
-            mapping.for.each do |strategy|
-              send(strategy, routes, mapping) if self.respond_to?(strategy, true)
-            end
-          end
+        Devise.default_scope ||= mapping.name
+        Devise.mappings[mapping.name] = mapping
+
+        mapping.modules.each do |mod|
+          send(mod, mapping, mapping.controllers) if self.respond_to?(mod, true)
+        end
+      end
+    end
+
+    protected
+
+      def authenticatable(mapping, controllers)
+        scope mapping.path do
+          get  mapping.path_names[:sign_in],  :to => "#{controllers[:sessions]}#new",     :as => :"new_#{mapping.name}_session"
+          post mapping.path_names[:sign_in],  :to => "#{controllers[:sessions]}#create",  :as => :"#{mapping.name}_session"
+          get  mapping.path_names[:sign_out], :to => "#{controllers[:sessions]}#destroy", :as => :"destroy_#{mapping.name}_session"
+        end
+      end
+ 
+      def recoverable(mapping, controllers)
+        scope mapping.path, :name_prefix => mapping.name do
+          resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password], :controller => controllers[:passwords]
+        end
+      end
+ 
+      def confirmable(mapping, controllers)
+        scope mapping.path, :name_prefix => mapping.name do
+          resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation], :controller => controllers[:confirmations]
+        end
+      end
+ 
+      def lockable(mapping, controllers)
+        scope mapping.path, :name_prefix => mapping.name do
+          resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock], :controller => controllers[:unlocks]
         end
       end
 
-      protected
-
-        def authenticatable(routes, mapping)
-          routes.with_options(:controller => 'sessions', :name_prefix => nil) do |session|
-            session.send(:"new_#{mapping.name}_session",     mapping.path_names[:sign_in],  :action => 'new',     :conditions => { :method => :get })
-            session.send(:"#{mapping.name}_session",         mapping.path_names[:sign_in],  :action => 'create',  :conditions => { :method => :post })
-            session.send(:"destroy_#{mapping.name}_session", mapping.path_names[:sign_out], :action => 'destroy', :conditions => { :method => :get })
-          end
+      def registerable(mapping, controllers)
+        scope :name_prefix => mapping.name do
+          resource :registration, :only => [:new, :create, :edit, :update, :destroy], :as => mapping.path[1..-1],
+                   :path_names => { :new => mapping.path_names[:sign_up] }, :controller => controllers[:registrations]
         end
-
-        def recoverable(routes, mapping)
-          routes.resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password]
-        end
-
-        def confirmable(routes, mapping)
-          routes.resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation]
-        end
-
-        def lockable(routes, mapping)
-          routes.resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock]
-        end
-
-    end
+      end
   end
-end
+end

lib/devise/rails/warden_compat.rb

@@ -1,6 +1,6 @@
 module Warden::Mixins::Common
   def request
-    @request ||= env['action_controller.rescue.request']
+    @request ||= ActionDispatch::Request.new(env)
   end
 
   def reset_session!
@@ -9,7 +9,7 @@ module Warden::Mixins::Common
   end
 
   def response
-    @response ||= env['action_controller.rescue.response']
+    @response ||= env['action_controller.instance'].response
   end
 end
 

lib/devise/schema.rb

@@ -9,12 +9,13 @@ module Devise
     # * :null - When true, allow columns to be null.
     # * :encryptor - The encryptor going to be used, necessary for setting the proper encrypter password length.
     def authenticatable(options={})
-      null       = options[:null] || false
-      encryptor  = options[:encryptor] || (respond_to?(:encryptor) ? self.encryptor : :sha1)
+      null      = options[:null] || false
+      default   = options[:default]
+      encryptor = options[:encryptor] || (respond_to?(:encryptor) ? self.encryptor : :sha1)
 
-      apply_schema :email,              String, :null => null
-      apply_schema :encrypted_password, String, :null => null, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
-      apply_schema :password_salt,      String, :null => null
+      apply_schema :email,              String, :null => null, :default => default
+      apply_schema :encrypted_password, String, :null => null, :default => default, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
+      apply_schema :password_salt,      String, :null => null, :default => default
     end
 
     # Creates authentication_token.

lib/devise/strategies/authenticatable.rb

@@ -6,7 +6,7 @@ module Devise
     # Redirects to sign_in page if it's not authenticated
     class Authenticatable < Base
       def valid?
-        super && params[scope] && params[scope][:password].present?
+        valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate)
       end
 
       # Authenticate a user based on email and password params, returning to warden
@@ -19,6 +19,16 @@ module Devise
           fail!(:invalid)
         end
       end
+
+      protected
+
+        def valid_controller?
+          mapping.controllers[:sessions] == params[:controller]
+        end
+
+        def valid_params?
+          params[scope] && params[scope][:password].present?
+        end
     end
   end
 end

lib/devise/strategies/base.rb

@@ -2,22 +2,14 @@ module Devise
   module Strategies
     # Base strategy for Devise. Responsible for verifying correct scope and mapping.
     class Base < ::Warden::Strategies::Base
-      # Validate strategy. By default will raise an error if no scope or an
-      # invalid mapping is found.
-      def valid?
-        raise "Could not find mapping for #{scope}" unless mapping
-        mapping.for.include?(klass_type)
-      end
-
       # Checks if a valid scope was given for devise and find mapping based on
       # this scope.
       def mapping
-        Devise.mappings[scope]
-      end
-
-      # Store this class type.
-      def klass_type
-        @klass_type ||= self.class.name.split("::").last.underscore.to_sym
+        @mapping ||= begin
+          mapping = Devise.mappings[scope]
+          raise "Could not find mapping for #{scope}" unless mapping
+          mapping
+        end
       end
     end
   end

lib/devise/strategies/http_authenticatable.rb

@@ -0,0 +1,47 @@
+require 'devise/strategies/base'
+
+module Devise
+  module Strategies
+    # Sign in an user using HTTP authentication.
+    class HttpAuthenticatable < Base
+      def valid?
+        request.authorization && mapping.to.respond_to?(:authenticate_with_http)
+      end
+
+      def authenticate!
+        username, password = username_and_password
+
+        if resource = mapping.to.authenticate_with_http(username, password)
+          success!(resource)
+        else
+          custom!([401, custom_headers, [response_body]])
+        end
+      end
+
+    private
+
+      def username_and_password
+        decode_credentials(request).split(/:/, 2)
+      end
+
+      def decode_credentials(request)
+        ActiveSupport::Base64.decode64(request.authorization.split(' ', 2).last || '')
+      end
+
+      def response_body
+        body   = "HTTP Basic: Access denied."
+        method = :"to_#{request.format.to_sym}"
+        {}.respond_to?(method) ? { :error => body }.send(method) : body
+      end
+
+      def custom_headers
+        {
+          "Content-Type" => request.format.to_s,
+          "WWW-Authenticate" => %(Basic realm="#{Devise.http_authentication_realm.gsub(/"/, "")}")
+        }
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:http_authenticatable, Devise::Strategies::HttpAuthenticatable)

