Release Devise 1.0.8 with a few fixes and latest mongomapper support.

Signed-off-by: José Valim <jose.valim@gmail.com>

CHANGELOG.rdoc

@@ -1,3 +1,30 @@
+== 1.0.8
+
+* enhancements
+  * Support for latest MongoMapper
+  * Added anybody_signed_in? helper (by github.com/SSDany)
+
+* bug fix
+  * confirmation_required? is properly honored on active? calls. (by github.com/paulrosania)
+
+== 1.0.7
+
+* bug fix
+  * Ensure password confirmation is always required
+
+* deprecations
+  * authenticatable was deprecated and renamed to database_authenticatable
+  * confirmable is not included by default on generation
+
+== 1.0.6
+
+* bug fix
+  * Do not allow unlockable strategies based on time to access a controller.
+  * Do not send unlockable email several times.
+  * Allow controller to upstram custom! failures to Warden.
+
+== 1.0.5
+
 * bug fix
   * Use prepend_before_filter in require_no_authentication.
   * require_no_authentication on unlockable.

README.rdoc

@@ -9,7 +9,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 
 Right now it's composed of 12 modules:
 
-* Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
+* Database Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
 * Token Authenticatable: validates authenticity of a user while signing in using an authentication token (also known as "single access token").
 * HttpAuthenticatable: sign in users using basic HTTP authentication.
 * Confirmable: responsible for verifying whether an account is already confirmed to sign in, and to send emails with confirmation instructions.
@@ -36,7 +36,7 @@ Install warden gem if you don't have it installed:
 
 Install devise gem:
 
-  sudo gem install devise --version=1.0.1
+  sudo gem install devise --version=1.0.7
 
 Configure warden and devise gems inside your app:
 
@@ -64,13 +64,13 @@ Devise must be set up within the model (or models) you want to use, and devise r
 We're assuming here you want a User model with some modules, as outlined below:
 
   class User < ActiveRecord::Base
-    devise :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
+    devise :database_authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
   end
 
 After you choose which modules to use, you need to setup your migrations. Luckily, devise has some helpers to save you from this boring work:
 
   create_table :users do |t|
-    t.authenticatable
+    t.database_authenticatable
     t.confirmable
     t.recoverable
     t.rememberable
@@ -128,13 +128,13 @@ Devise let's you setup as many roles as you want, so let's say you already have
 
   # Create a migration with the required fields
   create_table :admins do |t|
-    t.authenticatable
+    t.database_authenticatable
     t.lockable
     t.trackable
   end
 
   # Inside your Admin model
-  devise :authenticatable, :trackable, :timeoutable, :lockable
+  devise :database_authenticatable, :trackable, :timeoutable, :lockable
 
   # Inside your routes
   map.devise_for :admin
@@ -161,9 +161,9 @@ A model configured with all devise modules and attr_accessible for default field
 
 == Model configuration
 
-The devise method in your models also accept some options to configure its modules. For example, you can chose which encryptor to use in authenticatable:
+The devise method in your models also accept some options to configure its modules. For example, you can chose which encryptor to use in database_authenticatable:
 
-  devise :authenticatable, :confirmable, :recoverable, :encryptor => :bcrypt
+  devise :database_authenticatable, :confirmable, :recoverable, :encryptor => :bcrypt
 
 Besides :encryptor, you can provide :pepper, :stretches, :confirm_within, :remember_for, :timeout_in, :unlock_in and others. All those are describer in the initializer created when you invoke the devise_install generator describer above.
 
@@ -247,7 +247,9 @@ Please refer to TODO file.
 
 == Contributors
 
-We have a long running list of contributors. Check them in the CHANGELOG or do `git shortlog -s -n` in the cloned repository.
+We have a long running list of contributors. Check them all here:
+
+http://github.com/plataformatec/devise/contributors
 
 == Bugs and Feedback
 

Rakefile

@@ -44,10 +44,10 @@ begin
     s.description = "Flexible authentication solution for Rails with Warden"
     s.authors = ['José Valim', 'Carlos Antônio']
     s.files =  FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "rails/init.rb"]
-    s.add_dependency("warden", "~> 0.10.2")
+    s.add_dependency("warden", "~> 0.10.3")
   end
 