lib/devise/strategies/rememberable.rb

@@ -10,7 +10,7 @@ module Devise
 
       # A valid strategy for rememberable needs a remember token in the cookies.
       def valid?
-        super && remember_me_cookie.present?
+        remember_me_cookie.present? && mapping.to.respond_to?(:serialize_from_cookie)
       end
 
       # To authenticate a user we deserialize the cookie and attempt finding

lib/devise/strategies/token_authenticatable.rb

@@ -6,7 +6,7 @@ module Devise
     # Redirects to sign_in page if it's not authenticated.
     class TokenAuthenticatable < Base
       def valid?
-        super && authentication_token(scope).present?
+        mapping.to.respond_to?(:authenticate_with_token) && authentication_token(scope).present?
       end
 
       # Authenticate a user based on authenticatable token params, returning to warden
@@ -20,17 +20,16 @@ module Devise
         end
       end
 
-      private
+    private
 
-        # Detect authentication token in params: scoped or not.
-        def authentication_token(scope)
-          if params[scope]
-            params[scope][mapping.to.token_authentication_key]
-          else
-            params[mapping.to.token_authentication_key]
-          end
+      # Detect authentication token in params: scoped or not.
+      def authentication_token(scope)
+        if params[scope]
+          params[scope][mapping.to.token_authentication_key]
+        else
+          params[mapping.to.token_authentication_key]
         end
-
+      end
     end
   end
 end

lib/devise/test_helpers.rb

@@ -45,10 +45,7 @@ module Devise
 
     # We need to setup the environment variables and the response in the controller.
     def setup_controller_for_warden #:nodoc:
-      @request.env['action_controller.rescue.request']  = @request
-      @request.env['action_controller.rescue.response'] = @response
-      @request.env['rack.session'] = session
-      @controller.response = @response
+      @request.env['action_controller.instance'] = @controller
     end
 
     # Quick access to Warden::Proxy.

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "0.9.2".freeze
+  VERSION = "1.1.pre4".freeze
 end

lib/generators/devise/devise_generator.rb

@@ -0,0 +1,57 @@
+require 'rails/generators/migration'
+
+class DeviseGenerator < Rails::Generators::NamedBase
+  include Rails::Generators::Migration
+
+  desc "Generates a model with the given NAME (if one does not exist) with devise " <<
+       "configuration plus a migration file and devise routes."
+
+  def self.source_root
+    @_devise_source_root ||= File.expand_path("../templates", __FILE__)
+  end
+
+  def self.orm_has_migration?
+    Rails::Generators.options[:rails][:orm] == :active_record
+  end
+
+  def self.next_migration_number(path)
+    Time.now.utc.strftime("%Y%m%d%H%M%S")
+  end
+
+  class_option :migration, :type => :boolean, :default => orm_has_migration?
+
+  def invoke_orm_model
+    if File.exists?(File.join(destination_root, model_path))
+      say "* Model already exists. Adding Devise behavior."
+    else
+      invoke "model", [name], :migration => false
+    end
+  end
+
+  def inject_devise_config_into_model
+    inject_into_class model_path, class_name, <<-CONTENT
+  # Include default devise modules. Others available are:
+  # :http_authenticatable, :token_authenticatable, :lockable, :timeoutable and :activatable
+  devise :registerable, :authenticatable, :confirmable, :recoverable,
+         :rememberable, :trackable, :validatable
+
+  # Setup accessible (or protected) attributes for your model
+  attr_accessible :email, :password, :password_confirmation
+CONTENT
+  end
+
+  def copy_migration_template
+    return unless options.migration?
+    migration_template "migration.rb", "db/migrate/devise_create_#{table_name}"
+  end
+
+  def add_devise_routes
+    route "devise_for :#{table_name}"
+  end
+
+  protected
+
+    def model_path
+      @model_path ||= File.join("app", "models", "#{file_path}.rb")
+    end
+end

lib/generators/devise_install/devise_install_generator.rb

@@ -0,0 +1,25 @@
+class DeviseInstallGenerator < Rails::Generators::Base
+  desc "Creates a Devise initializer and copy locale files to your application."
+
+  def self.source_root
+    @_devise_source_root ||= File.expand_path("../templates", __FILE__)
+  end
+
+  def copy_initializer
+    template "devise.rb", "config/initializers/devise.rb"
+  end
+
+  def copy_locale
+    copy_file "../../../../config/locales/en.yml", "config/locales/devise.en.yml"    
+  end
+
+  def show_readme
+    readme "README"
+  end
+
+  protected
+  
+  def readme(path)
+    say File.read(File.expand_path(path, self.class.source_root))
+  end
+end

lib/generators/devise_install/templates/README

@@ -11,8 +11,9 @@ Some setup you must do manually if you haven't yet:
      This is a required Rails configuration. In production is must be the
      actual host of your application
 
-  2. Ensure you have defined root_url to *something* in your config/routes.rb:
+  2. Ensure you have defined root_url to *something* in your config/routes.rb.
+     For example:
 
-       map.root :controller => 'home'
+       root :to => "home#index"
 
 ===============================================================================

lib/generators/devise_install/templates/devise.rb

@@ -26,6 +26,9 @@ Devise.setup do |config|
   # session. If you need permissions, you should implement that in a before filter.
   # config.authentication_keys = [ :email ]
 
+  # The realm used in Http Basic Authentication
+  # config.http_authentication_realm = "Application"
+
   # ==> Configuration for :confirmable
   # The time you want give to your user to confirm his account. During this time
   # he will be able to access your application without confirming. Default is nil.
@@ -60,8 +63,7 @@ Devise.setup do |config|
   # ==> General configuration
   # Load and configure the ORM. Supports :active_record (default), :mongo_mapper
   # (requires mongo_ext installed) and :data_mapper (experimental).
-  # require 'devise/orm/mongo_mapper'
-  # config.orm = :mongo_mapper
+  require 'devise/orm/active_record'
 
   # Turn scoped views on. Before rendering "sessions/new", it will first check for
   # "sessions/users/new". It's turned off by default because it's slower if you
@@ -90,11 +92,4 @@ Devise.setup do |config|
   #   end
   #   manager.default_strategies.unshift :twitter_oauth
   # end
-
-  # Configure default_url_options if you are using dynamic segments in :path_prefix
-  # for devise_for.
-  #
-  # config.default_url_options do
-  #   { :locale => I18n.locale }
-  # end
 end

lib/generators/devise_views/devise_views_generator.rb

@@ -0,0 +1,15 @@
+class DeviseViewsGenerator < Rails::Generators::Base
+  desc "Copies all Devise views to your application."
+
+  def self.source_root
+    @_devise_source_root ||= File.expand_path("../../../../app/views", __FILE__)
+  end
+
+  def copy_views
+    directory "devise"
+  end
+
+  def say_restart_server
+    say "Views copied. Please restart your server."
+  end
+end

test/controllers/helpers_test.rb

@@ -11,16 +11,29 @@ class MockController < ApplicationController
   def path
     ''
   end
+
+  def index
+  end
+
+  def host_with_port
+    "test.host:3000"
+  end
+
+  def protocol
+    "http"
+  end
+
+  def symbolized_path_parameters
+    {}
+  end
 end
 
 class ControllerAuthenticableTest < ActionController::TestCase
   tests MockController
 
   def setup
-    @controller = MockController.new
     @mock_warden = OpenStruct.new
     @controller.env = { 'warden' => @mock_warden }
-    @controller.session = {}
   end
 
   test 'setup warden' do
@@ -165,13 +178,4 @@ class ControllerAuthenticableTest < ActionController::TestCase
   test 'is not a devise controller' do
     assert_not @controller.devise_controller?
   end
-
-  test 'default url options are retrieved from devise' do
-    begin
-      Devise.default_url_options {{ :locale => I18n.locale }}
-      assert_equal({ :locale => :en }, @controller.send(:default_url_options))
-    ensure
-      Devise.default_url_options {{ }}
-    end
-  end
 end

test/devise_test.rb

@@ -25,7 +25,7 @@ class DeviseTest < ActiveSupport::TestCase
     Devise.configure_warden(config)
 
     assert_equal Devise::FailureApp, config.failure_app
-    assert_equal [:rememberable, :token_authenticatable, :authenticatable], config.default_strategies
+    assert_equal [:rememberable, :token_authenticatable, :http_authenticatable, :authenticatable], config.default_strategies
     assert_equal :user, config.default_scope
     assert config.silence_missing_strategies?
   end
@@ -58,10 +58,9 @@ class DeviseTest < ActiveSupport::TestCase
     Devise::STRATEGIES.delete(:banana)
 
     assert_nothing_raised(Exception) { Devise.add_module(:kivi, :controller => :fruits) }
-    assert_not_nil Devise::CONTROLLERS[:fruits]
-    assert_equal 1, Devise::CONTROLLERS[:fruits].select { |v| v == :kivi }.size
+    assert_equal :fruits, Devise::CONTROLLERS[:kivi]
     Devise::ALL.delete(:kivi)
-    Devise::CONTROLLERS.delete(:fruits)
+    Devise::CONTROLLERS.delete(:kivi)
 
     assert_nothing_raised(Exception) { Devise.add_module(:authenticatable_again, :model => 'devise/model/authenticatable') }
     assert defined?(Devise::Models::AuthenticatableAgain)

test/encryptors_test.rb

@@ -1,7 +1,4 @@
-gem 'bcrypt-ruby'
-
 class Encryptors < ActiveSupport::TestCase
-
   test 'should match a password created by authlogic' do
     authlogic = "b623c3bc9c775b0eb8edb218a382453396fec4146422853e66ecc4b6bc32d7162ee42074dcb5f180a770dc38b5df15812f09bbf497a4a1b95fe5e7d2b8eb7eb4"
     encryptor = Devise::Encryptors::AuthlogicSha512.digest('123mudar', 20, 'usZK_z_EAaF61Gwkw-ed', '')

test/failure_app_test.rb

@@ -4,7 +4,13 @@ require 'ostruct'
 class FailureTest < ActiveSupport::TestCase
 
   def call_failure(env_params={})
-    env = {'warden.options' => { :scope => :user }}.merge!(env_params)
+    env = {
+      'warden.options' => { :scope => :user },
+      'REQUEST_URI' => 'http://test.host/',
+      'HTTP_HOST' => 'test.host',
+      'REQUEST_METHOD' => 'GET',
+      'rack.session' => {}
+    }.merge!(env_params)
     Devise::FailureApp.call(env)
   end
 
@@ -13,32 +19,28 @@ class FailureTest < ActiveSupport::TestCase
   end
 
   test 'return to the default redirect location' do
-    assert_equal '/users/sign_in?unauthenticated=true', call_failure.second['Location']
+    assert_equal 'http://test.host/users/sign_in?unauthenticated=true', call_failure.second['Location']
   end
 
   test 'uses the proxy failure message' do
     warden = OpenStruct.new(:message => :test)
     location = call_failure('warden' => warden).second['Location']
-    assert_equal '/users/sign_in?test=true', location
+    assert_equal 'http://test.host/users/sign_in?test=true', location
   end
 
   test 'uses the given message' do
     warden = OpenStruct.new(:message => 'Hello world')
     location = call_failure('warden' => warden).second['Location']
-    assert_equal '/users/sign_in?message=Hello+world', location
+    assert_equal 'http://test.host/users/sign_in?message=Hello+world', location
   end
 
-  test 'setup default url' do
-    Devise::FailureApp.default_url = 'test/sign_in'
-    location = call_failure('warden.options' => { :scope => nil }).second['Location']
-    assert_equal '/test/sign_in?unauthenticated=true', location
-  end
-
-  test 'set content type to default text/plain' do
-    assert_equal 'text/plain', call_failure.second['Content-Type']
+  test 'set content type to default text/html' do
+    assert_equal 'text/html; charset=utf-8', call_failure.second['Content-Type']
   end
 
   test 'setup a default message' do
-    assert_equal ['You are being redirected to /users/sign_in?unauthenticated=true'], call_failure.last
+    assert_match /You are being/, call_failure.last.body
+    assert_match /redirected/, call_failure.last.body
+    assert_match /\?unauthenticated=true/, call_failure.last.body
   end
 end

test/integration/authenticatable_test.rb

@@ -1,8 +1,7 @@
 require 'test/test_helper'
 