   Jeweler::GemcutterTasks.new
 rescue LoadError
-  puts "Jeweler, or one of its dependencies, is not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+  puts "Jeweler, or one of its dependencies, is not available. Install it with: gem install jeweler"
 end

app/controllers/registrations_controller.rb

@@ -14,7 +14,6 @@ class RegistrationsController < ApplicationController
     build_resource
 
     if resource.save
-      flash[:"#{resource_name}_signed_up"] = true
       set_flash_message :notice, :signed_up
       sign_in_and_redirect(resource_name, resource)
     else

app/controllers/sessions_controller.rb

@@ -4,7 +4,7 @@ class SessionsController < ApplicationController
 
   # GET /resource/sign_in
   def new
-    unless resource_just_signed_up?
+    unless flash[:notice].present?
       Devise::FLASH_MESSAGES.each do |message|
         set_now_flash_message :alert, message if params.try(:[], message) == "true"
       end
@@ -19,6 +19,8 @@ class SessionsController < ApplicationController
     if resource = authenticate(resource_name)
       set_flash_message :notice, :signed_in
       sign_in_and_redirect(resource_name, resource, true)
+    elsif [:custom, :redirect].include?(warden.result)
+      throw :warden, :scope => resource_name
     else
       set_now_flash_message :alert, (warden.message || :invalid)
       clean_up_passwords(build_resource)
@@ -34,10 +36,6 @@ class SessionsController < ApplicationController
 
   protected
 
-    def resource_just_signed_up?
-      flash[:"#{resource_name}_signed_up"]
-    end
-
     def clean_up_passwords(object)
       object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
     end

app/controllers/unlocks_controller.rb

@@ -1,4 +1,5 @@
 class UnlocksController < ApplicationController
+  prepend_before_filter :ensure_email_as_unlock_strategy
   prepend_before_filter :require_no_authentication
   include Devise::Controllers::InternalHelpers
 
@@ -31,4 +32,10 @@ class UnlocksController < ApplicationController
       render_with_scope :new
     end
   end
+
+  protected
+
+  def ensure_email_as_unlock_strategy
+    raise ActionController::UnknownAction unless resource_class.unlock_strategy_enabled?(:email)
+  end
 end

devise.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise}
-  s.version = "1.0.5"
+  s.version = "1.0.8"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Jos\303\251 Valim", "Carlos Ant\303\264nio"]
-  s.date = %q{2010-03-26}
+  s.date = %q{2010-06-23}
   s.description = %q{Flexible authentication solution for Rails with Warden}
   s.email = %q{contact@plataformatec.com.br}
   s.extra_rdoc_files = [
@@ -70,8 +70,8 @@ Gem::Specification.new do |s|
      "lib/devise/mapping.rb",
      "lib/devise/models.rb",
      "lib/devise/models/activatable.rb",
-     "lib/devise/models/authenticatable.rb",
      "lib/devise/models/confirmable.rb",
+     "lib/devise/models/database_authenticatable.rb",
      "lib/devise/models/http_authenticatable.rb",
      "lib/devise/models/lockable.rb",
      "lib/devise/models/recoverable.rb",
@@ -88,8 +88,8 @@ Gem::Specification.new do |s|
      "lib/devise/rails/routes.rb",
      "lib/devise/rails/warden_compat.rb",
      "lib/devise/schema.rb",
-     "lib/devise/strategies/authenticatable.rb",
      "lib/devise/strategies/base.rb",
+     "lib/devise/strategies/database_authenticatable.rb",
      "lib/devise/strategies/http_authenticatable.rb",
      "lib/devise/strategies/rememberable.rb",
      "lib/devise/strategies/token_authenticatable.rb",
@@ -100,7 +100,7 @@ Gem::Specification.new do |s|
   s.homepage = %q{http://github.com/plataformatec/devise}
   s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.6}
+  s.rubygems_version = %q{1.3.7}
   s.summary = %q{Flexible authentication solution for Rails with Warden}
   s.test_files = [
     "test/controllers/helpers_test.rb",
@@ -113,6 +113,7 @@ Gem::Specification.new do |s|
      "test/integration/confirmable_test.rb",
      "test/integration/http_authenticatable_test.rb",
      "test/integration/lockable_test.rb",
+     "test/integration/rack_middleware_test.rb",
      "test/integration/recoverable_test.rb",
      "test/integration/registerable_test.rb",
      "test/integration/rememberable_test.rb",
@@ -167,13 +168,13 @@ Gem::Specification.new do |s|
     current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
     s.specification_version = 3
 