-class AuthenticationTest < ActionController::IntegrationTest
-
-  test 'home should be accessible without signed in' do
+class AuthenticationSanityTest < ActionController::IntegrationTest
+  test 'home should be accessible without sign in' do
     visit '/'
     assert_response :success
     assert_template 'home/index'
@@ -76,43 +75,6 @@ class AuthenticationTest < ActionController::IntegrationTest
     assert_contain 'Welcome Admin'
   end
 
-  test 'sign in as user should not authenticate if not using proper authentication keys' do
-    swap Devise, :authentication_keys => [:username] do
-      sign_in_as_user
-      assert_not warden.authenticated?(:user)
-    end
-  end
-
-  test 'admin signing in with invalid email should return to sign in form with error message' do
-    sign_in_as_admin do
-      fill_in 'email', :with => 'wrongemail@test.com'
-    end
-
-    assert_contain 'Invalid email or password'
-    assert_not warden.authenticated?(:admin)
-  end
-
-  test 'admin signing in with invalid pasword should return to sign in form with error message' do
-    sign_in_as_admin do
-      fill_in 'password', :with => 'abcdef'
-    end
-
-    assert_contain 'Invalid email or password'
-    assert_not warden.authenticated?(:admin)
-  end
-
-  test 'error message is configurable by resource name' do
-    store_translations :en, :devise => {
-      :sessions => { :admin => { :invalid => "Invalid credentials" } }
-    } do
-      sign_in_as_admin do
-        fill_in 'password', :with => 'abcdef'
-      end
-
-      assert_contain 'Invalid credentials'
-    end
-  end
-
   test 'authenticated admin should not be able to sign as admin again' do
     sign_in_as_admin
     get new_admin_session_path
@@ -143,6 +105,43 @@ class AuthenticationTest < ActionController::IntegrationTest
     get root_path
     assert_not_contain 'Signed out successfully'
   end
+end
+
+class AuthenticationTest < ActionController::IntegrationTest
+  test 'sign in should not authenticate if not using proper authentication keys' do
+    swap Devise, :authentication_keys => [:username] do
+      sign_in_as_user
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
+  test 'sign in with invalid email should return to sign in form with error message' do
+    sign_in_as_admin do
+      fill_in 'email', :with => 'wrongemail@test.com'
+    end
+
+    assert_contain 'Invalid email or password'
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'sign in with invalid pasword should return to sign in form with error message' do
+    sign_in_as_admin do
+      fill_in 'password', :with => 'abcdef'
+    end
+
+    assert_contain 'Invalid email or password'
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'error message is configurable by resource name' do
+    store_translations :en, :devise => { :sessions => { :admin => { :invalid => "Invalid credentials" } } } do
+      sign_in_as_admin do
+        fill_in 'password', :with => 'abcdef'
+      end
+
+      assert_contain 'Invalid credentials'
+    end
+  end
 
   test 'redirect from warden shows sign in or sign up message' do
     get admins_path
@@ -194,20 +193,22 @@ class AuthenticationTest < ActionController::IntegrationTest
     assert_equal "/admin_area/home", @request.path
   end
 
-  test 'allows session to be set by a given scope' do
+  test 'destroyed account is signed out' do
     sign_in_as_user
-    visit 'users/index'
-    assert_equal "Cart", @controller.user_session[:cart]
-  end
+    get '/users'
 
-  test 'destroyed account is logged out' do
-    sign_in_as_user
-    visit 'users/index'
     User.destroy_all
-    visit 'users/index'
+    get '/users'
     assert_redirected_to '/users/sign_in?unauthenticated=true'
   end
 
+  test 'allows session to be set by a given scope' do
+    sign_in_as_user
+    get '/users'
+    assert_equal "Cart", @controller.user_session[:cart]
+  end
+
+  # Scoped views
   test 'renders the scoped view if turned on and view is available' do
     swap Devise, :scoped_views => true do
       assert_raise Webrat::NotFoundError do
@@ -217,6 +218,20 @@ class AuthenticationTest < ActionController::IntegrationTest
     end
   end
 
+  test 'renders the scoped view if turned on in an specific controller' do
+    begin
+      Devise::SessionsController.scoped_views = true
+      assert_raise Webrat::NotFoundError do
+        sign_in_as_user
+      end
+
+      assert_match /Special user view/, response.body
+      assert !Devise::PasswordsController.scoped_views
+    ensure
+      Devise::SessionsController.send :remove_instance_variable, :@scoped_views
+    end
+  end
+
   test 'does not render the scoped view if turned off' do
     swap Devise, :scoped_views => false do
       assert_nothing_raised do
@@ -233,23 +248,33 @@ class AuthenticationTest < ActionController::IntegrationTest
     end
   end
 
+  # Default scope
+  test 'uses the mapping from the default scope if specified' do
+    swap Devise, :use_default_scope => true do
+      get '/sign_in'
+      assert_response :ok
+      assert_contain 'Sign in'
+    end
+  end
+
+  # Custom controller
+  test 'uses the custom controller with the custom controller view' do
+    get '/admin_area/sign_in'
+    assert_contain 'Sign in'
+    assert_contain 'Welcome to "sessions" controller!'
+    assert_contain 'Welcome to "sessions/new" view!'
+  end
+
+  # Access
   test 'render 404 on roles without permission' do
-    get 'admin_area/password/new'
+    get '/admin_area/password/new', {}, "action_dispatch.show_exceptions" => true
     assert_response :not_found
     assert_not_contain 'Send me reset password instructions'
   end
 
   test 'render 404 on roles without mapping' do
-    get 'sign_in'
+    get '/sign_in', {}, "action_dispatch.show_exceptions" => true
     assert_response :not_found
     assert_not_contain 'Sign in'
   end
-
-  test 'uses the mapping from the default scope if specified' do
-    swap Devise, :use_default_scope => true do
-      get 'sign_in'
-      assert_response :ok
-      assert_contain 'Sign in'
-    end
-  end
 end