-    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<warden>, ["~> 0.10.2"])
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<warden>, ["~> 0.10.3"])
     else
-      s.add_dependency(%q<warden>, ["~> 0.10.2"])
+      s.add_dependency(%q<warden>, ["~> 0.10.3"])
     end
   else
-    s.add_dependency(%q<warden>, ["~> 0.10.2"])
+    s.add_dependency(%q<warden>, ["~> 0.10.3"])
   end
 end
 

generators/devise/templates/migration.rb

@@ -1,7 +1,7 @@
 class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
   def self.up
     create_table(:<%= table_name %>) do |t|
-      t.authenticatable :encryptor => :sha1, :null => false
+      t.database_authenticatable :null => false
       t.confirmable
       t.recoverable
       t.rememberable

generators/devise/templates/model.rb

@@ -1,7 +1,7 @@
 class <%= class_name %> < ActiveRecord::Base
   # Include default devise modules. Others available are:
-  # :http_authenticatable, :token_authenticatable, :lockable, :timeoutable and :activatable
-  devise :registerable, :authenticatable, :confirmable, :recoverable,
+  # :http_authenticatable, :token_authenticatable, :confirmable, :lockable, :timeoutable and :activatable
+  devise :registerable, :database_authenticatable, :recoverable,
          :rememberable, :trackable, :validatable
 
   # Setup accessible (or protected) attributes for your model

generators/devise_install/templates/README

@@ -1,4 +1,3 @@
-
 ===============================================================================
 
 Some setup you must do manually if you haven't yet:
@@ -15,4 +14,10 @@ Some setup you must do manually if you haven't yet:
 
        map.root :controller => 'home'
 
+ 3. Ensure you have a default layout in app/views/layouts and it shows
+     flash messages. For example:
+
+       <p class="notice"><%= flash[:notice] %></p>
+       <p class="alert"><%= flash[:alert] %></p>
+
 ===============================================================================

lib/devise.rb

@@ -29,7 +29,7 @@ module Devise
   ALL = []
 
   # Authentication ones first
-  ALL.push :authenticatable, :http_authenticatable, :token_authenticatable, :rememberable
+  ALL.push :database_authenticatable, :http_authenticatable, :token_authenticatable, :rememberable
 
   # Misc after
   ALL.push :recoverable, :registerable, :validatable
@@ -42,7 +42,7 @@ module Devise
 
   # Maps controller names to devise modules.
   CONTROLLERS = {
-    :sessions => [:authenticatable, :token_authenticatable],
+    :sessions => [:database_authenticatable, :token_authenticatable],
     :passwords => [:recoverable],
     :confirmations => [:confirmable],
     :registrations => [:registerable],
@@ -52,7 +52,7 @@ module Devise
   # Routes for generating url helpers.
   ROUTES = [:session, :password, :confirmation, :registration, :unlock]
 
-  STRATEGIES  = [:rememberable, :http_authenticatable, :token_authenticatable, :authenticatable]
+  STRATEGIES  = [:rememberable, :http_authenticatable, :token_authenticatable, :database_authenticatable]
 
   TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
 

lib/devise/controllers/helpers.rb

@@ -5,8 +5,8 @@ module Devise
 
       def self.included(base)
         base.class_eval do
-          helper_method :warden, :signed_in?, :devise_controller?,
-                        *Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
+          helper_method :warden, :signed_in?, :devise_controller?, :anybody_signed_in?,
+                        *Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?", :"#{m}_session"] }.flatten
 
           # Use devise default_url_options. We have to declare it here to overwrite
           # default definitions.
@@ -48,6 +48,12 @@ module Devise
         warden.authenticate?(:scope => scope)
       end
 