test/integration/http_authenticatable_test.rb

@@ -0,0 +1,51 @@
+require 'test/test_helper'
+
+class HttpAuthenticationTest < ActionController::IntegrationTest
+
+  test 'sign in should authenticate with http' do
+    sign_in_as_new_user_with_http
+    assert_response :success
+    assert_template 'users/index'
+    assert_contain 'Welcome'
+    assert warden.authenticated?(:user)
+  end
+
+  test 'returns a custom response with www-authenticate header on failures' do
+    sign_in_as_new_user_with_http("unknown")
+    assert_equal 401, status
+    assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
+  end
+
+  test 'uses the request format as response content type' do
+    sign_in_as_new_user_with_http("unknown", "123456", :xml)
+    assert_equal 401, status
+    assert_equal "application/xml", headers["Content-Type"]
+    assert response.body.include?("<error>HTTP Basic: Access denied.</error>")
+  end
+
+  test 'returns a custom response with www-authenticate and chosen realm' do
+    swap Devise, :http_authentication_realm => "MyApp" do
+      sign_in_as_new_user_with_http("unknown")
+      assert_equal 401, status
+      assert_equal 'Basic realm="MyApp"', headers["WWW-Authenticate"]
+    end
+  end
+
+  test 'sign in should authenticate with http even with specific authentication keys' do
+    swap Devise, :authentication_keys => [:username] do
+      sign_in_as_new_user_with_http "usertest"
+      assert_response :success
+      assert_template 'users/index'
+      assert_contain 'Welcome'
+      assert warden.authenticated?(:user)
+    end
+  end
+
+  private
+
+    def sign_in_as_new_user_with_http(username="user@test.com", password="123456", format=:html)
+      user = create_user
+      get users_path(:format => format), {}, "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
+      user
+    end
+end

test/integration/recoverable_test.rb

@@ -134,7 +134,7 @@ class PasswordTest < ActionController::IntegrationTest
     request_forgot_password
     reset_password :reset_password_token => user.reload.reset_password_token
 
-    assert_redirected_to new_user_session_path(:unconfirmed => true)
+    assert_current_path new_user_session_path(:unconfirmed => true)
     assert !warden.authenticated?(:user)
   end
 

test/integration/registerable_test.rb

@@ -0,0 +1,139 @@
+require 'test/test_helper'
+
+class RegistrationTest < ActionController::IntegrationTest
+
+  test 'a guest admin should be able to sign in successfully' do
+    get new_admin_session_path
+    click_link 'Sign up'
+
+    assert_template 'registrations/new'
+
+    fill_in 'email', :with => 'new_user@test.com'
+    fill_in 'password', :with => 'new_user123'
+    fill_in 'password confirmation', :with => 'new_user123'
+    click_button 'Sign up'
+
+    assert_contain 'You have signed up successfully.'
+    assert warden.authenticated?(:admin)
+
+    admin = Admin.last :order => "id"
+    assert_equal admin.email, 'new_user@test.com'
+  end
+
+  test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
+    get new_user_registration_path
+
+    fill_in 'email', :with => 'new_user@test.com'
+    fill_in 'password', :with => 'new_user123'
+    fill_in 'password confirmation', :with => 'new_user123'
+    click_button 'Sign up'
+
+    assert_contain 'You have signed up successfully.'
+    assert_contain 'Sign in'
+    assert_not_contain 'Confirm your account'
+
+    assert_not warden.authenticated?(:user)
+
+    user = User.last :order => "id"
+    assert_equal user.email, 'new_user@test.com'
+    assert_not user.confirmed?
+  end
+
+  test 'a guest user cannot sign up with invalid information' do
+    get new_user_registration_path
+
+    fill_in 'email', :with => 'invalid_email'
+    fill_in 'password', :with => 'new_user123'
+    fill_in 'password confirmation', :with => 'new_user321'
+    click_button 'Sign up'
+
+    assert_template 'registrations/new'
+    assert_have_selector '#errorExplanation'
+    assert_contain "Email is invalid"
+    assert_contain "Password doesn't match confirmation"
+    assert_nil User.first
+
+    assert_not warden.authenticated?(:user)
+  end
+
+  test 'a guest should not sign up with email/password that already exists' do
+    user = create_user
+    get new_user_registration_path
+
+    fill_in 'email', :with => 'user@test.com'
+    fill_in 'password', :with => '123456'
+    fill_in 'password confirmation', :with => '123456'
+    click_button 'Sign up'
+
+    assert_template 'registrations/new'
+    assert_contain 'Email has already been taken'
+
+    assert_not warden.authenticated?(:user)
+  end
+
+  test 'a guest should not be able to change account' do
+    get edit_user_registration_path
+    assert_redirected_to new_user_session_path(:unauthenticated => true)
+  end
+
+  test 'a signed in user should not be able to access sign up' do
+    sign_in_as_user
+    get new_user_registration_path
+    assert_redirected_to root_path
+  end
+
+  test 'a signed in user should be able to edit his account' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'email', :with => 'user.new@email.com'
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_template 'home/index'
+    assert_contain 'You updated your account successfully.'
+
+    assert_equal "user.new@email.com", User.first.email
+  end
+
+  test 'a signed in user should not change his current user with invalid password' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'email', :with => 'user.new@email.com'
+    fill_in 'current password', :with => 'invalid'
+    click_button 'Update'
+
+    assert_template 'registrations/edit'
+    assert_contain 'user@test.com'
+    assert_have_selector 'form input[value="user.new@email.com"]'
+
+    assert_equal "user@test.com", User.first.email
+  end
+
+
+  test 'a signed in user should be able to edit his password' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'password', :with => 'pas123'
+    fill_in 'password confirmation', :with => 'pas123'
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+
+    assert_template 'home/index'
+    assert_contain 'You updated your account successfully.'
+
+    assert User.first.valid_password?('pas123')
+  end
+
+  test 'a signed in user should be able to cancel his account' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    click_link "Cancel my account", :method => :delete
+    assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
+
+    assert User.all.empty?
+  end
+end

test/integration/rememberable_test.rb

@@ -28,19 +28,28 @@ class RememberMeTest < ActionController::IntegrationTest
     assert warden.user(:user) == user
   end
 