+      # Check if the any scope is signed in session, without running
+      # authentication hooks.
+      def anybody_signed_in?
+        Devise.mappings.keys.any? { |scope| signed_in?(scope) }
+      end
+
       # Sign in an user that already was authenticated. This helper is useful for logging
       # users in after sign up.
       #

lib/devise/locales/en.yml

@@ -21,7 +21,7 @@ en:
       confirmed: 'Your account was successfully confirmed. You are now signed in.'
     registrations:
       link: 'Sign up'
-      signed_up: 'You have signed up successfully.'
+      signed_up: 'You have signed up successfully. If enabled, a confirmation was sent to your e-mail.'
       updated: 'You updated your account successfully.'
       destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
     unlocks:

lib/devise/mapping.rb

@@ -103,6 +103,10 @@ module Devise
       end
     end
 
+    def authenticatable?
+      @authenticatable ||= self.for.any? { |m| m.to_s =~ /authenticatable/ }
+    end
+
     # Create magic predicates for verifying what module is activated by this map.
     # Example:
     #

lib/devise/models.rb

@@ -1,7 +1,7 @@
 module Devise
   module Models
     autoload :Activatable, 'devise/models/activatable'
-    autoload :Authenticatable, 'devise/models/authenticatable'
+    autoload :DatabaseAuthenticatable, 'devise/models/database_authenticatable'
     autoload :Confirmable, 'devise/models/confirmable'
     autoload :Lockable, 'devise/models/lockable'
     autoload :Recoverable, 'devise/models/recoverable'
@@ -57,7 +57,12 @@ module Devise
     #
     def devise(*modules)
       raise "You need to give at least one Devise module" if modules.empty?
-      options  = modules.extract_options!
+      options = modules.extract_options!
+
+      if modules.delete(:authenticatable)
+        ActiveSupport::Deprecation.warn ":authenticatable as module is deprecated. Please give :database_authenticatable instead.", caller
+        modules << :database_authenticatable
+      end
 
       @devise_modules = Devise::ALL & modules.map(&:to_sym).uniq
 

lib/devise/models/confirmable.rb

@@ -57,18 +57,13 @@ module Devise
 
       # Send confirmation instructions by email
       def send_confirmation_instructions
+        generate_confirmation_token if self.confirmation_token.nil?
         ::DeviseMailer.deliver_confirmation_instructions(self)
       end
 
-      # Remove confirmation date and send confirmation instructions, to ensure
-      # after sending these instructions the user won't be able to sign in without
-      # confirming it's account
+      # Resend confirmation token. This method does not need to generate a new token.
       def resend_confirmation_token
-        unless_confirmed do
-          generate_confirmation_token
-          save(false)
-          send_confirmation_instructions
-        end
+        unless_confirmed { send_confirmation_instructions }
       end
 
       # Overwrites active? from Devise::Models::Activatable for confirmation
@@ -76,7 +71,7 @@ module Devise
       # is already confirmed, it should never be blocked. Otherwise we need to
       # calculate if the confirm time has not expired for this user.
       def active?
-        super && (confirmed? || confirmation_period_valid?)
+        super && (!confirmation_required? || confirmed? || confirmation_period_valid?)
       end
 
       # The message to be shown if the account is inactive.

lib/devise/models/database_authenticatable.rb

@@ -1,4 +1,4 @@
-require 'devise/strategies/authenticatable'
+require 'devise/strategies/database_authenticatable'
 
 module Devise
   module Models
@@ -26,7 +26,7 @@ module Devise
     #    User.authenticate('email@test.com', 'password123')  # returns authenticated user or nil
     #    User.find(1).valid_password?('password123')         # returns true/false
     #
-    module Authenticatable
+    module DatabaseAuthenticatable
       def self.included(base)
         base.class_eval do
           extend ClassMethods
@@ -58,12 +58,6 @@ module Devise
         password_digest(incoming_password) == self.encrypted_password
       end
 
-      # Verifies whether an +incoming_authentication_token+ (i.e. from single access URL)
-      # is the user authentication token.
-      def valid_authentication_token?(incoming_auth_token)
-        incoming_auth_token == self.authentication_token
-      end
-
       # Checks if a resource is valid upon authentication.
       def valid_for_authentication?(attributes)
         valid_password?(attributes[:password])
@@ -80,8 +74,10 @@ module Devise
       def update_with_password(params={})
         current_password = params.delete(:current_password)
 