+  test 'does not remember other scopes' do
+    user = create_user_and_remember
+    get root_path
+    assert_response :success
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+  end
+
   test 'do not remember with invalid token' do
     user = create_user_and_remember('add')
     get users_path
-    assert_response :success
     assert_not warden.authenticated?(:user)
+    assert_redirected_to new_user_session_path(:unauthenticated => true)
   end
 
   test 'do not remember with token expired' do
     user = create_user_and_remember
-    Devise.remember_for = 0
-    get users_path
-    assert_response :success
-    assert_not warden.authenticated?(:user)
+    swap Devise, :remember_for => 0 do
+      get users_path
+      assert_not warden.authenticated?(:user)
+      assert_redirected_to new_user_session_path(:unauthenticated => true)
+    end
   end
 
   test 'forget the user before sign out' do

test/integration/token_authenticatable_test.rb

@@ -2,7 +2,7 @@ require 'test/test_helper'
 
 class TokenAuthenticationTest < ActionController::IntegrationTest
 
-  test 'sign in user should authenticate with valid authentication token and proper authentication token key' do
+  test 'sign in should authenticate with valid authentication token and proper authentication token key' do
     swap Devise, :token_authentication_key => :secret_token do
       sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
 
@@ -13,11 +13,10 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
     end
   end
 
-  test 'user signing in with valid authentication token - but improper authentication token key - return to sign in form with error message' do
+  test 'signing in with valid authentication token - but improper authentication token key - return to sign in form with error message' do
     swap Devise, :token_authentication_key => :donald_duck_token do
       sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
-      assert_redirected_to new_user_session_path(:unauthenticated => true)
-      follow_redirect!
+      assert_current_path new_user_session_path(:unauthenticated => true)
 
       assert_contain 'You need to sign in or sign up before continuing'
       assert_contain 'Sign in'
@@ -25,11 +24,10 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
     end
   end
 
-  test 'user signing in with invalid authentication token should return to sign in form with error message' do
+  test 'signing in with invalid authentication token should return to sign in form with error message' do
     store_translations :en, :devise => {:sessions => {:invalid_token => 'LOL, that was not a single character correct.'}} do
       sign_in_as_new_user_with_token(:auth_token => '*** INVALID TOKEN ***')
-      assert_redirected_to new_user_session_path(:invalid_token => true)
-      follow_redirect!
+      assert_current_path new_user_session_path(:invalid_token => true)
 
       assert_response :success
       assert_contain 'LOL, that was not a single character correct.'
@@ -40,7 +38,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
 
   private
 
-    def sign_in_as_new_user_with_token(options = {}, &block)
+    def sign_in_as_new_user_with_token(options = {})
       options[:auth_token_key] ||= Devise.token_authentication_key
       options[:auth_token]     ||= VALID_AUTHENTICATION_TOKEN
 

test/mailers/confirmation_instructions_test.rb

@@ -59,7 +59,16 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
 
   test 'renders a scoped if scoped_views is set to true' do
     swap Devise, :scoped_views => true do
-      assert_equal user.email, mail.body
+      assert_equal user.email, mail.body.decoded
+    end
+  end
+
+  test 'renders a scoped if scoped_views is set in the mailer class' do
+    begin
+      Devise::Mailer.scoped_views = true
+      assert_equal user.email, mail.body.decoded
+    ensure
+      Devise::Mailer.send :remove_instance_variable, :@scoped_views
     end
   end
 

test/mapping_test.rb

@@ -4,9 +4,8 @@ class MappingTest < ActiveSupport::TestCase
 
   test 'store options' do
     mapping = Devise.mappings[:user]
-
     assert_equal User,                mapping.to
-    assert_equal User.devise_modules, mapping.for
+    assert_equal User.devise_modules, mapping.modules
     assert_equal :users,              mapping.as
   end
 
@@ -19,15 +18,15 @@ class MappingTest < ActiveSupport::TestCase
   end
 
   test 'allows a controller depending on the mapping' do
-    mapping = Devise.mappings[:user]
-    assert mapping.allows?(:sessions)
-    assert mapping.allows?(:confirmations)
-    assert mapping.allows?(:passwords)
+    allowed = Devise.mappings[:user].allowed_controllers
+    assert allowed.include?("devise/sessions")
+    assert allowed.include?("devise/confirmations")
+    assert allowed.include?("devise/passwords")
 
-    mapping = Devise.mappings[:admin]
-    assert mapping.allows?(:sessions)
-    assert_not mapping.allows?(:confirmations)
-    assert_not mapping.allows?(:passwords)
+    allowed = Devise.mappings[:admin].allowed_controllers
+    assert allowed.include?("sessions")
+    assert_not allowed.include?("devise/confirmations")
+    assert_not allowed.include?("devise/passwords")
   end
 
   test 'find mapping by path' do
@@ -63,18 +62,22 @@ class MappingTest < ActiveSupport::TestCase
 
   test 'return default path names' do
     mapping = Devise.mappings[:user]
-    assert_equal 'sign_in', mapping.path_names[:sign_in]
-    assert_equal 'sign_out', mapping.path_names[:sign_out]
-    assert_equal 'password', mapping.path_names[:password]
+    assert_equal 'sign_in',      mapping.path_names[:sign_in]
+    assert_equal 'sign_out',     mapping.path_names[:sign_out]
+    assert_equal 'password',     mapping.path_names[:password]
     assert_equal 'confirmation', mapping.path_names[:confirmation]
+    assert_equal 'sign_up',      mapping.path_names[:sign_up]
+    assert_equal 'unlock',       mapping.path_names[:unlock]
   end
 
   test 'allow custom path names to be given' do
     mapping = Devise.mappings[:manager]
-    assert_equal 'login', mapping.path_names[:sign_in]
-    assert_equal 'logout', mapping.path_names[:sign_out]
-    assert_equal 'secret', mapping.path_names[:password]
+    assert_equal 'login',        mapping.path_names[:sign_in]
+    assert_equal 'logout',       mapping.path_names[:sign_out]
+    assert_equal 'secret',       mapping.path_names[:password]
     assert_equal 'verification', mapping.path_names[:confirmation]
+    assert_equal 'register',     mapping.path_names[:sign_up]
+    assert_equal 'unblock',      mapping.path_names[:unlock]
   end
 
   test 'has an empty path as default path prefix' do
@@ -86,51 +89,15 @@ class MappingTest < ActiveSupport::TestCase
     mapping = Devise.mappings[:manager]
     assert_equal '/:locale/', mapping.path_prefix
   end
-  
+
   test 'retrieve as from the proper position' do
     assert_equal 1, Devise.mappings[:user].as_position
     assert_equal 2, Devise.mappings[:manager].as_position
   end
 