-        params.delete(:password)              if params[:password].blank?
-        params.delete(:password_confirmation) if params[:password_confirmation].blank?
+        if params[:password].blank?
+          params.delete(:password)
+          params.delete(:password_confirmation) if params[:password_confirmation].blank?
+        end
 
         result = if valid_password?(current_password)
           update_attributes(params)

lib/devise/models/lockable.rb

@@ -28,9 +28,10 @@ module Devise
 
       # Lock an user setting it's locked_at to actual time.
       def lock_access!
+        return true if access_locked?
         self.locked_at = Time.now
 
-        if unlock_strategy_enabled?(:email)
+        if self.class.unlock_strategy_enabled?(:email)
           generate_unlock_token
           send_unlock_instructions
         end
@@ -60,11 +61,7 @@ module Devise
 
       # Resend the unlock instructions if the user is locked.
       def resend_unlock_token
-        if_access_locked do
-          generate_unlock_token unless unlock_token.present?
-          save(false)
-          send_unlock_instructions
-        end
+        if_access_locked { send_unlock_instructions }
       end
 
       # Overwrites active? from Devise::Models::Activatable for locking purposes
@@ -87,10 +84,7 @@ module Devise
           self.failed_attempts = 0
         else
           self.failed_attempts += 1
-          if failed_attempts > self.class.maximum_attempts
-            lock_access! 
-            return false
-          end
+          lock_access! if failed_attempts > self.class.maximum_attempts
         end
         save(false) if changed?
         result
@@ -105,7 +99,7 @@ module Devise
 
         # Tells if the lock is expired if :time unlock strategy is active
         def lock_expired?
-          if unlock_strategy_enabled?(:time)
+          if self.class.unlock_strategy_enabled?(:time)
             locked_at && locked_at < self.class.unlock_in.ago
           else
             false
@@ -123,11 +117,6 @@ module Devise
           end
         end
 
-        # Is the unlock enabled for the given unlock strategy?
-        def unlock_strategy_enabled?(strategy)
-          [:both, strategy].include?(self.class.unlock_strategy)
-        end
-
       module ClassMethods
         # Attempt to find a user by it's email. If a record is found, send new
         # unlock instructions to it. If not user is found, returns a new user
@@ -149,6 +138,11 @@ module Devise
           lockable
         end
 
+        # Is the unlock enabled for the given unlock strategy?
+        def unlock_strategy_enabled?(strategy)
+          [:both, strategy].include?(self.unlock_strategy)
+        end
+
         Devise::Models.config(self, :maximum_attempts, :unlock_strategy, :unlock_in)
       end
     end

lib/devise/orm/mongo_mapper.rb

@@ -43,5 +43,10 @@ module Devise
   end
 end
 
-MongoMapper::Document::ClassMethods.send(:include, Devise::Models)
-MongoMapper::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)
+if MongoMapper::Version >= "0.8.0"
+  MongoMapper::Plugins::Document::ClassMethods.send(:include, Devise::Models)
+  MongoMapper::Plugins::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)
+else
+  MongoMapper::Document::ClassMethods.send(:include, Devise::Models)
+  MongoMapper::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)
+end

lib/devise/rails/routes.rb

@@ -97,7 +97,7 @@ module ActionController::Routing
 
       protected
 
-        def authenticatable(routes, mapping)
+        def database_authenticatable(routes, mapping)
           routes.with_options(:controller => 'sessions', :name_prefix => nil) do |session|
             session.send(:"new_#{mapping.name}_session",     mapping.path_names[:sign_in],  :action => 'new',     :conditions => { :method => :get })
             session.send(:"#{mapping.name}_session",         mapping.path_names[:sign_in],  :action => 'create',  :conditions => { :method => :post })

lib/devise/schema.rb

@@ -3,41 +3,48 @@ module Devise
   # and overwrite the apply_schema method.
   module Schema
 
+    def authenticatable(*args)
+      ActiveSupport::Deprecation.warn "t.authenticatable in migrations is deprecated. Please use t.database_authenticatable instead.", caller
+      database_authenticatable(*args)
+    end
+
     # Creates email, encrypted_password and password_salt.
     #
     # == Options
     # * :null - When true, allow columns to be null.
-    # * :encryptor - The encryptor going to be used, necessary for setting the proper encrypter password length.
-    def authenticatable(options={})
-      null      = options[:null] || false
-      default   = options[:default]
-      encryptor = options[:encryptor] || (respond_to?(:encryptor) ? self.encryptor : :sha1)
+    def database_authenticatable(options={})
+      null    = options[:null] || false
+      default = options[:default] || ""
+
+      if options.delete(:encryptor)
+        ActiveSupport::Deprecation.warn ":encryptor as option is deprecated, simply remove it."
+      end
 
       apply_schema :email,              String, :null => null, :default => default
-      apply_schema :encrypted_password, String, :null => null, :default => default, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
+      apply_schema :encrypted_password, String, :null => null, :default => default, :limit => 128
       apply_schema :password_salt,      String, :null => null, :default => default
     end
 
     # Creates authentication_token.
     def token_authenticatable
-      apply_schema :authentication_token, String, :limit => 20
+      apply_schema :authentication_token, String
     end
 
     # Creates confirmation_token, confirmed_at and confirmation_sent_at.
     def confirmable
-      apply_schema :confirmation_token,   String, :limit => 20
+      apply_schema :confirmation_token,   String
       apply_schema :confirmed_at,         DateTime
       apply_schema :confirmation_sent_at, DateTime
     end
 
     # Creates reset_password_token.
     def recoverable
-      apply_schema :reset_password_token, String, :limit => 20
+      apply_schema :reset_password_token, String
     end
 
     # Creates remember_token and remember_created_at.
     def rememberable
-      apply_schema :remember_token,      String, :limit => 20
+      apply_schema :remember_token,      String
       apply_schema :remember_created_at, DateTime
     end
 
@@ -54,7 +61,7 @@ module Devise
     # Creates failed_attempts, unlock_token and locked_at
     def lockable
       apply_schema :failed_attempts, Integer, :default => 0
-      apply_schema :unlock_token,    String,  :limit => 20
+      apply_schema :unlock_token,    String
       apply_schema :locked_at,       DateTime
     end
 

lib/devise/strategies/database_authenticatable.rb

@@ -4,7 +4,7 @@ module Devise
   module Strategies
     # Default strategy for signing in a user, based on his email and password.
     # Redirects to sign_in page if it's not authenticated
-    class Authenticatable < Base
+    class DatabaseAuthenticatable < Base
       def valid?
         valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate)
       end
@@ -16,7 +16,7 @@ module Devise
         if resource = mapping.to.authenticate(params[scope])
           success!(resource)
         else
-          fail!(:invalid)
+          fail(:invalid)
         end
       end
 
@@ -33,4 +33,4 @@ module Devise
   end
 end
 
-Warden::Strategies.add(:authenticatable, Devise::Strategies::Authenticatable)
+Warden::Strategies.add(:database_authenticatable, Devise::Strategies::DatabaseAuthenticatable)

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.0.5".freeze
+  VERSION = "1.0.8".freeze
 end

test/controllers/helpers_test.rb

@@ -36,6 +36,13 @@ class ControllerAuthenticableTest < ActionController::TestCase
     @controller.signed_in?(:my_scope)
   end
 
+  test 'proxy anybody_signed_in? to signed_in?' do
+    Devise.mappings.keys.each { |scope| # :user, :admin, :manager
+      @controller.expects(:signed_in?).with(scope)
+    }
+    @controller.anybody_signed_in?
+  end
+
   test 'proxy current_admin to authenticate with admin scope' do
     @mock_warden.expects(:authenticate).with(:scope => :admin)
     @controller.current_admin

test/devise_test.rb

@@ -25,7 +25,7 @@ class DeviseTest < ActiveSupport::TestCase
     Devise.configure_warden(config)
 
     assert_equal Devise::FailureApp, config.failure_app
-    assert_equal [:rememberable, :http_authenticatable, :token_authenticatable, :authenticatable], config.default_strategies
+    assert_equal [:rememberable, :http_authenticatable, :token_authenticatable, :database_authenticatable], config.default_strategies
     assert_equal :user, config.default_scope
     assert config.silence_missing_strategies?
   end

test/integration/lockable_test.rb

@@ -36,6 +36,16 @@ class LockTest < ActionController::IntegrationTest
     assert_equal 0, ActionMailer::Base.deliveries.size
   end
 