-  test 'raw path is returned' do
-    assert_equal '/users', Devise.mappings[:user].raw_path
-    assert_equal '/:locale/accounts', Devise.mappings[:manager].raw_path
-  end
-  
-  test 'raw path ignores the relative_url_root' do
-    swap ActionController::Base, :relative_url_root => "/abc" do
-      assert_equal '/users', Devise.mappings[:user].raw_path
-    end
-  end
-  
-  test 'parsed path is returned' do
-    begin
-      Devise.default_url_options {{ :locale => I18n.locale }}
-      assert_equal '/users', Devise.mappings[:user].parsed_path
-      assert_equal '/en/accounts', Devise.mappings[:manager].parsed_path
-    ensure
-      Devise.default_url_options {{ }}
-    end
-  end
-  
-  test 'parsed path adds in the relative_url_root' do
-    swap ActionController::Base, :relative_url_root => '/abc' do
-      assert_equal '/abc/users', Devise.mappings[:user].parsed_path
-    end
-  end
-
-  test 'parsed path deals with a nil relative_url_root' do
-    swap ActionController::Base, :relative_url_root => nil do
-      assert_equal '/users', Devise.mappings[:user].raw_path
-    end
-  end
-
-  test 'should have default route options' do
-    assert_equal({}, Devise.mappings[:user].route_options)
-  end
-
-  test 'should allow passing route options to devise routes' do
-    assert_equal({ :requirements => { :extra => 'value' } }, Devise.mappings[:manager].route_options)
+  test 'path is returned with path prefix and as' do
+    assert_equal '/users', Devise.mappings[:user].path
+    assert_equal '/:locale/accounts', Devise.mappings[:manager].path
   end
 
   test 'magic predicates' do
@@ -139,6 +106,7 @@ class MappingTest < ActiveSupport::TestCase
     assert mapping.confirmable?
     assert mapping.recoverable?
     assert mapping.rememberable?
+    assert mapping.registerable?
 
     mapping = Devise.mappings[:admin]
     assert mapping.authenticatable?

test/models/authenticatable_test.rb

@@ -100,7 +100,7 @@ class AuthenticatableTest < ActiveSupport::TestCase
 
   test 'should authenticate a valid user with email and password and return it' do
     user = create_user
-    User.any_instance.stubs(:confirmed?).returns(true)
+    user.confirm!
     authenticated_user = User.authenticate(:email => user.email, :password => user.password)
     assert_equal authenticated_user, user
   end
@@ -119,7 +119,7 @@ class AuthenticatableTest < ActiveSupport::TestCase
 
   test 'should use authentication keys to retrieve users' do
     swap Devise, :authentication_keys => [:username] do
-      user = create_user(:username => "josevalim")
+      user = create_user
       assert_nil User.authenticate(:email => user.email, :password => user.password)
       assert_not_nil User.authenticate(:username => user.username, :password => user.password)
     end
@@ -130,29 +130,51 @@ class AuthenticatableTest < ActiveSupport::TestCase
     assert_not_nil Admin.authenticate(:email => admin.email, :password => admin.password)
   end
 
-  test 'should respond to old password' do
-    assert new_user.respond_to?(:old_password)
+  test 'should respond to current password' do
+    assert new_user.respond_to?(:current_password)
   end
 
-  test 'should update password with valid old password' do
+  test 'should update password with valid current password' do
     user = create_user
-    assert user.update_with_password(:old_password => '123456',
+    assert user.update_with_password(:current_password => '123456',
       :password => 'pass321', :password_confirmation => 'pass321')
     assert user.reload.valid_password?('pass321')
   end
 
-  test 'should add an error to old password when it is invalid' do
+  test 'should add an error to current password when it is invalid' do
     user = create_user
-    assert_not user.update_with_password(:old_password => 'other',
+    assert_not user.update_with_password(:current_password => 'other',
       :password => 'pass321', :password_confirmation => 'pass321')
     assert user.reload.valid_password?('123456')
-    assert_match /invalid/, user.errors[:old_password]
+    assert_match "is invalid", user.errors[:current_password].join
+  end
+
+  test 'should add an error to current password when it is blank' do
+    user = create_user
+    assert_not user.update_with_password(:password => 'pass321',
+      :password_confirmation => 'pass321')
+    assert user.reload.valid_password?('123456')
+    assert_match "can't be blank", user.errors[:current_password].join
+  end
+
+  test 'should ignore password and its confirmation if they are blank' do
+    user = create_user
+    assert user.update_with_password(:current_password => '123456', :email => "new@email.com")
+    assert_equal "new@email.com", user.email
   end
 
   test 'should not update password with invalid confirmation' do
     user = create_user
-    assert_not user.update_with_password(:old_password => '123456',
+    assert_not user.update_with_password(:current_password => '123456',
       :password => 'pass321', :password_confirmation => 'other')
     assert user.reload.valid_password?('123456')
   end
+
+  test 'should clean up password fields on failure' do
+    user = create_user
+    assert_not user.update_with_password(:current_password => '123456',
+      :password => 'pass321', :password_confirmation => 'other')
+    assert user.password.blank?
+    assert user.password_confirmation.blank?
+  end
 end

test/models/confirmable_test.rb

@@ -54,10 +54,10 @@ class ConfirmableTest < ActiveSupport::TestCase
   test 'should not confirm a user already confirmed' do
     user = create_user
     assert user.confirm!
-    assert_nil user.errors[:email]
+    assert_blank user.errors[:email]
 
     assert_not user.confirm!
-    assert_match /already confirmed/, user.errors[:email]
+    assert_equal "was already confirmed", user.errors[:email].join
   end
 
   test 'should find and confirm an user automatically' do
@@ -70,13 +70,13 @@ class ConfirmableTest < ActiveSupport::TestCase
   test 'should return a new record with errors when a invalid token is given' do
     confirmed_user = User.confirm!(:confirmation_token => 'invalid_confirmation_token')
     assert confirmed_user.new_record?
-    assert_match /invalid/, confirmed_user.errors[:confirmation_token]
+    assert_equal "is invalid", confirmed_user.errors[:confirmation_token].join
   end
 
   test 'should return a new record with errors when a blank token is given' do
     confirmed_user = User.confirm!(:confirmation_token => '')
     assert confirmed_user.new_record?
-    assert_match /blank/, confirmed_user.errors[:confirmation_token]
+    assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join
   end
 