+  test 'unlocked pages should not be available if email strategy is disabled' do
+    visit new_user_unlock_path
+    assert_response :success
+
+    swap Devise, :unlock_strategy => :time do
+      visit new_user_unlock_path
+      assert_response :not_found
+    end
+  end
+
   test 'user with invalid unlock token should not be able to unlock an account' do
     visit_user_unlock_with_token('invalid_token')
 
@@ -60,7 +70,6 @@ class LockTest < ActionController::IntegrationTest
   test "sign in user automatically after unlocking it's account" do
     user = create_user(:locked => true)
     visit_user_unlock_with_token(user.unlock_token)
-
     assert warden.authenticated?(:user)
   end
 
@@ -71,6 +80,16 @@ class LockTest < ActionController::IntegrationTest
     assert_not warden.authenticated?(:user)
   end
 
+  test "user should not send a new e-mail if already locked" do
+    user = create_user(:locked => true)
+    user.update_attribute(:failed_attempts, User.maximum_attempts + 1)
+    ActionMailer::Base.deliveries.clear
+
+    sign_in_as_user(:password => "invalid")
+    assert_contain 'Invalid email or password.'
+    assert ActionMailer::Base.deliveries.empty?
+  end
+
   test 'error message is configurable by resource name' do
     store_translations :en, :devise => {
       :sessions => { :admin => { :locked => "You are locked!" } }

test/integration/rack_middleware_test.rb

@@ -0,0 +1,47 @@
+require "test/test_helper"
+require "rack/test"
+
+class RackMiddlewareTest < Test::Unit::TestCase
+  include Rack::Test::Methods
+
+  def app
+    ActionController::Dispatcher.new
+  end
+
+  def warden
+    last_request.env['warden']
+  end
+
+  def with_custom_strategy
+    get '/'
+
+    Warden::Strategies.add(:custom_test) do
+      def valid?
+        true
+      end
+
+      def authenticate!
+        custom! [599, {
+            "X-Custom-Response" => "Custom response test",
+            "Content-type" => "text/plain"
+          }, "Custom response test"]
+      end
+    end
+
+    #ActionController::Dispatcher.middleware.use CustomStrategyInterceptor
+    default_strategies = warden.manager.config.default_strategies
+    warden.manager.config.default_strategies :custom_test
+    yield
+    warden.manager.config.default_strategies default_strategies
+  end
+
+  def test_custom_strategy_response
+    with_custom_strategy do
+      post('/users/sign_in')
+
+      assert_equal 599, last_response.status
+      assert_equal "Custom response test", last_response.body
+      assert_equal "Custom response test", last_response.headers["X-Custom-Response"]
+    end
+  end
+end

test/integration/registerable_test.rb

@@ -28,8 +28,7 @@ class RegistrationTest < ActionController::IntegrationTest
     fill_in 'password confirmation', :with => 'new_user123'
     click_button 'Sign up'
 
-    assert_equal true, @controller.send(:flash)[:"user_signed_up"]
-    assert_equal "You have signed up successfully.", @controller.send(:flash)[:notice]
+    assert_equal "You have signed up successfully. If enabled, a confirmation was sent to your e-mail.", @controller.send(:flash)[:notice]
 
     # For some reason flash is not being set correctly, so instead of getting the
     # "signed_up" message we get the unconfirmed one. Seems to be an issue with
@@ -38,6 +37,8 @@ class RegistrationTest < ActionController::IntegrationTest
     # assert_contain 'You have signed up successfully.'
     # assert_not_contain 'confirm your account'
 
+    follow_redirect!
+    assert_contain 'Sign in'
     assert_not warden.authenticated?(:user)
 
     user = User.last
@@ -118,6 +119,19 @@ class RegistrationTest < ActionController::IntegrationTest
     assert User.first.valid_password?('pas123')
   end
 
+  test 'a signed in user should not be able to edit his password with invalid confirmation' do
+    sign_in_as_user
+    get edit_user_registration_path
+  
+    fill_in 'password', :with => 'pas123'
+    fill_in 'password confirmation', :with => ''
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+  
+    assert_contain "Password doesn't match confirmation"
+    assert_not User.first.valid_password?('pas123')
+  end
+
   test 'a signed in user should be able to cancel his account' do
     sign_in_as_user
     visit edit_user_registration_path

test/models/confirmable_test.rb

@@ -11,15 +11,6 @@ class ConfirmableTest < ActiveSupport::TestCase
     assert_not_nil create_user.confirmation_token
   end
 
-  test 'should regenerate confirmation token each time' do
-    user = create_user
-    3.times do
-      token = user.confirmation_token
-      user.resend_confirmation_token
-      assert_not_equal token, user.confirmation_token
-    end
-  end
-
   test 'should never generate the same confirmation token for different users' do
     confirmation_tokens = []
     3.times do
@@ -137,19 +128,20 @@ class ConfirmableTest < ActiveSupport::TestCase
     assert_equal 'not found', confirmation_user.errors[:email]
   end
 
-  test 'should generate a confirmation token before send the confirmation instructions email' do
-    user = create_user
-    token = user.confirmation_token
-    confirmation_user = User.send_confirmation_instructions(:email => user.email)
-    assert_not_equal token, user.reload.confirmation_token
-  end
-
   test 'should send email instructions for the user confirm it\'s email' do
     user = create_user
     assert_email_sent do
       User.send_confirmation_instructions(:email => user.email)
     end
   end
+  
+  test 'should always have confirmation token when email is sent' do
+    user = new_user
+    user.instance_eval { def confirmation_required?; false end }
+    user.save
+    user.send_confirmation_instructions
+    assert_not_nil user.confirmation_token
+  end
 
   test 'should not resend email instructions if the user change his email' do
     user = create_user
@@ -225,4 +217,12 @@ class ConfirmableTest < ActiveSupport::TestCase
     user.save
     assert_not user.reload.active?
   end
+  
+  test 'should be active without confirmation when confirmation is not required' do
+    user = create_user
+    user.instance_eval { def confirmation_required?; false end }
+    user.confirmation_sent_at = nil
+    user.save
+    assert user.reload.active?
+  end
 end

test/models/lockable_test.rb

@@ -36,7 +36,7 @@ class LockableTest < ActiveSupport::TestCase
     assert_equal 0, user.reload.failed_attempts
   end
 
-  test "should verify wheter a user is locked or not" do
+  test "should verify whether a user is locked or not" do
     user = create_user
     assert_not user.access_locked?
     user.lock_access!
@@ -63,6 +63,14 @@ class LockableTest < ActiveSupport::TestCase
     assert 0, user.reload.failed_attempts
   end
 
+  test "should not lock a locked account" do
+    user = create_user
+    user.lock_access!
+    assert_no_difference "ActionMailer::Base.deliveries.size" do
+      user.lock_access!
+    end
+  end
+
   test 'should not unlock an unlocked user' do
     user = create_user
 
@@ -101,16 +109,6 @@ class LockableTest < ActiveSupport::TestCase
     assert_not_nil user.unlock_token
   end
 
-  test 'should not regenerate unlock token if it already exists' do
-    user = create_user
-    user.lock!
-    3.times do
-      token = user.unlock_token
-      user.resend_unlock_token
-      assert_equal token, user.unlock_token
-    end
-  end
-
   test "should never generate the same unlock token for different users" do
     unlock_tokens = []
     3.times do

test/models_test.rb

@@ -23,12 +23,12 @@ class ActiveRecordTest < ActiveSupport::TestCase
   end
 
   test 'add modules cherry pick' do
-    assert_include_modules Admin, :authenticatable, :registerable, :timeoutable
+    assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable
   end
 
   test 'order of module inclusion' do
-    correct_module_order   = [:authenticatable, :registerable, :timeoutable]
-    incorrect_module_order = [:authenticatable, :timeoutable, :registerable]
+    correct_module_order   = [:database_authenticatable, :registerable, :timeoutable]
+    incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable]
 
     assert_include_modules Admin, *incorrect_module_order
 

test/support/integration_tests_helper.rb

@@ -32,7 +32,7 @@ class ActionController::IntegrationTest
     user = create_user(options)
     visit new_user_session_path unless options[:visit] == false
     fill_in 'email', :with => 'user@test.com'
-    fill_in 'password', :with => '123456'
+    fill_in 'password', :with => options[:password] || '123456'
     check 'remember me' if options[:remember_me] == true
     yield if block_given?
     click_button 'Sign In'