   test 'should generate errors for a user email if user is already confirmed' do
@@ -85,7 +85,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     user.save
     confirmed_user = User.confirm!(:confirmation_token => user.confirmation_token)
     assert confirmed_user.confirmed?
-    assert confirmed_user.errors[:email]
+    assert_equal "was already confirmed", confirmed_user.errors[:email].join
   end
 
   test 'should authenticate a confirmed user' do
@@ -134,7 +134,7 @@ class ConfirmableTest < ActiveSupport::TestCase
   test 'should add error to new user email if no email was found' do
     confirmation_user = User.send_confirmation_instructions(:email => "invalid@email.com")
     assert confirmation_user.errors[:email]
-    assert_equal 'not found', confirmation_user.errors[:email]
+    assert_equal "not found", confirmation_user.errors[:email].join
   end
 
   test 'should generate a confirmation token before send the confirmation instructions email' do
@@ -175,7 +175,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     user.confirm!
     assert_not user.resend_confirmation!
     assert user.confirmed?
-    assert_equal 'already confirmed', user.errors[:email]
+    assert_equal 'was already confirmed', user.errors[:email].join
   end
 
   test 'confirm time should fallback to devise confirm in default configuration' do

test/models/http_authenticatable_test.rb

@@ -0,0 +1,19 @@
+require 'test/test_helper'
+
+class HttpAuthenticatableTest < ActiveSupport::TestCase
+  test 'should authenticate a valid user with email and password and return it' do
+    user = create_user
+    user.confirm!
+
+    authenticated_user = User.authenticate_with_http(user.email, user.password)
+    assert_equal authenticated_user, user
+  end
+
+  test 'should return nil when authenticating an invalid user by email' do
+    user = create_user
+    user.confirm!
+
+    authenticated_user = User.authenticate_with_http('another.email@email.com', user.password)
+    assert_nil authenticated_user
+  end
+end

test/models/lockable_test.rb

@@ -1,25 +1,26 @@
 require 'test/test_helper'
 
 class LockableTest < ActiveSupport::TestCase
-  
+
   def setup
     setup_mailer
   end
-  
+
   test "should increment failed attempts on unsuccessful authentication" do
     user = create_user
     assert_equal 0, user.failed_attempts
+
     authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword")
     assert_equal 1, user.reload.failed_attempts
   end
-  
+
   test "should lock account base on maximum_attempts" do
     user = create_user
     attempts = Devise.maximum_attempts + 1
     attempts.times { authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword") }
     assert user.reload.locked?
   end
-  
+
   test "should respect maximum attempts configuration" do
     user = create_user
     swap Devise, :maximum_attempts => 2 do
@@ -27,7 +28,7 @@ class LockableTest < ActiveSupport::TestCase
       assert user.reload.locked?
     end
   end
-  
+
   test "should clear failed_attempts on successfull sign in" do
     user = create_user
     User.authenticate(:email => user.email, :password => "anotherpassword")
@@ -56,16 +57,17 @@ class LockableTest < ActiveSupport::TestCase
     user.lock!
     assert_not_nil user.reload.locked_at
     assert_not_nil user.reload.unlock_token
+
     user.unlock!
     assert_nil user.reload.locked_at
     assert_nil user.reload.unlock_token
     assert 0, user.reload.failed_attempts
   end
-  
-  test 'should not unlcok an unlocked user' do
+
+  test 'should not unlock an unlocked user' do
     user = create_user
     assert_not user.unlock!
-    assert_match /not locked/, user.errors[:email]
+    assert_match "was not locked", user.errors[:email].join
   end
 
   test "new user should not be locked and should have zero failed_attempts" do
@@ -157,13 +159,13 @@ class LockableTest < ActiveSupport::TestCase
   test 'should return a new record with errors when a invalid token is given' do
     locked_user = User.unlock!(:unlock_token => 'invalid_token')
     assert locked_user.new_record?
-    assert_match /invalid/, locked_user.errors[:unlock_token]
+    assert_equal "is invalid", locked_user.errors[:unlock_token].join
   end
 
   test 'should return a new record with errors when a blank token is given' do
     locked_user = User.unlock!(:unlock_token => '')
     assert locked_user.new_record?
-    assert_match /blank/, locked_user.errors[:unlock_token]
+    assert_equal "can't be blank", locked_user.errors[:unlock_token].join
   end
 
   test 'should authenticate a unlocked user' do
@@ -188,15 +190,14 @@ class LockableTest < ActiveSupport::TestCase
 
   test 'should add error to new user email if no email was found' do
     unlock_user = User.send_unlock_instructions(:email => "invalid@email.com")
-    assert unlock_user.errors[:email]
-    assert_equal 'not found', unlock_user.errors[:email]
+    assert_equal 'not found', unlock_user.errors[:email].join
   end
 
   test 'should not be able to send instructions if the user is not locked' do
     user = create_user
     assert_not user.resend_unlock!
     assert_not user.locked?
-    assert_equal 'not locked', user.errors[:email]
+    assert_equal 'was not locked', user.errors[:email].join
   end
 
-end
+end

test/models/recoverable_test.rb

@@ -83,7 +83,7 @@ class RecoverableTest < ActiveSupport::TestCase
   test 'should return a new record with errors if user was not found by e-mail' do
     reset_password_user = User.send_reset_password_instructions(:email => "invalid@email.com")
     assert reset_password_user.new_record?
-    assert_match /not found/, reset_password_user.errors[:email]
+    assert_equal "not found", reset_password_user.errors[:email].join
   end
 
   test 'should reset reset_password_token before send the reset instructions email' do
@@ -111,13 +111,13 @@ class RecoverableTest < ActiveSupport::TestCase
   test 'should a new record with errors if no reset_password_token is found' do
     reset_password_user = User.reset_password!(:reset_password_token => 'invalid_token')
     assert reset_password_user.new_record?
-    assert_match /invalid/, reset_password_user.errors[:reset_password_token]
+    assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join
   end
 
   test 'should a new record with errors if reset_password_token is blank' do
     reset_password_user = User.reset_password!(:reset_password_token => '')
     assert reset_password_user.new_record?
-    assert_match /blank/, reset_password_user.errors[:reset_password_token]
+    assert_match "can't be blank", reset_password_user.errors[:reset_password_token].join
   end
 
   test 'should reset successfully user password given the new password and confirmation' do